1 files changed, 28 insertions, 23 deletions

diff --git a/nizk/stage2.go b/nizk/stage2.go
index 37cd8c1..e6e6b34 100644
--- a/nizk/stage2.go
+++ b/nizk/stage2.go
@@ -1,6 +1,8 @@
 package nizk
 
 import (
+	"fmt"
+
 	. "kesim.org/seal/common"
 )
 
@@ -19,7 +21,11 @@ type Stage2Proof struct {
 	R3 [2]*Scalar
 }
 
-func (s *Stage) RevealStage2(prev_true bool, prev *Stage, Xs ...*Point) (rv2 *StageReveal, pr *Stage2Proof, e error) {
+func (b *Bit) RevealStage2(prev *Bit, Xs ...*Point) (rv2 *StageReveal, pr *Stage2Proof, e error) {
+	s := b.Stage
+	if s == nil {
+		return nil, nil, fmt.Errorf("stage not ready")
+	}
 	var (
 		ε1, ε1_ [3]Bytes
 		ε2, ε2_ [3]Bytes
@@ -36,31 +42,30 @@ func (s *Stage) RevealStage2(prev_true bool, prev *Stage, Xs ...*Point) (rv2 *St
 		}
 	}
 
-	bc := s.bit.com
-	c1 := prev.com
-	c2 := s.com
-	rv1 := prev.rev
-	rv2, e = s.reveal(prev_true, Xs...)
+	c1 := prev.StageCommitment
+	c2 := s.StageCommitment
+	rv1 := prev.StageReveal
+	rv2, e = b.reveal(prev.IsSet(), Xs...)
 	if e != nil {
 		return nil, nil, e
 	}
 
-	if !prev_true {
+	if !prev.IsSet() {
 		ε1[0] = G.Exp(ρ1[0]).Mul(c2.X.Exp(ω[0]))
 		ε1[1] = G.Exp(ρ1[1]).Mul(c1.X.Exp(ω[0]))
-		ε1[2] = G.Exp(ρ1[2]).Mul(bc.A.Exp(ω[0]))
+		ε1[2] = G.Exp(ρ1[2]).Mul(b.A.Exp(ω[0]))
 
 		ε1_[0] = c2.R.Exp(ρ1[0]).Mul(rv2.Z.Exp(ω[0]))
 		ε1_[1] = c1.R.Exp(ρ1[1]).Mul(rv1.Z.Exp(ω[0]))
-		ε1_[2] = bc.B.Exp(ρ1[2]).Mul(bc.C.Div(G).Exp(ω[0]))
+		ε1_[2] = b.B.Exp(ρ1[2]).Mul(b.C.Div(G).Exp(ω[0]))
 
 		ε2[0] = G.Exp(ρ2[0]).Mul(c2.X.Exp(ω[1]))
 		ε2[1] = G.Exp(ρ2[1]).Mul(c1.X.Exp(ω[1]))
-		ε2[2] = G.Exp(ρ2[2]).Mul(bc.A.Exp(ω[1]))
+		ε2[2] = G.Exp(ρ2[2]).Mul(b.A.Exp(ω[1]))
 
 		ε2_[0] = rv2.Y.Exp(ρ2[0]).Mul(rv2.Z.Exp(ω[1]))
 		ε2_[1] = c1.R.Exp(ρ2[1]).Mul(rv1.Z.Exp(ω[1]))
-		ε2_[2] = bc.B.Exp(ρ2[2]).Mul(bc.C.Exp(ω[1]))
+		ε2_[2] = b.B.Exp(ρ2[2]).Mul(b.C.Exp(ω[1]))
 
 		ε3[0] = G.Exp(ρ3[0])
 		ε3[1] = G.Exp(ρ3[1])
@@ -68,22 +73,22 @@ func (s *Stage) RevealStage2(prev_true bool, prev *Stage, Xs ...*Point) (rv2 *St
 		ε3_[0] = rv2.Y.Exp(ρ3[0])
 		ε3_[1] = rv1.Y.Exp(ρ3[1])
 	} else {
-		if s.bit.IsSet() {
+		if b.IsSet() {
 			ε1[0] = G.Exp(ρ1[0])
 			ε1[1] = G.Exp(ρ1[1])
 			ε1[2] = G.Exp(ρ1[2])
 
 			ε1_[0] = c2.R.Exp(ρ1[0])
 			ε1_[1] = c1.R.Exp(ρ1[1])
-			ε1_[2] = bc.B.Exp(ρ1[2])
+			ε1_[2] = b.B.Exp(ρ1[2])
 
 			ε2[0] = G.Exp(ρ2[0]).Mul(c2.X.Exp(ω[0]))
 			ε2[1] = G.Exp(ρ2[1]).Mul(c1.X.Exp(ω[0]))
-			ε2[2] = G.Exp(ρ2[2]).Mul(bc.A.Exp(ω[0]))
+			ε2[2] = G.Exp(ρ2[2]).Mul(b.A.Exp(ω[0]))
 
 			ε2_[0] = rv2.Y.Exp(ρ2[0]).Mul(rv2.Z.Exp(ω[0]))
 			ε2_[1] = c1.R.Exp(ρ2[1]).Mul(rv1.Z.Exp(ω[0]))
-			ε2_[2] = bc.B.Exp(ρ2[2]).Mul(bc.C.Exp(ω[0]))
+			ε2_[2] = b.B.Exp(ρ2[2]).Mul(b.C.Exp(ω[0]))
 
