Fixed the GroupMorphismPreimage structure to match the one in the sage implementation

nougzarm · nougzarm · commit 6f6ddb69cb10 · 2025-04-25T16:03:54.000+02:00
diff --git a/src/toolbox/sigma/group_morphism.rs b/src/toolbox/sigma/group_morphism.rs
@@ -53,7 +53,7 @@ where
     G: Group + GroupEncoding,
 {
     pub morphism: Morphism<G>,
-    pub image: Vec<G>,
+    pub image: Vec<usize>,
     _marker: PhantomData<G>,
 }
 
@@ -76,7 +76,7 @@ where
         self.morphism.num_statements() * repr_len  // total size of a commit
     }
 
-    pub fn append_equation(&mut self, lhs: G, rhs: &[(usize, usize)]) {
+    pub fn append_equation(&mut self, lhs: usize, rhs: &[(usize, usize)]) {
         let lc = LinearCombinaison {
             scalar_indices: rhs.iter().map(|&(s, _)| s).collect(),
             element_indices: rhs.iter().map(|&(_, e)| e).collect(),
@@ -112,8 +112,8 @@ where
 
     pub fn image(&self) -> Vec<G> {
         let mut result = Vec::new();
-        for g in &(self.image) {
-            result.push(g.clone());
+        for i in &self.image {
+            result.push(self.morphism.group_elements[*i].clone());
         }
         result
     }
diff --git a/src/toolbox/sigma/schnorr_proof.rs b/src/toolbox/sigma/schnorr_proof.rs
@@ -60,7 +60,7 @@ where
         let lhs = self.morphismp.morphism.evaluate(&response);
         let mut rhs = Vec::new();
         for i in 0..self.morphismp.morphism.num_scalars {
-            rhs.push(commitment[i] + self.morphismp.image[i] * *challenge);
+            rhs.push(commitment[i] + self.morphismp.morphism.group_elements[self.morphismp.image[i]] * *challenge);
         }
         lhs == rhs
     }
diff --git a/tests/non_interactive_protocol.rs b/tests/non_interactive_protocol.rs
@@ -25,15 +25,15 @@ fn fiat_shamir_schnorr_proof_ristretto() {
 
     // Scalars and Points bases settings
     morphismp.allocate_scalars(1);
-    morphismp.allocate_elements(1);
-    morphismp.set_elements(&[(0, G)]);
+    morphismp.allocate_elements(2);
+    morphismp.set_elements(&[(0, G), (1, H)]);
 
     // Set the witness Vec
     let mut witness = Vec::new();
     witness.push(w.clone());
 
     // The H = z * G equeation where z is the unique scalar variable
-    morphismp.append_equation(H, &[(0, 0)]);
+    morphismp.append_equation(1, &[(0, 0)]);
 
     // The SigmaProtocol induced by morphismp
     let protocol = SchnorrProof { morphismp };

Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ where`
`53`	`53`	`G: Group + GroupEncoding,`
`54`	`54`	`{`
`55`	`55`	`pub morphism: Morphism<G>,`
`56`		`- pub image: Vec<G>,`
	`56`	`+ pub image: Vec<usize>,`
`57`	`57`	`_marker: PhantomData<G>,`
`58`	`58`	`}`
`59`	`59`
`@@ -76,7 +76,7 @@ where`
`76`	`76`	`self.morphism.num_statements() * repr_len // total size of a commit`
`77`	`77`	`}`
`78`	`78`
`79`		`- pub fn append_equation(&mut self, lhs: G, rhs: &[(usize, usize)]) {`
	`79`	`+ pub fn append_equation(&mut self, lhs: usize, rhs: &[(usize, usize)]) {`
`80`	`80`	`let lc = LinearCombinaison {`
`81`	`81`	`scalar_indices: rhs.iter().map(\|&(s, _)\| s).collect(),`
`82`	`82`	`element_indices: rhs.iter().map(\|&(_, e)\| e).collect(),`
`@@ -112,8 +112,8 @@ where`
`112`	`112`
`113`	`113`	`pub fn image(&self) -> Vec<G> {`
`114`	`114`	`let mut result = Vec::new();`
`115`		`- for g in &(self.image) {`
`116`		`- result.push(g.clone());`
	`115`	`+ for i in &self.image {`
	`116`	`+ result.push(self.morphism.group_elements[*i].clone());`
`117`	`117`	`}`
`118`	`118`	`result`
`119`	`119`	`}`
Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,7 @@ where`
`60`	`60`	`let lhs = self.morphismp.morphism.evaluate(&response);`
`61`	`61`	`let mut rhs = Vec::new();`
`62`	`62`	`for i in 0..self.morphismp.morphism.num_scalars {`
`63`		`- rhs.push(commitment[i] + self.morphismp.image[i] * *challenge);`
	`63`	`+ rhs.push(commitment[i] + self.morphismp.morphism.group_elements[self.morphismp.image[i]] * *challenge);`
`64`	`64`	`}`
`65`	`65`	`lhs == rhs`
`66`	`66`	`}`