refactor progress: stage2 moved up

author: Özgür Kesim <oec@kesim.org> 2024-11-11 21:40:39 +0100
committer: Özgür Kesim <oec@kesim.org> 2024-11-11 21:40:39 +0100
commit: 8925af0616fa3c71184f9b8ef1e44f204e8c8f26 (patch)
tree: b1957d1087c681de3499771ceaedf14634ab5e9a
parent: 4adec77feea7e9ec45ca43084383d85de450518b (diff)
2 files changed, 95 insertions, 94 deletions
diff --git a/nizk/stage2/stage2.go b/nizk/stage2.go
index d4d2716..85081f7 100644
--- a/nizk/stage2/stage2.go
+++ b/nizk/stage2.go
@@ -1,4 +1,4 @@
-package stage2
+package nizk
 
 import (
 	. "kesim.org/seal/common"
@@ -20,7 +20,7 @@ const (
 	Set
 )
 
-type Statement struct {
+type Stage2 struct {
 	typ Type
 	a   *Scalar
 	b   *Scalar
@@ -30,10 +30,9 @@ type Statement struct {
 	r_  *Scalar
 	x_  *Scalar
 	y_  *Scalar
-	*Commitment
 }
 
-type Commitment struct {
+type Stage2Commitment struct {
 	A  *Point
 	B  *Point
 	C  *Point
@@ -47,80 +46,80 @@ type Commitment struct {
 	Z_ *Point
 }
 
-func NewStatement(typ Type) *Statement {
+func NewStage2(typ Type) *Stage2 {
 	var s [8]*Scalar
 	for i := range s {
 		s[i] = Curve.RandomScalar()
 	}
 
-	return NewStatementFromScalars(typ, s[0], s[1], s[2], s[3], s[4], s[5], s[6], s[7])
+	return NewStage2FromScalars(typ, s[0], s[1], s[2], s[3], s[4], s[5], s[6], s[7])
 }
 
-func NewStatementFromScalars(typ Type, a, b, r, x, y, r_, x_, y_ *Scalar) *Statement {
+func NewStage2FromScalars(typ Type, a, b, r, x, y, r_, x_, y_ *Scalar) *Stage2 {
 	if typ > Set || typ < None {
 		panic("unknown type")
 	}
 
-	return &Statement{
-		typ:        typ,
-		a:          a,
-		b:          b,
-		r:          r,
-		x:          x,
-		y:          y,
-		r_:         r_,
-		x_:         x_,
-		y_:         y_,
-		Commitment: commitment(typ, a, b, r, x, y, r_, x_, y_),
+	return &Stage2{
+		typ: typ,
+		a:   a,
+		b:   b,
+		r:   r,
+		x:   x,
+		y:   y,
+		r_:  r_,
+		x_:  x_,
+		y_:  y_,
 	}
 }
 
-func commitment(typ Type, a, b, r, x, y, r_, x_, y_ *Scalar) *Commitment {
+func (s *Stage2) commitment() *Stage2Commitment {
 	var Z, Z_ *Point
-	c := a.Mul(b)
+	c := s.a.Mul(s.b)
 
-	switch typ {
+	switch s.typ {
 	case None:
-		Z = G.Exp(x.Mul(y))
-		Z_ = G.Exp(x_.Mul(y_))
+		Z = G.Exp(s.x.Mul(s.y))
+		Z_ = G.Exp(s.x_.Mul(s.y_))
 	case Set:
-		Z = G.Exp(x.Mul(r))
-		Z_ = G.Exp(x_.Mul(r_))
+		Z = G.Exp(s.x.Mul(s.r))
+		Z_ = G.Exp(s.x_.Mul(s.r_))
 		c = c.Add(One)
 	case Unset:
-		Z = G.Exp(x.Mul(y))
-		Z_ = G.Exp(x_.Mul(r_))
+		Z = G.Exp(s.x.Mul(s.y))
+		Z_ = G.Exp(s.x_.Mul(s.r_))
 	default:
 		panic("not possible")
 	}
 
-	return &Commitment{
-		A:  G.Exp(a),
-		B:  G.Exp(b),
+	return &Stage2Commitment{
+		A:  G.Exp(s.a),
+		B:  G.Exp(s.b),
 		C:  G.Exp(c),
-		R:  G.Exp(r),
-		X:  G.Exp(x),
-		Y:  G.Exp(y),
+		R:  G.Exp(s.r),
+		X:  G.Exp(s.x),
+		Y:  G.Exp(s.y),
 		Z:  Z,
-		R_: G.Exp(r_),
-		X_: G.Exp(x_),
-		Y_: G.Exp(y_),
+		R_: G.Exp(s.r_),
+		X_: G.Exp(s.x_),
+		Y_: G.Exp(s.y_),
 		Z_: Z_,
 	}
 }
 
