feat(simulator): implement SigmaProtocolSimulator trait for SchnorrProtocol

- feat: add SigmaProtocolSimulator trait implementation for SchnorrProtocol
- chore: move bls12_381 dependency to dev-dependencies
- fix: correct naming inconsistencies and miscellaneous issues

Author: nougzarm

Cargo.toml

@@ -37,7 +37,6 @@ subtle = "2.6.1"
 num-bigint = "0.4.6"
 num-traits = "0.2.19"
 tiny-keccak = { version = "2.0.2", features = ["fips202"] }
-bls12_381 = "0.8.0"
 
 [dev-dependencies]
 bincode = "1"

src/codec/keccak_codec.rs

@@ -1,11 +1,11 @@
 //! # Keccak-based Fiat-Shamir Codec for vector tests
 //!
-//! This module implements a **Fiat-Shamir transcript codec** using the Keccak-f[1600] permutation
+//! This module implements a **Fiat-Shamir codec** using the Keccak-f[1600] permutation
 //! in a duplex sponge construction
 //!
 //! It includes:
 //! - A custom `KeccakPermutationState` and `KeccakDuplexSponge`
-//! - A [`ByteSchnorrCodec`] transcript codec based on this sponge
+//! - A [`ByteSchnorrCodec`] codec based on this sponge
 //!
 //! ## Purpose
 //! This module exists to **match test vectors** generated in the original Sage implementation
@@ -19,7 +19,7 @@
 //! ## Components
 //! - `KeccakPermutationState`: Low-level Keccak-f[1600] state representation
 //! - `KeccakDuplexSponge`: Duplex sponge over 200-byte state buffer
-//! - `ByteSchnorrCodec`: Fiat-Shamir transcript codec compatible with Sage Schnorr proofs
+//! - `ByteSchnorrCodec`: Fiat-Shamir codec compatible with Sage Schnorr proofs
 use crate::codec::r#trait::{Codec, DuplexSpongeInterface};
 use ff::PrimeField;
 use group::{Group, GroupEncoding};

src/proof_composition.rs

@@ -173,7 +173,7 @@ pub enum OrEnum<L, R> {
     Right(R),
 }
 
-/// Internal state for a simulated transcript in an OR proof.
+/// Internal state for a simulated transcription in an OR proof.
 pub struct OrState<P: SigmaProtocol>(P::Challenge, P::Response);
 
 /// Enum to describe which side (left or right) is simulated in an OR proof.
@@ -213,7 +213,7 @@ where
         let (r_index, r_witness_w) = witness;
         match r_witness_w {
             OrEnum::Left(ref r_witness) => {
-                let f_trnsc = self.protocol1.simulate_transcript(rng);
+                let f_trnsc = self.protocol1.simulate_transcription(rng);
                 let ST = OrState(f_trnsc.1, f_trnsc.2);
                 let (commit, r_pr_st) = self.protocol0.prover_commit(r_witness, rng);
                 (
@@ -222,7 +222,7 @@ where
                 )
             }
             OrEnum::Right(ref r_witness) => {
-                let f_trnsc = self.protocol0.simulate_transcript(rng);
+                let f_trnsc = self.protocol0.simulate_transcription(rng);
                 let ST = OrState(f_trnsc.1, f_trnsc.2);
                 let (commit, r_pr_st) = self.protocol1.prover_commit(r_witness, rng);
                 (

src/schnorr_protocol.rs

@@ -6,13 +6,17 @@
 
 use crate::{
     group_serialization::*,
-    CompactProtocol, GroupMorphismPreimage, ProofError,
+    GroupMorphismPreimage, 
+    ProofError,
     SigmaProtocol,
+    CompactProtocol,
+    SigmaProtocolSimulator,
 };
 
 use ff::{Field, PrimeField};
 use group::{Group, GroupEncoding};
 use rand::{CryptoRng, Rng};
+use std::iter;
 
