feat(error-handling): improve group deserialization and refactor SchnorrProtocol

nougzarm · nougzarm · commit 5f3157534a4f · 2025-05-24T10:45:22.000+02:00
- feat: add error handling to group deserialization functions
- refactor: simplify internal expressions in SchnorrProtocol's SigmaProtocol trait implementation
- fix: apply various minor code improvements and corrections
diff --git a/src/errors.rs b/src/errors.rs
@@ -17,14 +17,14 @@ pub enum ProofError {
     VerificationFailure,
     /// Occurs during batch verification if the batch parameters do not have the right size.
     #[error("Mismatched parameter sizes for batch verification.")]
-    BatchSizeMismatch,
+    ProofSizeMismatch,
     /// Occurs when a feature is not implemented yet.
     #[error("The method is not yet implemented for this struct")]
     NotImplemented(&'static str),
     /// Serialization of a group element/scalar failed
     #[error("Serialization of a group element/scalar failed")]
-    /// Other error
     GroupSerializationFailure,
+    /// Other error
     #[error("Other")]
     Other,
 }
diff --git a/src/group_serialization.rs b/src/group_serialization.rs
@@ -1,25 +1,26 @@
 use ff::PrimeField;
 use group::{Group, GroupEncoding};
 
+use crate::ProofError;
+
 pub fn serialize_element<G: Group + GroupEncoding>(element: &G) -> Vec<u8> {
     element.to_bytes().as_ref().to_vec()
 }
 
-pub fn deserialize_element<G: Group + GroupEncoding>(data: &[u8]) -> Option<G> {
+pub fn deserialize_element<G: Group + GroupEncoding>(data: &[u8]) -> Result<G, ProofError> {
     let element_len = G::Repr::default().as_ref().len();
     if data.len() != element_len {
-        return None;
+        return Err(ProofError::GroupSerializationFailure);
     }
 
     let mut repr = G::Repr::default();
     repr.as_mut().copy_from_slice(data);
     let ct_point = G::from_bytes(&repr);
-
     if ct_point.is_some().into() {
         let point = ct_point.unwrap();
-        Some(point)
+        Ok(point)
     } else {
-        None
+        Err(ProofError::GroupSerializationFailure)
     }
 }
 
@@ -29,12 +30,12 @@ pub fn serialize_scalar<G: Group>(scalar: &G::Scalar) -> Vec<u8> {
     scalar_bytes
 }
 
-pub fn deserialize_scalar<G: Group>(data: &[u8]) -> Option<G::Scalar> {
+pub fn deserialize_scalar<G: Group>(data: &[u8]) -> Result<G::Scalar, ProofError> {
     let scalar_len = <<G as Group>::Scalar as PrimeField>::Repr::default()
         .as_ref()
         .len();
     if data.len() != scalar_len {
-        return None;
+        return Err(ProofError::GroupSerializationFailure);
     }
 
     let mut repr = <<G as Group>::Scalar as PrimeField>::Repr::default();
@@ -43,6 +44,11 @@ pub fn deserialize_scalar<G: Group>(data: &[u8]) -> Option<G::Scalar> {
         tmp.reverse();
         tmp
     });
-
-    G::Scalar::from_repr(repr).into()
+    let ct_scalar = G::Scalar::from_repr(repr);
+    if ct_scalar.is_some().into() {
+        let scalar = ct_scalar.unwrap();
+        Ok(scalar)
+    } else {
+        Err(ProofError::GroupSerializationFailure)
+    }
 }
diff --git a/src/proof_composition.rs b/src/proof_composition.rs
@@ -83,7 +83,7 @@ impl<G: Group + GroupEncoding> SigmaProtocol for AndProtocol<G> {
         let mut resp_cursor = 0;
 
         for protocol in &self.0 {
-            let commit_len = protocol.points_nb();
+            let commit_len = protocol.statements_nb();
             let resp_len = protocol.scalars_nb();
 
             let commit = &commitment[commit_cursor..(commit_cursor + commit_len)];
@@ -108,7 +108,7 @@ impl<G: Group + GroupEncoding> SigmaProtocol for AndProtocol<G> {
         let mut resp_cursor = 0;
 
         for protocol in &self.0 {
-            let commit_len = protocol.points_nb();
+            let commit_len = protocol.statements_nb();
             let resp_len = protocol.scalars_nb();
 
             let commit = &commitment[commit_cursor..(commit_cursor + commit_len)];
@@ -138,7 +138,7 @@ impl<G: Group + GroupEncoding> SigmaProtocol for AndProtocol<G> {
             .len();
 
