Use of PointVar and ScalarVar structures in the GroupMorphismPreimage API instead of indices for clarity and readability

Author: nougzarm

src/group_morphism.rs

@@ -10,13 +10,19 @@
 
 use group::{Group, GroupEncoding};
 
+#[derive(Copy, Clone)]
+pub struct ScalarVar(pub usize);
+
+#[derive(Copy, Clone)]
+pub struct PointVar(pub usize);
+
 /// A sparse linear combination of scalars and group elements.
 ///
 /// Stores indices into external lists of scalars and group elements.
 /// Used to define individual constraints inside a Morphism.
 pub struct LinearCombination {
-    pub scalar_indices: Vec<usize>,
-    pub element_indices: Vec<usize>,
+    pub scalar_indices: Vec<ScalarVar>,
+    pub element_indices: Vec<PointVar>,
 }
 
 /// A Morphism represents a list of linear combinations over group elements.
@@ -73,11 +79,11 @@ impl<G: Group> Morphism<G> {
         self.linear_combination
             .iter()
             .map(|lc| {
-                let coefficients: Vec<_> = lc.scalar_indices.iter().map(|&i| scalars[i]).collect();
+                let coefficients: Vec<_> = lc.scalar_indices.iter().map(|&i| scalars[i.0]).collect();
                 let elements: Vec<_> = lc
                     .element_indices
                     .iter()
-                    .map(|&i| self.group_elements[i])
+                    .map(|&i| self.group_elements[i.0])
                     .collect();
                 msm_pr(&coefficients, &elements)
             })
@@ -97,7 +103,7 @@ where
     /// The underlying morphism describing the structure of the statement.
     pub morphism: Morphism<G>,
     /// Indices pointing to elements representing the "target" images for each constraint.
-    pub image: Vec<usize>,
+    pub image: Vec<PointVar>,
 }
 
 impl<G> Default for GroupMorphismPreimage<G>
@@ -129,8 +135,8 @@ where
 
     /// Append a new equation relating scalars to group elements.
     ///
-    /// `lhs` is the index of the image, and `rhs` is a list of (scalar_idx, element_idx) pairs.
-    pub fn append_equation(&mut self, lhs: usize, rhs: &[(usize, usize)]) {
+    /// `lhs` is the image, and `rhs` is a list of (scalar, element) pairs.
+    pub fn append_equation(&mut self, lhs: PointVar, rhs: &[(ScalarVar, PointVar)]) {
         let lc = LinearCombination {
             scalar_indices: rhs.iter().map(|&(s, _)| s).collect(),
             element_indices: rhs.iter().map(|&(_, e)| e).collect(),
@@ -139,39 +145,47 @@ where
         self.image.push(lhs);
     }
 
-    /// Allocate space for `n` new scalars and return their indices.
-    pub fn allocate_scalars(&mut self, n: usize) -> Vec<usize> {
+    /// Allocate space for `n` new scalars and return their ScalarVar.
+    pub fn allocate_scalars(&mut self, n: usize) -> Vec<ScalarVar> {
         let start = self.morphism.num_scalars;
         let indices: Vec<usize> = (start..start + n).collect();
+        let mut scalars = Vec::new();
+        for i in indices.iter() {
+            scalars.push(ScalarVar(*i));
+        }
         self.morphism.num_scalars += n;
-        indices
+        scalars
     }
 
-    /// Allocate space for `n` new group elements and return their indices.
+    /// Allocate space for `n` new group elements and return their PointVar.
     ///
     /// The allocated elements are initially set to the identity.
-    pub fn allocate_elements(&mut self, n: usize) -> Vec<usize> {
+    pub fn allocate_elements(&mut self, n: usize) -> Vec<PointVar> {
         let start = self.morphism.num_elements;
         let indices: Vec<usize> = (start..start + n).collect();
         for _ in 0..n {
             self.morphism.group_elements.push(G::identity());
         }
+        let mut points = Vec::new();
+        for i in indices.iter() {
+            points.push(PointVar(*i));
+        }
         self.morphism.num_elements += n;
-        indices
+        points
     }
 
     /// Set the value of group elements at a given index, inside the list of allocated group elements.
-    pub fn set_elements(&mut self, elements: &[(usize, G)]) {
+    pub fn set_elements(&mut self, elements: &[(PointVar, G)]) {
         for &(i, ref elt) in elements {
-            self.morphism.group_elements[i] = *elt;
+            self.morphism.group_elements[i.0] = *elt;
         }
     }
 
     /// Return the group elements corresponding to the image indices.
     pub fn image(&self) -> Vec<G> {
         let mut result = Vec::new();
         for i in &self.image {
-            result.push(self.morphism.group_elements[*i]);
+            result.push(self.morphism.group_elements[i.0]);
         }
         result
     }

src/schnorr_proof.rs

@@ -5,7 +5,7 @@
 //! through a group morphism abstraction (see Maurer09).
 
