harmonize variable names across packages

4 files changed, 90 insertions, 75 deletions

diff --git a/commitment/commitment.go b/commitment/commitment.go
index 31de03a..c958987 100644
--- a/commitment/commitment.go
+++ b/commitment/commitment.go
@@ -3,6 +3,8 @@
 package commitment
 
 import (
+	"fmt"
+
 	"kesim.org/seal/curve"
 )
 
@@ -21,30 +23,37 @@ type Bidder struct {
 type Bid struct {
 	Bidder *Point
 	zbid   uint64 // bigendian encoding of the bid
+	n      uint8  // number of bits encoded in zbid.
 	bits   []Bit  // derived from zbid
 }
 
 type Bit struct {
-	id *Scalar
-	v  bool
-	x  *Scalar
-	r  *Scalar
-	e  *BitCommitment
+	set bool
+	a   *Scalar
+	b   *Scalar
+	com *BitCommitment
 }
 
 type BitCommitment struct {
-	Id  *Point
-	XRV *Point
-	X   *Point
-	R   *Point
+	Gab *Point
+	A   *Point
+	B   *Point
 
 	Proofs struct {
-		X *Proof
-		R *Proof
+		A *Proof
+		B *Proof
 	}
 }
 
 type Proof struct {
-	PV *Point  `json:"V"`
-	Sr *Scalar `json:"r"`
+	V *Point  `json:"V"`
+	R *Scalar `json:"r"`
 }
+
+func NewBid(price uint64, bitlength uint8) (*Bidder, error) {
+	if bitlength > 63 {
+		return nil, fmt.Errorf("bitlength too large, maximum is 63")
+	}
+
+	return nil, fmt.Errorf("NewBid not implemented")
+}
\ No newline at end of file
diff --git a/nizk/commit/commit.go b/nizk/commit/commit.go
index 5238c15..085d9a2 100644
--- a/nizk/commit/commit.go
+++ b/nizk/commit/commit.go
@@ -5,45 +5,46 @@ import (
 )
 
 // This is a construction of a proof of a statement of the form
-// σ ==	   [(Φ = g^(αβ))   && (A = g^α) && (Β = g^β)]
-//		|| [(Φ = g^(αβ+1)) && (A = g^α) && (Β = g^β)]
-// for given Φ, A and B
+//    [(C = g^(ab))   && (A = g^a) && (Β = g^b)]
+// || [(C = g^(ab+1)) && (A = g^a) && (Β = g^b)]
+//
+// for given C, A and B
 
 type Statement struct {
-	α    *Scalar
-	β    *Scalar
+	a    *Scalar
+	b    *Scalar
 	plus bool
 	*Commitment
 }
 
 type Commitment struct {
-	Φ *Point
+	C *Point
 	A *Point
 	B *Point
 }
 
-func NewStatement(α, β *Scalar, plus bool) *Statement {
+func NewStatement(a, b *Scalar, plus bool) *Statement {
 	return &Statement{
-		α:          α,
-		β:          β,
+		a:          a,
+		b:          b,
 		plus:       plus,
-		Commitment: commitment(α, β, plus),
+		Commitment: commitment(a, b, plus),
 	}
 }
 
-func commitment(α, β *Scalar, plus bool) *Commitment {
-	var Φ *Point
-	φ := α.Mul(β)
+func commitment(a, b *Scalar, plus bool) *Commitment {
+	var C *Point
+	c := a.Mul(b)
 
 	if plus {
-		Φ = G.Exp(φ.Add(One))
+		C = G.Exp(c.Add(One))
 	} else {
-		Φ = G.Exp(φ)
+		C = G.Exp(c)
 	}
 	return &Commitment{
-		Φ: Φ,
-		A: G.Exp(α),
-		B: G.Exp(β),
+		C: C,
+		A: G.Exp(a),
+		B: G.Exp(b),
 	}
 }
 
