Transcript update

w3f · Mar 27, 2024 · 3d1b5f2 · 3d1b5f2
1 parent 6d8b08b
commit 3d1b5f2
Showing 1 changed file with 19 additions and 44 deletions.
diff --git a/specification_template.md b/specification_template.md
@@ -63,7 +63,6 @@ of a BLS12 curve have the same secret key.
 
 ## Bandersnatch VRF
 
-
 ## Transcript
 
 A Shake-128 based transcript construction which implements the Fiat-Shamir
@@ -73,63 +72,39 @@ We do basic domain separation using postfix writes of the lengths of written
 data (as opposed to the prefix writes by [Merlin](https://merlin.cool)
 `TupleHash` from [SP 800-185](https://csrc.nist.gov/pubs/sp/800/185/final)).
 
-The length of each item should be less than 2^31.
+    H(item_1, item_2, ..., item_n)
 
-The transcript can be created with an initial domain label.
-The label bytes are written into the hasher as all the other items which
-may follow.
+Represents the application of shake-128 to the concatenation of the serialization of each item
+followed by the serialization of the length of each objects, as a 32-bit unsigned integer.
 
-On construction the Shake128 hasher state is initialized to hash the empty
-octet-string TODO @davxy: DOUBLE CHECK THIS
+    bytes = encode(item_1) || encode(length(item_1)) || .. || encode(item_n) || encode(length(item_n))
+    Shake128(bytes)
 
-### Pre-defined functions
+The length of each item should be less than 2^31.
 
-Get octet string length
+## Objects Serialization Encoding
 
-```
-    length(data)
+### Unsigned Integers
 
-      Input:
-        - data: user data
-      Output:
-        - data length as 32 bit integer
-```
+Unsigned integers are encoded in big-endian.
 
-Big-endian encoding of 32-bit unsigned integers
+This applies to both fixed or arbitrary width unsigned integers.
 
-```
-    big_endian_bytes(length)
+TODO:
+- ARK serializes integers in LE :-/
+- Check Zcash serialization format (IIRC BE)
 
-      Input:
-        - length: 32-bit integer
-      Output:
-        - 4 bytes big endian encoding of length
-```
+### EC Points
 
-Update the hasher state with some data
+Elliptic curve points are serialized in compressed form as specified by TODO.
 
-```
-    update_hasher(hasher, data)    
+TODO isn't there any standard like https://www.secg.org/sec1-v2.pdf ?
+There the standard serializes in BE as well.
 
-      Input:
-        - hasher: Shake128 hasher
-        - data: user provided data
-```
-
-### Transcript update
-
-Update the hasher state with user data.
-
-```
-    write_bytes(hasher, data) 
+TODO maybe we must convert to BE our serialized points/scalars?
 
-      Inputs:
-        - hasher: shake128 hasher state
-        - data: user data
 
-      Steps:
-        1. update_hasher(hasher, data)
-```
+## OBSOLETE (TODO: REMOVE THIS PARAGRAPH)
 
 Write unlabeled domain separator into the hasher state.