I am considering rewriting current Orchard circuit (Halo2) with Plonky2.
This would have the following two advantages
1. Recursive Proof
When calculating the Commitment tree, the use of Plonky2’s Recursive system is expected to significantly reduce the proof time.
However, it will be necessary to replace the Sinsemilla Hash with the Poseidon Hash.
2. Quantum resistance
For this, daira has suggested using Plonky2 for the same.
Having said that, is it possible to rewrite Orchard with Plonky2?
My current understanding is not certain about the following 3 points.
Is there a problem with just replacing Poseidon Hash for the Commitment tree calculation, or is there a problem with PRF also using Poseidon Hash?
The whole thing is designed around Pallas and Vesta curve, but is there any problem if we define the ZKP part with Plonky2’s Goldilocks Field, so that the defined area of Pallas and Vesta and the defined area of Goldilocks Field coexist?
Halo2 allows Recursive system, but as far as I can tell from checking the ZCash specs, it doesn’t seem to get that benefit, why?