Updated morphism to linear map naming

nougzarm · nougzarm · commit 00d57a985e32 · 2025-07-03T09:23:31.000+02:00
diff --git a/src/linear_relation/mod.rs b/src/linear_relation/mod.rs
@@ -1,12 +1,12 @@
 //! # Linear Maps and Relations Handling.
 //!
-//! This module provides utilities for describing and manipulating **linear group morphisms**,
+//! This module provides utilities for describing and manipulating **linear group linear maps**,
 //! supporting sigma protocols over group-based statements (e.g., discrete logarithms, DLEQ proofs). See Maurer09.
 //!
 //! It includes:
 //! - [`LinearCombination`]: a sparse representation of scalar multiplication relations.
 //! - [`LinearMap`]: a collection of linear combinations acting on group elements.
-//! - [`LinearRelation`]: a higher-level structure managing morphisms and their associated images.
+//! - [`LinearRelation`]: a higher-level structure managing linear maps and their associated images.
 
 use std::collections::BTreeMap;
 use std::iter;
@@ -245,8 +245,7 @@ impl<G: Group> FromIterator<(GroupVar<G>, G)> for GroupMap<G> {
 pub struct LinearMap<G: Group> {
     /// The set of linear combination constraints (equations).
     pub constraints: Vec<LinearCombination<G>>,
-    // TODO: Update the usage of the word "morphism"
-    /// The list of group elements referenced in the morphism.
+    /// The list of group elements referenced in the linear map.
     ///
     /// Uninitialized group elements are presented with `None`.
     pub group_elements: GroupMap<G>,
@@ -296,15 +295,15 @@ impl<G: Group> LinearMap<G> {
         self.constraints.len()
     }
 
-    /// Adds a new linear combination constraint to the morphism.
+    /// Adds a new linear combination constraint to the linear map.
     ///
     /// # Parameters
     /// - `lc`: The [`LinearCombination`] to add.
     pub fn append(&mut self, lc: LinearCombination<G>) {
         self.constraints.push(lc);
     }
 
-    /// Evaluates all linear combinations in the morphism with the provided scalars.
+    /// Evaluates all linear combinations in the linear map with the provided scalars.
     ///
     /// # Parameters
     /// - `scalars`: A slice of scalar values corresponding to the scalar variables.
@@ -334,8 +333,8 @@ impl<G: Group> LinearMap<G> {
 
 /// A wrapper struct coupling a [`LinearMap`] with the corresponding expected output (image) elements.
 ///
-/// This structure represents the *preimage problem* for a group morphism: given a set of scalar inputs,
-/// determine whether their image under the morphism matches a target set of group elements.
+/// This structure represents the *preimage problem* for a group linear map: given a set of scalar inputs,
+/// determine whether their image under the linear map matches a target set of group elements.
 ///
 /// Internally, the constraint system is defined through:
 /// - A list of group elements and linear equations (held in the [`LinearMap`] field),
@@ -391,7 +390,7 @@ where
         var
     }
 
-    /// Allocates a scalar variable for use in the morphism.
+    /// Allocates a scalar variable for use in the linear map.
     pub fn allocate_scalar(&mut self) -> ScalarVar<G> {
         self.linear_map.num_scalars += 1;
         ScalarVar(self.linear_map.num_scalars - 1, PhantomData)
@@ -407,9 +406,9 @@ where
     /// # use sigma_rs::LinearRelation;
     /// use curve25519_dalek::RistrettoPoint as G;
     ///
-    /// let mut morphism = LinearRelation::<G>::new();
-    /// let [var_x, var_y] = morphism.allocate_scalars();
-    /// let vars = morphism.allocate_scalars::<10>();
+    /// let mut linear map = LinearRelation::<G>::new();
+    /// let [var_x, var_y] = linear map.allocate_scalars();
+    /// let vars = linear map.allocate_scalars::<10>();
     /// ```
     pub fn allocate_scalars<const N: usize>(&mut self) -> [ScalarVar<G>; N] {
         let mut vars = [ScalarVar(usize::MAX, PhantomData); N];
@@ -419,13 +418,13 @@ where
         vars
     }
 
