AuthDecode with the halo2 backend has been merged upstream into https://github.com/tlsnotary/tlsn. This repo contains a snarkjs backend which we may want to use in the future. So, leaving this repo here for now. //! This module implements the protocol for authenticated decoding (aka AuthDecode) //! of output labels from a garbled circuit (GC) evaluation. //! The purpose of AuthDecode is to allow the GC evaluator to produce a zk-friendly //! hash commitment to the GC output. Computing a zk-friendly hash directly inside //! the GC is too expensive, hence the need for this protocol. //! //! Authdecode assumes a privacy-free setting for the garbler, i.e. the protocol //! MUST ONLY start AFTER the garbler reveals all his secret GC inputs. //! Specifically, in the context of the TLSNotary protocol, AuthDecode MUST ONLY //! start AFTER the Notary (who is the garbler) has revealed all of his TLS session //! keys' shares.