fix: move more trait bounds to PrimeGroup

mmaker · mmaker · commit 61f82704d472 · 2025-07-24T20:33:16.000-07:00
diff --git a/src/codec.rs b/src/codec.rs
@@ -3,7 +3,7 @@
 pub use crate::duplex_sponge::keccak::KeccakDuplexSponge;
 use crate::duplex_sponge::{shake::ShakeDuplexSponge, DuplexSpongeInterface};
 use ff::PrimeField;
-use group::{Group, GroupEncoding};
+use group::prime::PrimeGroup;
 use num_bigint::BigUint;
 use num_traits::identities::One;
 
@@ -46,7 +46,7 @@ fn cardinal<F: PrimeField>() -> BigUint {
 #[derive(Clone)]
 pub struct ByteSchnorrCodec<G, H>
 where
-    G: Group + GroupEncoding,
+    G: PrimeGroup,
     H: DuplexSpongeInterface,
 {
     hasher: H,
@@ -61,10 +61,10 @@ fn length_to_bytes(x: usize) -> [u8; WORD_SIZE] {
 
 impl<G, H> Codec for ByteSchnorrCodec<G, H>
 where
-    G: Group + GroupEncoding,
+    G: PrimeGroup,
     H: DuplexSpongeInterface,
 {
-    type Challenge = <G as Group>::Scalar;
+    type Challenge = G::Scalar;
 
     fn new(protocol_id: &[u8], session_id: &[u8], instance_label: &[u8]) -> Self {
         let iv = {
diff --git a/src/linear_relation/mod.rs b/src/linear_relation/mod.rs
@@ -14,7 +14,7 @@ use std::iter;
 use std::marker::PhantomData;
 
 use ff::Field;
-use group::{Group, GroupEncoding};
+use group::prime::PrimeGroup;
 
 use crate::codec::Shake128DuplexSponge;
 use crate::errors::Error;
@@ -68,7 +68,7 @@ pub enum ScalarTerm<G> {
     Unit,
 }
 
-impl<G: Group> ScalarTerm<G> {
+impl<G: PrimeGroup> ScalarTerm<G> {
     // NOTE: This function is private intentionally as it would be replaced if a ScalarMap struct
     // were to be added.
     fn value(self, scalars: &[G::Scalar]) -> G::Scalar {
@@ -112,13 +112,13 @@ impl<T> Sum<T> {
 /// - `w_i` are the constant weight scalars
 ///
 /// The indices refer to external lists managed by the containing LinearMap.
-pub type LinearCombination<G> = Sum<Weighted<Term<G>, <G as Group>::Scalar>>;
+pub type LinearCombination<G> = Sum<Weighted<Term<G>, <G as group::Group>::Scalar>>;
 
 /// Ordered mapping of [GroupVar] to group elements assignments.
 #[derive(Clone, Debug)]
 pub struct GroupMap<G>(Vec<Option<G>>);
 
-impl<G: Group> GroupMap<G> {
+impl<G: PrimeGroup> GroupMap<G> {
     /// Assign a group element value to a point variable.
     ///
     /// # Parameters
@@ -207,7 +207,7 @@ impl<G> Default for GroupMap<G> {
     }
 }
 
-impl<G: Group> FromIterator<(GroupVar<G>, G)> for GroupMap<G> {
+impl<G: PrimeGroup> FromIterator<(GroupVar<G>, G)> for GroupMap<G> {
     fn from_iter<T: IntoIterator<Item = (GroupVar<G>, G)>>(iter: T) -> Self {
         iter.into_iter()
             .fold(Self::default(), |mut instance, (var, val)| {
@@ -222,7 +222,7 @@ impl<G: Group> FromIterator<(GroupVar<G>, G)> for GroupMap<G> {
 /// It supports dynamic allocation of scalars and elements,
 /// and evaluates by performing multi-scalar multiplications.
 #[derive(Clone, Default, Debug)]
-pub struct LinearMap<G: Group> {
+pub struct LinearMap<G: PrimeGroup> {
     /// The set of linear combination constraints (equations).
     pub linear_combinations: Vec<LinearCombination<G>>,
     /// The list of group elements referenced in the linear map.
@@ -246,15 +246,15 @@ pub struct LinearMap<G: Group> {
 ///
 /// # Returns
 /// The group element result of the MSM.
-pub fn msm_pr<G: Group>(scalars: &[G::Scalar], bases: &[G]) -> G {
+pub fn msm_pr<G: PrimeGroup>(scalars: &[G::Scalar], bases: &[G]) -> G {
     let mut acc = G::identity();
     for (s, p) in scalars.iter().zip(bases.iter()) {
         acc += *p * s;
     }
     acc
 }
 
