nizk: use Bytes interface for abstraction

6 files changed, 28 insertions, 18 deletions

diff --git a/nizk/commit/commit.go b/nizk/commit/commit.go
index c2a6848..d044077 100644
--- a/nizk/commit/commit.go
+++ b/nizk/commit/commit.go
@@ -50,13 +50,13 @@ func commitment(a, b *Scalar, plus bool) *Commitment {
 	}
 }
 
-func (s *Statement) Commit(id *Point) *Commitment {
+func (s *Statement) Commit(id Bytes) *Commitment {
 	s.Commitment.Proof = s.Proof(id)
 	return s.Commitment
 }
 
 type Proof struct {
-	Id *Point
+	Id Bytes
 	A  *schnorr.Proof // Proof for knowledge of a in A = G^a
 	B  *schnorr.Proof // Proof for knowledge of b in B = G^b
 	C  struct {       // Proof for knowledge of statement above
@@ -65,7 +65,7 @@ type Proof struct {
 	}
 }
 
-func (s *Statement) Proof(id *Point) *Proof {
+func (s *Statement) Proof(id Bytes) *Proof {
 	var e [2][2]*Point
 	var r1, r2, w *Scalar
 	r1 = Curve.RandomScalar()
diff --git a/nizk/commit/commit_test.go b/nizk/commit/commit_test.go
index de5d22e..8763706 100644
--- a/nizk/commit/commit_test.go
+++ b/nizk/commit/commit_test.go
@@ -19,6 +19,8 @@ func TestStatement(t *testing.T) {
 	if !c2.Verify() {
 		t.Fatal("Could not verify st2 with c2, plus=false case")
 	}
+
+	// Use the wrong proof
 	c2.Proof = c1.Proof
 	if c2.Verify() {
 		t.Fatal("Verify with wrong proof should have failed!")
diff --git a/nizk/nizk.go b/nizk/nizk.go
index 84e7db4..a8bdaae 100644
--- a/nizk/nizk.go
+++ b/nizk/nizk.go
@@ -15,9 +15,17 @@ var Curve = curve.Curve25519
 var G = Curve.Generator()
 var One = Curve.ScalarOne()
 
-func Challenge(points ...*Point) *Scalar {
+type Bytes interface {
+	Bytes() []byte
+}
+
+type Bites []byte
+
+func (b Bites) Bytes() []byte { return b }
+
+func Challenge(bs ...Bytes) *Scalar {
 	h512 := sha512.New()
-	for _, p := range points {
+	for _, p := range bs {
 		h512.Write(p.Bytes())
 	}
 	ch, e := Curve.ScalarFromBytes(h512.Sum(nil))
diff --git a/nizk/schnorr/schnorr.go b/nizk/schnorr/schnorr.go
index 258473c..124155a 100644
--- a/nizk/schnorr/schnorr.go
+++ b/nizk/schnorr/schnorr.go
@@ -10,7 +10,7 @@ type Statement Scalar
 
 type Commitment Point
 
-// A Schnorr signature to prove knowledge of v for given g^v and i.
+// A Schnorr signature to prove knowledge of v for given g^v.
 // Choosing a scalar v randomly, the signature consists of (V, r) with
 //
 //	V := g^v, with randomly chosen v
@@ -31,7 +31,7 @@ type Proof struct {
 //	 r := (v - x*h), with h := H(g, g^v, g^x, i), where i is given by the context.
 //
 // Verification of the signature is by comparing V =?= g^r * g^(x*h)
-func (s *Statement) Proof(id *Point) (pr *Proof) {
+func (s *Statement) Proof(id Bytes) (pr *Proof) {
 	x := (*Scalar)(s)
 
 	// choose random v
@@ -57,7 +57,7 @@ func (s *Statement) Proof(id *Point) (pr *Proof) {
 }
 
 // Verifies that g^v == g^r*g^(x*h)
-func (c *Commitment) Verify(p *Proof, id *Point) bool {
+func (c *Commitment) Verify(p *Proof, id Bytes) bool {
 	Gx := (*Point)(c)
 