 use crate::{
-    GroupMorphismPreimage, 
+    GroupMorphismPreimage,
     GroupSerialisation, 
     SigmaProtocol,
     ProofError,
@@ -79,7 +79,7 @@ where
             .take(self.0.morphism.num_statements())
         {
             rhs.push(
-                self.0.morphism.group_elements[self.0.image[i]] * challenge + g,
+                self.0.morphism.group_elements[self.0.image[i].0] * challenge + g,
             );
         }
 

tests/non_interactive_protocol.rs

@@ -5,6 +5,8 @@ use rand::rngs::OsRng;
 use sigma_rs::{
     NISigmaProtocol,
     GroupMorphismPreimage,
+    PointVar,
+    ScalarVar,
     SchnorrProof,
     codec::ShakeCodec
 };
@@ -28,14 +30,14 @@ fn fiat_shamir_schnorr_proof_ristretto() {
     // Scalars and Points bases settings
     morphismp.allocate_scalars(1);
     morphismp.allocate_elements(2);
-    morphismp.set_elements(&[(0, G), (1, H)]);
+    morphismp.set_elements(&[(PointVar(0), G), (PointVar(1), H)]);
 
     // Set the witness Vec
     let mut witness = Vec::new();
     witness.push(w);
 
     // The H = z * G equation where z is the unique scalar variable
-    morphismp.append_equation(1, &[(0, 0)]);
+    morphismp.append_equation(PointVar(1), &[(ScalarVar(0), PointVar(0))]);
 
     // The SigmaProtocol induced by morphismp
     let protocol = SchnorrProof(morphismp);

tests/spec/custom_schnorr_proof.rs

@@ -64,7 +64,7 @@ where
 
         let mut rhs = Vec::new();
         for (i, g) in commitment.iter().enumerate().take(self.morphismp.morphism.num_statements()) {
-            rhs.push(*g + self.morphismp.morphism.group_elements[self.morphismp.image[i]] * *challenge);
+            rhs.push(*g + self.morphismp.morphism.group_elements[self.morphismp.image[i].0] * *challenge);
         }
 
         match lhs == rhs {

tests/spec/sage_test_vectors.rs

@@ -6,6 +6,8 @@ use group::{Group, GroupEncoding};
 use sigma_rs::{
     codec::{ByteSchnorrCodec, KeccakDuplexSponge}, 
     GroupMorphismPreimage, 
+    ScalarVar,
+    PointVar,
     NISigmaProtocol
 };
 
@@ -38,8 +40,8 @@ fn discrete_logarithm<G: SRandom + Group + GroupEncoding>(
 ) -> (Preimage<G>, Vec<G::Scalar>) {
     let mut morphismp: Preimage<G> = Preimage::new();
 
-    let var_x: usize = 0;
-    let (var_G, var_X): (usize, usize) = (0, 1);
+    let var_x= ScalarVar(0);
+    let (var_G, var_X) = (PointVar(0), PointVar(1));
     morphismp.allocate_scalars(1);
     morphismp.allocate_elements(2);
     morphismp.append_equation(var_X, &[(var_x, var_G)]);
@@ -67,8 +69,8 @@ fn dleq<G: Group + GroupEncoding + SRandom>(
     let X = G * x;
     let Y = H * x;
 
-    let var_x: usize = 0;
-    let (var_G, var_H, var_X, var_Y) = (0, 1, 2, 3);
+    let var_x = ScalarVar(0);
+    let (var_G, var_H, var_X, var_Y) = (PointVar(0), PointVar(1), PointVar(2), PointVar(3));
     morphismp.allocate_scalars(1);
     morphismp.allocate_elements(4);
     morphismp.set_elements(&[(var_G, G), (var_H, H), (var_X, X), (var_Y, Y)]);
@@ -94,8 +96,8 @@ fn pedersen_commitment<G: Group + GroupEncoding + SRandom>(
 
     let C = G*x + H*r;
 
-    let (var_x, var_r) = (0, 1);
-    let (var_G, var_H, var_C) = (0, 1, 2);
+    let (var_x, var_r) = (ScalarVar(0), ScalarVar(1));
+    let (var_G, var_H, var_C) = (PointVar(0), PointVar(1), PointVar(2));
     morphismp.allocate_scalars(2);
     morphismp.allocate_elements(3);
     morphismp.set_elements(&[(var_H, H), (var_G, G), (var_C, C)]);
@@ -125,9 +127,9 @@ fn pedersen_commitment_dleq<G: Group + GroupEncoding + SRandom>(
     let X = msm_pr::<G>(&witness, &[generators[0], generators[1]]);
     let Y = msm_pr::<G>(&witness, &[generators[2], generators[3]]);
 
-    let (var_x, var_r) = (0, 1);
-    let var_Gs = (0, 1, 2, 3);
-    let (var_X, var_Y) = (4, 5);
+    let (var_x, var_r) = (ScalarVar(0), ScalarVar(1));
+    let var_Gs = (PointVar(0), PointVar(1), PointVar(2), PointVar(3));
+    let (var_X, var_Y) = (PointVar(4), PointVar(5));
     morphismp.allocate_scalars(2);
     morphismp.allocate_elements(4);
     morphismp.allocate_elements(2);
@@ -161,9 +163,9 @@ fn bbs_blind_commitment_computation<G: Group + GroupEncoding + SRandom>(
     let C = Q_2*secret_prover_blind + J_1*msg_1 + J_2*msg_2 + J_3*msg_3;
 