-impl<G: Group> LinearMap<G> {
+impl<G: PrimeGroup> LinearMap<G> {
     /// Creates a new empty [`LinearMap`].
     ///
     /// # Returns
@@ -291,7 +291,7 @@ impl<G: Group> LinearMap<G> {
     /// # Returns
     ///
     /// A vector of group elements, each being the result of evaluating one linear combination with the scalars.
-    pub fn evaluate(&self, scalars: &[<G as Group>::Scalar]) -> Result<Vec<G>, Error> {
+    pub fn evaluate(&self, scalars: &[G::Scalar]) -> Result<Vec<G>, Error> {
         self.linear_combinations
             .iter()
             .map(|lc| {
@@ -320,9 +320,7 @@ impl<G: Group> LinearMap<G> {
 /// - A list of group elements and linear equations (held in the [`LinearMap`] field),
 /// - A list of [`GroupVar`] indices (`image`) that specify the expected output for each constraint.
 #[derive(Clone, Default, Debug)]
-pub struct LinearRelation<G>
-where
-    G: Group + GroupEncoding,
+pub struct LinearRelation<G: PrimeGroup>
 {
     /// The underlying linear map describing the structure of the statement.
     pub linear_map: LinearMap<G>,
@@ -338,7 +336,7 @@ where
 /// This struct represents a normalized form of a linear relation where each
 /// constraint is of the form: image[i] = Σ (scalar_j * group_element_k)
 #[derive(Clone, Debug, Default)]
-pub struct CanonicalLinearRelation<G: Group + GroupEncoding> {
+pub struct CanonicalLinearRelation<G: PrimeGroup> {
     /// The image group elements (left-hand side of equations)
     pub image: Vec<G>,
     /// The constraints, where each constraint is a vector of (scalar_var, group_var) pairs
@@ -350,7 +348,7 @@ pub struct CanonicalLinearRelation<G: Group + GroupEncoding> {
     pub num_scalars: usize,
 }
 
-impl<G: Group + GroupEncoding> CanonicalLinearRelation<G> {
+impl<G: PrimeGroup> CanonicalLinearRelation<G> {
     /// Create a new empty canonical linear relation
     pub fn new() -> Self {
         Self {
@@ -514,7 +512,7 @@ impl<G: Group + GroupEncoding> CanonicalLinearRelation<G> {
     }
 }
 
-impl<G: Group + GroupEncoding> TryFrom<LinearRelation<G>> for CanonicalLinearRelation<G> {
+impl<G: PrimeGroup> TryFrom<LinearRelation<G>> for CanonicalLinearRelation<G> {
     type Error = Error;
 
     fn try_from(relation: LinearRelation<G>) -> Result<Self, Self::Error> {
@@ -545,9 +543,7 @@ impl<G: Group + GroupEncoding> TryFrom<LinearRelation<G>> for CanonicalLinearRel
     }
 }
 
-impl<G> LinearRelation<G>
-where
-    G: Group + GroupEncoding,
+impl<G: PrimeGroup> LinearRelation<G>
 {
     /// Create a new empty [`LinearRelation`].
     pub fn new() -> Self {
@@ -675,7 +671,7 @@ where
     ///
     /// Return `Ok` on success, and an error if unassigned elements prevent the image from being
     /// computed. Modifies the group elements assigned in the [LinearRelation].
-    pub fn compute_image(&mut self, scalars: &[<G as Group>::Scalar]) -> Result<(), Error> {
+    pub fn compute_image(&mut self, scalars: &[G::Scalar]) -> Result<(), Error> {
         if self.linear_map.num_constraints() != self.image.len() {
             // NOTE: This is a panic, rather than a returned error, because this can only happen if
             // this implementation has a bug.
@@ -761,9 +757,10 @@ where
     /// let proof = nizk.prove_batchable(&vec![x], &mut OsRng).unwrap();
     /// assert!(nizk.verify_batchable(&proof).is_ok());
     /// ```
-    pub fn into_nizk(self, session_identifier: &[u8]) -> Nizk<SchnorrProof<G>, Shake128DuplexSponge<G>>
-    where
-        G: group::GroupEncoding,
+    pub fn into_nizk(
+        self,
+        session_identifier: &[u8],
+    ) -> Nizk<SchnorrProof<G>, Shake128DuplexSponge<G>>
     {
         let schnorr = SchnorrProof::from(self);
         Nizk::new(session_identifier, schnorr)
diff --git a/src/schnorr_protocol.rs b/src/schnorr_protocol.rs
@@ -14,7 +14,7 @@ use crate::{
 };
 
