15 releases
0.1.0 | May 24, 2024 |
---|---|
0.0.1 | Feb 2, 2024 |
0.0.1-beta6 | Jan 30, 2024 |
0.0.1-beta1 | Dec 27, 2023 |
0.0.1-alpha2 | Aug 31, 2023 |
#1127 in Cryptography
937 downloads per month
130KB
2K
SLoC
Nimue: a Fiat-Shamir library
This library has not been externally reviewed yet and shouldn't be considered ready for deployments.
Nimue is a hash-agnostic library that believes in random oracles. It facilitates the writing of multi-round public coin protocols. Built on the top of the SAFE framework and provides an API for generating the verifier's and prover's random coins.
Features
Automatic transcript generation. nimue comes with batteries included for serializing/deserializing algebraic elements such as field/group elements in arkworks and zkcrypto. Users can build the top of it via extension traits.
Support custom hash function.
To build a secure Fiat-Shamir transform, the minimal requirement is a permutation function over some set that supports byte-encoding. It can be a u8
representing $\mathbb{F}_{2^8}$ or any large-characteristic prime field $\mathbb{F}_p$.
Retro-compatibility.
We have a legacy interface for any hash function that satisfies the digest::Digest
trait, such as sha2
and blake2
.
-
Preprocessing. In recursive SNARKs, minimizing the number of hash invocations while maintaining security is crucial. We offer tools for preprocessing the Transcript (i.e., the state of the Fiat-Shamir transform) to achieve this goal.
-
Private randomness generation. It is vital to avoid providing two different challenges for the same prover message. We do our best to avoid it by tying down the prover randomness to the protocol transcript, without making the proof deterministic.
Check out the documentation and some examples/
.
Dependencies
~0.9–2.4MB
~47K SLoC