11 files changed, 93 insertions, 98 deletions
diff --git a/auction.go b/auction.go
index 053acdd..cf46acc 100644
--- a/auction.go
+++ b/auction.go
@@ -11,8 +11,7 @@ import (
 	"log/slog"
 	"time"
 
-	"kesim.org/seal/nizk/commit"
-	"kesim.org/seal/nizk/stage1"
+	"kesim.org/seal/nizk"
 )
 
 type Type int
@@ -112,13 +111,13 @@ type auction struct {
 	observer Observer
 
 	// The commitments we received from the bidders.
-	bidders map[string][]*commit.Commitment
+	bidders map[string][]*nizk.Commitment
 
 	// sorted list of the bidders.
 	bidder_ids []string
 
 	// Stage 1 data per round
-	stage1 []*stage1.Statement
+	stage1 []*nizk.Stage1
 
 	log *slog.Logger
 }
diff --git a/nizk/nizk.go b/common/common.go
index a8bdaae..d72daaf 100644
--- a/nizk/nizk.go
+++ b/common/common.go
@@ -1,4 +1,4 @@
-package nizk
+package common
 
 import (
 	"crypto/sha512"
diff --git a/dashboard/dashboard.go b/dashboard/dashboard.go
index 6f384f9..b26277d 100644
--- a/dashboard/dashboard.go
+++ b/dashboard/dashboard.go
@@ -7,7 +7,7 @@ import (
 	"encoding/json"
 
 	"kesim.org/seal"
-	"kesim.org/seal/nizk/commit"
+	"kesim.org/seal/nizk"
 )
 
 type Dashboard interface {
@@ -27,7 +27,7 @@ type SignedMessage struct {
 }
 
 type SignedCommitment struct {
-	*commit.Commitment
+	*nizk.Commitment
 	Signature []byte
 }
 
@@ -131,4 +131,4 @@ func (s *SignedCommitment) Verify(pubkey ed25519.PublicKey) bool {
 
 func Pub2String(pubkey ed25519.PublicKey) string {
 	return base32.StdEncoding.EncodeToString(pubkey)
-}
-\ No newline at end of file
+}
diff --git a/nizk/commit/commit.go b/nizk/commit.go
index 49690f2..7f46d36 100644
--- a/nizk/commit/commit.go
+++ b/nizk/commit.go
@@ -1,7 +1,7 @@
-package commit
+package nizk
 
 import (
-	. "kesim.org/seal/nizk"
+	. "kesim.org/seal/common"
 	"kesim.org/seal/nizk/schnorr"
 )
 
@@ -15,7 +15,6 @@ type Bid struct {
 	bitSet bool
 	α      *Scalar
 	β      *Scalar
-	Commitment
 }
 
 type Commitment struct {
@@ -31,14 +30,13 @@ func NewBid(bitSet bool) *Bid {
 
 func NewBidFromScalars(bitSet bool, α, β *Scalar) *Bid {
 	return &Bid{
-		α:          α,
-		β:          β,
-		bitSet:     bitSet,
-		Commitment: commitment(α, β, bitSet),
+		α:      α,
+		β:      β,
+		bitSet: bitSet,
 	}
 }
 
-func commitment(α, β *Scalar, bitSet bool) Commitment {
+func commitment(α, β *Scalar, bitSet bool) *Commitment {
 	var C *Point
 	c := α.Mul(β)
 
@@ -47,17 +45,13 @@ func commitment(α, β *Scalar, bitSet bool) Commitment {
 	} else {
 		C = G.Exp(c)
 	}
-	return Commitment{
+	return &Commitment{
 		C: C,
 		A: G.Exp(α),
 		B: G.Exp(β),
 	}
 }
 
-func (s *Bid) Commit(id Bytes) (*Commitment, *Proof) {
-	return &s.Commitment, s.Proof(id)
-}
-
 type Proof struct {
 	Id Bytes
 	A  *schnorr.Proof // Proof for knowledge of α in A = G^α
@@ -68,7 +62,7 @@ type Proof struct {
 	}
 }
 