-func (s *Statement) Commit() *Commitment {
-	return s.Commitment
+func (s *Stage2) Commit() (*Stage2Commitment, *Stage2Proof) {
+	c := s.commitment()
+	return c, s.proof(c)
 }
 
-type Proof struct {
+type Stage2Proof struct {
 	Ch [3]*Scalar
 	R1 [3]*Scalar
 	R2 [3]*Scalar
 	R3 [2]*Scalar
 }
 
-func (s *Statement) Proof() *Proof {
+func (s *Stage2) proof(c *Stage2Commitment) *Stage2Proof {
 	var (
 		e1, e1_ [3]Bytes
 		e2, e2_ [3]Bytes
@@ -139,79 +138,79 @@ func (s *Statement) Proof() *Proof {
 
 	switch s.typ {
 	case None:
-		e1[0] = G.Exp(r1[0]).Mul(s.X.Exp(w[0]))
-		e1[1] = G.Exp(r1[1]).Mul(s.X_.Exp(w[0]))
-		e1[2] = G.Exp(r1[2]).Mul(s.A.Exp(w[0]))
+		e1[0] = G.Exp(r1[0]).Mul(c.X.Exp(w[0]))
+		e1[1] = G.Exp(r1[1]).Mul(c.X_.Exp(w[0]))
+		e1[2] = G.Exp(r1[2]).Mul(c.A.Exp(w[0]))
 
-		e1_[0] = s.R.Exp(r1[0]).Mul(s.Z.Exp(w[0]))
-		e1_[1] = s.R_.Exp(r1[1]).Mul(s.Z_.Exp(w[0]))
-		e1_[2] = s.B.Exp(r1[2]).Mul(s.C.Div(G).Exp(w[0]))
+		e1_[0] = c.R.Exp(r1[0]).Mul(c.Z.Exp(w[0]))
+		e1_[1] = c.R_.Exp(r1[1]).Mul(c.Z_.Exp(w[0]))
+		e1_[2] = c.B.Exp(r1[2]).Mul(c.C.Div(G).Exp(w[0]))
 
-		e2[0] = G.Exp(r2[0]).Mul(s.X.Exp(w[1]))
-		e2[1] = G.Exp(r2[1]).Mul(s.X_.Exp(w[1]))
-		e2[2] = G.Exp(r2[2]).Mul(s.A.Exp(w[1]))
+		e2[0] = G.Exp(r2[0]).Mul(c.X.Exp(w[1]))
+		e2[1] = G.Exp(r2[1]).Mul(c.X_.Exp(w[1]))
+		e2[2] = G.Exp(r2[2]).Mul(c.A.Exp(w[1]))
 
-		e2_[0] = s.Y.Exp(r2[0]).Mul(s.Z.Exp(w[1]))
-		e2_[1] = s.R_.Exp(r2[1]).Mul(s.Z_.Exp(w[1]))
-		e2_[2] = s.B.Exp(r2[2]).Mul(s.C.Exp(w[1]))
+		e2_[0] = c.Y.Exp(r2[0]).Mul(c.Z.Exp(w[1]))
+		e2_[1] = c.R_.Exp(r2[1]).Mul(c.Z_.Exp(w[1]))
+		e2_[2] = c.B.Exp(r2[2]).Mul(c.C.Exp(w[1]))
 
 		e3[0] = G.Exp(r3[0])
 		e3[1] = G.Exp(r3[1])
 
-		e3_[0] = s.Y.Exp(r3[0])
-		e3_[1] = s.Y_.Exp(r3[1])
+		e3_[0] = c.Y.Exp(r3[0])
+		e3_[1] = c.Y_.Exp(r3[1])
 
 	case Unset:
-		e1[0] = G.Exp(r1[0]).Mul(s.X.Exp(w[0]))
-		e1[1] = G.Exp(r1[1]).Mul(s.X_.Exp(w[0]))
-		e1[2] = G.Exp(r1[2]).Mul(s.A.Exp(w[0]))
+		e1[0] = G.Exp(r1[0]).Mul(c.X.Exp(w[0]))
+		e1[1] = G.Exp(r1[1]).Mul(c.X_.Exp(w[0]))
+		e1[2] = G.Exp(r1[2]).Mul(c.A.Exp(w[0]))
 
