## More ergonomic API How do we incorporate the squeeze/absorb operations into the code where it's used (to make it more ergonomic) while still giving the library the ability to assemble the IOPattern up front ## Short and Batchable form Schnorr signature $$ sG = c X + K $$ where $s$ is the response, $c = H(K)$ is the challenge, and $K$ is the commitment. A Schnorr proof is (batchable) $(K, s)$ or **Q.** with a transcript API that writes element in the wire as you go, how can you let the developer choose between short and batchable form? ## Preprocessing If you want to enable for preprocessign you need to provide an API that leaks the internal hash function state so that it can be resumed later. How do to this without creating a footgun? ``` preprocess(self) -> [Unit; Sponge::CAPACITY] from_preprocessed(state: [Unit; Sponge::CAPACITY], ops: Vec<Operations>) -> Self ```` Current API: https://github.com/mmaker/nimue/blob/main/src/safe.rs ## How many bits to squeeze if the Sponge Unit is different well we are using this script but everyone else is using $\log_2(p)-1$ bits https://github.com/mmaker/nimue/blob/main/scripts/useful_bits_modp.py