 /// A Schnorr protocol proving knowledge some discrete logarithm relation.
 ///
@@ -220,3 +224,28 @@ where
         Ok((challenge, responses))
     }
 }
+
+impl<G> SigmaProtocolSimulator for SchnorrProtocol<G>
+where
+    G: Group + GroupEncoding,
+{
+    fn simulate_proof(
+        &self,
+        challenge: &Self::Challenge,
+        rng: &mut (impl Rng + CryptoRng),
+    ) -> (Self::Commitment, Self::Response) {
+        let mut response = Vec::new();
+        response.extend(iter::repeat(G::Scalar::random(rng)).take(self.0.morphism.num_scalars));
+        let commitment = self.get_commitment(challenge, &response);
+        (commitment, response)
+    }
+
+    fn simulate_transcription(
+            &self,
+            rng: &mut (impl Rng + CryptoRng),
+        ) -> (Self::Commitment, Self::Challenge, Self::Response) {
+        let challenge = G::Scalar::random(&mut *rng);
+        let (commitment, response) = self.simulate_proof(&challenge, &mut *rng);
+        (commitment, challenge, response)
+    }
+}

src/trait.rs

@@ -48,7 +48,7 @@ pub trait SigmaProtocol {
         challenge: &Self::Challenge,
     ) -> Self::Response;
 
-    /// Verifies a Sigma protocol transcript.
+    /// Verifies a Sigma protocol transcription.
     ///
     /// Returns:
     /// - `Ok(())` if the verification succeeds.
@@ -60,7 +60,7 @@ pub trait SigmaProtocol {
         response: &Self::Response,
     ) -> Result<(), ProofError>;
 
-    /// Serializes a proof transcript (commitment, challenge, response) to bytes batchable proof.
+    /// Serializes a proof transcription (commitment, challenge, response) to bytes batchable proof.
     fn serialize_batchable(
         &self,
         _commitment: &Self::Commitment,
@@ -99,7 +99,7 @@ pub trait CompactProtocol: SigmaProtocol {
         response: &Self::Response,
     ) -> Self::Commitment;
 
-    /// Serializes a proof transcript (commitment, challenge, response) to bytes compact proof.
+    /// Serializes a proof transcription (commitment, challenge, response) to bytes compact proof.
     fn serialize_compact(
         &self,
         _commitment: &Self::Commitment,
@@ -120,17 +120,17 @@ pub trait CompactProtocol: SigmaProtocol {
     }
 }
 
-/// A trait defining the behavior of a Sigma protocol for which simulation of transcripts is necessary.
+/// A trait defining the behavior of a Sigma protocol for which simulation of transcriptions is necessary.
 ///
-/// All Sigma protocols can technically simulate a valid transcript, but this mostly serve to prove the security of the protocol and is not used in the real protocol execution.
+/// All Sigma protocols can technically simulate a valid transcription, but this mostly serve to prove the security of the protocol and is not used in the real protocol execution.
 /// However, some protocols (like OR protocols that prove the truth of one-out-of-two statements) require them during for the real execution.
 ///
 /// ## Minimal Implementation
 /// Types implementing `SigmaProtocolSimulator` must define:
 /// - `simulate_proof`
 /// - `simulate_transcription`
 pub trait SigmaProtocolSimulator: SigmaProtocol {
-    /// Simulates a protocol transcript given a challenge.
+    /// Simulates a protocol transcription given a challenge.
     ///
     /// This serves to create zero-knowledge simulations without access to a witness.
     fn simulate_proof(
@@ -139,8 +139,8 @@ pub trait SigmaProtocolSimulator: SigmaProtocol {
         rng: &mut (impl Rng + CryptoRng),
     ) -> (Self::Commitment, Self::Response);
 
-    /// Simulates an entire protocol transcript.
-    fn simulate_transcript(
+    /// Simulates an entire protocol transcription.
+    fn simulate_transcription(
         &self,
         rng: &mut (impl Rng + CryptoRng),
     ) -> (Self::Commitment, Self::Challenge, Self::Response);

tests/interactive_codec.rs

@@ -75,7 +75,7 @@ impl SigmaProtocolSimulator for SchnorrZkp {
         (R, z)
     }
 
-    fn simulate_transcript(
+    fn simulate_transcription(
         &self,
         rng: &mut (impl Rng + CryptoRng),
     ) -> (Self::Commitment, Self::Challenge, Self::Response) {