refactor: morphism construction and more concise definition of statements (#12)

Author: nategraf

.github/workflows/docs.yml

@@ -30,9 +30,11 @@ jobs:
     steps:
       - name: git clone
         uses: actions/checkout@v4
-      - name: install toolchain
-        uses: dtolnay/rust-toolchain@nightly
-      - name: cargo doc
+      - name: Install Rust toolchain
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: nightly
+      - name: cargo +nightly doc
         run: RUSTDOCFLAGS="-Z unstable-options --enable-index-page" cargo doc --all-features
       - name: page configuration
         uses: actions/configure-pages@v3

.github/workflows/lint-fmt.yml

@@ -21,7 +21,6 @@ jobs:
       - name: Install Rust toolchain
         uses: actions-rs/toolchain@v1
         with:
-          toolchain: stable
           components: rustfmt
 
       - name: Run cargo fmt
@@ -59,7 +58,6 @@ jobs:
       - uses: actions-rs/toolchain@v1
         with:
           profile: minimal
-          toolchain: stable
           override: true
           components: clippy
       - uses: actions-rs/cargo@v1

.github/workflows/rust.yml

@@ -39,6 +39,6 @@ jobs:
         components: rustfmt, clippy
 
     - name: Build (nightly)
-      run: cargo build --all-features --verbose
+      run: cargo +${{ matrix.toolchain }} build --all-features --verbose
     - name: Run tests (nightly)
-      run: cargo test --all-features --verbose
+      run: cargo +${{ matrix.toolchain }} test --all-features --verbose

Cargo.toml

@@ -35,4 +35,13 @@ curve25519-dalek = { version = "4", default-features = false, features = ["serde
 hex = "0.4"
 json = "0.12.4"
 sha2 = "0.10"
+sigma-rs = { path = ".", features = ["test-utils"] }
 subtle = "2.6.1"
+
+[profile.dev]
+# Makes tests run much faster at the cost of slightly longer builds and worse debug info.
+opt-level = 1
+
+[features]
+# TODO: Remove this feature, and either move tests into `src` or the morphism definitions into a separate crate.
+test-utils = []

rust-toolchain

@@ -0,0 +1 @@
+1.86

src/codec/mod.rs

@@ -3,5 +3,5 @@ pub mod shake_codec;
 pub mod r#trait;
 
 pub use keccak_codec::{ByteSchnorrCodec, KeccakDuplexSponge};
-pub use r#trait::Codec;
 pub use shake_codec::ShakeCodec;
+pub use r#trait::Codec;

src/codec/shake_codec.rs

@@ -14,8 +14,8 @@
 use ff::PrimeField;
 use group::{Group, GroupEncoding};
 use sha3::{
-    digest::{ExtendableOutput, Update, XofReader},
     Shake128,
+    digest::{ExtendableOutput, Update, XofReader},
 };
 
 use crate::codec::r#trait::Codec;

src/errors.rs

@@ -8,10 +8,13 @@
 //! - Mismatched parameters during batch verification.
 //! - Unimplemented methods.
 //! - Group element or scalar serialization failures.
-use thiserror::Error;
+
+use crate::group_morphism::GroupVar;
+
 /// An error during proving or verification, such as a verification failure.
-#[derive(Debug, Error)]
-pub enum ProofError {
+#[non_exhaustive]
+#[derive(Debug, thiserror::Error)]
+pub enum Error {
     /// Something is wrong with the proof, causing a verification failure.
     #[error("Verification failed.")]
     VerificationFailure,
@@ -21,4 +24,7 @@ pub enum ProofError {
     /// Serialization of a group element/scalar has failed.
     #[error("Serialization of a group element/scalar failed.")]
     GroupSerializationFailure,
+    /// Uninitialized group element variable.
+    #[error("Uninitialized group element variable {var:?}")]
+    UnassignedGroupVar { var: GroupVar },
 }

src/fiat_shamir.rs

@@ -14,7 +14,7 @@
 //! - `G`: the group used for commitments and operations ([`Group`] trait).
 
 use crate::codec::Codec;
-use crate::errors::ProofError;
+use crate::errors::Error;
 use crate::traits::{CompactProtocol, SigmaProtocol};
 
 use group::{Group, GroupEncoding};
@@ -50,6 +50,7 @@ where
     pub sigmap: P,
 }
 
+// TODO: Write a serialization of the morphism to the transcript.
 impl<P, C, G> NISigmaProtocol<P, C, G>
 where
     G: Group + GroupEncoding,
@@ -93,7 +94,7 @@ where
         &self,
         witness: &P::Witness,
         rng: &mut (impl RngCore + CryptoRng),
-    ) -> Result<Transcript<P>, ProofError> {
+    ) -> Result<Transcript<P>, Error> {
         let mut codec = self.hash_state.clone();
 
         let (commitment, prover_state) = self.sigmap.prover_commit(witness, rng)?;
@@ -131,7 +132,7 @@ where
         commitment: &P::Commitment,
         challenge: &P::Challenge,
         response: &P::Response,
-    ) -> Result<(), ProofError> {
+    ) -> Result<(), Error> {
         let mut codec = self.hash_state.clone();
 
         // Commitment data for expected challenge generation
@@ -144,7 +145,7 @@ where
         // Verification of the proof
         match *challenge == expected_challenge {
             true => self.sigmap.verifier(commitment, challenge, response),
-            false => Err(ProofError::VerificationFailure),
+            false => Err(Error::VerificationFailure),
         }
     }
     /// Generates a batchable, serialized non-interactive proof.
@@ -162,7 +163,7 @@ where
         &self,
         witness: &P::Witness,
         rng: &mut (impl RngCore + CryptoRng),
-    ) -> Result<Vec<u8>, ProofError> {
+    ) -> Result<Vec<u8>, Error> {
         let (commitment, challenge, response) = self.prove(witness, rng)?;
         Ok(self
             .sigmap
@@ -183,7 +184,7 @@ where
     /// - Returns `ProofError::VerificationFailure` if:
     ///   - The challenge doesn't match the recomputed one from the commitment.
     ///   - The response fails verification under the Sigma protocol.
-    pub fn verify_batchable(&self, proof: &[u8]) -> Result<(), ProofError> {
+    pub fn verify_batchable(&self, proof: &[u8]) -> Result<(), Error> {
         let (commitment, response) = self.sigmap.deserialize_batchable(proof).unwrap();
 
         let mut codec = self.hash_state.clone();
@@ -223,7 +224,7 @@ where
         &self,
         witness: &P::Witness,
         rng: &mut (impl RngCore + CryptoRng),
-    ) -> Result<Vec<u8>, ProofError> {
+    ) -> Result<Vec<u8>, Error> {
         let (commitment, challenge, response) = self.prove(witness, rng)?;
         Ok(self
             .sigmap
@@ -246,7 +247,7 @@ where
     /// - Returns `ProofError::VerificationFailure` if:
     ///   - Deserialization fails.
     ///   - The recomputed commitment or response is invalid under the Sigma protocol.
-    pub fn verify_compact(&self, proof: &[u8]) -> Result<(), ProofError> {
+    pub fn verify_compact(&self, proof: &[u8]) -> Result<(), Error> {
         let (challenge, response) = self.sigmap.deserialize_compact(proof).unwrap();
         // Compute the commitments
         let commitment = self.sigmap.get_commitment(&challenge, &response)?;