-		e1_[0] = s.R.Exp(r1[0]).Mul(s.Z.Exp(w[0]))
-		e1_[1] = s.R_.Exp(r1[1]).Mul(s.Z_.Exp(w[0]))
-		e1_[2] = s.B.Exp(r1[2]).Mul(s.C.Div(G).Exp(w[0]))
+		e1_[0] = c.R.Exp(r1[0]).Mul(c.Z.Exp(w[0]))
+		e1_[1] = c.R_.Exp(r1[1]).Mul(c.Z_.Exp(w[0]))
+		e1_[2] = c.B.Exp(r1[2]).Mul(c.C.Div(G).Exp(w[0]))
 
 		e2[0] = G.Exp(r2[0])
 		e2[1] = G.Exp(r2[1])
 		e2[2] = G.Exp(r2[2])
 
-		e2_[0] = s.Y.Exp(r2[0])
-		e2_[1] = s.R_.Exp(r2[1])
-		e2_[2] = s.B.Exp(r2[2])
+		e2_[0] = c.Y.Exp(r2[0])
+		e2_[1] = c.R_.Exp(r2[1])
+		e2_[2] = c.B.Exp(r2[2])
 
-		e3[0] = G.Exp(r3[0]).Mul(s.X.Exp(w[1]))
-		e3[1] = G.Exp(r3[1]).Mul(s.X_.Exp(w[1]))
+		e3[0] = G.Exp(r3[0]).Mul(c.X.Exp(w[1]))
+		e3[1] = G.Exp(r3[1]).Mul(c.X_.Exp(w[1]))
 
-		e3_[0] = s.Y.Exp(r3[0]).Mul(s.Z.Exp(w[1]))
-		e3_[1] = s.Y_.Exp(r3[1]).Mul(s.Z_.Exp(w[1]))
+		e3_[0] = c.Y.Exp(r3[0]).Mul(c.Z.Exp(w[1]))
+		e3_[1] = c.Y_.Exp(r3[1]).Mul(c.Z_.Exp(w[1]))
 
 	case Set:
 		e1[0] = G.Exp(r1[0])
 		e1[1] = G.Exp(r1[1])
 		e1[2] = G.Exp(r1[2])
 
-		e1_[0] = s.R.Exp(r1[0])
-		e1_[1] = s.R_.Exp(r1[1])
-		e1_[2] = s.B.Exp(r1[2])
+		e1_[0] = c.R.Exp(r1[0])
+		e1_[1] = c.R_.Exp(r1[1])
+		e1_[2] = c.B.Exp(r1[2])
 
-		e2[0] = G.Exp(r2[0]).Mul(s.X.Exp(w[0]))
-		e2[1] = G.Exp(r2[1]).Mul(s.X_.Exp(w[0]))
-		e2[2] = G.Exp(r2[2]).Mul(s.A.Exp(w[0]))
+		e2[0] = G.Exp(r2[0]).Mul(c.X.Exp(w[0]))
+		e2[1] = G.Exp(r2[1]).Mul(c.X_.Exp(w[0]))
+		e2[2] = G.Exp(r2[2]).Mul(c.A.Exp(w[0]))
 
-		e2_[0] = s.Y.Exp(r2[0]).Mul(s.Z.Exp(w[0]))
-		e2_[1] = s.R_.Exp(r2[1]).Mul(s.Z_.Exp(w[0]))
-		e2_[2] = s.B.Exp(r2[2]).Mul(s.C.Exp(w[0]))
+		e2_[0] = c.Y.Exp(r2[0]).Mul(c.Z.Exp(w[0]))
+		e2_[1] = c.R_.Exp(r2[1]).Mul(c.Z_.Exp(w[0]))
+		e2_[2] = c.B.Exp(r2[2]).Mul(c.C.Exp(w[0]))
 
-		e3[0] = G.Exp(r3[0]).Mul(s.X.Exp(w[1]))
-		e3[1] = G.Exp(r3[1]).Mul(s.X_.Exp(w[1]))
+		e3[0] = G.Exp(r3[0]).Mul(c.X.Exp(w[1]))
+		e3[1] = G.Exp(r3[1]).Mul(c.X_.Exp(w[1]))
 
