{"id":27968637,"url":"https://github.com/nethermindeth/folded-falcon","last_synced_at":"2025-05-07T21:05:51.036Z","repository":{"id":290730665,"uuid":"944032608","full_name":"NethermindEth/folded-falcon","owner":"NethermindEth","description":"Fold Falcon Signatures using LatticeFold","archived":false,"fork":false,"pushed_at":"2025-05-03T14:05:12.000Z","size":135,"stargazers_count":3,"open_issues_count":5,"forks_count":0,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-05-07T21:05:45.321Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/NethermindEth.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-03-06T17:10:11.000Z","updated_at":"2025-05-03T14:05:14.000Z","dependencies_parsed_at":"2025-04-30T09:34:59.838Z","dependency_job_id":"2c44b43c-7bab-4207-8aaf-4c3519387452","html_url":"https://github.com/NethermindEth/folded-falcon","commit_stats":null,"previous_names":["nethermindeth/folded-falcon"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NethermindEth%2Ffolded-falcon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NethermindEth%2Ffolded-falcon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NethermindEth%2Ffolded-falcon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NethermindEth%2Ffolded-falcon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/NethermindEth","download_url":"https://codeload.github.com/NethermindEth/folded-falcon/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252954428,"owners_count":21830903,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-07T21:05:50.190Z","updated_at":"2025-05-07T21:05:51.009Z","avatar_url":"https://github.com/NethermindEth.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Aggregated Falcon Signatures using LatticeFold\n\n## Falcon signature scheme overview\nFalcon operates over a cyclotomic ring of degree $d = \\\\{ 512, 1024 \\\\}$ with modulus $p = 12289$.\n\n### Signing (secret key, msg)\n1. Sample random salt: $r \\leftarrow \\\\{0, 1\\\\}^k$\n2. Compute: $c = H(r, msg)$\n3. Generate signature components: $(s_1, s_2) \\leftarrow [(sk, c) \\rightarrow (s_1, s_2) \\sim D^2]$\n4. Ensure norm constraint: $\\|(s_1, s_2)\\|_2  \\leq \\beta$\n5. Output signature: $sig = (r, s_1, s_2)$\n\n### Verify (public key $= h$, msg, sig)\n1. Recompute: $c = H(r, msg)$\n2. Compute: $s_1 = c - s_2  \\cdot h$\n3. Verify $\\ell^2$-norm constraint: $\\|(s_1, s_2)\\|_2  \\leq \\beta$\n\n## Aggregation system\n\n**Witness**: Signature $(s_1, s_2)$. Given that we cannot prove $r$'s validity, we must move it to the statement.\n\n**Statement**: $h$, $c = Hash(r, msg)$\n\n**Relation**: $s_1  \\cdot h + s_2 - c \\equiv 0  \\pmod{p}$,and $(s_1, s_2)$ are small\n\nIf we want to employ another modulus $q$, where $q \\gg p$, we add a lifting term $p \\cdot v$ term. The relation above becomes,\n\n**Relation, lifted**:  $s_1  \\cdot h + s_2 + p \\cdot v - c \\equiv 0  \\pmod{q}$,\nwhere, $v = -(s_1  \\cdot h + s_2 - c) / p \\bmod q$ and $v$ must also be small.\n\n## Employing LatticeFold\n\nThe LatticeFold implementation mainly operates using cyclotomic polynomials in NTT form. Employed rings must implement the trait `SuitableRing`.\n\nThe Falcon modulus $p = 12289$ does not provide enough security in LatticeFold, so the lifting mechanism described above is employed.\n\n### Constraint system\n\nR1CS is used to represent the system constraints, which is then converted into a CCS system used as required in LatticeFold.\n\nThe above relation (lifted) is proven, with the l2-norm bound check being approximated using bit-decomposition, that is, the l2-norm squared $\\|(s_1, s_2)\\|_2^2$ is proven to be representable using $\\left\\lceil log_2 \\beta^2 \\right\\rceil$ bits.\n\n### Supported rings\n\nOut of the [available configured `stark-rings`](https://github.com/NethermindEth/stark-rings/tree/main/ring/src/cyclotomic_ring/models), only the Frog ring (degree $d\\prime = 16$, modulus $q \\approx 2^{64}$) is currently supported.\n\nFor this, the split-ring homomorphism is employed, where a Falcon polynomial of degree $d$ is mapped into $k = d/d\\prime$ smaller polynomials. Each of these smaller polynomials is a Frog polynomial ring.\n\nFor the Frog ring, employed in a folding-1-signature constraint system (R1CS) we have 2237 constraints and 3325 inputs. Out of these inputs, 3260 are witness values.\n\n## Development\n\nThis repository includes pre-commit/pre-push Git hooks managed in the `.githooks/` directory.\nThese hooks help ensure code quality and consistency (e.g., formatting, linting).\n\nTo enable these hooks, run the following command in your terminal:\n\n```bash\ngit config core.hooksPath .githooks\n```\n\nThis command needs to be run only once per repository clone.\n\n## Performance\n\nRun available benchmarks using `cargo bench`.\n\n## References\n\nImplementation inspired by,\n\n- [LatticeFold: A Lattice-based Folding Scheme and its Applications to Succinct Proof Systems](https://eprint.iacr.org/2024/257);\n- [Shorter Lattice-Based Group Signatures via \"Almost Free\" Encryption and Other Optimizations](https://eprint.iacr.org/2021/1575);\n- [Aggregating Falcon Signatures with LaBRADOR](https://eprint.iacr.org/2024/311).\n\n## License\n\nApache 2.0\n\n(the license is also applied to the commits done before the license was committed)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnethermindeth%2Ffolded-falcon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnethermindeth%2Ffolded-falcon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnethermindeth%2Ffolded-falcon/lists"}