From de44f1a28bc8d14f5ae1aecc11edc0624a330ec4 Mon Sep 17 00:00:00 2001
From: Özgür Kesim <oec@codeblau.de>
Date: Fri, 15 Nov 2024 10:57:43 +0100
Subject: simplify NewBit signature

---
 nizk/commit.go      | 27 ++++++++++++++-------------
 nizk/commit_test.go | 24 ++++++++++++------------
 nizk/stage1.go      |  2 +-
 nizk/stage1_test.go | 26 +++++++++++++-------------
 nizk/stage2.go      |  7 +++----
 nizk/stage2_test.go | 38 +++++++++++++++++++++++++++++++-------
 6 files changed, 74 insertions(+), 50 deletions(-)

diff --git a/nizk/commit.go b/nizk/commit.go
index ecb1568..93c730f 100644
--- a/nizk/commit.go
+++ b/nizk/commit.go
@@ -12,7 +12,7 @@ type Bit struct {
 	β   *Scalar
 
 	*Commitment
-	prf *Proof
+	Proof *Proof
 
 	*Stage
 }
@@ -38,28 +38,30 @@ type Proof struct {
 	}
 }
 
-func NewBit(id Bytes, set bool) (*Bit, *Commitment, *Proof) {
+func NewBit(id Bytes, set bool) *Bit {
 	α, β := Curve.RandomScalar(), Curve.RandomScalar()
 	return NewBitFromScalars(id, set, α, β)
 }
 
-func NewBitFromScalars(id Bytes, set bool, α, β *Scalar) (*Bit, *Commitment, *Proof) {
+func NewBitFromScalars(id Bytes, set bool, α, β *Scalar) *Bit {
 	b := &Bit{
 		id:  id,
 		set: set,
 		α:   α,
 		β:   β,
 	}
-	return b, b.commit(), b.proof()
+	b.commit()
+	b.proof()
+	return b
 }
 
 func (b *Bit) IsSet() bool {
 	return b.set
 }
 
-func (b *Bit) commit() *Commitment {
+func (b *Bit) commit() {
 	if b.Commitment != nil {
-		return b.Commitment
+		return
 	}
 
 	var C *Point
@@ -75,12 +77,11 @@ func (b *Bit) commit() *Commitment {
 		A: G.Exp(b.α),
 		B: G.Exp(b.β),
 	}
-	return b.Commitment
 }
 
-func (s *Bit) proof() *Proof {
-	if s.prf != nil {
-		return s.prf
+func (s *Bit) proof() {
+	if s.Proof != nil {
+		return
 	}
 
 	var e [2][2]*Point
@@ -88,7 +89,8 @@ func (s *Bit) proof() *Proof {
 	r1 = Curve.RandomScalar()
 	r2 = Curve.RandomScalar()
 	w = Curve.RandomScalar()
-	c := s.commit()
+	s.commit()
+	c := s.Commitment
 
 	if s.set {
 		e[0][0] = G.Exp(r1)
@@ -119,8 +121,7 @@ func (s *Bit) proof() *Proof {
 	pr.A = (*schnorr.Statement)(s.α).Proof(s.id)
 	pr.B = (*schnorr.Statement)(s.β).Proof(s.id)
 
-	s.prf = pr
-	return pr
+	s.Proof = pr
 }
 
 func (c *Commitment) Verify(id Bytes, p *Proof) bool {
diff --git a/nizk/commit_test.go b/nizk/commit_test.go
index a09ae70..909d010 100644
--- a/nizk/commit_test.go
+++ b/nizk/commit_test.go
@@ -9,24 +9,24 @@ import (
 func TestStatement(t *testing.T) {
 	id := Curve.RandomScalar()
 
-	_, c1, p1 := NewBit(id, true)
-	_, c2, p2 := NewBit(id, false)
+	b1 := NewBit(id, true)
+	b2 := NewBit(id, false)
 
-	if !c1.Verify(id, p1) {
+	if !b1.Commitment.Verify(id, b1.Proof) {
 		t.Fatal("Could not verify st1 with c1, plus=true case")
 	}
-	if !c2.Verify(id, p2) {
+	if !b2.Commitment.Verify(id, b2.Proof) {
 		t.Fatal("Could not verify st2 with c2, plus=false case")
 	}
 
 	// Use the wrong proof
-	if c2.Verify(id, p1) {
+	if b2.Commitment.Verify(id, b1.Proof) {
 		t.Fatal("Verify with wrong proof should have failed!")
 	}
 
 	// Use wrong id
 	x := Curve.RandomScalar()
-	if c1.Verify(x, p1) || c2.Verify(x, p2) {
+	if b1.Commitment.Verify(x, b1.Proof) || b2.Commitment.Verify(x, b2.Proof) {
 		t.Fatal("Verify with wrong id should have failed!")
 	}
 }
@@ -34,24 +34,24 @@ func TestStatement(t *testing.T) {
 func TestStatementFromScalar(t *testing.T) {
 	var α, β, id = Curve.RandomScalar(), Curve.RandomScalar(), Curve.RandomScalar()
 
