SNARK-friendly STM: Revise Generic Digest to support multiple hash functions

demo/protocol-demo/Cargo.toml

@@ -9,7 +9,6 @@ license = { workspace = true }
 repository = { workspace = true }
 
 [dependencies]
-blake2 = "0.10.6"
 clap = { workspace = true }
 hex = { workspace = true }
 mithril-common = { path = "../../mithril-common" }

demo/protocol-demo/src/types.rs

@@ -1,12 +1,10 @@
 use mithril_stm::{
-    AggregateSignature, Clerk, Initializer, KeyRegistration, Parameters, Signer, SingleSignature,
-    Stake, VerificationKeyProofOfPossession,
+    AggregateSignature, Clerk, Initializer, KeyRegistration, MithrilMembershipDigest, Parameters,
+    Signer, SingleSignature, Stake, VerificationKeyProofOfPossession,
 };
 
-use blake2::{Blake2b, digest::consts::U32};
-
 // Protocol types alias
-type D = Blake2b<U32>;
+type D = MithrilMembershipDigest;
 
 /// The id of a mithril party.
 pub type ProtocolPartyId = String;

mithril-common/src/crypto_helper/cardano/key_certification.rs

@@ -6,18 +6,14 @@
 use std::{collections::HashMap, sync::Arc};
 
 use anyhow::anyhow;
-use blake2::{
-    Blake2b, Digest,
-    digest::{FixedOutput, consts::U32},
-};
 use kes_summed_ed25519::kes::Sum6KesSig;
 use rand_core::{CryptoRng, RngCore};
 use serde::{Deserialize, Serialize};
 use thiserror::Error;
 
 use mithril_stm::{
-    ClosedKeyRegistration, Initializer, KeyRegistration, Parameters, RegisterError, Signer, Stake,
-    VerificationKeyProofOfPossession,
+    ClosedKeyRegistration, Initializer, KeyRegistration, MembershipDigest, MithrilMembershipDigest,
+    Parameters, RegisterError, Signer, Stake, VerificationKeyProofOfPossession,
 };
 
 use crate::{
@@ -33,7 +29,7 @@ use crate::{
 };
 
 // Protocol types alias
-type D = Blake2b<U32>;
+type D = MithrilMembershipDigest;
 
 /// The KES period that is used to check if the KES keys is expired
 pub type KesPeriod = u32;
@@ -285,7 +281,7 @@ impl KeyRegWrapper {
 
     /// Finalize the key registration.
     /// This function disables `ClosedKeyRegistration::register`, consumes the instance of `self`, and returns a `ClosedKeyRegistration`.
-    pub fn close<D: Digest + FixedOutput>(self) -> ClosedKeyRegistration<D> {
+    pub fn close<D: MembershipDigest>(self) -> ClosedKeyRegistration<D> {
         self.stm_key_reg.close()
     }
 }

mithril-common/src/crypto_helper/codec/binary.rs

@@ -30,17 +30,15 @@ pub trait TryFromBytes: Sized {
 
 mod binary_mithril_stm {
     use anyhow::anyhow;
-    use blake2::Blake2b;
-
-    use digest::consts::U32;
     use mithril_stm::{
-        AggregateSignature, AggregateVerificationKey, Initializer, Parameters, SingleSignature,
-        SingleSignatureWithRegisteredParty, VerificationKey, VerificationKeyProofOfPossession,
+        AggregateSignature, AggregateVerificationKey, Initializer, MithrilMembershipDigest,
+        Parameters, SingleSignature, SingleSignatureWithRegisteredParty, VerificationKey,
+        VerificationKeyProofOfPossession,
     };
 
     use super::*;
 
-    type D = Blake2b<U32>;
+    type D = MithrilMembershipDigest;
 
     impl TryToBytes for Parameters {
         fn to_bytes_vec(&self) -> StdResult<Vec<u8>> {

mithril-common/src/crypto_helper/types/alias.rs

@@ -4,16 +4,15 @@ use crate::crypto_helper::cardano::{
 };
 
 use mithril_stm::{
-    AggregationError, Clerk, ClosedKeyRegistration, Index, Parameters, Signer, Stake,
+    AggregationError, Clerk, ClosedKeyRegistration, Index, MithrilMembershipDigest, Parameters,
+    Signer, Stake,
 };
 
-use blake2::{Blake2b, digest::consts::U32};
-
 /// A protocol version
 pub type ProtocolVersion<'a> = &'a str;
 
 // Protocol types alias
-pub(crate) type D = Blake2b<U32>;
+pub(crate) type D = MithrilMembershipDigest;
 
 /// The id of a mithril party.
 pub type ProtocolPartyId = String;

mithril-stm/CHANGELOG.md

@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 0.8.0 (12-17-2025)
+
+### Changed
+
+- The `D: Digest` generic is changed with a `D: MembershipDigest` trait supporting multiple hash functions for different proof systems.
+
 ## 0.7.0 (12-16-2025)
 
