chore: add implementation and tests for more linear relation operations.

mmaker · mmaker · commit 14e94eb6b37d · 2025-07-26T13:18:33.000-07:00
diff --git a/src/linear_relation/convert.rs b/src/linear_relation/convert.rs
@@ -153,5 +153,4 @@ impl<G: Group> From<Sum<Weighted<GroupVar<G>, G::Scalar>>> for Sum<Weighted<Term
         let sum = sum.0.into_iter().map(|x| x.into()).collect::<Vec<_>>();
         Self(sum)
     }
-
-}
+}
diff --git a/src/linear_relation/mod.rs b/src/linear_relation/mod.rs
@@ -17,7 +17,7 @@ use ff::Field;
 use group::prime::PrimeGroup;
 
 use crate::codec::Shake128DuplexSponge;
-use crate::errors::Error;
+use crate::errors::{Error, InvalidInstance};
 use crate::schnorr_protocol::SchnorrProof;
 use crate::Nizk;
 
@@ -159,15 +159,11 @@ impl<G: PrimeGroup> GroupMap<G> {
     /// Get the element value assigned to the given point var.
     ///
     /// Returns [`Error::UnassignedGroupVar`] if a value is not assigned.
-    pub fn get(&self, var: GroupVar<G>) -> Result<G, Error> {
+    pub fn get(&self, var: GroupVar<G>) -> Result<G, InvalidInstance> {
         match self.0.get(var.0) {
             Some(Some(elem)) => Ok(*elem),
-            Some(None) => Err(Error::UnassignedGroupVar {
-                var_debug: format!("{var:?}"),
-            }),
-            None => Err(Error::UnassignedGroupVar {
-                var_debug: format!("{var:?}"),
-            }),
+            Some(None) => Err(InvalidInstance::new("unassigned group variable")),
+            None => Err(InvalidInstance::new("unassigned group variable")),
         }
     }
 
@@ -310,7 +306,7 @@ impl<G: PrimeGroup> LinearMap<G> {
                 let elements =
                     lc.0.iter()
                         .map(|weighted| self.group_elements.get(weighted.term.elem))
-                        .collect::<Result<Vec<_>, Error>>()?;
+                        .collect::<Result<Vec<_>, _>>()?;
                 Ok(msm_pr(&weighted_coefficients, &elements))
             })
             .collect()
@@ -369,7 +365,7 @@ impl<G: PrimeGroup> CanonicalLinearRelation<G> {
         weight: &G::Scalar,
         original_group_elements: &GroupMap<G>,
         weighted_group_cache: &mut HashMap<GroupVar<G>, Vec<(G::Scalar, GroupVar<G>)>>,
-    ) -> Result<GroupVar<G>, Error> {
+    ) -> Result<GroupVar<G>, InvalidInstance> {
         // Check if we already have this (weight, group_var) combination
         let entry = weighted_group_cache.entry(group_var).or_default();
 
@@ -398,7 +394,7 @@ impl<G: PrimeGroup> CanonicalLinearRelation<G> {
         equation: &LinearCombination<G>,
         original_relation: &LinearRelation<G>,
         weighted_group_cache: &mut HashMap<GroupVar<G>, Vec<(G::Scalar, GroupVar<G>)>>,
-    ) -> Result<(), Error> {
+    ) -> Result<(), InvalidInstance> {
         let mut rhs_terms = Vec::new();
 
         // Collect RHS terms that have scalar variables and apply weights
@@ -667,24 +663,28 @@ impl<G: PrimeGroup> CanonicalLinearRelation<G> {
 }
 
 impl<G: PrimeGroup> TryFrom<&LinearRelation<G>> for CanonicalLinearRelation<G> {
-    type Error = Error;
+    type Error = InvalidInstance;
 
     fn try_from(relation: &LinearRelation<G>) -> Result<Self, Self::Error> {
-        // Number of equations and image variables must match
         if relation.image.len() != relation.linear_map.linear_combinations.len() {
-            return Err(Error::InvalidInstanceWitnessPair);
+            return Err(InvalidInstance::new(
+                "Equations and image elements must match",
+            ));
         }
 
-        // If the image is the identity, then the relation must be trivial, or else the proof will be unsound
         if !relation
             .image()
             .is_ok_and(|img| img.iter().all(|&x| x != G::identity()))
         {
-            return Err(Error::InvalidInstanceWitnessPair);
+            return Err(InvalidInstance::new(
+                "Image contains identity element"
+            ));
         }
-        // Empty relations (without constraints) cannot be proven
+
         if relation.linear_map.linear_combinations.is_empty() {
-            return Err(Error::InvalidInstanceWitnessPair);
+            return Err(InvalidInstance::new(
+                "Empty relations cannot be proven"
+            ));
         }
 
         // If any linear combination is empty, the relation is invalid
@@ -694,21 +694,19 @@ impl<G: PrimeGroup> TryFrom<&LinearRelation<G>> for CanonicalLinearRelation<G> {
             .iter()
             .any(|lc| lc.0.is_empty())
         {
-            return Err(Error::InvalidInstanceWitnessPair);
+            return Err(InvalidInstance::new(
+                "Linear combinations cannot be empty",
+            ));
         }
 
         // If any linear combination has no witness variables, the relation is invalid
-        if relation
-            .linear_map
-            .linear_combinations
-            .iter()
-            .any(|lc| lc.0.iter().all(|weighted| matches!(weighted.term.scalar, ScalarTerm::Unit)))
-        {
-            return Err(Error::InvalidInstanceWitnessPair);
+        if relation.linear_map.linear_combinations.iter().any(|lc| {
+            lc.0.iter()
+                .all(|weighted| matches!(weighted.term.scalar, ScalarTerm::Unit))
+        }) {
+            return Err(InvalidInstance::new("A linear combination does not have any witness variables"));
         }
 
