6 files changed, 116 insertions, 23 deletions

diff --git a/nizk/commit/commit.go b/nizk/commit/commit.go
index 84ba8e5..1fa653e 100644
--- a/nizk/commit/commit.go
+++ b/nizk/commit/commit.go
@@ -13,8 +13,8 @@ import (
 
 type Statement struct {
 	bitSet bool
-	a    *Scalar
-	b    *Scalar
+	a      *Scalar
+	b      *Scalar
 	Commitment
 }
 
@@ -25,11 +25,16 @@ type Commitment struct {
 	Proof *Proof
 }
 
-func NewStatement(a, b *Scalar, bitSet bool) *Statement {
+func NewStatement(bitSet bool) *Statement {
+	a, b := Curve.RandomScalar(), Curve.RandomScalar()
+	return NewStatementFromScalars(bitSet, a, b)
+}
+
+func NewStatementFromScalars(bitSet bool, a, b *Scalar) *Statement {
 	return &Statement{
 		a:          a,
 		b:          b,
-		bitSet:       bitSet,
+		bitSet:     bitSet,
 		Commitment: commitment(a, b, bitSet),
 	}
 }
diff --git a/nizk/commit/commit_test.go b/nizk/commit/commit_test.go
index 8763706..4ea5964 100644
--- a/nizk/commit/commit_test.go
+++ b/nizk/commit/commit_test.go
@@ -7,11 +7,31 @@ import (
 )
 
 func TestStatement(t *testing.T) {
+	id := Curve.RandomScalar()
+	Id := G.Exp(id)
+
+	st1, st2 := NewStatement(true), NewStatement(false)
+	c1, c2 := st1.Commit(Id), st2.Commit(Id)
+	if !c1.Verify() {
+		t.Fatal("Could not verify st1 with c1, plus=true case")
+	}
+	if !c2.Verify() {
+		t.Fatal("Could not verify st2 with c2, plus=false case")
+	}
+
+	// Use the wrong proof
+	c2.Proof = c1.Proof
+	if c2.Verify() {
+		t.Fatal("Verify with wrong proof should have failed!")
+	}
+}
+
+func TestStatementFromScalar(t *testing.T) {
 	var α, β, id = Curve.RandomScalar(), Curve.RandomScalar(), Curve.RandomScalar()
 
 	Id := G.Exp(id)
 
-	st1, st2 := NewStatement(α, β, true), NewStatement(α, β, false)
+	st1, st2 := NewStatementFromScalars(true, α, β), NewStatementFromScalars(false, α, β)
 	c1, c2 := st1.Commit(Id), st2.Commit(Id)
 	if !c1.Verify() {
 		t.Fatal("Could not verify st1 with c1, plus=true case")
diff --git a/nizk/stage1/stage1.go b/nizk/stage1/stage1.go
index 0bd3e29..5c729c8 100644
--- a/nizk/stage1/stage1.go
+++ b/nizk/stage1/stage1.go
@@ -10,12 +10,12 @@ import (
 // for given Z, X, Y, R, C, A and B
 
 type Statement struct {
-	x    *Scalar
-	y    *Scalar
-	r    *Scalar
-	α    *Scalar
-	β    *Scalar
-	plus bool
+	x      *Scalar
+	y      *Scalar
+	r      *Scalar
+	α      *Scalar
+	β      *Scalar
+	bitSet bool
 	*Commitment
 }
 
@@ -29,22 +29,30 @@ type Commitment struct {
 	Z *Point
 }
 
-func NewStatement(x, y, r, α, β *Scalar, plus bool) *Statement {
+func NewStatement(bitSet bool) *Statement {
+	var x [5]*Scalar
+	for i := range x {
+		x[i] = Curve.RandomScalar()
+	}
+	return NewStatementFromScalars(bitSet, x[0], x[1], x[2], x[3], x[4])
+}
+
+func NewStatementFromScalars(bitSet bool, x, y, r, α, β *Scalar) *Statement {
 	return &Statement{
 		x:          x,
 		y:          y,
 		r:          r,
 		α:          α,
 		β:          β,
-		plus:       plus,
-		Commitment: commitment(x, y, r, α, β, plus),
+		bitSet:     bitSet,
+		Commitment: commitment(x, y, r, α, β, bitSet),
 	}
 }
 
-func commitment(x, y, r, α, β *Scalar, plus bool) *Commitment {
+func commitment(x, y, r, α, β *Scalar, bitSet bool) *Commitment {
 	var Z *Point
 	φ := α.Mul(β)
-	if plus {
+	if bitSet {
 		Z = G.Exp(x.Mul(r))
 		φ = φ.Add(One)
 	} else {
@@ -78,7 +86,7 @@ func (s *Statement) Proof() *Proof {
 		*s = Curve.RandomScalar()
 	}
 
-	if s.plus {
+	if s.bitSet {
 		ε[0][0] = G.Exp(r1).Mul(s.X.Exp(ω))
 		ε[0][1] = G.Exp(r2).Mul(s.A.Exp(ω))
 		ε[0][2] = s.Y.Exp(r1).Mul(s.Z.Exp(ω))
@@ -109,7 +117,7 @@ func (s *Statement) Proof() *Proof {
 	ch := Challenge(p...)
 	pr := &Proof{}
 