 use ff::Field;
-use group::{Group, GroupEncoding};
+use group::prime::PrimeGroup;
 use rand::{CryptoRng, Rng, RngCore};
 
 /// A Schnorr protocol proving knowledge of a witness for a linear group relation.
@@ -23,11 +23,11 @@ use rand::{CryptoRng, Rng, RngCore};
 /// a [`LinearRelation`], representing an abstract linear relation over the group.
 ///
 /// # Type Parameters
-/// - `G`: A cryptographic group implementing [`Group`] and [`GroupEncoding`].
+/// - `G`: A [`PrimeGroup`] instance.
 #[derive(Clone, Default, Debug)]
-pub struct SchnorrProof<G: Group + GroupEncoding>(pub CanonicalLinearRelation<G>);
+pub struct SchnorrProof<G: PrimeGroup>(pub CanonicalLinearRelation<G>);
 
-impl<G: Group + GroupEncoding> SchnorrProof<G> {
+impl<G: PrimeGroup> SchnorrProof<G> {
     pub fn witness_length(&self) -> usize {
         self.0.num_scalars
     }
@@ -54,9 +54,7 @@ impl<G: Group + GroupEncoding> SchnorrProof<G> {
     }
 }
 
-impl<G> From<LinearRelation<G>> for SchnorrProof<G>
-where
-    G: Group + GroupEncoding,
+impl<G: PrimeGroup> From<LinearRelation<G>> for SchnorrProof<G>
 {
     fn from(value: LinearRelation<G>) -> Self {
         Self(
@@ -69,13 +67,13 @@ where
 
 impl<G> SigmaProtocol for SchnorrProof<G>
 where
-    G: Group + GroupEncoding,
+    G: PrimeGroup,
 {
     type Commitment = Vec<G>;
-    type ProverState = (Vec<<G as Group>::Scalar>, Vec<<G as Group>::Scalar>);
-    type Response = Vec<<G as Group>::Scalar>;
-    type Witness = Vec<<G as Group>::Scalar>;
-    type Challenge = <G as Group>::Scalar;
+    type ProverState = (Vec<G::Scalar>, Vec<G::Scalar>);
+    type Response = Vec<G::Scalar>;
+    type Witness = Vec<G::Scalar>;
+    type Challenge = G::Scalar;
 
     /// Prover's first message: generates a commitment using random nonces.
     ///
@@ -293,7 +291,7 @@ where
 
 impl<G> SigmaProtocolSimulator for SchnorrProof<G>
 where
-    G: Group + GroupEncoding,
+    G: PrimeGroup,
 {
     /// Simulates a valid transcript for a given challenge without a witness.
     ///
diff --git a/src/serialization.rs b/src/serialization.rs
@@ -4,7 +4,7 @@
 //! byte representations using canonical encodings.
 
 use ff::PrimeField;
-use group::{Group, GroupEncoding};
+use group::prime::PrimeGroup;
 
 /// Serialize a slice of group elements into a byte vector.
 ///
@@ -13,7 +13,7 @@ use group::{Group, GroupEncoding};
 ///
 /// # Returns
 /// - A `Vec<u8>` containing the concatenated canonical compressed byte representations.
-pub fn serialize_elements<G: Group + GroupEncoding>(elements: &[G]) -> Vec<u8> {
+pub fn serialize_elements<G: PrimeGroup>(elements: &[G]) -> Vec<u8> {
     let mut bytes = Vec::new();
     for element in elements {
         bytes.extend_from_slice(element.to_bytes().as_ref());
@@ -30,7 +30,7 @@ pub fn serialize_elements<G: Group + GroupEncoding>(elements: &[G]) -> Vec<u8> {
 /// # Returns
 /// - `Some(Vec<G>)`: The deserialized group elements if all are valid.
 /// - `None`: If the byte slice length is incorrect or any element is invalid.
-pub fn deserialize_elements<G: Group + GroupEncoding>(data: &[u8], count: usize) -> Option<Vec<G>> {
+pub fn deserialize_elements<G: PrimeGroup>(data: &[u8], count: usize) -> Option<Vec<G>> {
     let element_len = G::Repr::default().as_ref().len();
     let expected_len = count * element_len;
 
