Skip to content

ed25519: vendor merlin dependency #774

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 20, 2025
Merged

ed25519: vendor merlin dependency #774

merged 1 commit into from
Jun 20, 2025

Conversation

@tarcieri
Copy link
Contributor

@tarcieri tarcieri commented Jun 20, 2025

merlin is currently a blocker for upgrading to rand_core v0.9 by way of the transcript.build_rng().finalize() function (which we only pass ZeroRng to).

There is an open PR to update rand_core in merlin and I have pinged the relevant people to take a look, hopefully: zkcrypto/merlin#11

However, in the event we can't get merlin updated, this at least unblocks the rand_core upgrade, and is being opened as a contingency plan for that case.

The PR has been implemented in a way that it should be easy to switch back to upstream merlin in the event they upgrade rand_core.

@tarcieri tarcieri requested a review from rozbb June 20, 2025 20:30
@tarcieri
ed25519: vendor merlin dependency
63d10da 
`merlin` is currently a blocker for upgrading to `rand_core` v0.9 by way
of the `transcript.build_rng().finalize()` function (which we only pass
`ZeroRng` to).

There is an open PR to update `rand_core` in `merlin` and I have pinged
the relevant people to take a look, hopefully: zkcrypto/merlin#11

However, in the event we can't get `merlin` updated, this at least
unblocks the `rand_core` upgrade, and is being opened as a contingency
plan for that case.

The PR has been implemented in a way that it should be easy to switch
back to upstream `merlin` in the event they upgrade `rand_core`.
@tarcieri tarcieri force-pushed the ed25519/vendor-merlin branch from 3c8578a to 63d10da Compare June 20, 2025 20:31
rozbb
rozbb approved these changes Jun 20, 2025
View reviewed changes
Copy link
Contributor

@rozbb rozbb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! I also don’t love it but I agree it’s the best way forward. Thanks for making this

@rozbb rozbb merged commit 44bb8cb into main Jun 20, 2025
30 checks passed
@burdges
Copy link
Contributor

burdges commented Jun 28, 2025

Around transcripts, Arkworks' ark_serialize uses rust's std::io interface adapted to be no-std, but not no-alloc, although rust should provide a no-alloc io interface someday. All this they inherited from zcash.

Arkworks itself mostly focuses upon field element based transcript schemes for recursion, but if you want a top level transcript that likes this std::io interface then for domain seperation you want the lengths to be hashed postfix after the data, becaue you've no idea how io::Write nests its calls. I wrote ark_transcript for this.

All this is mostly useless to you guys, but if you ever get sick of merlin and do your own general thing then postfix lengths fit rust somewhat better. I doubt a general transcript thing is required here of course.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rozbb rozbb rozbb approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tarcieri @burdges @rozbb