 			ε3[0] = G.Exp(ρ3[0]).Mul(c2.X.Exp(ω[1]))
 			ε3[1] = G.Exp(ρ3[1]).Mul(c1.X.Exp(ω[1]))
@@ -93,11 +98,11 @@ func (s *Stage) RevealStage2(prev_true bool, prev *Stage, Xs ...*Point) (rv2 *St
 		} else {
 			ε1[0] = G.Exp(ρ1[0]).Mul(c2.X.Exp(ω[0]))
 			ε1[1] = G.Exp(ρ1[1]).Mul(c1.X.Exp(ω[0]))
-			ε1[2] = G.Exp(ρ1[2]).Mul(bc.A.Exp(ω[0]))
+			ε1[2] = G.Exp(ρ1[2]).Mul(b.A.Exp(ω[0]))
 
 			ε1_[0] = c2.R.Exp(ρ1[0]).Mul(rv2.Z.Exp(ω[0]))
 			ε1_[1] = c1.R.Exp(ρ1[1]).Mul(rv1.Z.Exp(ω[0]))
-			ε1_[2] = bc.B.Exp(ρ1[2]).Mul(bc.C.Div(G).Exp(ω[0]))
+			ε1_[2] = b.B.Exp(ρ1[2]).Mul(b.C.Div(G).Exp(ω[0]))
 
 			ε2[0] = G.Exp(ρ2[0])
 			ε2[1] = G.Exp(ρ2[1])
@@ -105,7 +110,7 @@ func (s *Stage) RevealStage2(prev_true bool, prev *Stage, Xs ...*Point) (rv2 *St
 
 			ε2_[0] = rv2.Y.Exp(ρ2[0])
 			ε2_[1] = c1.R.Exp(ρ2[1])
-			ε2_[2] = bc.B.Exp(ρ2[2])
+			ε2_[2] = b.B.Exp(ρ2[2])
 
 			ε3[0] = G.Exp(ρ3[0]).Mul(c2.X.Exp(ω[1]))
 			ε3[1] = G.Exp(ρ3[1]).Mul(c1.X.Exp(ω[1]))
@@ -115,7 +120,7 @@ func (s *Stage) RevealStage2(prev_true bool, prev *Stage, Xs ...*Point) (rv2 *St
 		}
 	}
 
-	points := []Bytes{G, bc.A, bc.B, bc.C, c2.R, c2.X, rv2.Y, rv2.Z, c1.R, c1.X, rv1.Y, rv1.Z}
+	points := []Bytes{G, b.A, b.B, b.C, c2.R, c2.X, rv2.Y, rv2.Z, c1.R, c1.X, rv1.Y, rv1.Z}
 	points = append(points, ε1[:]...)
 	points = append(points, ε2[:]...)
 	points = append(points, ε3[:]...)
@@ -126,7 +131,7 @@ func (s *Stage) RevealStage2(prev_true bool, prev *Stage, Xs ...*Point) (rv2 *St
 	ch := Challenge(points...)
 	pr = &Stage2Proof{}
 
-	if !prev_true {
+	if !prev.IsSet() {
 		pr.Ch[0] = ω[0]
 		pr.Ch[1] = ω[1]
 		pr.Ch[2] = ch.Sub(ω[0]).Sub(ω[1])
@@ -142,14 +147,14 @@ func (s *Stage) RevealStage2(prev_true bool, prev *Stage, Xs ...*Point) (rv2 *St
 		pr.R3[0] = ρ3[0].Sub(s.x.Mul(pr.Ch[2]))
 		pr.R3[1] = ρ3[1].Sub(prev.x.Mul(pr.Ch[2]))
 	} else {
-		if s.bit.IsSet() {
+		if b.IsSet() {
 			pr.Ch[0] = ch.Sub(ω[0]).Sub(ω[1])
 			pr.Ch[1] = ω[0]
 			pr.Ch[2] = ω[1]
 
 			pr.R1[0] = ρ1[0].Sub(s.x.Mul(pr.Ch[0]))
 			pr.R1[1] = ρ1[1].Sub(prev.x.Mul(pr.Ch[0]))
-			pr.R1[2] = ρ1[2].Sub(s.bit.α.Mul(pr.Ch[0]))
+			pr.R1[2] = ρ1[2].Sub(b.α.Mul(pr.Ch[0]))
 
 			pr.R2[0] = ρ2[0]
 			pr.R2[1] = ρ2[1]
@@ -168,7 +173,7 @@ func (s *Stage) RevealStage2(prev_true bool, prev *Stage, Xs ...*Point) (rv2 *St
 
 			pr.R2[0] = ρ2[0].Sub(s.x.Mul(pr.Ch[1]))
 			pr.R2[1] = ρ2[1].Sub(prev.x.Mul(pr.Ch[1]))
-			pr.R2[2] = ρ2[2].Sub(s.bit.α.Mul(pr.Ch[1]))
+			pr.R2[2] = ρ2[2].Sub(b.α.Mul(pr.Ch[1]))
 
 			pr.R3[0] = ρ3[0]
 			pr.R3[1] = ρ3[1]