-    /// Allocates a point variable (group element) for use in the morphism.
+    /// Allocates a point variable (group element) for use in the linear map.
     pub fn allocate_element(&mut self) -> GroupVar<G> {
         self.linear_map.num_elements += 1;
         GroupVar(self.linear_map.num_elements - 1, PhantomData)
     }
 
-    /// Allocates `N` point variables (group elements) for use in the morphism.
+    /// Allocates `N` point variables (group elements) for use in the linear map.
     ///
     /// # Returns
     /// An array of [`GroupVar`] representing the newly allocated group element indices.
@@ -435,9 +434,9 @@ where
     /// # use sigma_rs::LinearRelation;
     /// use curve25519_dalek::RistrettoPoint as G;
     ///
-    /// let mut morphism = LinearRelation::<G>::new();
-    /// let [var_g, var_h] = morphism.allocate_elements();
-    /// let vars = morphism.allocate_elements::<10>();
+    /// let mut linear map = LinearRelation::<G>::new();
+    /// let [var_g, var_h] = linear map.allocate_elements();
+    /// let vars = linear map.allocate_elements::<10>();
     /// ```
     pub fn allocate_elements<const N: usize>(&mut self) -> [GroupVar<G>; N] {
         let mut vars = [GroupVar(usize::MAX, PhantomData); N];
@@ -474,7 +473,7 @@ where
         self.linear_map.group_elements.assign_elements(assignments)
     }
 
-    /// Evaluates all linear combinations in the morphism with the provided scalars, computing the
+    /// Evaluates all linear combinations in the linear map with the provided scalars, computing the
     /// left-hand side of this constraints (i.e. the image).
     ///
     /// After calling this function, all point variables will be assigned.
@@ -519,7 +518,7 @@ where
     ///
     /// # Returns
     ///
-    /// A vector of group elements (`Vec<G>`) representing the morphism's image.
+    /// A vector of group elements (`Vec<G>`) representing the linear map's image.
     // TODO: Should this return GroupMap?
     pub fn image(&self) -> Result<Vec<G>, Error> {
         self.image
@@ -528,7 +527,7 @@ where
             .collect()
     }
 
-    /// Returns a binary label describing the morphism.
+    /// Returns a binary label describing the linear map.
     ///
     /// The format is:
     /// - [Ne: u32] number of equations
diff --git a/src/schnorr_protocol.rs b/src/schnorr_protocol.rs
@@ -59,7 +59,7 @@ where
     /// Prover's first message: generates a commitment using random nonces.
     ///
     /// # Parameters
-    /// - `witness`: A vector of scalars that satisfy the morphism relation.
+    /// - `witness`: A vector of scalars that satisfy the linear map relation.
     /// - `rng`: A cryptographically secure random number generator.
     ///
     /// # Returns
diff --git a/src/tests/relations.rs b/src/tests/relations.rs
@@ -9,7 +9,7 @@ use crate::tests::test_utils::{
 };
 use crate::{codec::ShakeCodec, schnorr_protocol::SchnorrProof};
 
-/// This part tests the functioning of morphisms
+/// This part tests the functioning of linear maps
 /// as well as the implementation of LinearRelation
 #[test]
 fn test_discrete_logarithm() {
@@ -73,10 +73,10 @@ fn test_bbs_blind_commitment_computation() {
 #[test]
 fn noninteractive_discrete_logarithm() {
     let mut rng = OsRng;
-    let (morphismp, witness) = discrete_logarithm(Scalar::random(&mut rng));
+    let (linear_map, witness) = discrete_logarithm(Scalar::random(&mut rng));
 