 	// Calculate h = H(g, g^v, g^x, id)
diff --git a/nizk/stage1/stage1.go b/nizk/stage1/stage1.go
index bb493a7..0bd3e29 100644
--- a/nizk/stage1/stage1.go
+++ b/nizk/stage1/stage1.go
@@ -98,7 +98,7 @@ func (s *Statement) Proof() *Proof {
 		ε[1][3] = s.B.Exp(ρ2).Mul(s.C.Div(G).Exp(ω))
 	}
 
-	p := []*Point{G, s.A, s.B, s.C, s.R, s.X, s.Y, s.Z}
+	p := []Bytes{G, s.A, s.B, s.C, s.R, s.X, s.Y, s.Z}
 	for _, e := range ε[0] {
 		p = append(p, e)
 	}
@@ -140,7 +140,7 @@ func (c *Commitment) Verify(p *Proof) bool {
 	ε[1][2] = c.R.Exp(p.Rho[1][0]).Mul(c.Z.Exp(p.Ch[1]))
 	ε[1][3] = c.B.Exp(p.Rho[1][1]).Mul(c.C.Div(G).Exp(p.Ch[1]))
 
-	points := []*Point{G, c.A, c.B, c.C, c.R, c.X, c.Y, c.Z}
+	points := []Bytes{G, c.A, c.B, c.C, c.R, c.X, c.Y, c.Z}
 	for _, e := range ε[0] {
 		points = append(points, e)
 	}
diff --git a/nizk/stage2/stage2.go b/nizk/stage2/stage2.go
index 85d4b10..a17000f 100644
--- a/nizk/stage2/stage2.go
+++ b/nizk/stage2/stage2.go
@@ -113,9 +113,9 @@ type Proof struct {
 
 func (s *Statement) Proof() *Proof {
 	var (
-		e1, e1_ [3]*Point
-		e2, e2_ [3]*Point
-		e3, e3_ [2]*Point
+		e1, e1_ [3]Bytes
+		e2, e2_ [3]Bytes
+		e3, e3_ [2]Bytes
 
 		r1, r2 [3]*Scalar
 		r3     [2]*Scalar
@@ -202,7 +202,7 @@ func (s *Statement) Proof() *Proof {
 		panic("not possible")
 	}
 
-	points := []*Point{G, s.A, s.B, s.C, s.R, s.X, s.Y, s.Z, s.R_, s.X_, s.Y_, s.Z_}
+	points := []Bytes{G, s.A, s.B, s.C, s.R, s.X, s.Y, s.Z, s.R_, s.X_, s.Y_, s.Z_}
 	points = append(points, e1[:]...)
 	points = append(points, e2[:]...)
 	points = append(points, e3[:]...)
@@ -271,9 +271,9 @@ func (s *Statement) Proof() *Proof {
 
 func (c *Commitment) Verify(p *Proof) bool {
 	var (
-		e1, e1_ [3]*Point
-		e2, e2_ [3]*Point
-		e3, e3_ [2]*Point
+		e1, e1_ [3]Bytes
+		e2, e2_ [3]Bytes
+		e3, e3_ [2]Bytes
 	)
 	e1[0] = G.Exp(p.R1[0]).Mul(c.X.Exp(p.Ch[0]))
 	e1[1] = G.Exp(p.R1[1]).Mul(c.X_.Exp(p.Ch[0]))
@@ -297,7 +297,7 @@ func (c *Commitment) Verify(p *Proof) bool {
 	e3_[0] = c.Y.Exp(p.R3[0]).Mul(c.Z.Exp(p.Ch[2]))
 	e3_[1] = c.Y_.Exp(p.R3[1]).Mul(c.Z_.Exp(p.Ch[2]))
 
-	points := []*Point{G, c.A, c.B, c.C, c.R, c.X, c.Y, c.Z, c.R_, c.X_, c.Y_, c.Z_}
+	points := []Bytes{G, c.A, c.B, c.C, c.R, c.X, c.Y, c.Z, c.R_, c.X_, c.Y_, c.Z_}
 	points = append(points, e1[:]...)
 	points = append(points, e2[:]...)
 	points = append(points, e3[:]...)