         for protocol in &self.0 {
-            let commit_nb = protocol.points_nb();
+            let commit_nb = protocol.statements_nb();
             let response_nb = protocol.scalars_nb();
             let proof_len = response_nb * scalar_size + commit_nb * point_size;
             let (commit, resp) =
@@ -261,7 +261,7 @@ impl<G: Group + GroupEncoding> SigmaProtocol for OrProtocol<G> {
         let mut commit_cursor = 0;
         let mut resp_cursor = 0;
         for (i, protocol) in self.0.iter().enumerate() {
-            let commit_len = protocol.points_nb();
+            let commit_len = protocol.statements_nb();
             let resp_len = protocol.scalars_nb();
             let commit = &commitment[commit_cursor..(commit_cursor + commit_len)];
             let resp = &response.1[resp_cursor..(resp_cursor + resp_len)];
@@ -285,7 +285,7 @@ impl<G: Group + GroupEncoding> SigmaProtocol for OrProtocol<G> {
         let mut resp_cursor = 0;
 
         for (i, protocol) in self.0.iter().enumerate() {
-            let commit_len = protocol.points_nb();
+            let commit_len = protocol.statements_nb();
             let resp_len = protocol.scalars_nb();
 
             let commit = &commitment[commit_cursor..(commit_cursor + commit_len)];
@@ -316,7 +316,7 @@ impl<G: Group + GroupEncoding> SigmaProtocol for OrProtocol<G> {
             .len();
 
         for protocol in &self.0 {
-            let commit_nb = protocol.points_nb();
+            let commit_nb = protocol.statements_nb();
             let response_nb = protocol.scalars_nb();
             let proof_len = response_nb * scalar_size + commit_nb * point_size;
             let (commit, resp) =
diff --git a/src/schnorr_protocol.rs b/src/schnorr_protocol.rs
@@ -38,7 +38,7 @@ impl<G: Group + GroupEncoding> SchnorrProtocol<G> {
         self.0.morphism.num_scalars
     }
 
-    pub fn points_nb(&self) -> usize {
+    pub fn statements_nb(&self) -> usize {
         self.0.morphism.num_statements()
     }
 
@@ -58,6 +58,10 @@ impl<G: Group + GroupEncoding> SchnorrProtocol<G> {
         self.0.set_elements(elements);
     }
 
+    pub fn evaluate(&self, scalars: &[<G as Group>::Scalar]) -> Vec<G> {
+        self.0.morphism.evaluate(scalars)
+    }
+
     pub fn image(&self) -> Vec<G> {
         self.0.image()
     }
@@ -83,11 +87,11 @@ where
             return Err(ProofError::Other);
         }
 
-        let nonces: Vec<G::Scalar> = (0..self.0.morphism.num_scalars)
+        let nonces: Vec<G::Scalar> = (0..self.scalars_nb())
             .map(|_| G::Scalar::random(&mut rng))
             .collect();
         let prover_state = (nonces.clone(), witness.clone());
-        let commitment = self.0.morphism.evaluate(&nonces);
+        let commitment = self.evaluate(&nonces);
         Ok((commitment, prover_state))
     }
 
@@ -102,7 +106,7 @@ where
         }
 
         let mut responses = Vec::new();
-        for i in 0..self.0.morphism.num_scalars {
+        for i in 0..self.scalars_nb() {
             responses.push(state.0[i] + state.1[i] * challenge);
         }
         Ok(responses)
@@ -115,14 +119,10 @@ where
         challenge: &Self::Challenge,
         response: &Self::Response,
     ) -> Result<(), ProofError> {
-        let lhs = self.0.morphism.evaluate(response);
+        let lhs = self.evaluate(response);
 
         let mut rhs = Vec::new();
-        for (i, g) in commitment
-            .iter()
-            .enumerate()
-            .take(self.0.morphism.num_statements())
-        {
+        for (i, g) in commitment.iter().enumerate().take(self.statements_nb()) {
             rhs.push(self.0.morphism.group_elements[self.0.image[i].index()] * challenge + g);
         }
 
@@ -140,8 +140,8 @@ where
         response: &Self::Response,
     ) -> Result<Vec<u8>, ProofError> {
         let mut bytes = Vec::new();
-        let commit_nb = self.0.morphism.num_statements();
-        let response_nb = self.0.morphism.num_scalars;
+        let commit_nb = self.statements_nb();
+        let response_nb = self.scalars_nb();
 
