1 files changed, 14 insertions, 9 deletions

diff --git a/nizk/stage2/stage2.go b/nizk/stage2/stage2.go
index 42f69e5..85d4b10 100644
--- a/nizk/stage2/stage2.go
+++ b/nizk/stage2/stage2.go
@@ -4,8 +4,13 @@ import (
 	. "kesim.org/seal/nizk"
 )
 
-// Implements the proof and verification of statements of the following form:
-// TODO
+// Implements the proof and verification of a statement of the following form:
+//
+//    ( Z=g^(x*y) && X=g^x && Y=g^y && Z_=g^(x_*y_) && X_=g^x_ && Y_=g^y_ )	// case "none"
+// || ( Z=g^(x*y) && X=g^x && Y=g^y && Z_=g^(x_*r_) && X_=g^x_ && R_=g^r_ && C=g^(a*b)   && A=g^a && B=g^b ) // case "unset"
+// || ( Z=g^(x*r) && X=g^x && R=g^r && Z_=g^(x_*r_) && X_=g^x_ && R_=g^r_ && C=g^(a*b+1) && A=g^a && B=g^b ) // case "set"
+//
+// for given A, B, C, R, X, Y, Z, R_, X_, Y_, Z_ on the curve
 
 type Type int
 
@@ -19,12 +24,12 @@ type Statement struct {
 	typ Type
 	a   *Scalar
 	b   *Scalar
+	r   *Scalar
 	x   *Scalar
 	y   *Scalar
-	r   *Scalar
+	r_  *Scalar
 	x_  *Scalar
 	y_  *Scalar
-	r_  *Scalar
 	*Commitment
 }
 
@@ -42,7 +47,7 @@ type Commitment struct {
 	Z_ *Point
 }
 
-func NewStatement(typ Type, a, b, x, y, r, x_, y_, r_ *Scalar) *Statement {
+func NewStatement(typ Type, a, b, r, x, y, r_, x_, y_ *Scalar) *Statement {
 	if typ > Set || typ < None {
 		panic("unknown type")
 	}
@@ -51,17 +56,17 @@ func NewStatement(typ Type, a, b, x, y, r, x_, y_, r_ *Scalar) *Statement {
 		typ:        typ,
 		a:          a,
 		b:          b,
+		r:          r,
 		x:          x,
 		y:          y,
-		r:          r,
+		r_:         r_,
 		x_:         x_,
 		y_:         y_,
-		r_:         r_,
-		Commitment: commitment(typ, a, b, x, y, r, x_, y_, r_),
+		Commitment: commitment(typ, a, b, r, x, y, r_, x_, y_),
 	}
 }
 
-func commitment(typ Type, a, b, x, y, r, x_, y_, r_ *Scalar) *Commitment {
+func commitment(typ Type, a, b, r, x, y, r_, x_, y_ *Scalar) *Commitment {
 	var Z, Z_ *Point
 	c := a.Mul(b)