-	_, c1, p1 := NewBitFromScalars(id, true, α, β)
-	_, c2, p2 := NewBitFromScalars(id, false, α, β)
+	b1 := NewBitFromScalars(id, true, α, β)
+	b2 := NewBitFromScalars(id, false, α, β)
 
-	if !c1.Verify(id, p1) {
+	if !b1.Commitment.Verify(id, b1.Proof) {
 		t.Fatal("Could not verify st1 with c1, plus=true case")
 	}
-	if !c2.Verify(id, p2) {
+	if !b2.Commitment.Verify(id, b2.Proof) {
 		t.Fatal("Could not verify st2 with c2, plus=false case")
 	}
 
 	// Use the wrong proof
-	if c2.Verify(id, p1) {
+	if b2.Commitment.Verify(id, b1.Proof) {
 		t.Fatal("Verify with wrong proof should have failed!")
 	}
 
 	// Use the wrong Id
 	x := Curve.RandomScalar()
-	if c1.Verify(x, p1) || c2.Verify(x, p2) {
+	if b1.Commitment.Verify(x, b2.Proof) || b2.Commitment.Verify(x, b2.Proof) {
 		t.Fatal("Verify with wrong id should have failed!")
 	}
 }
diff --git a/nizk/stage1.go b/nizk/stage1.go
index 07eba3f..ee1be2c 100644
--- a/nizk/stage1.go
+++ b/nizk/stage1.go
@@ -72,7 +72,7 @@ func (b *Bit) reveal(prev_true bool, Xs ...*Point) (r *StageReveal) {
 	// TODO: Calculate Y based on the Xs and our own X_i
 	// as Π_(i<k) X_k / Π_(i>k) X_k
 	// For now:
-	Y := G.Exp(Curve.RandomScalar())
+	Y := G
 
 	r = &StageReveal{Y: Y}
 
diff --git a/nizk/stage1_test.go b/nizk/stage1_test.go
index 2dd719b..d2e4fd1 100644
--- a/nizk/stage1_test.go
+++ b/nizk/stage1_test.go
@@ -8,21 +8,21 @@ import (
 
 func TestStage1Simple(t *testing.T) {
 	id := Curve.RandomScalar()
-	b1, bc1, _ := NewBit(id, true)
-	b2, bc2, _ := NewBit(id, false)
+	b1 := NewBit(id, true)
+	b2 := NewBit(id, false)
 
 	c1 := b1.StageCommit()
 	c2 := b2.StageCommit()
 	r1, pr1 := b1.RevealStage1() // Note: no Xs.
 	r2, pr2 := b2.RevealStage1() // Note: no Xs.
-	if !bc1.VerifyStage1(c1, r1, pr1) {
+	if !b1.Commitment.VerifyStage1(c1, r1, pr1) {
 		t.Fatal("Could not verify st1 with c1 and pr1, plus=true case")
 	}
-	if !bc2.VerifyStage1(c2, r2, pr2) {
+	if !b2.Commitment.VerifyStage1(c2, r2, pr2) {
 		t.Fatal("Could not verify st2 with c2 and pr2, plus=false case")
 	}
 	// Wrong proof test
-	if bc1.VerifyStage1(c1, r1, pr2) {
+	if b1.Commitment.VerifyStage1(c1, r1, pr2) {
 		t.Fatal("Shouldn't be able to verify c1 with pr2")
 	}
 }
@@ -33,24 +33,24 @@ func TestStage1FromScalars(t *testing.T) {
 		*s = Curve.RandomScalar()
 	}
 
-	b1, bc1, _ := NewBitFromScalars(id, true, α, β)
-	b2, bc2, _ := NewBitFromScalars(id, false, α, β)
+	b1 := NewBitFromScalars(id, true, α, β)
+	b2 := NewBitFromScalars(id, false, α, β)
 
 	c1 := b1.StageFromScalars(r, x)
 	c2 := b2.StageFromScalars(x, r)
 	r1, pr1 := b1.RevealStage1() // Note: no Xs
 	r2, pr2 := b2.RevealStage1() // Note: no Xs
-	if !bc1.VerifyStage1(c1, r1, pr1) {
+	if !b1.Commitment.VerifyStage1(c1, r1, pr1) {
 		t.Fatal("Could not verify st1 with c1 and pr1, plus=true case")
 	}
-	if !bc2.VerifyStage1(c2, r2, pr2) {
+	if !b2.Commitment.VerifyStage1(c2, r2, pr2) {
 		t.Fatal("Could not verify st2 with c2 and pr2, plus=false case")
 	}
 	// Wrong proof test
-	if bc1.VerifyStage1(c1, r1, pr2) ||
-		bc1.VerifyStage1(c2, r2, pr2) ||
-		bc2.VerifyStage1(c1, r1, pr2) ||
-		bc2.VerifyStage1(c2, r2, pr1) {
+	if b2.Commitment.VerifyStage1(c1, r1, pr2) ||
+		b1.Commitment.VerifyStage1(c2, r2, pr2) ||
+		b2.Commitment.VerifyStage1(c1, r1, pr2) ||
+		b2.Commitment.VerifyStage1(c2, r2, pr1) {
 		t.Fatal("Shouldn't be able to verify bc_i with c_j or pr_j")
 	}
 }
diff --git a/nizk/stage2.go b/nizk/stage2.go
index 8cda33e..733a172 100644
--- a/nizk/stage2.go
+++ b/nizk/stage2.go
@@ -6,10 +6,9 @@ import (
 
