fiat-shamir: use duplex sponge#223
Merged
Merged
Conversation
TomWambsgans
added a commit
that referenced
this pull request
May 19, 2026
Brings main into the goldilocks branch. The bulk of the work was porting main's PR #223 (duplex-sponge Fiat-Shamir) to the Goldilocks field, since goldilocks never adopted it. Conflict resolutions of note: - AIR trait: kept main's `n_shift_columns` / shift-columns-first layout; dropped the `low_degree` feature (goldilocks removed it — the Goldilocks poseidon8 AIR uses direct x^7 constraints, not `low_degree_block`). - extension_op/air.rs: cubic (DIM=3) layout reordered shift-columns-first. - Duplex Challenger ported to Goldilocks (WIDTH=8, RATE=4, CAPACITY=4); added a `Permutation` trait to the `symetric` crate. - New `poseidon8_permute` precompile: AIR (flag_permute column, outputs_left/right, mutex constraints), trace gen, ISA, simplifier. - Duplex `fiat_shamir.py` rewritten for DIGEST_LEN=4. - poseidon8 MAX_LOG_N_ROWS lowered 21 -> 20: the permute variant widened the table by 5 columns, which would otherwise exceed the WHIR commitment surface cap. cargo fmt + clippy clean; full `cargo test --workspace` passes; `recursion --n 2` aggregation runs end-to-end. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Goal: benefit from existing security proof.
We way come back to a more "lean-VM friendly" Fiat-Shamir construction in the future, if we find time to formally prove its security.