15 releases

0.1.0 May 24, 2024
0.0.1 Feb 2, 2024
0.0.1-beta6 Jan 30, 2024
0.0.1-beta1 Dec 27, 2023
0.0.1-alpha2 Aug 31, 2023

#801 in Algorithms

Download history 62/week @ 2024-02-17 34/week @ 2024-02-24 1/week @ 2024-03-02 2/week @ 2024-03-09 72/week @ 2024-03-30 15/week @ 2024-04-06 88/week @ 2024-05-18 33/week @ 2024-05-25

121 downloads per month



Nimue: a Fiat-Shamir library

This library has not been externally reviewed yet and shouldn't be considered ready for deployments.

Nimue is a hash-agnostic library that believes in random oracles. It facilitates the writing of multi-round public coin protocols. Built on the top of the SAFE framework and provides an API for generating the verifier's and prover's random coins.


Automatic transcript generation. nimue comes with batteries included for serializing/deserializing algebraic elements such as field/group elements in arkworks and zkcrypto. Users can build the top of it via extension traits.

Support custom hash function. To build a secure Fiat-Shamir transform, the minimal requirement is a permutation function over some set that supports byte-encoding. It can be a u8 representing $\mathbb{F}_{2^8}$ or any large-characteristic prime field $\mathbb{F}_p$.

Retro-compatibility. We have a legacy interface for any hash function that satisfies the digest::Digest trait, such as sha2 and blake2.

  • Preprocessing. In recursive SNARKs, minimizing the number of hash invocations while maintaining security is crucial. We offer tools for preprocessing the Transcript (i.e., the state of the Fiat-Shamir transform) to achieve this goal.

  • Private randomness generation. It is vital to avoid providing two different challenges for the same prover message. We do our best to avoid it by tying down the prover randomness to the protocol transcript, without making the proof deterministic.

Check out the documentation and some examples/.


~48K SLoC