-    // The SigmaProtocol induced by morphismp
-    let protocol = SchnorrProof::from(morphismp);
+    // The SigmaProtocol induced by linear_map
+    let protocol = SchnorrProof::from(linear_map);
     // Fiat-Shamir wrapper
     let domain_sep = b"test-fiat-shamir-schnorr";
     let nizk = NISigmaProtocol::<SchnorrProof<G>, ShakeCodec<G>>::new(domain_sep, protocol);
@@ -100,10 +100,10 @@ fn noninteractive_discrete_logarithm() {
 #[test]
 fn noninteractive_dleq() {
     let mut rng = OsRng;
-    let (morphismp, witness) = dleq(G::random(&mut rng), Scalar::random(&mut rng));
+    let (linear_map, witness) = dleq(G::random(&mut rng), Scalar::random(&mut rng));
 
-    // The SigmaProtocol induced by morphismp
-    let protocol = SchnorrProof::from(morphismp);
+    // The SigmaProtocol induced by linear_map
+    let protocol = SchnorrProof::from(linear_map);
     // Fiat-Shamir wrapper
     let domain_sep = b"test-fiat-shamir-DLEQ";
     let nizk = NISigmaProtocol::<SchnorrProof<G>, ShakeCodec<G>>::new(domain_sep, protocol);
@@ -127,14 +127,14 @@ fn noninteractive_dleq() {
 #[test]
 fn noninteractive_pedersen_commitment() {
     let mut rng = OsRng;
-    let (morphismp, witness) = pedersen_commitment(
+    let (linear_map, witness) = pedersen_commitment(
         G::random(&mut rng),
         Scalar::random(&mut rng),
         Scalar::random(&mut rng),
     );
 
-    // The SigmaProtocol induced by morphismp
-    let protocol = SchnorrProof::from(morphismp);
+    // The SigmaProtocol induced by linear_map
+    let protocol = SchnorrProof::from(linear_map);
     // Fiat-Shamir wrapper
     let domain_sep = b"test-fiat-shamir-pedersen-commitment";
     let nizk = NISigmaProtocol::<SchnorrProof<G>, ShakeCodec<G>>::new(domain_sep, protocol);
@@ -158,7 +158,7 @@ fn noninteractive_pedersen_commitment() {
 #[test]
 fn noninteractive_pedersen_commitment_dleq() {
     let mut rng = OsRng;
-    let (morphismp, witness) = pedersen_commitment_dleq(
+    let (linear_map, witness) = pedersen_commitment_dleq(
         (0..4)
             .map(|_| G::random(&mut rng))
             .collect::<Vec<_>>()
@@ -171,8 +171,8 @@ fn noninteractive_pedersen_commitment_dleq() {
             .unwrap(),
     );
 
-    // The SigmaProtocol induced by morphismp
-    let protocol = SchnorrProof::from(morphismp);
+    // The SigmaProtocol induced by linear_map
+    let protocol = SchnorrProof::from(linear_map);
     // Fiat-Shamir wrapper
     let domain_sep = b"test-fiat-shamir-pedersen-commitment-DLEQ";
     let nizk = NISigmaProtocol::<SchnorrProof<G>, ShakeCodec<G>>::new(domain_sep, protocol);
@@ -196,7 +196,7 @@ fn noninteractive_pedersen_commitment_dleq() {
 #[test]
 fn noninteractive_bbs_blind_commitment_computation() {
     let mut rng = OsRng;
-    let (morphismp, witness) = bbs_blind_commitment_computation(
+    let (linear_map, witness) = bbs_blind_commitment_computation(
         (0..4)
             .map(|_| G::random(&mut rng))
             .collect::<Vec<_>>()
@@ -210,8 +210,8 @@ fn noninteractive_bbs_blind_commitment_computation() {
         Scalar::random(&mut rng),
     );
 
