1 files changed, 8 insertions, 12 deletions

diff --git a/nizk/stage2.go b/nizk/stage2.go
index e6e6b34..c9ee517 100644
--- a/nizk/stage2.go
+++ b/nizk/stage2.go
@@ -1,8 +1,6 @@
 package nizk
 
 import (
-	"fmt"
-
 	. "kesim.org/seal/common"
 )
 
@@ -21,11 +19,12 @@ type Stage2Proof struct {
 	R3 [2]*Scalar
 }
 
-func (b *Bit) RevealStage2(prev *Bit, Xs ...*Point) (rv2 *StageReveal, pr *Stage2Proof, e error) {
-	s := b.Stage
-	if s == nil {
-		return nil, nil, fmt.Errorf("stage not ready")
+func (b *Bit) RevealStage2(lost bool, prev *Bit, Xs ...*Point) (rv2 *StageReveal, pr *Stage2Proof) {
+	if b.Stage == nil {
+		b.StageCommit()
 	}
+	s := b.Stage
+
 	var (
 		ε1, ε1_ [3]Bytes
 		ε2, ε2_ [3]Bytes
@@ -45,12 +44,9 @@ func (b *Bit) RevealStage2(prev *Bit, Xs ...*Point) (rv2 *StageReveal, pr *Stage
 	c1 := prev.StageCommitment
 	c2 := s.StageCommitment
 	rv1 := prev.StageReveal
-	rv2, e = b.reveal(prev.IsSet(), Xs...)
-	if e != nil {
-		return nil, nil, e
-	}
+	rv2 = b.reveal(prev.IsSet(), Xs...)
 
-	if !prev.IsSet() {
+	if lost {
 		ε1[0] = G.Exp(ρ1[0]).Mul(c2.X.Exp(ω[0]))
 		ε1[1] = G.Exp(ρ1[1]).Mul(c1.X.Exp(ω[0]))
 		ε1[2] = G.Exp(ρ1[2]).Mul(b.A.Exp(ω[0]))
@@ -180,7 +176,7 @@ func (b *Bit) RevealStage2(prev *Bit, Xs ...*Point) (rv2 *StageReveal, pr *Stage
 		}
 	}
 
-	return rv2, pr, e
+	return rv2, pr
 }
 
 func (c *Commitment) VerifyStage2(c1, c2 *StageCommitment, r1, r2 *StageReveal, p *Stage2Proof) bool {