-func (s *Bid) Proof(id Bytes) *Proof {
+func (s *Bid) proof(id Bytes, c *Commitment) *Proof {
 	var e [2][2]*Point
 	var r1, r2, w *Scalar
 	r1 = Curve.RandomScalar()
@@ -77,17 +71,17 @@ func (s *Bid) Proof(id Bytes) *Proof {
 
 	if s.bitSet {
 		e[0][0] = G.Exp(r1)
-		e[0][1] = s.B.Exp(r1).Mul(G.Exp(w))
+		e[0][1] = c.B.Exp(r1).Mul(G.Exp(w))
 		e[1][0] = G.Exp(r2)
-		e[1][1] = s.B.Exp(r2)
+		e[1][1] = c.B.Exp(r2)
 	} else {
 		e[0][0] = G.Exp(r1)
-		e[0][1] = s.B.Exp(r1)
-		e[1][0] = G.Exp(r2).Mul(s.A.Exp(w))
-		e[1][1] = s.B.Exp(r2).Mul(s.C.Div(G).Exp(w))
+		e[0][1] = c.B.Exp(r1)
+		e[1][0] = G.Exp(r2).Mul(c.A.Exp(w))
+		e[1][1] = c.B.Exp(r2).Mul(c.C.Div(G).Exp(w))
 	}
 
-	ch := Challenge(G, s.C, s.A, s.B, e[0][0], e[0][1], e[1][0], e[1][1], id)
+	ch := Challenge(G, c.C, c.A, c.B, e[0][0], e[0][1], e[1][0], e[1][1], id)
 	pr := &Proof{Id: id}
 
 	if s.bitSet {
@@ -107,6 +101,11 @@ func (s *Bid) Proof(id Bytes) *Proof {
 	return pr
 }
 
+func (s *Bid) Commit(id Bytes) (*Commitment, *Proof) {
+	c := commitment(s.α, s.β, s.bitSet)
+	return c, s.proof(id, c)
+}
+
 func (c *Commitment) Verify(p *Proof) bool {
 	var e [2][2]*Point
 
diff --git a/nizk/commit/commit_test.go b/nizk/commit_test.go
index 111ab68..32d337b 100644
--- a/nizk/commit/commit_test.go
+++ b/nizk/commit_test.go
@@ -1,9 +1,9 @@
-package commit
+package nizk
 
 import (
 	"testing"
 
-	. "kesim.org/seal/nizk"
+	. "kesim.org/seal/common"
 )
 
 func TestStatement(t *testing.T) {
diff --git a/nizk/schnorr/schnorr.go b/nizk/schnorr/schnorr.go
index 124155a..ad42770 100644
--- a/nizk/schnorr/schnorr.go
+++ b/nizk/schnorr/schnorr.go
@@ -3,7 +3,7 @@
 package schnorr
 
 import (
-	. "kesim.org/seal/nizk"
+	. "kesim.org/seal/common"
 )
 
 type Statement Scalar
@@ -74,4 +74,4 @@ func (c *Commitment) Verify(p *Proof, id Bytes) bool {
 
 	// Return true if g^v == g^r*g^(x*h)
 	return p.V.Equal(grgxh)
-}
-\ No newline at end of file
+}
diff --git a/nizk/schnorr/schnorr_test.go b/nizk/schnorr/schnorr_test.go
index ca541de..2adec8e 100644
--- a/nizk/schnorr/schnorr_test.go
+++ b/nizk/schnorr/schnorr_test.go
@@ -3,7 +3,7 @@ package schnorr
 import (
 	"testing"
 
-	. "kesim.org/seal/nizk"
+	. "kesim.org/seal/common"
 )
 
 func TestSchnorr(t *testing.T) {
@@ -31,4 +31,4 @@ func TestSchnorr(t *testing.T) {
 	if c.Verify(pr, ID.Exp(a)) {
 		t.Fatal("Verification didn't fail!")
 	}
-}
-\ No newline at end of file
+}
diff --git a/nizk/stage1/stage1.go b/nizk/stage1.go
index 5c729c8..7e28ca9 100644
--- a/nizk/stage1/stage1.go
+++ b/nizk/stage1.go
@@ -1,25 +1,22 @@
-package stage1
+package nizk
 
-import (
-	. "kesim.org/seal/nizk"
-)
+import . "kesim.org/seal/common"
 
 // Implements the proof and verification of statements of the following form:
 //     [ Z=g^(xy) && X=g^x && Y=g^y && C=g^(αβ)   && A=g^α && B=g^β ]
 //	|| [ Z=g^(xr) && X=g^x && R=g^r && C=g^(αβ+1) && A=g^α && B=g^β ]
 // for given Z, X, Y, R, C, A and B
 
-type Statement struct {
+type Stage1 struct {
 	x      *Scalar
 	y      *Scalar
 	r      *Scalar
 	α      *Scalar
 	β      *Scalar
 	bitSet bool
-	*Commitment
 }
 
-type Commitment struct {
+type Stage1Commitment struct {
 	A *Point
 	B *Point
 	C *Point
@@ -29,57 +26,52 @@ type Commitment struct {
 	Z *Point
 }
 
