Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create a crate for EdDSA Poseidon (BabyJubjub curve) #9

Open
cedoor opened this issue Jul 12, 2024 · 16 comments
Open

Create a crate for EdDSA Poseidon (BabyJubjub curve) #9

cedoor opened this issue Jul 12, 2024 · 16 comments
Assignees
Labels
feature 🚀 This is enhancing something existing or creating something new good first issue Good for newcomers

Comments

@cedoor
Copy link
Member

cedoor commented Jul 12, 2024

Describe the package you'd like

ZK-Kit already provides a package to generate EdDSA keys that uses Poseidon hashes and is based on the BabyJubjub elliptic curve. The Rust crate should be compatible with the JS version.

Possible dependencies:

It is worth checking whether an implementation in Rust already exists.

@cedoor cedoor added the feature 🚀 This is enhancing something existing or creating something new label Jul 12, 2024
@cedoor
Copy link
Member Author

cedoor commented Jul 12, 2024

Hey @arnaucube, may I know if you're still maintaining babyjubjub-rs and poseidon-rs?

Might you be interested in including them in the ZK-Kit package set? You would remain the author ofc.

For context. ZK-Kit is a collective effort of PSE devs that aims to provide a set of reusable libraries in a context where standards on code quality, documentation, test coverage, and audits are guaranteed.

@cedoor cedoor added the good first issue Good for newcomers label Jul 12, 2024
@cedoor cedoor added this to ZK-Kit Jul 12, 2024
@github-project-automation github-project-automation bot moved this to 📋 Backlog in ZK-Kit Jul 12, 2024
@cedoor cedoor moved this from 📋 Backlog to ♻️ Grooming in ZK-Kit Jul 12, 2024
@arnaucube
Copy link

Hi, sure, they both are compatible with circomlib's version (also with circomlibjs's version).
And if useful, there exists also compatible implementations of both Poseidon & BabyJubJub's EdDSA in Go in https://github.com/iden3/go-iden3-crypto 's repo.

If useful, there is also other a merkletree implementation in Go that is compatible with circomlib's sparsemerkletree version, with the main feature (appart from full compatibility) that it parallelizes by CPUs so it goes faster than the js one (eg. 2m09s vs 0.436s adding 10k leafs): https://github.com/vocdoni/arbo .

Regarding being maintained, the mentioned repos are not actively being developed since they reached the desired features, but if there are future fixes to potential bugs they will be taken care of.

@kilic
Copy link

kilic commented Jul 17, 2024

Another way might be just using arkworks backend as in here https://github.com/kilic/arkeddsa/ both for poseidon and jubjub

@cedoor
Copy link
Member Author

cedoor commented Jul 18, 2024

@kilic interesting. Is Poseidon compatible with the Iden3 version?

@kilic
Copy link

kilic commented Jul 18, 2024

@kilic interesting. Is Poseidon compatible with the Iden3 version?

Not as it is in kilic/arkeddsa but so close

  1. We should give the matching config params
  2. Circom takes 0th element of the state as output and arkworks skips 0th element. However in arkworks sponge state is public so 0th element is accessible and then it becomes circom compatible as it is done here

@arnaucube
Copy link

oh right! Agree with @kilic ^^, if you can do with with arkworks it would be much better than depending on the initially mentioned libs, less dependencies to maintain, and more compatible with other projects (in the arkworks ecosystem).

@cedoor
Copy link
Member Author

cedoor commented Jul 22, 2024

Thank you guys 🙏🏽 I'll leave this issue open for anyone who wants to implement it and follow your suggestions.

@1010adigupta
Copy link

@cedoor I would like to take this up

@cedoor
Copy link
Member Author

cedoor commented Jul 31, 2024

@1010adigupta Sure, I'll assign this issue to you then :)

@cedoor cedoor moved this from ♻️ Grooming to 🏗 In Progress in ZK-Kit Jul 31, 2024
@sripwoud
Copy link
Member

@1010adigupta Are you still working on this? (If not we may assign it to someone else)

@1010adigupta
Copy link

@1010adigupta Are you still working on this? (If not we may assign it to someone else)

yes, you may assign it to someone else, got busy with some other stuff

@cedoor cedoor moved this from 🏗 In Progress to ♻️ Grooming in ZK-Kit Aug 29, 2024
@ozgurarmanc
Copy link

@cedoor @sripwoud Can I get this issue?

@cedoor
Copy link
Member Author

cedoor commented Sep 2, 2024

Hey @ozgurarmanc, ofc 👍🏽

@Some-of-the-things
Copy link

I can take a crack at picking this one up if you'd like...

@cedoor
Copy link
Member Author

cedoor commented Sep 30, 2024

@Some-of-the-things ofc, I'll assign it to you 👍🏽

@cedoor cedoor moved this from ♻️ Grooming to 🏗 In Progress in ZK-Kit Sep 30, 2024
@alv-around
Copy link

I had a look at it last week, and here are my two cents:

@kilic interesting. Is Poseidon compatible with the Iden3 version?

Not as it is in kilic/arkeddsa but so close

1. We should give the matching config params

2. Circom takes 0th element of the state as output and arkworks skips 0th element. However in arkworks [sponge state](https://github.com/arkworks-rs/crypto-primitives/blob/6b195553444650fb37663ee1919c9fd885f5dbd9/crypto-primitives/src/sponge/poseidon/mod.rs#L54) is public so 0th element is accessible and then it becomes circom compatible as it is done [here](https://github.com/privacy-scaling-explorations/sonobe/blob/edadcdd520b8cf657cfa5c679dd09c6579759b0c/folding-schemes/src/transcript/poseidon.rs#L136)

Actually the main problem compatibility problem with kilic/arkeddsa is not the poseidon hash, rather the blake digest circom uses for the signatures. blake-hash, which is also used in babyjubjub-rs, depends on digest v0.9 while arkeddsa expects v0.10. The traits change quite a bit between these two versions.

I went on and try to update the blake-hash dependencies here, but I did not manage to test this yet. Using babyjubjub-rs for the time beign could be an easy win.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature 🚀 This is enhancing something existing or creating something new good first issue Good for newcomers
Projects
Status: 🏗 In Progress
Development

No branches or pull requests

8 participants