 // Represents the proof of a statement of the following form:
 //
-//	( Z=g^(x*y) && X=g^x && Y=g^y && Z_=g^(x_*y_) && X_=g^x_ && Y_=g^y_ )	// case "none"
-//
-// || ( Z=g^(x*y) && X=g^x && Y=g^y && Z_=g^(x_*r_) && X_=g^x_ && R_=g^r_ && C=g^(a*b)   && A=g^a && B=g^b ) // case "unset"
-// || ( Z=g^(x*r) && X=g^x && R=g^r && Z_=g^(x_*r_) && X_=g^x_ && R_=g^r_ && C=g^(a*b+1) && A=g^a && B=g^b ) // case "set"
+//	( Z=g^(x*y) && X=g^x && Y=g^y && Z_=g^(x_*y_) && X_=g^x_ && Y_=g^y_ )	// case "lost"
+//	 || ( Z=g^(x*y) && X=g^x && Y=g^y && Z_=g^(x_*r_) && X_=g^x_ && R_=g^r_ && C=g^(a*b)   && A=g^a && B=g^b ) // case "unset"
+//	 || ( Z=g^(x*r) && X=g^x && R=g^r && Z_=g^(x_*r_) && X_=g^x_ && R_=g^r_ && C=g^(a*b+1) && A=g^a && B=g^b ) // case "set"
 //
 // for given A, B, C, R, X, Y, Z, R_, X_, Y_, Z_ on the curve
 type Stage2Proof struct {
diff --git a/nizk/stage2_test.go b/nizk/stage2_test.go
index 2e5ac06..3a2d51c 100644
--- a/nizk/stage2_test.go
+++ b/nizk/stage2_test.go
@@ -10,7 +10,7 @@ func TestStage2Simple1(t *testing.T) {
 	id := Curve.RandomScalar()
 
 	for _, lost := range []bool{true, false} {
-		b1, _, _ := NewBit(id, !lost)
+		b1 := NewBit(id, !lost)
 		c1 := b1.StageCommit()
 		r1, _ := b1.RevealStage1()
 
@@ -23,28 +23,52 @@ func TestStage2Simple1(t *testing.T) {
 			{false, true},
 			{true, true},
 		} {
-			b2, bc2, _ := NewBit(id, s[0])
-			b3, bc3, _ := NewBit(id, s[1])
-			b4, bc4, _ := NewBit(id, s[1]) // same as b3
+			b2 := NewBit(id, s[0])
+			b3 := NewBit(id, s[1])
+			b4 := NewBit(id, s[1]) // same as b3
 
 			c2 := b2.StageCommit()
 			c3 := b3.StageCommit()
 			c4 := b4.StageCommit()
 
 			r2, p2 := b2.RevealStage2(lost, b1)
-			if !bc2.VerifyStage2(c1, c2, r1, r2, p2) {
+			if !b2.Commitment.VerifyStage2(c1, c2, r1, r2, p2) {
 				t.Fatalf("failed to verify b2: %t b3: %t bc2/b1", s[0], s[1])
 			}
 
 			r3, p3 := b3.RevealStage2(lost, b1)
-			if !bc3.VerifyStage2(c1, c3, r1, r3, p3) {
+			if !b3.Commitment.VerifyStage2(c1, c3, r1, r3, p3) {
 				t.Fatalf("failed to verify b1: %t b3: %t bc3/b1", s[0], s[1])
 			}
 
 			r4, p4 := b4.RevealStage2(lost, b1)
-			if !bc4.VerifyStage2(c1, c4, r1, r4, p4) {
+			if !b4.Commitment.VerifyStage2(c1, c4, r1, r4, p4) {
 				t.Fatalf("failed to verify b1: %t b4: %t bc4/b1", s[0], s[1])
 			}
 		}
 	}
 }
+
+func bit2bit(bid uint) [4]*Bit {
+	id := Curve.RandomScalar()
+
+	return [4]*Bit{
+		NewBit(id, (bid>>3)&1 != 0),
+		NewBit(id, (bid>>2)&1 != 0),
+		NewBit(id, (bid>>1)&1 != 0),
+		NewBit(id, (bid>>0)&1 != 0),
+	}
+}
+
+func TestStage2Complex(t *testing.T) {
+	bits1 := 0b0101
+	bits2 := 0b0010
+	t.Logf("testing bits1: %b vs. bits2: %b", bits1, bits2)
+}
+
+func TestFromPaper(t *testing.T) {
+	bid1 := 0b01010
+	bid2 := 0b01001
+	bid3 := 0b00111
+	t.Logf("testing\n\tbits1: %04b\n\tbits2: %04b\n\tbits3: %04b", bid1, bid2, bid3)
+}
-- 
cgit v1.2.3