feat(core): support proving keccak256 commitments (#1046)

2026-01-09 21:38:00 -05:00 · 2025-11-07 11:18:44 +02:00
parent 952a7011bf
commit f8a67bc8e7
2 changed files with 33 additions and 1 deletions
--- a/crates/core/src/transcript/proof.rs
+++ b/crates/core/src/transcript/proof.rs
@@ -25,6 +25,9 @@ const DEFAULT_COMMITMENT_KINDS: &[TranscriptCommitmentKind] = &[
    TranscriptCommitmentKind::Hash {
        alg: HashAlgId::BLAKE3,
    },
+    TranscriptCommitmentKind::Hash {
+        alg: HashAlgId::KECCAK256,
+    },
    TranscriptCommitmentKind::Encoding,
 ];

@@ -656,6 +659,7 @@ mod tests {
    #[rstest]
    #[case::sha256(HashAlgId::SHA256)]
    #[case::blake3(HashAlgId::BLAKE3)]
+    #[case::keccak256(HashAlgId::KECCAK256)]
    fn test_reveal_with_hash_commitment(#[case] alg: HashAlgId) {
        let mut rng = rand::rngs::StdRng::seed_from_u64(0);
        let provider = HashProvider::default();
@@ -704,6 +708,7 @@ mod tests {
    #[rstest]
    #[case::sha256(HashAlgId::SHA256)]
    #[case::blake3(HashAlgId::BLAKE3)]
+    #[case::keccak256(HashAlgId::KECCAK256)]
    fn test_reveal_with_inconsistent_hash_commitment(#[case] alg: HashAlgId) {
        let mut rng = rand::rngs::StdRng::seed_from_u64(0);
        let provider = HashProvider::default();
--- a/crates/tlsn/src/transcript_internal/commit/hash.rs
+++ b/crates/tlsn/src/transcript_internal/commit/hash.rs
@@ -3,7 +3,7 @@
 use std::collections::HashMap;

 use mpz_core::bitvec::BitVec;
-use mpz_hash::{blake3::Blake3, sha256::Sha256};
+use mpz_hash::{blake3::Blake3, keccak256::Keccak256, sha256::Sha256};
 use mpz_memory_core::{
    DecodeFutureTyped, MemoryExt, Vector,
    binary::{Binary, U8},
@@ -111,6 +111,7 @@ pub(crate) fn verify_hash(
 enum Hasher {
    Sha256(Sha256),
    Blake3(Blake3),
+    Keccak256(Keccak256),
 }

 /// Commit plaintext hashes of the transcript.
@@ -185,6 +186,32 @@ fn hash_commit_inner(
                    .map_err(HashCommitError::hasher)?;
                hasher.finalize(vm).map_err(HashCommitError::hasher)?
            }
+            HashAlgId::KECCAK256 => {
+                let mut hasher = if let Some(Hasher::Keccak256(hasher)) = hashers.get(&alg).cloned()
+                {
+                    hasher
+                } else {
+                    let hasher = Keccak256::new_with_init(vm).map_err(HashCommitError::hasher)?;
+                    hashers.insert(alg, Hasher::Keccak256(hasher.clone()));
+                    hasher
+                };
+
+                let refs = match direction {
+                    Direction::Sent => &refs.sent,
+                    Direction::Received => &refs.recv,
+                };
+
+                for range in idx.iter_ranges() {
+                    hasher
+                        .update(vm, &refs.get(range).expect("plaintext refs are valid"))
+                        .map_err(HashCommitError::hasher)?;
+                }
+
+                hasher
+                    .update(vm, &blinder)
+                    .map_err(HashCommitError::hasher)?;
+                hasher.finalize(vm).map_err(HashCommitError::hasher)?
+            }
            alg => {
                return Err(HashCommitError::unsupported_alg(alg));
            }