-		e3_[0] = s.Y.Exp(r3[0]).Mul(s.Z.Exp(w[1]))
-		e3_[1] = s.Y_.Exp(r3[1]).Mul(s.Z_.Exp(w[1]))
+		e3_[0] = c.Y.Exp(r3[0]).Mul(c.Z.Exp(w[1]))
+		e3_[1] = c.Y_.Exp(r3[1]).Mul(c.Z_.Exp(w[1]))
 
 	default:
 		panic("not possible")
 	}
 
-	points := []Bytes{G, s.A, s.B, s.C, s.R, s.X, s.Y, s.Z, s.R_, s.X_, s.Y_, s.Z_}
+	points := []Bytes{G, c.A, c.B, c.C, c.R, c.X, c.Y, c.Z, c.R_, c.X_, c.Y_, c.Z_}
 	points = append(points, e1[:]...)
 	points = append(points, e2[:]...)
 	points = append(points, e3[:]...)
@@ -220,7 +219,7 @@ func (s *Statement) Proof() *Proof {
 	points = append(points, e3_[:]...)
 
 	ch := Challenge(points...)
-	pr := &Proof{}
+	pr := &Stage2Proof{}
 
 	switch s.typ {
 	case None:
@@ -278,7 +277,7 @@ func (s *Statement) Proof() *Proof {
 	return pr
 }
 
-func (c *Commitment) Verify(p *Proof) bool {
+func (c *Stage2Commitment) Verify(p *Stage2Proof) bool {
 	var (
 		e1, e1_ [3]Bytes
 		e2, e2_ [3]Bytes
diff --git a/nizk/stage2/stage2_test.go b/nizk/stage2_test.go
index fadcc45..9d3ebec 100644
--- a/nizk/stage2/stage2_test.go
+++ b/nizk/stage2_test.go
@@ -1,4 +1,4 @@
-package stage2
+package nizk
 
 import (
 	"testing"
@@ -7,18 +7,19 @@ import (
 )
 
 func TestVerification(t *testing.T) {
-	var st [3]*Statement
+	var st [3]*Stage2
 	for i, typ := range []Type{None, Unset, Set} {
-		st[i] = NewStatement(typ)
-		c, p := st[i].Commit(), st[i].Proof()
+		st[i] = NewStage2(typ)
+		c, p := st[i].Commit()
 		if !c.Verify(p) {
 			t.Fatalf("Couldn't verify proof for %v, case %d\n", typ, i)
 		}
 	}
 
 	for _, ind := range [][2]int{{0, 1}, {1, 2}, {2, 0}} {
-		c, p := st[ind[0]].Commit(), st[ind[1]].Proof()
-		if c.Verify(p) {
+		c1, p1 := st[ind[0]].Commit()
+		c2, p2 := st[ind[1]].Commit()
+		if c1.Verify(p2) || c2.Verify(p1) {
 			t.Fatalf("Shouldn't be able to verify %d with proof %d", ind[0], ind[1])
 		}
 	}
@@ -26,23 +27,24 @@ func TestVerification(t *testing.T) {
 
 func TestVerificationFromScalar(t *testing.T) {
 	var s [8]*Scalar
-	var st [3]*Statement
+	var st [3]*Stage2
 
 	for i := range s {
 		s[i] = Curve.RandomScalar()
 	}
 
 	for i, typ := range []Type{None, Unset, Set} {
-		st[i] = NewStatementFromScalars(typ, s[0], s[1], s[2], s[3], s[4], s[5], s[6], s[7])
-		c, p := st[i].Commit(), st[i].Proof()
+		st[i] = NewStage2FromScalars(typ, s[0], s[1], s[2], s[3], s[4], s[5], s[6], s[7])
+		c, p := st[i].Commit()
 		if !c.Verify(p) {
 			t.Fatalf("Couldn't verify proof for %v, case %d\n", typ, i)
 		}
 	}
 
 	for _, ind := range [][2]int{{0, 1}, {1, 2}, {2, 1}, {2, 0}} {
-		c, p := st[ind[0]].Commit(), st[ind[1]].Proof()
-		if c.Verify(p) {
+		c1, p1 := st[ind[0]].Commit()
+		c2, p2 := st[ind[1]].Commit()
+		if c1.Verify(p2) || c2.Verify(p1) {
 			t.Fatalf("Shouldn't be able to verify %d with proof %d", ind[0], ind[1])
 		}
 	}
author	Özgür Kesim <oec@kesim.org>	2024-11-11 21:40:39 +0100
committer	Özgür Kesim <oec@kesim.org>	2024-11-11 21:40:39 +0100
commit	8925af0616fa3c71184f9b8ef1e44f204e8c8f26 (patch)
tree	b1957d1087c681de3499771ceaedf14634ab5e9a
parent	4adec77feea7e9ec45ca43084383d85de450518b (diff)