-    // The SigmaProtocol induced by morphismp
-    let protocol = SchnorrProof::from(morphismp);
+    // The SigmaProtocol induced by linear_map
+    let protocol = SchnorrProof::from(linear_map);
     // Fiat-Shamir wrapper
     let domain_sep = b"test-fiat-shamir-bbs-blind-commitment-computation";
     let nizk = NISigmaProtocol::<SchnorrProof<G>, ShakeCodec<G>>::new(domain_sep, protocol);
diff --git a/src/tests/test_utils.rs b/src/tests/test_utils.rs
@@ -9,42 +9,42 @@ use crate::linear_relation::{msm_pr, LinearRelation};
 pub fn discrete_logarithm<G: Group + GroupEncoding>(
     x: G::Scalar,
 ) -> (LinearRelation<G>, Vec<G::Scalar>) {
-    let mut morphismp: LinearRelation<G> = LinearRelation::new();
+    let mut linear_map: LinearRelation<G> = LinearRelation::new();
 
-    let var_x = morphismp.allocate_scalar();
-    let var_G = morphismp.allocate_element();
+    let var_x = linear_map.allocate_scalar();
+    let var_G = linear_map.allocate_element();
 
-    let var_X = morphismp.allocate_eq(var_x * var_G);
+    let var_X = linear_map.allocate_eq(var_x * var_G);
 
-    morphismp.set_element(var_G, G::generator());
-    morphismp.compute_image(&[x]).unwrap();
+    linear_map.set_element(var_G, G::generator());
+    linear_map.compute_image(&[x]).unwrap();
 
-    let X = morphismp.linear_map.group_elements.get(var_X).unwrap();
+    let X = linear_map.linear_map.group_elements.get(var_X).unwrap();
 
     assert_eq!(X, G::generator() * x);
-    (morphismp, vec![x])
+    (linear_map, vec![x])
 }
 
 /// LinearMap for knowledge of a discrete logarithm equality between two pairs.
 #[allow(non_snake_case)]
 pub fn dleq<G: Group + GroupEncoding>(H: G, x: G::Scalar) -> (LinearRelation<G>, Vec<G::Scalar>) {
-    let mut morphismp: LinearRelation<G> = LinearRelation::new();
+    let mut linear_map: LinearRelation<G> = LinearRelation::new();
 
-    let var_x = morphismp.allocate_scalar();
-    let [var_G, var_H] = morphismp.allocate_elements();
+    let var_x = linear_map.allocate_scalar();
+    let [var_G, var_H] = linear_map.allocate_elements();
 
-    let var_X = morphismp.allocate_eq(var_x * var_G);
-    let var_Y = morphismp.allocate_eq(var_x * var_H);
+    let var_X = linear_map.allocate_eq(var_x * var_G);
+    let var_Y = linear_map.allocate_eq(var_x * var_H);
 
-    morphismp.set_elements([(var_G, G::generator()), (var_H, H)]);
-    morphismp.compute_image(&[x]).unwrap();
+    linear_map.set_elements([(var_G, G::generator()), (var_H, H)]);
+    linear_map.compute_image(&[x]).unwrap();
 
-    let X = morphismp.linear_map.group_elements.get(var_X).unwrap();
-    let Y = morphismp.linear_map.group_elements.get(var_Y).unwrap();
+    let X = linear_map.linear_map.group_elements.get(var_X).unwrap();
+    let Y = linear_map.linear_map.group_elements.get(var_Y).unwrap();
 
     assert_eq!(X, G::generator() * x);
     assert_eq!(Y, H * x);
-    (morphismp, vec![x])
+    (linear_map, vec![x])
 }
 
 /// LinearMap for knowledge of an opening to a Pederson commitment.
@@ -77,29 +77,29 @@ pub fn pedersen_commitment_dleq<G: Group + GroupEncoding>(
     generators: [G; 4],
     witness: [G::Scalar; 2],
 ) -> (LinearRelation<G>, Vec<G::Scalar>) {
-    let mut morphismp: LinearRelation<G> = LinearRelation::new();
+    let mut linear_map: LinearRelation<G> = LinearRelation::new();
 
     let X = msm_pr::<G>(&witness, &[generators[0], generators[1]]);
     let Y = msm_pr::<G>(&witness, &[generators[2], generators[3]]);
 
