* fix(SchnorrProof): remove get_comitment method, edition 2021

Author: mmaker

Cargo.toml

@@ -6,7 +6,7 @@ authors = [
     "Michele Orrù <[email protected]>",
     "Lénaïck Gouriou <[email protected]>"
 ]
-edition = "2024"
+edition = "2021"
 license = "CC0-1.0"
 readme = "README.md"
 repository = "https://github.com/mmaker/sigma-rs"

examples/schnorr.rs

@@ -31,8 +31,8 @@
 //!
 //! This example uses the Ristretto group from `curve25519-dalek`, which provides a prime-order group
 //! suitable for secure zero-knowledge protocols.
-use curve25519_dalek::RistrettoPoint;
 use curve25519_dalek::scalar::Scalar;
+use curve25519_dalek::RistrettoPoint;
 use group::{Group, GroupEncoding};
 use rand::rngs::OsRng;
 

examples/simple_composition.rs

@@ -50,10 +50,10 @@ use curve25519_dalek::scalar::Scalar;
 use group::{Group, GroupEncoding};
 use rand::rngs::OsRng;
 use sigma_rs::{
-    LinearRelation,
     codec::ShakeCodec,
     composition::{Protocol, ProtocolWitness},
     fiat_shamir::NISigmaProtocol,
+    LinearRelation,
 };
 
 type G = RistrettoPoint;

src/codec.rs

@@ -1,7 +1,7 @@
 //! Encoding and decoding utilities for Fiat-Shamir and group operations.
 
 pub use crate::duplex_sponge::keccak::KeccakDuplexSponge;
-use crate::duplex_sponge::{DuplexSpongeInterface, shake::ShakeDuplexSponge};
+use crate::duplex_sponge::{shake::ShakeDuplexSponge, DuplexSpongeInterface};
 use crate::serialization::scalar_byte_size;
 use ff::PrimeField;
 use group::{Group, GroupEncoding};

src/composition.rs

@@ -66,7 +66,7 @@ pub enum ProtocolProverState<G: Group + GroupEncoding> {
     Or(
         usize,                                                 // real index
         Vec<ProtocolProverState<G>>,                           // real ProverState
-        (Vec<ProtocolChallenge<G>>, Vec<ProtocolResponse<G>>), // fake transcripts
+        (Vec<ProtocolChallenge<G>>, Vec<ProtocolResponse<G>>), // simulated transcripts
     ),
 }
 
@@ -128,15 +128,15 @@ impl<G: Group + GroupEncoding> SigmaProtocol for Protocol<G> {
             }
             (Protocol::Or(ps), ProtocolWitness::Or(w_index, w)) => {
                 let mut commitments = Vec::with_capacity(ps.len());
-                let mut fake_challenges = Vec::new();
-                let mut fake_responses = Vec::new();
+                let mut simulated_challenges = Vec::new();
+                let mut simulated_responses = Vec::new();
                 let (real_commit, real_state) = ps[*w_index].prover_commit(&w[0], rng)?;
                 for (i, _) in ps.iter().enumerate() {
                     if i != *w_index {
                         let (c, ch, r) = ps[i].simulate_transcript(rng);
                         commitments.push(c);
-                        fake_challenges.push(ch);
-                        fake_responses.push(r);
+                        simulated_challenges.push(ch);
+                        simulated_responses.push(r);
                     } else {
                         commitments.push(real_commit.clone());
                     }
@@ -146,7 +146,7 @@ impl<G: Group + GroupEncoding> SigmaProtocol for Protocol<G> {
                     ProtocolProverState::Or(
                         *w_index,
                         vec![real_state],
-                        (fake_challenges, fake_responses),
+                        (simulated_challenges, simulated_responses),
                     ),
                 ))
             }
@@ -177,13 +177,17 @@ impl<G: Group + GroupEncoding> SigmaProtocol for Protocol<G> {
             }
             (
                 Protocol::Or(ps),
-                ProtocolProverState::Or(w_index, real_state, (f_challenges, f_responses)),
+                ProtocolProverState::Or(
+                    w_index,
+                    real_state,
+                    (simulated_challenges, simulated_responses),
+                ),
             ) => {
                 let mut challenges = Vec::with_capacity(ps.len());
                 let mut responses = Vec::with_capacity(ps.len());
 
                 let mut real_challenge = *challenge;
-                for ch in &f_challenges {
+                for ch in &simulated_challenges {
                     real_challenge -= ch;
                 }
                 let real_response =
@@ -194,9 +198,9 @@ impl<G: Group + GroupEncoding> SigmaProtocol for Protocol<G> {
                         challenges.push(real_challenge);
                         responses.push(real_response.clone());
                     } else {
-                        let fake_index = if i < w_index { i } else { i - 1 };
-                        challenges.push(f_challenges[fake_index]);
-                        responses.push(f_responses[fake_index].clone());
+                        let simulated_index = if i < w_index { i } else { i - 1 };
+                        challenges.push(simulated_challenges[simulated_index]);
+                        responses.push(simulated_responses[simulated_index].clone());
                     }
                 }
                 Ok(ProtocolResponse::Or(challenges, responses))
@@ -364,26 +368,26 @@ impl<G: Group + GroupEncoding> SigmaProtocol for Protocol<G> {
         }
     }
 
