perf(protocol): optimize deserialization and enhance test coverage

- perf: return proof size in deserialize_batchable to avoid unnecessary group calculations in Protocol implementations
- test: add absorb_morphism step verification in Protocol test suite

Author: nougzarm

src/fiat_shamir.rs

@@ -194,7 +194,7 @@ where
     ///   - The challenge doesn't match the recomputed one from the commitment.
     ///   - The response fails verification under the Sigma protocol.
     pub fn verify_batchable(&self, proof: &[u8]) -> Result<(), Error> {
-        let (commitment, response) = self.sigmap.deserialize_batchable(proof).unwrap();
+        let ((commitment, response), _) = self.sigmap.deserialize_batchable(proof).unwrap();
 
         let mut codec = self.hash_state.clone();
 

src/protocol.rs

@@ -295,31 +295,32 @@ impl<G: Group + GroupEncoding> SigmaProtocol for Protocol<G> {
     fn deserialize_batchable(
         &self,
         data: &[u8],
-    ) -> Result<(Self::Commitment, Self::Response), Error> {
+    ) -> Result<((Self::Commitment, Self::Response), usize), Error> {
         match self {
             Protocol::Simple(p) => {
-                let (c, r) = p.deserialize_batchable(data)?;
-                Ok((ProtocolCommitment::Simple(c), ProtocolResponse::Simple(r)))
+                let ((c, r), size) = p.deserialize_batchable(data)?;
+                Ok((
+                    (ProtocolCommitment::Simple(c), ProtocolResponse::Simple(r)),
+                    size,
+                ))
             }
             Protocol::And(ps) => {
                 let mut cursor = 0;
                 let mut commitments = Vec::with_capacity(ps.len());
                 let mut responses = Vec::with_capacity(ps.len());
                 for p in ps {
-                    let (p_commit, p_resp) = p.deserialize_batchable(&data[cursor..])?;
-                    let serialized = p.serialize_batchable(
-                        &p_commit,
-                        &p.simulate_transcript(&mut rand::thread_rng()).1,
-                        &p_resp,
-                    )?;
-                    cursor += serialized.len();
+                    let ((p_commit, p_resp), size) = p.deserialize_batchable(&data[cursor..])?;
+                    cursor += size;
 
                     commitments.push(p_commit);
                     responses.push(p_resp);
                 }
                 Ok((
-                    ProtocolCommitment::And(commitments),
-                    ProtocolResponse::And(responses),
+                    (
+                        ProtocolCommitment::And(commitments),
+                        ProtocolResponse::And(responses),
+                    ),
+                    cursor,
                 ))
             }
             Protocol::Or(ps) => {
@@ -333,14 +334,8 @@ impl<G: Group + GroupEncoding> SigmaProtocol for Protocol<G> {
                     .len();
 
                 for p in ps.iter() {
-                    let (c, r) = p.deserialize_batchable(&data[cursor..])?;
-
-                    let serialized_cr = p.serialize_batchable(
-                        &c,
-                        &p.simulate_transcript(&mut rand::thread_rng()).1,
-                        &r,
-                    )?;
-                    cursor += serialized_cr.len();
+                    let ((c, r), size) = p.deserialize_batchable(&data[cursor..])?;
+                    cursor += size;
 
                     if data.len() < cursor + ch_bytes_len {
                         return Err(Error::ProofSizeMismatch);
@@ -355,8 +350,11 @@ impl<G: Group + GroupEncoding> SigmaProtocol for Protocol<G> {
                 }
 
                 Ok((
-                    ProtocolCommitment::Or(commitments),
-                    ProtocolResponse::Or(challenges, responses),
+                    (
+                        ProtocolCommitment::Or(commitments),
+                        ProtocolResponse::Or(challenges, responses),
+                    ),
+                    cursor,
                 ))
             }
         }

src/schnorr_protocol.rs

@@ -207,7 +207,7 @@ where
     fn deserialize_batchable(
         &self,
         data: &[u8],
-    ) -> Result<(Self::Commitment, Self::Response), Error> {
+    ) -> Result<((Self::Commitment, Self::Response), usize), Error> {
         let commit_nb = self.statements_nb();
         let response_nb = self.scalars_nb();
 
@@ -242,7 +242,7 @@ where
             responses.push(scalar);
         }
 
-        Ok((commitments, responses))
+        Ok(((commitments, responses), expected_len))
     }
 }
 

src/traits.rs

@@ -70,11 +70,11 @@ pub trait SigmaProtocol {
 
     /// Deserializes a batchable proof from bytes.
     ///
-    /// Returns `Some((commitment, response))` if parsing is successful, otherwise `None`.
+    /// Returns `Ok(((commitment, response), proof_size))` if parsing is successful, otherwise `Err(Error)`.
     fn deserialize_batchable(
         &self,
         _data: &[u8],
-    ) -> Result<(Self::Commitment, Self::Response), Error>;
+    ) -> Result<((Self::Commitment, Self::Response), usize), Error>;
 }
 
 /// A feature defining the behavior of a protocol for which it is possible to compact the proofs by omitting the commitments.
@@ -111,7 +111,7 @@ pub trait CompactProtocol: SigmaProtocol {
 
     /// Deserializes a compact proof from bytes.
     ///
-    /// Returns `Some((challenge, response))` if parsing is successful, otherwise `None`.
+    /// Returns `Ok((challenge, response))` if parsing is successful, otherwise `Err(Error)`.
     fn deserialize_compact(&self, _data: &[u8])
     -> Result<(Self::Challenge, Self::Response), Error>;
 }

tests/composition_protocol.rs

@@ -3,7 +3,7 @@ use group::Group;
 use rand::rngs::OsRng;
 
 use sigma_rs::codec::ShakeCodec;
-use sigma_rs::fiat_shamir::NISigmaProtocol;
+use sigma_rs::fiat_shamir::{HasGroupMorphism, NISigmaProtocol};
 use sigma_rs::protocol::{Protocol, ProtocolWitness};
 use sigma_rs::schnorr_protocol::SchnorrProtocol;
 use sigma_rs::test_utils::{
@@ -84,9 +84,13 @@ fn composition_proof_correct() {
     let protocol = Protocol::And(vec![or_protocol1, simple_protocol1, and_protocol1]);
     let witness = ProtocolWitness::And(vec![or_witness1, simple_witness1, and_witness1]);
 
-    let nizk =
+    let mut nizk =
         NISigmaProtocol::<Protocol<RistrettoPoint>, ShakeCodec<G>>::new(domain_sep, protocol);
 
+    nizk.sigmap
+        .absorb_morphism_structure(&mut nizk.hash_state)
+        .unwrap();
+
     // Batchable and compact proofs
     let proof_batchable_bytes = nizk.prove_batchable(&witness, &mut rng).unwrap();
     let proof_compact_bytes = nizk.prove_compact(&witness, &mut rng).unwrap();

tests/spec/custom_schnorr_protocol.rs

@@ -112,7 +112,7 @@ where
     fn deserialize_batchable(
         &self,
         data: &[u8],
-    ) -> Result<(Self::Commitment, Self::Response), Error> {
+    ) -> Result<((Self::Commitment, Self::Response), usize), Error> {
         let scalar_nb = self.0.morphism.num_scalars;
         let point_nb = self.0.morphism.constraints.len();
 
@@ -147,7 +147,7 @@ where
             responses.push(scalar);
         }
 
-        Ok((commitments, responses))
+        Ok(((commitments, responses), expected_len))
     }
 }