1 files changed, 31 insertions, 28 deletions
diff --git a/nizk/stage1.go b/nizk/stage1.go
index dd4a896..228970b 100644
--- a/nizk/stage1.go
+++ b/nizk/stage1.go
@@ -2,18 +2,19 @@ package nizk
 
 import . "kesim.org/seal/common"
 
-type Stage1 struct {
+type Stage struct {
 	x *Scalar
 	y *Scalar
 	r *Scalar
 
-	com *Stage1Commitment
-	prf *Stage1Proof
+	com  *StageCommitment
+	prf1 *Stage1Proof
+	prf2 *Stage2Proof
 
 	bit *Bit
 }
 
-type Stage1Commitment struct {
+type StageCommitment struct {
 	R *Point
 	X *Point
 	Y *Point
@@ -31,16 +32,8 @@ type Stage1Proof struct {
 	Rho [2][2]*Scalar
 }
 
-func (b *Bit) Stage1() *Stage1 {
-	var x [3]*Scalar
-	for i := range x {
-		x[i] = Curve.RandomScalar()
-	}
-	return b.Stage1FromScalars(x[0], x[1], x[2])
-}
-
-func (b *Bit) Stage1FromScalars(x, y, r *Scalar) *Stage1 {
-	return &Stage1{
+func (b *Bit) stage(x, y, r *Scalar) *Stage {
+	return &Stage{
 		x: x,
 		y: y,
 		r: r,
@@ -49,7 +42,20 @@ func (b *Bit) Stage1FromScalars(x, y, r *Scalar) *Stage1 {
 	}
 }
 
-func (s *Stage1) commit() *Stage1Commitment {
+func (b *Bit) CommitStage1() (c *Stage, s *StageCommitment, p *Stage1Proof) {
+	var x [3]*Scalar
+	for i := range x {
+		x[i] = Curve.RandomScalar()
+	}
+	return b.CommitStage1FromScalars(x[0], x[1], x[2])
+}
+
+func (b *Bit) CommitStage1FromScalars(x, y, r *Scalar) (s *Stage, c *StageCommitment, p *Stage1Proof) {
+	s = b.stage(x, y, r)
+	return s, s.commit1(), s.proof1()
+}
+
+func (s *Stage) commit1() *StageCommitment {
 	if s.com != nil {
 		return s.com
 	}
@@ -60,7 +66,7 @@ func (s *Stage1) commit() *Stage1Commitment {
 		Z = G.Exp(s.x.Mul(s.y))
 	}
 
-	s.com = &Stage1Commitment{
+	s.com = &StageCommitment{
 		Z: Z,
 		X: G.Exp(s.x),
 		Y: G.Exp(s.y),
@@ -69,13 +75,13 @@ func (s *Stage1) commit() *Stage1Commitment {
 	return s.com
 }
 
-func (s *Stage1) proof() *Stage1Proof {
+func (s *Stage) proof1() *Stage1Proof {
 	var ε [2][4]*Point
 	var r1, r2, ρ1, ρ2, ω *Scalar
 	for _, s := range []**Scalar{&r1, &r2, &ρ1, &ρ2, &ω} {
 		*s = Curve.RandomScalar()
 	}
-	c := s.commit()
+	c := s.commit1()
 	bc, _ := s.bit.Commit()
 
 	if s.bit.IsSet() {
@@ -126,26 +132,23 @@ func (s *Stage1) proof() *Stage1Proof {
 		pr.Rho[1][1] = ρ2
 	}
 
+	s.prf1 = pr
 	return pr
 }
 
-func (s *Stage1) Commit() (*Stage1Commitment, *Stage1Proof) {
-	return s.commit(), s.proof()
-}
-
-func (c1 *Stage1Commitment) Verify(c *Commitment, p *Stage1Proof) bool {
+func (c *Commitment) VerifyStage1(sc *StageCommitment, p *Stage1Proof) bool {
 	var ε [2][4]*Point
 
-	ε[0][0] = G.Exp(p.Rho[0][0]).Mul(c1.X.Exp(p.Ch[0]))
+	ε[0][0] = G.Exp(p.Rho[0][0]).Mul(sc.X.Exp(p.Ch[0]))
 	ε[0][1] = G.Exp(p.Rho[0][1]).Mul(c.A.Exp(p.Ch[0]))
-	ε[0][2] = c1.Y.Exp(p.Rho[0][0]).Mul(c1.Z.Exp(p.Ch[0]))
+	ε[0][2] = sc.Y.Exp(p.Rho[0][0]).Mul(sc.Z.Exp(p.Ch[0]))
 	ε[0][3] = c.B.Exp(p.Rho[0][1]).Mul(c.C.Exp(p.Ch[0]))
-	ε[1][0] = G.Exp(p.Rho[1][0]).Mul(c1.X.Exp(p.Ch[1]))
+	ε[1][0] = G.Exp(p.Rho[1][0]).Mul(sc.X.Exp(p.Ch[1]))
 	ε[1][1] = G.Exp(p.Rho[1][1]).Mul(c.A.Exp(p.Ch[1]))
-	ε[1][2] = c1.R.Exp(p.Rho[1][0]).Mul(c1.Z.Exp(p.Ch[1]))
+	ε[1][2] = sc.R.Exp(p.Rho[1][0]).Mul(sc.Z.Exp(p.Ch[1]))
 	ε[1][3] = c.B.Exp(p.Rho[1][1]).Mul(c.C.Div(G).Exp(p.Ch[1]))
 
-	points := []Bytes{G, c.A, c.B, c.C, c1.R, c1.X, c1.Y, c1.Z}
+	points := []Bytes{G, c.A, c.B, c.C, sc.R, sc.X, sc.Y, sc.Z}
 	for _, e := range ε[0] {
 		points = append(points, e)
 	}