@@ -52,53 +53,53 @@ func (s *Statement) Commit() *Commitment {
 }
 
 type Proof struct {
-	Ch  [2]*Scalar
-	Rho [2]*Scalar
+	Ch [2]*Scalar
+	R  [2]*Scalar
 }
 
 func (s *Statement) Proof() *Proof {
-	var ε [2][2]*Point
-	var r1, r2, ω *Scalar
+	var e [2][2]*Point
+	var r1, r2, w *Scalar
 	r1 = Curve.RandomScalar()
 	r2 = Curve.RandomScalar()
-	ω = Curve.RandomScalar()
+	w = Curve.RandomScalar()
 
 	if s.plus {
-		ε[0][0] = G.Exp(r1)
-		ε[0][1] = s.B.Exp(r1).Mul(G.Exp(ω))
-		ε[1][0] = G.Exp(r2)
-		ε[1][1] = s.B.Exp(r2)
+		e[0][0] = G.Exp(r1)
+		e[0][1] = s.B.Exp(r1).Mul(G.Exp(w))
+		e[1][0] = G.Exp(r2)
+		e[1][1] = s.B.Exp(r2)
 	} else {
-		ε[0][0] = G.Exp(r1)
-		ε[0][1] = s.B.Exp(r1)
-		ε[1][0] = G.Exp(r2).Mul(s.A.Exp(ω))
-		ε[1][1] = s.B.Exp(r2).Mul(s.Φ.Div(G).Exp(ω))
+		e[0][0] = G.Exp(r1)
+		e[0][1] = s.B.Exp(r1)
+		e[1][0] = G.Exp(r2).Mul(s.A.Exp(w))
+		e[1][1] = s.B.Exp(r2).Mul(s.C.Div(G).Exp(w))
 	}
 
-	ch := Challenge(G, s.Φ, s.A, s.B, ε[0][0], ε[0][1], ε[1][0], ε[1][1])
+	ch := Challenge(G, s.C, s.A, s.B, e[0][0], e[0][1], e[1][0], e[1][1])
 	pr := &Proof{}
 
 	if s.plus {
-		pr.Ch[0] = ω
-		pr.Ch[1] = ch.Sub(ω)
-		pr.Rho[0] = r1.Sub(s.α.Mul(pr.Ch[0]))
-		pr.Rho[1] = r2.Sub(s.α.Mul(pr.Ch[1]))
+		pr.Ch[0] = w
+		pr.Ch[1] = ch.Sub(w)
+		pr.R[0] = r1.Sub(s.a.Mul(pr.Ch[0]))
+		pr.R[1] = r2.Sub(s.a.Mul(pr.Ch[1]))
 	} else {
-		pr.Ch[0] = ch.Sub(ω)
-		pr.Ch[1] = ω
-		pr.Rho[0] = r1.Sub(s.α.Mul(pr.Ch[0]))
-		pr.Rho[1] = r2
+		pr.Ch[0] = ch.Sub(w)
+		pr.Ch[1] = w
+		pr.R[0] = r1.Sub(s.a.Mul(pr.Ch[0]))
+		pr.R[1] = r2
 	}
 
 	return pr
 }
 
 func (c *Commitment) Verify(p *Proof) bool {
-	var ε [2][2]*Point
-	ε[0][0] = G.Exp(p.Rho[0]).Mul(c.A.Exp(p.Ch[0]))
-	ε[0][1] = c.B.Exp(p.Rho[0]).Mul(c.Φ.Exp(p.Ch[0]))
-	ε[1][0] = G.Exp(p.Rho[1]).Mul(c.A.Exp(p.Ch[1]))
-	ε[1][1] = c.B.Exp(p.Rho[1]).Mul(c.Φ.Div(G).Exp(p.Ch[1]))
-	ch := Challenge(G, c.Φ, c.A, c.B, ε[0][0], ε[0][1], ε[1][0], ε[1][1])
+	var e [2][2]*Point
+	e[0][0] = G.Exp(p.R[0]).Mul(c.A.Exp(p.Ch[0]))
+	e[0][1] = c.B.Exp(p.R[0]).Mul(c.C.Exp(p.Ch[0]))
+	e[1][0] = G.Exp(p.R[1]).Mul(c.A.Exp(p.Ch[1]))
+	e[1][1] = c.B.Exp(p.R[1]).Mul(c.C.Div(G).Exp(p.Ch[1]))
+	ch := Challenge(G, c.C, c.A, c.B, e[0][0], e[0][1], e[1][0], e[1][1])
 	return p.Ch[0].Add(p.Ch[1]).Equal(ch)
 }
diff --git a/nizk/stage2/stage2.go b/nizk/stage2/stage2.go
index 42f69e5..85d4b10 100644
--- a/nizk/stage2/stage2.go
+++ b/nizk/stage2/stage2.go
@@ -4,8 +4,13 @@ import (
 	. "kesim.org/seal/nizk"
 )
 