 ### Removed

mithril-stm/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "mithril-stm"
-version = "0.7.0"
+version = "0.8.0"
 edition = { workspace = true }
 authors = { workspace = true }
 homepage = { workspace = true }

mithril-stm/README.md

@@ -69,10 +69,10 @@ use rayon::prelude::*;
 
 use mithril_stm::{
     AggregateSignatureType, AggregationError, Clerk, Initializer, KeyRegistration, Parameters,
-    Signer, SingleSignature,
+    Signer, SingleSignature, MithrilMembershipDigest,
 };
 
-type H = Blake2b<U32>;
+type D = MithrilMembershipDigest;
 
 let nparties = 32;
 let mut rng = ChaCha20Rng::from_seed([0u8; 32]);
@@ -108,7 +108,7 @@ let closed_reg = key_reg.close();
 let ps = ps
     .into_par_iter()
     .map(|p| p.create_signer(closed_reg.clone()).unwrap())
-    .collect::<Vec<Signer<H>>>();
+    .collect::<Vec<Signer<D>>>();
 
 /////////////////////
 // operation phase //

mithril-stm/benches/size_benches.rs

@@ -1,21 +1,17 @@
-use blake2::digest::FixedOutput;
-use blake2::{
-    Blake2b, Digest,
-    digest::consts::{U32, U64},
-};
+use blake2::{Blake2b, digest::consts::U64};
 use rand_chacha::ChaCha20Rng;
 use rand_core::{RngCore, SeedableRng};
 use rayon::iter::ParallelIterator;
 use rayon::prelude::{IntoParallelIterator, IntoParallelRefIterator};
 
 use mithril_stm::{
-    AggregateSignatureType, Clerk, Initializer, KeyRegistration, Parameters, Signer,
-    SingleSignature,
+    AggregateSignatureType, Clerk, Initializer, KeyRegistration, MembershipDigest,
+    MithrilMembershipDigest, Parameters, Signer, SingleSignature,
 };
 
-fn size<H>(k: u64, m: u64, nparties: usize, hash_name: &str)
+fn size<D>(k: u64, m: u64, nparties: usize, hash_name: &str)
 where
-    H: Digest + Clone + Sync + Send + Default + FixedOutput,
+    D: MembershipDigest,
 {
     println!("+-------------------+");
     println!("| Hash: {hash_name} |");
@@ -38,12 +34,12 @@ where
         ps.push(p);
     }
 
-    let closed_reg = key_reg.close::<H>();
+    let closed_reg = key_reg.close::<D>();
 
     let ps = ps
         .into_par_iter()
         .map(|p| p.create_signer(closed_reg.clone()).unwrap())
-        .collect::<Vec<Signer<H>>>();
+        .collect::<Vec<Signer<D>>>();
 
     let sigs = ps
         .par_iter()
@@ -65,6 +61,15 @@ where
         aggr.to_bytes().len(),
     );
 }
+/// Only for size benches
+#[derive(Clone, Debug, Default)]
+pub struct MembershipDigestU64 {}
+
+impl MembershipDigest for MembershipDigestU64 {
+    type ConcatenationHash = Blake2b<U64>;
+    #[cfg(feature = "future_snark")]
+    type SnarkHash = Blake2b<U64>;
+}
 
 fn main() {
     println!("+-------------------+");
@@ -75,8 +80,8 @@ fn main() {
 
     let params: [(u64, u64, usize); 2] = [(445, 2728, 3000), (554, 3597, 3000)];
     for (k, m, nparties) in params {
-        size::<Blake2b<U64>>(k, m, nparties, "Blake2b 512");
-        size::<Blake2b<U32>>(k, m, nparties, "Blake2b 256");
+        size::<MembershipDigestU64>(k, m, nparties, "Blake2b 512");
+        size::<MithrilMembershipDigest>(k, m, nparties, "Blake2b 256");
     }
     println!("+-------------------------+");
 }

mithril-stm/benches/stm.rs

@@ -1,26 +1,24 @@
-use std::fmt::Debug;
-
-use blake2::digest::{Digest, FixedOutput};
-use blake2::{Blake2b, digest::consts::U32};
 use criterion::{BenchmarkId, Criterion, criterion_group, criterion_main};
 use rand_chacha::ChaCha20Rng;
 use rand_core::{RngCore, SeedableRng};
 use rayon::prelude::*;
 
 use mithril_stm::{
-    AggregateSignature, AggregateSignatureType, Clerk, Initializer, KeyRegistration, Parameters,
-    Signer,
+    AggregateSignature, AggregateSignatureType, Clerk, Initializer, KeyRegistration,
+    MembershipDigest, MithrilMembershipDigest, Parameters, Signer,
 };
 