         // Serialize commitments
         for commit in commitment.iter().take(commit_nb) {
@@ -160,8 +160,8 @@ where
         &self,
         data: &[u8],
     ) -> Result<(Self::Commitment, Self::Response), ProofError> {
-        let commit_nb = self.0.morphism.num_statements();
-        let response_nb = self.0.morphism.num_scalars;
+        let commit_nb = self.statements_nb();
+        let response_nb = self.scalars_nb();
 
         let commit_size = G::generator().to_bytes().as_ref().len();
         let response_size = <<G as Group>::Scalar as PrimeField>::Repr::default()
@@ -170,7 +170,7 @@ where
 
         let expected_len = response_nb * response_size + commit_nb * commit_size;
         if data.len() != expected_len {
-            return Err(ProofError::BatchSizeMismatch);
+            return Err(ProofError::ProofSizeMismatch);
         }
 
         let mut commitments: Self::Commitment = Vec::new();
@@ -181,7 +181,7 @@ where
             let end = start + commit_size;
 
             let slice = &data[start..end];
-            let elem = deserialize_element(slice).ok_or(ProofError::GroupSerializationFailure)?;
+            let elem = deserialize_element(slice)?;
             commitments.push(elem);
         }
 
@@ -190,8 +190,7 @@ where
             let end = start + response_size;
 
             let slice = &data[start..end];
-            let scalar =
-                deserialize_scalar::<G>(slice).ok_or(ProofError::GroupSerializationFailure)?;
+            let scalar = deserialize_scalar::<G>(slice)?;
             responses.push(scalar);
         }
 
@@ -212,8 +211,8 @@ where
             return Err(ProofError::Other);
         }
 
-        let response_image = self.0.morphism.evaluate(response);
-        let image = self.0.image();
+        let response_image = self.evaluate(response);
+        let image = self.image();
 
         let mut commitment = Vec::new();
         for i in 0..image.len() {
@@ -230,7 +229,7 @@ where
         response: &Self::Response,
     ) -> Result<Vec<u8>, ProofError> {
         let mut bytes = Vec::new();
-        let response_nb = self.0.morphism.num_scalars;
+        let response_nb = self.scalars_nb();
 
         // Serialize challenge
         bytes.extend_from_slice(&serialize_scalar::<G>(challenge));
@@ -247,30 +246,28 @@ where
         &self,
         data: &[u8],
     ) -> Result<(Self::Challenge, Self::Response), ProofError> {
-        let response_nb = self.0.morphism.num_scalars;
+        let response_nb = self.scalars_nb();
         let response_size = <<G as Group>::Scalar as PrimeField>::Repr::default()
             .as_ref()
             .len();
 
         let expected_len = (response_nb + 1) * response_size;
 
         if data.len() != expected_len {
-            return Err(ProofError::BatchSizeMismatch);
+            return Err(ProofError::ProofSizeMismatch);
         }
 
         let mut responses: Self::Response = Vec::new();
 
         let slice = &data[0..response_size];
-        let challenge =
-            deserialize_scalar::<G>(slice).ok_or(ProofError::GroupSerializationFailure)?;
+        let challenge = deserialize_scalar::<G>(slice)?;
 
         for i in 0..response_nb {
             let start = (i + 1) * response_size;
             let end = start + response_size;
 
             let slice = &data[start..end];
-            let scalar =
-                deserialize_scalar::<G>(slice).ok_or(ProofError::GroupSerializationFailure)?;
+            let scalar = deserialize_scalar::<G>(slice)?;
             responses.push(scalar);
         }
 
@@ -288,7 +285,7 @@ where
         rng: &mut (impl RngCore + CryptoRng),
     ) -> (Self::Commitment, Self::Response) {
         let mut response = Vec::new();
-        response.extend(iter::repeat(G::Scalar::random(rng)).take(self.0.morphism.num_scalars));
+        response.extend(iter::repeat(G::Scalar::random(rng)).take(self.scalars_nb()));
         let commitment = self.get_commitment(challenge, &response).unwrap();
         (commitment, response)
     }
diff --git a/tests/spec/custom_schnorr_protocol.rs b/tests/spec/custom_schnorr_protocol.rs
@@ -116,7 +116,7 @@ where
 
         let expected_len = scalar_nb * scalar_size + point_nb * point_size;
         if data.len() != expected_len {
-            return Err(ProofError::BatchSizeMismatch);
+            return Err(ProofError::ProofSizeMismatch);
         }
 
         let mut commitments: Self::Commitment = Vec::new();
@@ -127,7 +127,7 @@ where
             let end = start + point_size;
 
             let slice = &data[start..end];
-            let elem = deserialize_element(slice).ok_or(ProofError::GroupSerializationFailure)?;
+            let elem = deserialize_element(slice)?;
             commitments.push(elem);
         }
 
@@ -136,8 +136,7 @@ where
             let end = start + scalar_size;
 
             let slice = data[start..end].to_vec();
-            let scalar =
-                deserialize_scalar::<G>(&slice).ok_or(ProofError::GroupSerializationFailure)?;
+            let scalar = deserialize_scalar::<G>(&slice)?;
             responses.push(scalar);
         }
 