-// Implements the proof and verification of statements of the following form:
-// TODO
+// Implements the proof and verification of a statement of the following form:
+//
+//    ( Z=g^(x*y) && X=g^x && Y=g^y && Z_=g^(x_*y_) && X_=g^x_ && Y_=g^y_ )	// case "none"
+// || ( Z=g^(x*y) && X=g^x && Y=g^y && Z_=g^(x_*r_) && X_=g^x_ && R_=g^r_ && C=g^(a*b)   && A=g^a && B=g^b ) // case "unset"
+// || ( Z=g^(x*r) && X=g^x && R=g^r && Z_=g^(x_*r_) && X_=g^x_ && R_=g^r_ && C=g^(a*b+1) && A=g^a && B=g^b ) // case "set"
+//
+// for given A, B, C, R, X, Y, Z, R_, X_, Y_, Z_ on the curve
 
 type Type int
 
@@ -19,12 +24,12 @@ type Statement struct {
 	typ Type
 	a   *Scalar
 	b   *Scalar
+	r   *Scalar
 	x   *Scalar
 	y   *Scalar
-	r   *Scalar
+	r_  *Scalar
 	x_  *Scalar
 	y_  *Scalar
-	r_  *Scalar
 	*Commitment
 }
 
@@ -42,7 +47,7 @@ type Commitment struct {
 	Z_ *Point
 }
 
-func NewStatement(typ Type, a, b, x, y, r, x_, y_, r_ *Scalar) *Statement {
+func NewStatement(typ Type, a, b, r, x, y, r_, x_, y_ *Scalar) *Statement {
 	if typ > Set || typ < None {
 		panic("unknown type")
 	}
@@ -51,17 +56,17 @@ func NewStatement(typ Type, a, b, x, y, r, x_, y_, r_ *Scalar) *Statement {
 		typ:        typ,
 		a:          a,
 		b:          b,
+		r:          r,
 		x:          x,
 		y:          y,
-		r:          r,
+		r_:         r_,
 		x_:         x_,
 		y_:         y_,
-		r_:         r_,
-		Commitment: commitment(typ, a, b, x, y, r, x_, y_, r_),
+		Commitment: commitment(typ, a, b, r, x, y, r_, x_, y_),
 	}
 }
 
-func commitment(typ Type, a, b, x, y, r, x_, y_, r_ *Scalar) *Commitment {
+func commitment(typ Type, a, b, r, x, y, r_, x_, y_ *Scalar) *Commitment {
 	var Z, Z_ *Point
 	c := a.Mul(b)
 
diff --git a/veto/veto.go b/veto/veto.go
index 99fe7f9..9ecf13f 100644
--- a/veto/veto.go
+++ b/veto/veto.go
@@ -49,8 +49,8 @@ type Commitment struct {
 //
 // Verification of the signature is by comparing V =?= g^r * g^(x*h)
 type Proof struct {
-	PV *Point  `json:"V"`
-	Sr *Scalar `json:"r"`
+	V *Point  `json:"V"`
+	R *Scalar `json:"r"`
 }
 
 // Generates the proof, aka Schnorr signature, for given priv and i.
@@ -70,13 +70,13 @@ func proof(x *Scalar, id *Point) (pr *Proof, e error) {
 	}
 
 	// calculate g^v
-	pr.PV = Curve.Exp(v)
+	pr.V = Curve.Exp(v)
 
 	// calculate g^x
 	gx := Curve.Exp(x)
 
 	// calculate h := H(g, g^v, g^x, i)
-	h, e := hash(pr.PV, gx, id)
+	h, e := hash(pr.V, gx, id)
 	if e != nil {
 		return nil, e
 	}
@@ -84,7 +84,7 @@ func proof(x *Scalar, id *Point) (pr *Proof, e error) {
 	// Calculate r := v - x*h
 	xh := x.Mul(h)
 	r := v.Sub(xh)
-	pr.Sr = r
+	pr.R = r
 
 	return pr, nil
 }
@@ -137,8 +137,8 @@ func verifyProof(V *Point, Gx *Point, r *Scalar, id *Point) (ok bool) {
 
 // Verify verifies the proofs for both, g^x and g^r
 func (c *Commitment) VerifyProofs() (ok bool) {
-	okX := verifyProof(c.Proofs.X.PV, c.Points.X, c.Proofs.X.Sr, c.Id)
-	okR := verifyProof(c.Proofs.R.PV, c.Points.R, c.Proofs.R.Sr, c.Id)
+	okX := verifyProof(c.Proofs.X.V, c.Points.X, c.Proofs.X.R, c.Id)
+	okR := verifyProof(c.Proofs.R.V, c.Points.R, c.Proofs.R.R, c.Id)
 	return okX && okR
 }