 /// This benchmark framework is not ideal. We really have to think what is the best mechanism for
 /// benchmarking these signatures, over which parameters, how many times to run them, etc:
 /// * Registration depends on the number of parties (should be constant, as it is a lookup table)
 /// * Signing depends on the parameter `m`, as it defines the number of lotteries a user can play
 /// * Aggregation depends on `k`.
-fn stm_benches<H>(c: &mut Criterion, nr_parties: usize, params: Parameters, hashing_alg: &str)
-where
-    H: Clone + Debug + Digest + Send + Sync + FixedOutput + Default,
-{
+fn stm_benches<D: MembershipDigest>(
+    c: &mut Criterion,
+    nr_parties: usize,
+    params: Parameters,
+    hashing_alg: &str,
+) {
     let mut group = c.benchmark_group(format!("STM/{hashing_alg}"));
     let mut rng = ChaCha20Rng::from_seed([0u8; 32]);
     let mut msg = [0u8; 16];
@@ -55,10 +53,10 @@ where
 
     let closed_reg = key_reg.close();
 
-    let signers = initializers
+    let signers: Vec<Signer<D>> = initializers
         .into_par_iter()
         .map(|p| p.create_signer(closed_reg.clone()).unwrap())
-        .collect::<Vec<Signer<H>>>();
+        .collect();
 
     group.bench_function(BenchmarkId::new("Play all lotteries", &param_string), |b| {
         b.iter(|| {
@@ -76,14 +74,14 @@ where
     });
 }
 
-fn batch_benches<H>(
+fn batch_benches<D>(
     c: &mut Criterion,
     array_batches: &[usize],
     nr_parties: usize,
     params: Parameters,
     hashing_alg: &str,
 ) where
-    H: Clone + Debug + Digest + FixedOutput + Send + Sync,
+    D: MembershipDigest,
 {
     let mut group = c.benchmark_group(format!("STM/{hashing_alg}"));
     let mut rng = ChaCha20Rng::from_seed([0u8; 32]);
@@ -127,7 +125,7 @@ fn batch_benches<H>(
             let signers = initializers
                 .into_par_iter()
                 .map(|p| p.create_signer(closed_reg.clone()).unwrap())
-                .collect::<Vec<Signer<H>>>();
+                .collect::<Vec<Signer<D>>>();
 
             let sigs = signers.par_iter().filter_map(|p| p.sign(&msg)).collect::<Vec<_>>();
 
@@ -156,7 +154,7 @@ fn batch_benches<H>(
 }
 
 fn batch_stm_benches_blake_300(c: &mut Criterion) {
-    batch_benches::<Blake2b<U32>>(
+    batch_benches::<MithrilMembershipDigest>(
         c,
         &[1, 10, 20, 100],
         300,
@@ -170,7 +168,7 @@ fn batch_stm_benches_blake_300(c: &mut Criterion) {
 }
 
 fn stm_benches_blake_300(c: &mut Criterion) {
-    stm_benches::<Blake2b<U32>>(
+    stm_benches::<MithrilMembershipDigest>(
         c,
         300,
         Parameters {
@@ -183,7 +181,7 @@ fn stm_benches_blake_300(c: &mut Criterion) {
 }
 
 fn batch_stm_benches_blake_2000(c: &mut Criterion) {
-    batch_benches::<Blake2b<U32>>(
+    batch_benches::<MithrilMembershipDigest>(
         c,
         &[1, 10, 20, 100],
         2000,
@@ -197,7 +195,7 @@ fn batch_stm_benches_blake_2000(c: &mut Criterion) {
 }
 
 fn stm_benches_blake_2000(c: &mut Criterion) {
-    stm_benches::<Blake2b<U32>>(
+    stm_benches::<MithrilMembershipDigest>(
         c,
         2000,
         Parameters {

mithril-stm/examples/key_registration.rs

@@ -1,16 +1,15 @@
 //! This example shows how Key Registration is held. It is not held by a single central party,
 //! but instead by all the participants in the signature process. Contrarily to the full protocol
 //! run presented in `tests/integration.rs`, we explicitly treat each party individually.
-use blake2::{Blake2b, digest::consts::U32};
 use rand_chacha::ChaCha20Rng;
 use rand_core::{RngCore, SeedableRng};
 
 use mithril_stm::{
-    AggregateSignatureType, Clerk, ClosedKeyRegistration, Initializer, KeyRegistration, Parameters,
-    Stake, VerificationKeyProofOfPossession,
+    AggregateSignatureType, Clerk, ClosedKeyRegistration, Initializer, KeyRegistration,
+    MithrilMembershipDigest, Parameters, Stake, VerificationKeyProofOfPossession,
 };
 
-type H = Blake2b<U32>;
+type D = MithrilMembershipDigest;
 
 fn main() {
     let nparties = 4;
@@ -142,7 +141,7 @@ fn main() {
     assert!(msig_3.is_err());
 }
 
-fn local_reg(ids: &[u64], pks: &[VerificationKeyProofOfPossession]) -> ClosedKeyRegistration<H> {
+fn local_reg(ids: &[u64], pks: &[VerificationKeyProofOfPossession]) -> ClosedKeyRegistration<D> {
     let mut local_keyreg = KeyRegistration::init();
     // data, such as the public key, stake and id.
     for (&pk, id) in pks.iter().zip(ids.iter()) {