feat: fiat shamir transcript

[devloper]

universal transcript, support for various hashing techniques.

[lonerapier]

Been looking into this, and studying existing libraries, there are two possible conclusions, either implement a byte-oriented transcript based on Keccak or Blake3 (or other byte-oriented hash functions).

• Keccak is based on sponge construction and can implement sponge for arbitrary length outputs. Thus, can be trivially used for this use case.
• This output needs to be converted into respective field/curve elements based on the needs outside of transcript.
• For legacy functions like SHA2 or Blake2, I think we require XOF to extend the output bytes.

trait Hasher {
	fn hash(&mut self, &[u8], buf: &mut [u8]);
}

pub struct Transcript<H: Hasher> {
	state: Vec<u8>,
}

impl Transcript {
	fn add_message(&mut self, message: &[u8]);
	fn create_challenge(&self, buf: &mut [u8]);
}

pub trait ByteHandler<C> {
	fn from_bytes(bytes: &[u8]) -> C;
	fn to_bytes(c: &C, buf: &mut [u8]);
}

or a field-oriented based on algebraic hash functions like Poseidon. Maybe use SAFE API for designing the sponge.

• Poseidon is also based on permutation network and implements sponge for arbitrary length outputs.
• Will be easier to use with proof systems but not for other protocols that use Fiat-Shamir like sigma protocols
  • To work with them, field elements will have to be converted to bytes/bits, depending on the usage. But this will obviously not cover the whole range due to the field.

Need inputs of which way do you think is more suitable for a universal transcript. Am i missing something, or is there any other way you think this can be implemented?