refactor: address reviewer comments for helper function and formatting

mrtcnk · mrtcnk · commit 64682a069ffa · 2026-02-20T10:17:27.000-05:00
diff --git a/src/bulletproof_aggregated.c b/src/bulletproof_aggregated.c
@@ -1092,6 +1092,40 @@ int secp256k1_bulletproof_create_commitment(
     return 1;
 }
 
+/* Helper to calculate commitment terms like A and S */
+static int calculate_commitment_term(
+        const secp256k1_context* ctx,
+        secp256k1_pubkey* out,
+        const secp256k1_pubkey* pk_base,
+        const unsigned char* base_scalar,
+        const unsigned char* vec_l,
+        const unsigned char* vec_r,
+        const secp256k1_pubkey* G_vec,
+        const secp256k1_pubkey* H_vec,
+        size_t n
+) {
+    secp256k1_pubkey tG, tH, tB;
+    const secp256k1_pubkey* pts[3];
+    int n_pts = 0;
+
+    /* 1. base_scalar * Base */
+    tB = *pk_base;
+    if (!secp256k1_ec_pubkey_tweak_mul(ctx, &tB, base_scalar)) return 0;
+    pts[n_pts++] = &tB;
+
+    /* 2. <vec_l, G> */
+    if (secp256k1_bulletproof_ipa_msm(ctx, &tG, G_vec, vec_l, n)) {
+        pts[n_pts++] = &tG;
+    }
+
+    /* 3. <vec_r, H> */
+    if (secp256k1_bulletproof_ipa_msm(ctx, &tH, H_vec, vec_r, n)) {
+        pts[n_pts++] = &tH;
+    }
+
+    return secp256k1_ec_pubkey_combine(ctx, out, pts, n_pts);
+}
+
 /**
  * Generates an aggregated Bulletproof for m values.
  *
@@ -1217,53 +1251,8 @@ int secp256k1_bulletproof_prove_agg(
      * A = alpha*Base + <al,G> + <ar,H>
      * S = rho*Base   + <sl,G> + <sr,H>
      */
-    {
-        secp256k1_pubkey tG, tH, tB;
-        const secp256k1_pubkey* pts[3];
-        int n_pts = 0;
-
-        /* A Calculation */
-        /* 1. alpha * Base (Always exists) */
-        tB = *pk_base;
-        if (!secp256k1_ec_pubkey_tweak_mul(ctx, &tB, alpha)) goto cleanup;
-        pts[n_pts++] = &tB;
-
-        /* 2. <al, G> (Only add if al is non-zero) */
-        /* Note: ipa_msm returns 0 if result is infinity (all scalars 0). This is valid for value=0. */
-        if (secp256k1_bulletproof_ipa_msm(ctx, &tG, G_vec, al, n)) {
-            pts[n_pts++] = &tG;
-        }
-
-        /* 3. <ar, H> (Only add if ar is non-zero) */
-        if (secp256k1_bulletproof_ipa_msm(ctx, &tH, H_vec, ar, n)) {
-            pts[n_pts++] = &tH;
-        }
-
-        /* Combine valid points for A */
-        if (!secp256k1_ec_pubkey_combine(ctx, &A, pts, n_pts)) goto cleanup;
-
-
-        /* S Calculation (Follows same logic for consistency) */
-        n_pts = 0;
-
-        /* 1. rho * Base */
-        tB = *pk_base;
-        if (!secp256k1_ec_pubkey_tweak_mul(ctx, &tB, rho)) goto cleanup;
-        pts[n_pts++] = &tB;
-
-        /* 2. <sl, G> */
-        if (secp256k1_bulletproof_ipa_msm(ctx, &tG, G_vec, sl, n)) {
-            pts[n_pts++] = &tG;
-        }
-
-        /* 3. <sr, H> */
-        if (secp256k1_bulletproof_ipa_msm(ctx, &tH, H_vec, sr, n)) {
-            pts[n_pts++] = &tH;
-        }
-
-        /* Combine valid points for S */
-        if (!secp256k1_ec_pubkey_combine(ctx, &S, pts, n_pts)) goto cleanup;
-    }
+        if (!calculate_commitment_term(ctx, &A, pk_base, alpha, al, ar, G_vec, H_vec, n)) goto cleanup;
+        if (!calculate_commitment_term(ctx, &S, pk_base, rho, sl, sr, G_vec, H_vec, n)) goto cleanup;
 
     /* ---- 6. Fiat–Shamir y,z ---- */
     {
diff --git a/tests/test_bulletproof_agg.c b/tests/test_bulletproof_agg.c
@@ -17,32 +17,38 @@ static inline double elapsed_ms(struct timespec a, struct timespec b) {
 }
 
 /* ---- Core Test Logic ---- */
-void run_test_case(secp256k1_context* ctx, const char* name, uint64_t* values, size_t m, int run_benchmarks) {
-    printf("\n[TEST] %s (m = %zu)\n", name, m);
+void run_test_case(secp256k1_context* ctx, const char* name, uint64_t* values, size_t num_values, int run_benchmarks) {
+    printf("\n[TEST] %s (num_values = %zu)\n", name, num_values);
 
