refactor: naming consistent with specification. (#29)

Co-authored-by: GOURIOU Lénaïck <[email protected]>

Author: Chausseaumoine

examples/schnorr.rs

@@ -39,7 +39,7 @@ use rand::rngs::OsRng;
 use sigma_rs::codec::ShakeCodec;
 use sigma_rs::fiat_shamir::NISigmaProtocol;
 use sigma_rs::linear_relation::LinearRelation;
-use sigma_rs::schnorr_protocol::SchnorrProtocol;
+use sigma_rs::schnorr_protocol::SchnorrProof;
 
 /// Construct the relation `P = x·G` and return it along with the witness `x`:
 /// - `x` is an element from a group of prime order $p$, typically $\mathbb{Z}_p$,
@@ -69,7 +69,7 @@ pub fn discrete_logarithm<G: Group + GroupEncoding>(
     // Since the witness is provided to the function, we only need to assign the group points.
 
     // Assign the group generator to the corresponding variable `G`
-    morphism.assign_element(var_G, G::generator());
+    morphism.set_element(var_G, G::generator());
 
     // Assign the value of the image to the variable `P` (i.e., evaluate the group equation for `x`)
     morphism.compute_image(&[x]).unwrap();
@@ -94,7 +94,7 @@ fn main() {
     let (relation, witness) = discrete_logarithm(x);
 
     // Build the Sigma protocol instance from the relation.
-    let schnorr = SchnorrProtocol::<RistrettoPoint>::from(relation);
+    let schnorr = SchnorrProof::<RistrettoPoint>::from(relation);
 
     // Convert the Sigma protocol instance to a non-interactive protocol via Fiat-Shamir.
     // A domain separator is given as a byte-sequence to identify the current instance being proven.

examples/simple_composition.rs

@@ -75,7 +75,7 @@ pub fn discrete_logarithm<G: Group + GroupEncoding>(
     let var_X = morphism.allocate_eq(var_x * var_G);
 
     // Assign concrete values
-    morphism.assign_element(var_G, G::generator());
+    morphism.set_element(var_G, G::generator());
     morphism.compute_image(&[x]).unwrap();
 
     // Verify: X = x * G
@@ -102,7 +102,7 @@ pub fn dleq<G: Group + GroupEncoding>(x: G::Scalar, H: G) -> (LinearRelation<G>,
     let _var_Y = morphism.allocate_eq(var_x * var_H);
 
     // Assign concrete values
-    morphism.assign_elements([(var_G, G::generator()), (var_H, H)]);
+    morphism.set_elements([(var_G, G::generator()), (var_H, H)]);
     morphism.compute_image(&[x]).unwrap();
 
     // Verify: X = x * G and Y = x * H

src/composition.rs

@@ -1,4 +1,5 @@
-//! Implementation of a structure [`Protocol`] aimed at generalizing the [`SchnorrProtocol`] using the compositions of the latter via AND and OR links.
+//! Implementation of a structure [`Protocol`] aimed at generalizing the [`SchnorrProof`]
+//! using the compositions of the latter via AND and OR links
 //!
 //! This structure allows, for example, the construction of protocols of the form:
 //! And(
@@ -17,28 +18,28 @@ use crate::{
     fiat_shamir::FiatShamir,
     group_serialization::{deserialize_scalar, serialize_scalar},
     linear_relation::LinearRelation,
-    schnorr_protocol::SchnorrProtocol,
+    schnorr_protocol::SchnorrProof,
     traits::{SigmaProtocol, SigmaProtocolSimulator},
 };
 
-/// A protocol proving knowledge of a witness for a composition of SchnorrProtocol's.
+/// A protocol proving knowledge of a witness for a composition of SchnorrProof's.
 ///
-/// This implementation generalizes [`SchnorrProtocol`] by using AND/OR links.
+/// This implementation generalizes [`SchnorrProof`] by using AND/OR links.
 ///
 /// # Type Parameters
 /// - `G`: A cryptographic group implementing [`Group`] and [`GroupEncoding`].
 #[derive(Clone)]
 pub enum Protocol<G: Group + GroupEncoding> {
-    Simple(SchnorrProtocol<G>),
+    Simple(SchnorrProof<G>),
     And(Vec<Protocol<G>>),
     Or(Vec<Protocol<G>>),
 }
 
-impl<G> From<SchnorrProtocol<G>> for Protocol<G>
+impl<G> From<SchnorrProof<G>> for Protocol<G>
 where
     G: Group + GroupEncoding,
 {
-    fn from(value: SchnorrProtocol<G>) -> Self {
+    fn from(value: SchnorrProof<G>) -> Self {
         Protocol::Simple(value)
     }
 }
@@ -48,22 +49,22 @@ where
     G: Group + GroupEncoding,
 {
     fn from(value: LinearRelation<G>) -> Self {
-        Self::from(SchnorrProtocol::from(value))
+        Self::from(SchnorrProof::from(value))
     }
 }
 
