Goal

This is about evaluating how costly it is to

1. Translation to binary hash: create a commR’ evaluated over sha256 (for example) with a proof showing it is the same data than the original commR
2. Translation to new curve: create a commR’’ from another proof system tbd passing from sha256 ↔ hash friendly function

Evaluation

Translation to binary hash

Numbers of hash evaluations for 1 Merkle path: 30 (roughly)
Numbers of MT path to open: 3000

Using SHA256

Too Costly !

Cost of 2inputs SHA-256 over bls12-381: 40k
Cost for one MT path: 30 * 40k = 1.2M
Total Cost: 3000 * 30 * 40k = 3.6 B

--- 
USING BN254 Plonk
Cost of 2inputs SHA256: 25k
Cost for on MT path = 25k * 30 = 750 000
Total Cost: 3000 * 750k = 2.25 B
----

Benchmark by Celer

Circom: 32M => cost 2-1 sha256 = 32000000/(64*1024/(2*32)) = 31k
Gnark: 45M => 43k

Using Blake2

Too Costly !

Total Cost: 1.8 B 

Translation to new curve

TBD using new curve !

BLS12-377: cost should be similar

BN254: cost should improve if we can use some plonkish arithmetization.