-    unsigned char blindings[m][32];
-    secp256k1_pubkey commitments[m];
+    unsigned char blindings[num_values][32];
+    secp256k1_pubkey commitments[num_values];
     unsigned char context_id[32];
     EXPECT(RAND_bytes(context_id, 32) == 1);
 
     secp256k1_pubkey pk_base;
     EXPECT(secp256k1_mpt_get_h_generator(ctx, &pk_base));
 
     /* ---- Commitments ---- */
-    for (size_t i = 0; i < m; i++) {
+    for (size_t i = 0; i < num_values; i++) {
         random_scalar(ctx, blindings[i]);
         EXPECT(secp256k1_bulletproof_create_commitment(
-                ctx, &commitments[i], values[i], blindings[i], &pk_base));
+                ctx,
+                &commitments[i],
+                values[i],
+                blindings[i],
+                &pk_base));
     }
 
     /* ---- Generator vectors ---- */
-    const size_t n = BP_TOTAL_BITS(m);
+    const size_t n = BP_TOTAL_BITS(num_values);
     secp256k1_pubkey* G_vec = malloc(n * sizeof(secp256k1_pubkey));
     secp256k1_pubkey* H_vec = malloc(n * sizeof(secp256k1_pubkey));
     EXPECT(G_vec && H_vec);
 
-    EXPECT(secp256k1_mpt_get_generator_vector(ctx, G_vec, n, (const unsigned char*)"G", 1));
-    EXPECT(secp256k1_mpt_get_generator_vector(ctx, H_vec, n, (const unsigned char*)"H", 1));
+    EXPECT(secp256k1_mpt_get_generator_vector(
+            ctx, G_vec, n, (const unsigned char*)"G", 1));
+    EXPECT(secp256k1_mpt_get_generator_vector(
+            ctx, H_vec, n, (const unsigned char*)"H", 1));
 
     /* ---- Prove ---- */
     unsigned char proof[4096];
@@ -52,7 +58,14 @@ void run_test_case(secp256k1_context* ctx, const char* name, uint64_t* values, s
     clock_gettime(CLOCK_MONOTONIC, &t_p_start);
 
     EXPECT(secp256k1_bulletproof_prove_agg(
-            ctx, proof, &proof_len, values, (const unsigned char*)blindings, m, &pk_base, context_id));
+            ctx,
+            proof,
+            &proof_len,
+            values,
+            (const unsigned char*)blindings,
+            num_values,
+            &pk_base,
+            context_id));
 
     clock_gettime(CLOCK_MONOTONIC, &t_p_end);
     printf("  Proof size: %zu bytes\n", proof_len);
@@ -63,7 +76,15 @@ void run_test_case(secp256k1_context* ctx, const char* name, uint64_t* values, s
     clock_gettime(CLOCK_MONOTONIC, &t_v_start);
 
     int ok = secp256k1_bulletproof_verify_agg(
-            ctx, G_vec, H_vec, proof, proof_len, commitments, m, &pk_base, context_id);
+            ctx,
+            G_vec,
+            H_vec,
+            proof,
+            proof_len,
+            commitments,
+            num_values,
+            &pk_base,
+            context_id);
 
     clock_gettime(CLOCK_MONOTONIC, &t_v_end);
     EXPECT(ok);
@@ -77,7 +98,15 @@ void run_test_case(secp256k1_context* ctx, const char* name, uint64_t* values, s
             struct timespec ts, te;
             clock_gettime(CLOCK_MONOTONIC, &ts);
             ok = secp256k1_bulletproof_verify_agg(
-                    ctx, G_vec, H_vec, proof, proof_len, commitments, m, &pk_base, context_id);
+                    ctx,
+                    G_vec,
+                    H_vec,
+                    proof,
+                    proof_len,
+                    commitments,
+                    num_values,
+                    &pk_base,
+                    context_id);
             clock_gettime(CLOCK_MONOTONIC, &te);
             EXPECT(ok);
             total_ms += elapsed_ms(ts, te);
@@ -86,17 +115,29 @@ void run_test_case(secp256k1_context* ctx, const char* name, uint64_t* values, s
     }
 
     /* ---- Negative Test (Tamper) ---- */
-    secp256k1_pubkey bad_commitments[m];
-    memcpy(bad_commitments, commitments, sizeof(secp256k1_pubkey) * m);
+    secp256k1_pubkey bad_commitments[num_values];
+    memcpy(bad_commitments, commitments, sizeof(commitments));
     unsigned char bad_blinding[32];
     random_scalar(ctx, bad_blinding);
 
     /* Create fake commitment to (value + 1) */
     EXPECT(secp256k1_bulletproof_create_commitment(
-            ctx, &bad_commitments[m - 1], values[m - 1] + 1, bad_blinding, &pk_base));
+            ctx,
+            &bad_commitments[num_values - 1],
+            values[num_values - 1] + 1,
+            bad_blinding,
+            &pk_base));
 
     ok = secp256k1_bulletproof_verify_agg(
-            ctx, G_vec, H_vec, proof, proof_len, bad_commitments, m, &pk_base, context_id);
+            ctx,
+            G_vec,
+            H_vec,
+            proof,
+            proof_len,
+            bad_commitments,
+            num_values,
+            &pk_base,
+            context_id);
 
     if (ok) {
         fprintf(stderr, "FAILED: Accepted invalid proof!\n");