-func NewStatement(bitSet bool) *Statement {
+func NewStage1(bitSet bool) *Stage1 {
 	var x [5]*Scalar
 	for i := range x {
 		x[i] = Curve.RandomScalar()
 	}
-	return NewStatementFromScalars(bitSet, x[0], x[1], x[2], x[3], x[4])
+	return NewStage1FromScalars(bitSet, x[0], x[1], x[2], x[3], x[4])
 }
 
-func NewStatementFromScalars(bitSet bool, x, y, r, α, β *Scalar) *Statement {
-	return &Statement{
-		x:          x,
-		y:          y,
-		r:          r,
-		α:          α,
-		β:          β,
-		bitSet:     bitSet,
-		Commitment: commitment(x, y, r, α, β, bitSet),
+func NewStage1FromScalars(bitSet bool, x, y, r, α, β *Scalar) *Stage1 {
+	return &Stage1{
+		x:      x,
+		y:      y,
+		r:      r,
+		α:      α,
+		β:      β,
+		bitSet: bitSet,
 	}
 }
 
-func commitment(x, y, r, α, β *Scalar, bitSet bool) *Commitment {
+func (s *Stage1) commit() *Stage1Commitment {
 	var Z *Point
-	φ := α.Mul(β)
-	if bitSet {
-		Z = G.Exp(x.Mul(r))
+	φ := s.α.Mul(s.β)
+	if s.bitSet {
+		Z = G.Exp(s.x.Mul(s.r))
 		φ = φ.Add(One)
 	} else {
-		Z = G.Exp(x.Mul(y))
+		Z = G.Exp(s.x.Mul(s.y))
 	}
 
-	return &Commitment{
+	return &Stage1Commitment{
 		Z: Z,
-		X: G.Exp(x),
-		Y: G.Exp(y),
-		R: G.Exp(r),
-		A: G.Exp(α),
-		B: G.Exp(β),
+		X: G.Exp(s.x),
+		Y: G.Exp(s.y),
+		R: G.Exp(s.r),
+		A: G.Exp(s.α),
+		B: G.Exp(s.β),
 		C: G.Exp(φ),
 	}
 }
 
-func (s *Statement) Commit() *Commitment {
-	return s.Commitment
-}
-
-type Proof struct {
+type Stage1Proof struct {
 	Ch  [2]*Scalar
 	Rho [2][2]*Scalar
 }
 
-func (s *Statement) Proof() *Proof {
+func (s *Stage1) proof(c *Stage1Commitment) *Stage1Proof {
 	var ε [2][4]*Point
 	var r1, r2, ρ1, ρ2, ω *Scalar
 	for _, s := range []**Scalar{&r1, &r2, &ρ1, &ρ2, &ω} {
@@ -87,26 +79,26 @@ func (s *Statement) Proof() *Proof {
 	}
 
 	if s.bitSet {
-		ε[0][0] = G.Exp(r1).Mul(s.X.Exp(ω))
-		ε[0][1] = G.Exp(r2).Mul(s.A.Exp(ω))
-		ε[0][2] = s.Y.Exp(r1).Mul(s.Z.Exp(ω))
-		ε[0][3] = s.B.Exp(r2).Mul(s.C.Exp(ω))
+		ε[0][0] = G.Exp(r1).Mul(c.X.Exp(ω))
+		ε[0][1] = G.Exp(r2).Mul(c.A.Exp(ω))
+		ε[0][2] = c.Y.Exp(r1).Mul(c.Z.Exp(ω))
+		ε[0][3] = c.B.Exp(r2).Mul(c.C.Exp(ω))
 		ε[1][0] = G.Exp(ρ1)
 		ε[1][1] = G.Exp(ρ2)
-		ε[1][2] = s.R.Exp(ρ1)
-		ε[1][3] = s.B.Exp(ρ2)
+		ε[1][2] = c.R.Exp(ρ1)
+		ε[1][3] = c.B.Exp(ρ2)
 	} else {
 		ε[0][0] = G.Exp(r1)
 		ε[0][1] = G.Exp(r2)
-		ε[0][2] = s.Y.Exp(r1)
-		ε[0][3] = s.B.Exp(r2)
-		ε[1][0] = G.Exp(ρ1).Mul(s.X.Exp(ω))
-		ε[1][1] = G.Exp(ρ2).Mul(s.A.Exp(ω))
-		ε[1][2] = s.R.Exp(ρ1).Mul(s.Z.Exp(ω))
-		ε[1][3] = s.B.Exp(ρ2).Mul(s.C.Div(G).Exp(ω))
+		ε[0][2] = c.Y.Exp(r1)
+		ε[0][3] = c.B.Exp(r2)
+		ε[1][0] = G.Exp(ρ1).Mul(c.X.Exp(ω))
+		ε[1][1] = G.Exp(ρ2).Mul(c.A.Exp(ω))
+		ε[1][2] = c.R.Exp(ρ1).Mul(c.Z.Exp(ω))
+		ε[1][3] = c.B.Exp(ρ2).Mul(c.C.Div(G).Exp(ω))
 	}
 
