primitives.transcript

primitives.transcript#

Fiat-Shamir transcript using Poseidon2 duplex sponge.

Matches Plonky3’s DuplexChallenger<BabyBear, Poseidon2<16>, 16, 8> bit-exactly.

Reference:

p3-challenger-0.4.1/src/duplex_challenger.rs

Attributes#

WIDTH

RATE

Classes#

Challenger

Fiat-Shamir challenger using Poseidon2 duplex sponge.

Functions#

check_witness(→ bool)

Verify a proof-of-work witness against the Fiat-Shamir transcript.

grind(→ int)

Brute-force search for a proof-of-work witness.

Module Contents#

primitives.transcript.WIDTH = 16[source]#
primitives.transcript.RATE = 8[source]#
class primitives.transcript.Challenger[source]#

Fiat-Shamir challenger using Poseidon2 duplex sponge.

Reference:

p3-challenger-0.4.1/src/duplex_challenger.rs

sponge_state: list[primitives.field.Fe] = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0][source]#
input_buffer: list[primitives.field.Fe] = [][source]#
output_buffer: list[primitives.field.Fe] = [][source]#
classmethod from_state(sponge_state: list[primitives.field.Fe], input_buffer: list[primitives.field.Fe], output_buffer: list[primitives.field.Fe]) Challenger[source]#

Create Challenger from exported internal state (for transcript replay).

observe(value: primitives.field.Fe) None[source]#

Absorb a single field element.

Reference:

duplex_challenger.rs lines 111-120

observe_many(values) None[source]#

Absorb multiple field elements or an FF4 scalar.

Reference:

duplex_challenger.rs lines 142-146

sample() primitives.field.Fe[source]#

Squeeze one base field element (LIFO from output buffer).

Reference:

duplex_challenger.rs lines 172-184

sample_ext() primitives.field.FF4[source]#

Squeeze one extension field element.

Reference:

duplex_challenger.rs (CanSample<EF>)

sample_bits(bits: int) int[source]#

Sample a random index with the given number of bits.

Reference:

duplex_challenger.rs lines 201-207 (CanSampleBits)

clone() Challenger[source]#

Deep copy this challenger’s state.

Used by the prover for proof-of-work grinding.

Reference:

duplex_challenger.rs Clone impl

primitives.transcript.check_witness(challenger: Challenger, bits: int, witness: int) bool[source]#

Verify a proof-of-work witness against the Fiat-Shamir transcript.

Observes the witness, samples bits bits, and checks == 0.

Reference:

p3-challenger GrindingChallenger::check_witness

primitives.transcript.grind(challenger: Challenger, bits: int) int[source]#

Brute-force search for a proof-of-work witness.

Tries witness = 0, 1, 2, … until check_witness passes. Then calls check_witness on the original challenger to update its state.

Args:

challenger: The Fiat-Shamir challenger. bits: Number of bits for the PoW check.

Returns:

The winning witness value.

Reference:

p3-challenger grinding_challenger.rs GrindingChallenger::grind