Channels are an abstraction used to mimic the communication channel between the prover and the verifier in a non-interactive protocol. It is useful to ensure that all prover messages are correctly absorbed before being used by the verifier, and that all verifier challenges are correctly produced.
draft
A channel is an object that mimics the communication channel between the prover and the verifier, and is used to abstract the Fiat-Shamir transformation used to make the protocol non-interactive.
The Fiat-Shamir transformation works on public-coin protocols, in which the messages of the verifier are pure random values. To work, the Fiat-Shamir transformation replaces the verifier messages with a hash function applied over the transcript up to that point.
A channel is initialized at the beginning of the protocol, and is instantiated with a hash function. It is implemented as a continuous hash that "absorbs" every prover message and which output can be used to produce the verifier's challenges.
A channel is instantiated with the following two dependencies:
hades_permutation(s1, s2, s3). The Hades permutation which permutes a given state of three field elements.poseidon_hash_span(field_elements). The Poseidon sponge function which hashes a list of field elements.A channel has two fields:
digest, which represents the current internal state.counter, which helps produce different values when the channel is used repeatedly to sample verifier challenges.The channel has the following interface:
Initialize. This initializes the channel in the following way:
digest to the given digest, which is the prologue/context to the protocol. counter to .Absorb a message from the prover.
counter to .digest to POSEIDON_hash(digest + 1 || value).TODO: explain why the +1
Absorb multiple messages from the prover.
counter to .digest to POSEIDON_hash(digest + 1 || values).Produce a verifier challenge.
hades_permutation(digest, counter, 2).counter.