-
-
         let mut canonical = CanonicalLinearRelation::new();
         canonical.num_scalars = relation.linear_map.num_scalars;
 
@@ -878,7 +876,7 @@ impl<G: PrimeGroup> LinearRelation<G> {
             let elements =
                 lc.0.iter()
                     .map(|weighted| self.linear_map.group_elements.get(weighted.term.elem))
-                    .collect::<Result<Vec<_>, Error>>()?;
+                    .collect::<Result<Vec<_>, _>>()?;
             self.linear_map
                 .group_elements
                 .assign_element(*lhs, msm_pr(&weighted_coefficients, &elements))
@@ -892,7 +890,7 @@ impl<G: PrimeGroup> LinearRelation<G> {
     ///
     /// A vector of group elements (`Vec<G>`) representing the linear map's image.
     // TODO: Should this return GroupMap?
-    pub fn image(&self) -> Result<Vec<G>, Error> {
+    pub fn image(&self) -> Result<Vec<G>, InvalidInstance> {
         self.image
             .iter()
             .map(|&var| self.linear_map.group_elements.get(var))
diff --git a/src/linear_relation/ops.rs b/src/linear_relation/ops.rs
@@ -268,6 +268,30 @@ mod add {
             rhs + self
         }
     }
+
+    impl<T: Field + Into<G::Scalar>, G: Group> Add<T> for Sum<ScalarVar<G>> {
+        type Output = Sum<Weighted<ScalarTerm<G>, G::Scalar>>;
+
+        fn add(self, rhs: T) -> Self::Output {
+            // Convert Sum<ScalarVar<G>> to Sum<Weighted<ScalarTerm<G>, G::Scalar>>
+            let mut weighted_terms = Vec::new();
+            for var in self.0 {
+                weighted_terms.push(Weighted {
+                    term: ScalarTerm::from(var),
+                    weight: G::Scalar::ONE,
+                });
+            }
+            let weighted_sum: Sum<Weighted<ScalarTerm<G>, G::Scalar>> = Sum(weighted_terms);
+
+            // Convert the scalar to a weighted term
+            let weighted_scalar = Weighted {
+                term: ScalarTerm::Unit,
+                weight: rhs.into(),
+            };
+
+            weighted_sum + weighted_scalar
+        }
+    }
 }
 
 mod mul {
diff --git a/src/schnorr_protocol.rs b/src/schnorr_protocol.rs
@@ -4,7 +4,7 @@
 //! a Sigma protocol proving different types of discrete logarithm relations (eg. Schnorr, Pedersen's commitments)
 //! through a group morphism abstraction (see [Maurer09](https://crypto-test.ethz.ch/publications/files/Maurer09.pdf)).
 
-use crate::errors::Error;
+use crate::errors::{Error, InvalidInstance};
 use crate::linear_relation::{CanonicalLinearRelation, LinearRelation};
 use crate::{
     serialization::{
@@ -85,10 +85,10 @@ impl<G: PrimeGroup> SchnorrProof<G> {
 }
 
 impl<G: PrimeGroup> TryFrom<LinearRelation<G>> for SchnorrProof<G> {
-    type Error = Error;
+    type Error = InvalidInstance;
 
     fn try_from(linear_relation: LinearRelation<G>) -> Result<Self, Self::Error> {
-        let canonical_linear_relation = (&linear_relation).try_into()?;
+        let canonical_linear_relation = CanonicalLinearRelation::try_from(&linear_relation)?;
         Ok(Self(canonical_linear_relation))
     }
 }
diff --git a/src/tests/test_relations.rs b/src/tests/test_relations.rs
diff --git a/src/tests/test_validation_criteria.rs b/src/tests/test_validation_criteria.rs

Original file line number	Diff line number	Diff line change
`@@ -153,5 +153,4 @@ impl<G: Group> From<Sum<Weighted<GroupVar<G>, G::Scalar>>> for Sum<Weighted<Term`
`153`	`153`	`let sum = sum.0.into_iter().map(\|x\| x.into()).collect::<Vec<_>>();`
`154`	`154`	`Self(sum)`
`155`	`155`	`}`
`156`		`-`
`157`		`-}`
	`156`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@`
`4`	`4`	`//! a Sigma protocol proving different types of discrete logarithm relations (eg. Schnorr, Pedersen's commitments)`
`5`	`5`	`//! through a group morphism abstraction (see [Maurer09](https://crypto-test.ethz.ch/publications/files/Maurer09.pdf)).`
`6`	`6`
`7`		`-use crate::errors::Error;`
	`7`	`+use crate::errors::{Error, InvalidInstance};`
`8`	`8`	`use crate::linear_relation::{CanonicalLinearRelation, LinearRelation};`
`9`	`9`	`use crate::{`
`10`	`10`	`serialization::{`
`@@ -85,10 +85,10 @@ impl<G: PrimeGroup> SchnorrProof<G> {`
`85`	`85`	`}`
`86`	`86`
`87`	`87`	`impl<G: PrimeGroup> TryFrom<LinearRelation<G>> for SchnorrProof<G> {`
`88`		`- type Error = Error;`
	`88`	`+ type Error = InvalidInstance;`
`89`	`89`
`90`	`90`	`fn try_from(linear_relation: LinearRelation<G>) -> Result<Self, Self::Error> {`
`91`		`- let canonical_linear_relation = (&linear_relation).try_into()?;`
	`91`	`+ let canonical_linear_relation = CanonicalLinearRelation::try_from(&linear_relation)?;`
`92`	`92`	`Ok(Self(canonical_linear_relation))`
`93`	`93`	`}`
`94`	`94`	`}`