-	p := []Bytes{G, s.A, s.B, s.C, s.R, s.X, s.Y, s.Z}
+	p := []Bytes{G, c.A, c.B, c.C, c.R, c.X, c.Y, c.Z}
 	for _, e := range ε[0] {
 		p = append(p, e)
 	}
@@ -115,7 +107,7 @@ func (s *Statement) Proof() *Proof {
 	}
 
 	ch := Challenge(p...)
-	pr := &Proof{}
+	pr := &Stage1Proof{}
 
 	if s.bitSet {
 		pr.Ch[0] = ω
@@ -136,7 +128,12 @@ func (s *Statement) Proof() *Proof {
 	return pr
 }
 
-func (c *Commitment) Verify(p *Proof) bool {
+func (s *Stage1) Commit() (*Stage1Commitment, *Stage1Proof) {
+	c := s.commit()
+	return c, s.proof(c)
+}
+
+func (c *Stage1Commitment) Verify(p *Stage1Proof) bool {
 	var ε [2][4]*Point
 
 	ε[0][0] = G.Exp(p.Rho[0][0]).Mul(c.X.Exp(p.Ch[0]))
diff --git a/nizk/stage1/stage1_test.go b/nizk/stage1_test.go
index df93cdb..c429e69 100644
--- a/nizk/stage1/stage1_test.go
+++ b/nizk/stage1_test.go
@@ -1,17 +1,17 @@
-package stage1
+package nizk
 
 import (
 	"testing"
 
-	. "kesim.org/seal/nizk"
+	. "kesim.org/seal/common"
 )
 
-func TestStatement(t *testing.T) {
-	st1 := NewStatement(true)
-	st2 := NewStatement(false)
+func TestStage1(t *testing.T) {
+	st1 := NewStage1(true)
+	st2 := NewStage1(false)
 
-	c1, c2 := st1.Commit(), st2.Commit()
-	pr1, pr2 := st1.Proof(), st2.Proof()
+	c1, pr1 := st1.Commit()
+	c2, pr2 := st2.Commit()
 	if !c1.Verify(pr1) {
 		t.Fatal("Could not verify st1 with c1 and pr1, plus=true case")
 	}
@@ -24,17 +24,17 @@ func TestStatement(t *testing.T) {
 	}
 }
 
-func TestStatementFromScalars(t *testing.T) {
+func TestStage1FromScalars(t *testing.T) {
 	var x, y, r, α, β *Scalar
 	for _, s := range []**Scalar{&x, &y, &r, &α, &β} {
 		*s = Curve.RandomScalar()
 	}
 
-	st1 := NewStatementFromScalars(true, x, y, r, α, β)
-	st2 := NewStatementFromScalars(false, x, y, r, α, β)
+	st1 := NewStage1FromScalars(true, x, y, r, α, β)
+	st2 := NewStage1FromScalars(false, x, y, r, α, β)
 
-	c1, c2 := st1.Commit(), st2.Commit()
-	pr1, pr2 := st1.Proof(), st2.Proof()
+	c1, pr1 := st1.Commit()
+	c2, pr2 := st2.Commit()
 	if !c1.Verify(pr1) {
 		t.Fatal("Could not verify st1 with c1 and pr1, plus=true case")
 	}
diff --git a/nizk/stage2/stage2.go b/nizk/stage2/stage2.go
index 88bfa59..d4d2716 100644
--- a/nizk/stage2/stage2.go
+++ b/nizk/stage2/stage2.go
@@ -1,7 +1,7 @@
 package stage2
 
 import (
-	. "kesim.org/seal/nizk"
+	. "kesim.org/seal/common"
 )
 
 // Implements the proof and verification of a statement of the following form:
diff --git a/nizk/stage2/stage2_test.go b/nizk/stage2/stage2_test.go
index a33a468..fadcc45 100644
--- a/nizk/stage2/stage2_test.go
+++ b/nizk/stage2/stage2_test.go
@@ -3,7 +3,7 @@ package stage2
 import (
 	"testing"
 
-	. "kesim.org/seal/nizk"
+	. "kesim.org/seal/common"
 )
 
 func TestVerification(t *testing.T) {