-	if s.plus {
+	if s.bitSet {
 		pr.Ch[0] = ω
 		pr.Ch[1] = ch.Sub(ω)
 		pr.Rho[0][0] = r1
diff --git a/nizk/stage1/stage1_test.go b/nizk/stage1/stage1_test.go
index 828dd0a..df93cdb 100644
--- a/nizk/stage1/stage1_test.go
+++ b/nizk/stage1/stage1_test.go
@@ -7,12 +7,32 @@ import (
 )
 
 func TestStatement(t *testing.T) {
+	st1 := NewStatement(true)
+	st2 := NewStatement(false)
+
+	c1, c2 := st1.Commit(), st2.Commit()
+	pr1, pr2 := st1.Proof(), st2.Proof()
+	if !c1.Verify(pr1) {
+		t.Fatal("Could not verify st1 with c1 and pr1, plus=true case")
+	}
+	if !c2.Verify(pr2) {
+		t.Fatal("Could not verify st2 with c2 and pr2, plus=false case")
+	}
+	// Wrong proof test
+	if c1.Verify(pr2) {
+		t.Fatal("Shouldn't be able to verify c1 with pr2")
+	}
+}
+
+func TestStatementFromScalars(t *testing.T) {
 	var x, y, r, α, β *Scalar
 	for _, s := range []**Scalar{&x, &y, &r, &α, &β} {
 		*s = Curve.RandomScalar()
 	}
 
-	st1, st2 := NewStatement(x, y, r, α, β, true), NewStatement(x, y, r, α, β, false)
+	st1 := NewStatementFromScalars(true, x, y, r, α, β)
+	st2 := NewStatementFromScalars(false, x, y, r, α, β)
+
 	c1, c2 := st1.Commit(), st2.Commit()
 	pr1, pr2 := st1.Proof(), st2.Proof()
 	if !c1.Verify(pr1) {
@@ -21,4 +41,8 @@ func TestStatement(t *testing.T) {
 	if !c2.Verify(pr2) {
 		t.Fatal("Could not verify st2 with c2 and pr2, plus=false case")
 	}
+	// Wrong proof test
+	if c1.Verify(pr2) {
+		t.Fatal("Shouldn't be able to verify c1 with pr2")
+	}
 }
diff --git a/nizk/stage2/stage2.go b/nizk/stage2/stage2.go
index a17000f..88bfa59 100644
--- a/nizk/stage2/stage2.go
+++ b/nizk/stage2/stage2.go
@@ -47,7 +47,16 @@ type Commitment struct {
 	Z_ *Point
 }
 
-func NewStatement(typ Type, a, b, r, x, y, r_, x_, y_ *Scalar) *Statement {
+func NewStatement(typ Type) *Statement {
+	var s [8]*Scalar
+	for i := range s {
+		s[i] = Curve.RandomScalar()
+	}
+
+	return NewStatementFromScalars(typ, s[0], s[1], s[2], s[3], s[4], s[5], s[6], s[7])
+}
+
+func NewStatementFromScalars(typ Type, a, b, r, x, y, r_, x_, y_ *Scalar) *Statement {
 	if typ > Set || typ < None {
 		panic("unknown type")
 	}
diff --git a/nizk/stage2/stage2_test.go b/nizk/stage2/stage2_test.go
index e4e6e5c..a33a468 100644
--- a/nizk/stage2/stage2_test.go
+++ b/nizk/stage2/stage2_test.go
@@ -7,16 +7,43 @@ import (
 )
 
 func TestVerification(t *testing.T) {
+	var st [3]*Statement
+	for i, typ := range []Type{None, Unset, Set} {
+		st[i] = NewStatement(typ)
+		c, p := st[i].Commit(), st[i].Proof()
+		if !c.Verify(p) {
+			t.Fatalf("Couldn't verify proof for %v, case %d\n", typ, i)
+		}
+	}
+
+	for _, ind := range [][2]int{{0, 1}, {1, 2}, {2, 0}} {
+		c, p := st[ind[0]].Commit(), st[ind[1]].Proof()
+		if c.Verify(p) {
+			t.Fatalf("Shouldn't be able to verify %d with proof %d", ind[0], ind[1])
+		}
+	}
+}
+
+func TestVerificationFromScalar(t *testing.T) {
 	var s [8]*Scalar
+	var st [3]*Statement
+
 	for i := range s {
 		s[i] = Curve.RandomScalar()
 	}
 
 	for i, typ := range []Type{None, Unset, Set} {
-		st := NewStatement(typ, s[0], s[1], s[2], s[3], s[4], s[5], s[6], s[7])
-		c, p := st.Commit(), st.Proof()
+		st[i] = NewStatementFromScalars(typ, s[0], s[1], s[2], s[3], s[4], s[5], s[6], s[7])
+		c, p := st[i].Commit(), st[i].Proof()
 		if !c.Verify(p) {
 			t.Fatalf("Couldn't verify proof for %v, case %d\n", typ, i)
 		}
 	}
-}
\ No newline at end of file
+
+	for _, ind := range [][2]int{{0, 1}, {1, 2}, {2, 1}, {2, 0}} {
+		c, p := st[ind[0]].Commit(), st[ind[1]].Proof()
+		if c.Verify(p) {
+			t.Fatalf("Shouldn't be able to verify %d with proof %d", ind[0], ind[1])
+		}
+	}
+}