     // This is the part that needs to be changed in the specification of blind bbs.
-    let (var_secret_prover_blind, var_msg_1, var_msg_2, var_msg_3) = (0, 1, 2, 3);
-    let (var_Q_2, var_J_1, var_J_2, var_J_3) = (0, 1, 2, 3);
-    let var_C = M+1;
+    let (var_secret_prover_blind, var_msg_1, var_msg_2, var_msg_3) = (ScalarVar(0), ScalarVar(1), ScalarVar(2), ScalarVar(3));
+    let (var_Q_2, var_J_1, var_J_2, var_J_3) = (PointVar(0), PointVar(1), PointVar(2), PointVar(3));
+    let var_C = PointVar(M + 1);
 
     morphismp.allocate_scalars(M+1);
     morphismp.allocate_elements(M+1);

tests/various_tests.rs

@@ -7,7 +7,9 @@ use rand::{
 
 use sigma_rs::{
     codec::ShakeCodec, 
-    GroupMorphismPreimage, 
+    GroupMorphismPreimage,
+    PointVar,
+    ScalarVar,
     NISigmaProtocol, 
     SchnorrProof,
 };
@@ -28,8 +30,8 @@ fn discrete_logarithm<G: Group + GroupEncoding>(
 ) -> (GroupMorphismPreimage<G>, Vec<G::Scalar>) {
     let mut morphismp: GroupMorphismPreimage<G> = GroupMorphismPreimage::new();
 
-    let var_x: usize = 0;
-    let (var_G, var_X): (usize, usize) = (0, 1);
+    let var_x= ScalarVar(0);
+    let (var_G, var_X) = (PointVar(0), PointVar(1));
     morphismp.allocate_scalars(1);
     morphismp.allocate_elements(2);
     morphismp.append_equation(var_X, &[(var_x, var_G)]);
@@ -57,8 +59,8 @@ fn dleq<G: Group + GroupEncoding>(
     let X = G * x;
     let Y = H * x;
 
-    let var_x: usize = 0;
-    let (var_G, var_H, var_X, var_Y) = (0, 1, 2, 3);
+    let var_x = ScalarVar(0);
+    let (var_G, var_H, var_X, var_Y) = (PointVar(0), PointVar(1), PointVar(2), PointVar(3));
     morphismp.allocate_scalars(1);
     morphismp.allocate_elements(4);
     morphismp.set_elements(&[(var_G, G), (var_H, H), (var_X, X), (var_Y, Y)]);
@@ -83,8 +85,8 @@ fn pedersen_commitment<G: Group + GroupEncoding>(
 
     let C = G * x + H * r;
 
-    let (var_x, var_r) = (0, 1);
-    let (var_G, var_H, var_C) = (0, 1, 2);
+    let (var_x, var_r) = (ScalarVar(0), ScalarVar(1));
+    let (var_G, var_H, var_C) = (PointVar(0), PointVar(1), PointVar(2));
     morphismp.allocate_scalars(2);
     morphismp.allocate_elements(3);
     morphismp.set_elements(&[(var_H, H), (var_G, G), (var_C, C)]);
@@ -113,9 +115,9 @@ fn pedersen_commitment_dleq<G: Group + GroupEncoding>(
     let X = msm_pr::<G>(&witness, &[generators[0], generators[1]]);
     let Y = msm_pr::<G>(&witness, &[generators[2], generators[3]]);
 
-    let (var_x, var_r) = (0, 1);
-    let var_Gs = (0, 1, 2, 3);
-    let (var_X, var_Y) = (4, 5);
+    let (var_x, var_r) = (ScalarVar(0), ScalarVar(1));
+    let var_Gs = (PointVar(0), PointVar(1), PointVar(2), PointVar(3));
+    let (var_X, var_Y) = (PointVar(4), PointVar(5));
     morphismp.allocate_scalars(2);
     morphismp.allocate_elements(4);
     morphismp.allocate_elements(2);
@@ -162,9 +164,9 @@ fn bbs_blind_commitment_computation<G: Group + GroupEncoding>(
     let C = Q_2 * secret_prover_blind + J_1 * msg_1 + J_2 * msg_2 + J_3 * msg_3;
 
     // This is the part that needs to be changed in the specification of blind bbs.
-    let (var_secret_prover_blind, var_msg_1, var_msg_2, var_msg_3) = (0, 1, 2, 3);
-    let (var_Q_2, var_J_1, var_J_2, var_J_3) = (0, 1, 2, 3);
-    let var_C = M + 1;
+    let (var_secret_prover_blind, var_msg_1, var_msg_2, var_msg_3) = (ScalarVar(0), ScalarVar(1), ScalarVar(2), ScalarVar(3));
+    let (var_Q_2, var_J_1, var_J_2, var_J_3) = (PointVar(0), PointVar(1), PointVar(2), PointVar(3));
+    let var_C = PointVar(M + 1);
 
     morphismp.allocate_scalars(M + 1);
     morphismp.allocate_elements(M + 1);