@@ -69,7 +69,7 @@ pub fn deserialize_elements<G: Group + GroupEncoding>(data: &[u8], count: usize)
 ///
 /// # Returns
 /// - A `Vec<u8>` containing the scalar bytes in big-endian order.
-pub fn serialize_scalars<G: Group>(scalars: &[G::Scalar]) -> Vec<u8> {
+pub fn serialize_scalars<G: PrimeGroup>(scalars: &[G::Scalar]) -> Vec<u8> {
     let mut bytes = Vec::new();
     for scalar in scalars {
         let mut scalar_bytes = scalar.to_repr().as_ref().to_vec();
@@ -88,7 +88,7 @@ pub fn serialize_scalars<G: Group>(scalars: &[G::Scalar]) -> Vec<u8> {
 /// # Returns
 /// - `Some(Vec<G::Scalar>)`: The deserialized scalars if all are valid.
 /// - `None`: If the byte slice length is incorrect or any scalar is invalid.
-pub fn deserialize_scalars<G: Group>(data: &[u8], count: usize) -> Option<Vec<G::Scalar>> {
+pub fn deserialize_scalars<G: PrimeGroup>(data: &[u8], count: usize) -> Option<Vec<G::Scalar>> {
     #[allow(clippy::manual_div_ceil)]
     let scalar_len = (G::Scalar::NUM_BITS as usize + 7) / 8;
     let expected_len = count * scalar_len;
diff --git a/src/tests/spec/custom_schnorr_protocol.rs b/src/tests/spec/custom_schnorr_protocol.rs
@@ -1,4 +1,4 @@
-use group::{Group, GroupEncoding};
+use group::prime::PrimeGroup;
 use rand::{CryptoRng, Rng};
 
 use crate::errors::Error;
@@ -9,32 +9,32 @@ use crate::serialization::{
 use crate::tests::spec::random::SRandom;
 use crate::traits::{SigmaProtocol, SigmaProtocolSimulator};
 
-pub struct SchnorrProtocolCustom<G: SRandom + GroupEncoding>(pub LinearRelation<G>);
+pub struct SchnorrProtocolCustom<G: SRandom + PrimeGroup>(pub LinearRelation<G>);
 
 impl<G> From<LinearRelation<G>> for SchnorrProtocolCustom<G>
 where
-    G: SRandom + GroupEncoding,
+    G: SRandom + PrimeGroup,
 {
     fn from(value: LinearRelation<G>) -> Self {
         Self(value)
     }
 }
 
-impl<G: SRandom + GroupEncoding> SchnorrProtocolCustom<G> {
+impl<G: SRandom + PrimeGroup> SchnorrProtocolCustom<G> {
     pub fn witness_len(&self) -> usize {
         self.0.linear_map.num_scalars
     }
 }
 
 impl<G> SigmaProtocol for SchnorrProtocolCustom<G>
 where
-    G: SRandom + GroupEncoding,
+    G: SRandom + PrimeGroup,
 {
     type Commitment = Vec<G>;
-    type ProverState = (Vec<<G as Group>::Scalar>, Vec<<G as Group>::Scalar>);
-    type Response = Vec<<G as Group>::Scalar>;
-    type Witness = Vec<<G as Group>::Scalar>;
-    type Challenge = <G as Group>::Scalar;
+    type ProverState = (Vec<G::Scalar>, Vec<G::Scalar>);
+    type Response = Vec<G::Scalar>;
+    type Witness = Vec<G::Scalar>;
+    type Challenge = G::Scalar;
 
     fn prover_commit(
         &self,
@@ -131,7 +131,7 @@ where
     }
 }
 
-impl<G: SRandom + GroupEncoding> SigmaProtocolSimulator for SchnorrProtocolCustom<G> {
+impl<G: SRandom + PrimeGroup> SigmaProtocolSimulator for SchnorrProtocolCustom<G> {
     fn simulate_commitment(
         &self,
         challenge: &Self::Challenge,