-    fn get_commitment(
+    fn simulate_commitment(
         &self,
         challenge: &Self::Challenge,
         response: &Self::Response,
     ) -> Result<Self::Commitment, Error> {
         match (self, response) {
-            (Protocol::Simple(p), ProtocolResponse::Simple(r)) => {
-                Ok(ProtocolCommitment::Simple(p.get_commitment(challenge, r)?))
-            }
+            (Protocol::Simple(p), ProtocolResponse::Simple(r)) => Ok(ProtocolCommitment::Simple(
+                p.simulate_commitment(challenge, r)?,
+            )),
             (Protocol::And(ps), ProtocolResponse::And(rs)) => {
                 let mut commitments = Vec::with_capacity(ps.len());
                 for (i, p) in ps.iter().enumerate() {
-                    commitments.push(p.get_commitment(challenge, &rs[i])?);
+                    commitments.push(p.simulate_commitment(challenge, &rs[i])?);
                 }
                 Ok(ProtocolCommitment::And(commitments))
             }
             (Protocol::Or(ps), ProtocolResponse::Or(ch, rs)) => {
                 let mut commitments = Vec::with_capacity(ps.len());
                 for (i, p) in ps.iter().enumerate() {
-                    commitments.push(p.get_commitment(&ch[i], &rs[i])?);
+                    commitments.push(p.simulate_commitment(&ch[i], &rs[i])?);
                 }
                 Ok(ProtocolCommitment::Or(commitments))
             }

src/duplex_sponge/shake.rs

@@ -4,8 +4,8 @@
 
 use crate::duplex_sponge::DuplexSpongeInterface;
 use sha3::{
-    Shake128,
     digest::{ExtendableOutput, Update},
+    Shake128,
 };
 
 /// Duplex sponge construction using SHAKE128.

src/fiat_shamir.rs

@@ -90,13 +90,13 @@ where
         witness: &P::Witness,
         rng: &mut (impl RngCore + CryptoRng),
     ) -> Result<Transcript<P>, Error> {
-        let mut codec = self.hash_state.clone();
+        let mut hash_state = self.hash_state.clone();
 
         let (commitment, prover_state) = self.ip.prover_commit(witness, rng)?;
         // Fiat Shamir challenge
         let serialized_commitment = self.ip.serialize_commitment(&commitment);
-        codec.prover_message(&serialized_commitment);
-        let challenge = codec.verifier_challenge();
+        hash_state.prover_message(&serialized_commitment);
+        let challenge = hash_state.verifier_challenge();
         // Prover's response
         let response = self.ip.prover_response(prover_state, &challenge)?;
         // Local verification of the proof
@@ -125,12 +125,12 @@ where
         challenge: &P::Challenge,
         response: &P::Response,
     ) -> Result<(), Error> {
-        let mut codec = self.hash_state.clone();
+        let mut hash_state = self.hash_state.clone();
 
         // Recompute the challenge
         let serialized_commitment = self.ip.serialize_commitment(commitment);
-        codec.prover_message(&serialized_commitment);
-        let expected_challenge = codec.verifier_challenge();
+        hash_state.prover_message(&serialized_commitment);
+        let expected_challenge = hash_state.verifier_challenge();
         // Verification of the proof
         match *challenge == expected_challenge {
             true => self.ip.verifier(commitment, challenge, response),
@@ -178,12 +178,12 @@ where
         let commitment_size = self.ip.serialize_commitment(&commitment).len();
         let response = self.ip.deserialize_response(&proof[commitment_size..])?;
 
-        let mut codec = self.hash_state.clone();
+        let mut hash_state = self.hash_state.clone();
 
         // Recompute the challenge
         let serialized_commitment = self.ip.serialize_commitment(&commitment);
-        codec.prover_message(&serialized_commitment);
-        let challenge = codec.verifier_challenge();
+        hash_state.prover_message(&serialized_commitment);
+        let challenge = hash_state.verifier_challenge();
         // Verification of the proof
         self.ip.verifier(&commitment, &challenge, &response)
     }
@@ -241,7 +241,7 @@ where
         let response = self.ip.deserialize_response(&proof[challenge_size..])?;
 
         // Compute the commitments
-        let commitment = self.ip.get_commitment(&challenge, &response)?;
+        let commitment = self.ip.simulate_commitment(&challenge, &response)?;
         // Verify the proof
         self.verify(&commitment, &challenge, &response)
     }

src/schnorr_protocol.rs

@@ -262,7 +262,7 @@ where
     ///
     /// # Errors
     /// - [`Error::ProofSizeMismatch`] if the response length does not match the expected number of scalars.
-    fn get_commitment(
+    fn simulate_commitment(
         &self,
         challenge: &Self::Challenge,
         response: &Self::Response,
@@ -299,10 +299,13 @@ where
         challenge: &Self::Challenge,
         mut rng: &mut (impl RngCore + CryptoRng),
     ) -> (Self::Commitment, Self::Response) {
-        let response = (0..self.scalars_nb())
+        let response: Vec<G::Scalar> = (0..self.scalars_nb())
             .map(|_| G::Scalar::random(&mut rng))
             .collect();
-        let commitment = self.get_commitment(challenge, &response).unwrap();
+
+        // Use simulate_commitment to compute the commitment
+        let commitment = self.simulate_commitment(challenge, &response).unwrap();
+
         (commitment, response)
     }
 

src/tests/relations.rs

@@ -1,5 +1,5 @@
 use bls12_381::{G1Projective as G, Scalar};
-use group::{Group, ff::Field};
+use group::{ff::Field, Group};
 use rand::rngs::OsRng;
 
 use crate::fiat_shamir::NISigmaProtocol;

src/tests/spec/custom_schnorr_protocol.rs

@@ -159,7 +159,7 @@ where
         Ok(responses)
     }
 
-    fn get_commitment(
+    fn simulate_commitment(
         &self,
         challenge: &Self::Challenge,
         response: &Self::Response,