chore: empty statements are valid and the proof is the empty string.

Change of validation criterias: if the proof is empty, it is valid for the
empty statement.

Author: mmaker

examples/schnorr.rs

@@ -35,14 +35,14 @@ fn create_relation(P: RistrettoPoint) -> LinearRelation<RistrettoPoint> {
 #[allow(non_snake_case)]
 fn prove(x: Scalar, P: RistrettoPoint) -> ProofResult<Vec<u8>> {
     let nizk = create_relation(P).into_nizk(b"sigma-rs::examples");
-    nizk.prove_batchable(&vec![x], &mut OsRng)
+    nizk?.prove_batchable(&vec![x], &mut OsRng)
 }
 
 /// Verify a proof of knowledge of discrete logarithm for the given public key P
 #[allow(non_snake_case)]
 fn verify(P: RistrettoPoint, proof: &[u8]) -> ProofResult<()> {
     let nizk = create_relation(P).into_nizk(b"sigma-rs::examples");
-    nizk.verify_batchable(proof)
+    nizk?.verify_batchable(proof)
 }
 
 #[allow(non_snake_case)]

src/linear_relation/mod.rs

@@ -681,11 +681,11 @@ impl<G: PrimeGroup> TryFrom<&LinearRelation<G>> for CanonicalLinearRelation<G> {
             ));
         }
 
-        if relation.linear_map.linear_combinations.is_empty() {
-            return Err(InvalidInstance::new(
-                "Empty relations cannot be proven"
-            ));
-        }
+        // if relation.linear_map.linear_combinations.is_empty() {
+        //     return Err(InvalidInstance::new(
+        //         "Empty relations cannot be proven"
+        //     ));
+        // }
 
         // If any linear combination is empty, the relation is invalid
         if relation
@@ -924,16 +924,14 @@ impl<G: PrimeGroup> LinearRelation<G> {
     /// relation.compute_image(&[x]).unwrap();
     ///
     /// // Convert to NIZK with custom context
-    /// let nizk = relation.into_nizk(b"my-protocol-v1");
+    /// let nizk = relation.into_nizk(b"my-protocol-v1").unwrap();
     /// let proof = nizk.prove_batchable(&vec![x], &mut OsRng).unwrap();
     /// assert!(nizk.verify_batchable(&proof).is_ok());
     /// ```
     pub fn into_nizk(
         self,
         session_identifier: &[u8],
-    ) -> Nizk<SchnorrProof<G>, Shake128DuplexSponge<G>> {
-        let schnorr =
-            SchnorrProof::try_from(self).expect("Failed to convert LinearRelation to SchnorrProof");
-        Nizk::new(session_identifier, schnorr)
+    ) -> Result<Nizk<SchnorrProof<G>, Shake128DuplexSponge<G>>, InvalidInstance> {
+        Ok(Nizk::new(session_identifier, self.try_into()?))
     }
 }

src/tests/test_relations.rs

@@ -409,7 +409,7 @@ fn test_cmz_wallet_with_fee() {
         .unwrap();
 
     // Try to convert to CanonicalLinearRelation - this should fail
-    let nizk = relation.into_nizk(b"session_identifier");
+    let nizk = relation.into_nizk(b"session_identifier").unwrap();
     let result = nizk.prove_batchable(&vec![n_balance, i_price, z_w_balance], &mut OsRng);
     assert!(result.is_ok());
     let proof = result.unwrap();

src/tests/test_validation_criteria.rs

@@ -5,7 +5,7 @@
 
 #[cfg(test)]
 mod instance_validation {
-    use crate::linear_relation::{CanonicalLinearRelation, LinearRelation};
+    use crate::{linear_relation::{CanonicalLinearRelation, LinearRelation}, tests::spec::rng};
     use bls12_381::{G1Projective as G, Scalar};
 
     #[test]
@@ -64,14 +64,18 @@ mod instance_validation {
 
     #[test]
     fn test_empty_instance() {
+        let rng = &mut rand::thread_rng();
         // Create an empty linear relation
         let relation = LinearRelation::<G>::new();
 
         // Try to convert empty relation to canonical form
-        let result = CanonicalLinearRelation::try_from(&relation);
+        let result = relation.into_nizk(b"test empty instance");
 
-        // Empty relations should be rejected
-        assert!(result.is_err());
+        // Empty relations should be accepted as valid, and the proof be the empty string.
+        assert!(result.is_ok());
+        let proof = result.unwrap().prove_batchable(&vec![], rng);
+        assert!(proof.is_ok());
+        assert!(proof.unwrap().is_empty());
     }
 
     /// Test function with the requested LinearRelation code
@@ -134,16 +138,6 @@ mod instance_validation {
         let X = G::generator() * Scalar::from(4);
         let pub_scalar = Scalar::from(42);
 
-        // The following relation has no equation and should trigger a fail.
-        let mut linear_relation = LinearRelation::<G>::new();
-        let B_var = linear_relation.allocate_element();
-        let A_var = linear_relation.allocate_element();
-
-        linear_relation.set_element(B_var, B);
-        linear_relation.set_element(A_var, A);
-        let result = CanonicalLinearRelation::try_from(&linear_relation);
-        assert!(result.is_err());
-
         // The following relation does not have a witness and should trigger a fail.
         // X = B * pub_scalar + A * 3
         let mut linear_relation = LinearRelation::<G>::new();