-    let [var_x, var_r] = morphismp.allocate_scalars();
+    let [var_x, var_r] = linear_map.allocate_scalars();
 
-    let var_Gs = morphismp.allocate_elements::<4>();
-    let [var_X, var_Y] = morphismp.allocate_elements();
+    let var_Gs = linear_map.allocate_elements::<4>();
+    let [var_X, var_Y] = linear_map.allocate_elements();
 
-    morphismp.set_elements([
+    linear_map.set_elements([
         (var_Gs[0], generators[0]),
         (var_Gs[1], generators[1]),
         (var_Gs[2], generators[2]),
         (var_Gs[3], generators[3]),
     ]);
-    morphismp.set_elements([(var_X, X), (var_Y, Y)]);
+    linear_map.set_elements([(var_X, X), (var_Y, Y)]);
 
-    morphismp.append_equation(var_X, [(var_x, var_Gs[0]), (var_r, var_Gs[1])]);
-    morphismp.append_equation(var_Y, [(var_x, var_Gs[2]), (var_r, var_Gs[3])]);
+    linear_map.append_equation(var_X, [(var_x, var_Gs[0]), (var_r, var_Gs[1])]);
+    linear_map.append_equation(var_Y, [(var_x, var_Gs[2]), (var_r, var_Gs[3])]);
 
-    assert!(vec![X, Y] == morphismp.linear_map.evaluate(&witness).unwrap());
-    (morphismp, witness.to_vec())
+    assert!(vec![X, Y] == linear_map.linear_map.evaluate(&witness).unwrap());
+    (linear_map, witness.to_vec())
 }
 
 /// LinearMap for knowledge of an opening for use in a BBS commitment.
@@ -110,26 +110,26 @@ pub fn bbs_blind_commitment_computation<G: Group + GroupEncoding>(
     [msg_1, msg_2, msg_3]: [G::Scalar; 3],
     secret_prover_blind: G::Scalar,
 ) -> (LinearRelation<G>, Vec<G::Scalar>) {
-    let mut morphismp = LinearRelation::new();
+    let mut linear_map = LinearRelation::new();
 
     // these are computed before the proof in the specification
     let C = Q_2 * secret_prover_blind + J_1 * msg_1 + J_2 * msg_2 + J_3 * msg_3;
 
     // This is the part that needs to be changed in the specification of blind bbs.
-    let [var_secret_prover_blind, var_msg_1, var_msg_2, var_msg_3] = morphismp.allocate_scalars();
+    let [var_secret_prover_blind, var_msg_1, var_msg_2, var_msg_3] = linear_map.allocate_scalars();
 
-    let [var_Q_2, var_J_1, var_J_2, var_J_3] = morphismp.allocate_elements();
-    let var_C = morphismp.allocate_element();
+    let [var_Q_2, var_J_1, var_J_2, var_J_3] = linear_map.allocate_elements();
+    let var_C = linear_map.allocate_element();
 
-    morphismp.set_elements([
+    linear_map.set_elements([
         (var_Q_2, Q_2),
         (var_J_1, J_1),
         (var_J_2, J_2),
         (var_J_3, J_3),
         (var_C, C),
     ]);
 
-    morphismp.append_equation(
+    linear_map.append_equation(
         var_C,
         [
             (var_secret_prover_blind, var_Q_2),
@@ -141,6 +141,6 @@ pub fn bbs_blind_commitment_computation<G: Group + GroupEncoding>(
 
     let witness = vec![secret_prover_blind, msg_1, msg_2, msg_3];
 
-    assert!(vec![C] == morphismp.linear_map.evaluate(&witness).unwrap());
-    (morphismp, witness)
+    assert!(vec![C] == linear_map.linear_map.evaluate(&witness).unwrap());
+    (linear_map, witness)
 }