 // Structure representing the Commitment type of Protocol as SigmaProtocol
 #[derive(Clone)]
 pub enum ProtocolCommitment<G: Group + GroupEncoding> {
-    Simple(<SchnorrProtocol<G> as SigmaProtocol>::Commitment),
+    Simple(<SchnorrProof<G> as SigmaProtocol>::Commitment),
     And(Vec<ProtocolCommitment<G>>),
     Or(Vec<ProtocolCommitment<G>>),
 }
 
 // Structure representing the ProverState type of Protocol as SigmaProtocol
 #[derive(Clone)]
 pub enum ProtocolProverState<G: Group + GroupEncoding> {
-    Simple(<SchnorrProtocol<G> as SigmaProtocol>::ProverState),
+    Simple(<SchnorrProof<G> as SigmaProtocol>::ProverState),
     And(Vec<ProtocolProverState<G>>),
     Or(
         usize,                                                 // real index
@@ -75,20 +76,20 @@ pub enum ProtocolProverState<G: Group + GroupEncoding> {
 // Structure representing the Response type of Protocol as SigmaProtocol
 #[derive(Clone)]
 pub enum ProtocolResponse<G: Group + GroupEncoding> {
-    Simple(<SchnorrProtocol<G> as SigmaProtocol>::Response),
+    Simple(<SchnorrProof<G> as SigmaProtocol>::Response),
     And(Vec<ProtocolResponse<G>>),
     Or(Vec<ProtocolChallenge<G>>, Vec<ProtocolResponse<G>>),
 }
 
 // Structure representing the Witness type of Protocol as SigmaProtocol
 pub enum ProtocolWitness<G: Group + GroupEncoding> {
-    Simple(<SchnorrProtocol<G> as SigmaProtocol>::Witness),
+    Simple(<SchnorrProof<G> as SigmaProtocol>::Witness),
     And(Vec<ProtocolWitness<G>>),
     Or(usize, Vec<ProtocolWitness<G>>),
 }
 
 // Structure representing the Challenge type of Protocol as SigmaProtocol
-type ProtocolChallenge<G> = <SchnorrProtocol<G> as SigmaProtocol>::Challenge;
+type ProtocolChallenge<G> = <SchnorrProof<G> as SigmaProtocol>::Challenge;
 
 impl<G: Group + GroupEncoding> SigmaProtocol for Protocol<G> {
     type Commitment = ProtocolCommitment<G>;

src/linear_relation.rs

@@ -316,7 +316,7 @@ where
     /// # Parameters
     /// - `lhs`: The image group element variable (left-hand side of the equation).
     /// - `rhs`: A slice of `(ScalarVar, GroupVar)` pairs representing the linear combination on the right-hand side.
-    pub fn constrain(&mut self, lhs: GroupVar, rhs: impl Into<LinearCombination>) {
+    pub fn append_equation(&mut self, lhs: GroupVar, rhs: impl Into<LinearCombination>) {
         self.morphism.append(rhs.into());
         self.image.push(lhs);
     }
@@ -329,7 +329,7 @@ where
     /// - `rhs`: A slice of `(ScalarVar, GroupVar)` pairs representing the linear combination on the right-hand side.
     pub fn allocate_eq(&mut self, rhs: impl Into<LinearCombination>) -> GroupVar {
         let var = self.allocate_element();
-        self.constrain(var, rhs);
+        self.append_equation(var, rhs);
         var
     }
 
@@ -399,7 +399,7 @@ where
     /// # Panics
     ///
     /// Panics if the given assignment conflicts with the existing assignment.
-    pub fn assign_element(&mut self, var: GroupVar, element: G) {
+    pub fn set_element(&mut self, var: GroupVar, element: G) {
         self.morphism.group_elements.assign_element(var, element)
     }
 
@@ -412,7 +412,7 @@ where
     /// # Panics
     ///
     /// Panics if the collection contains two conflicting assignments for the same variable.
-    pub fn assign_elements(&mut self, assignments: impl IntoIterator<Item = (GroupVar, G)>) {
+    pub fn set_elements(&mut self, assignments: impl IntoIterator<Item = (GroupVar, G)>) {
         self.morphism.group_elements.assign_elements(assignments)
     }
 

src/schnorr_protocol.rs

@@ -1,6 +1,6 @@
 //! Implementation of the generic Schnorr Sigma Protocol over a group `G`.
 //!
-//! This module defines the [`SchnorrProtocol`] structure, which implements
+//! This module defines the [`SchnorrProof`] structure, which implements
 //! a Sigma protocol proving different types of discrete logarithm relations (eg. Schnorr, Pedersen's commitments)
 //! through a group morphism abstraction (see Maurer09).
 
@@ -25,9 +25,9 @@ use rand::{CryptoRng, RngCore};
 /// # Type Parameters
 /// - `G`: A cryptographic group implementing [`Group`] and [`GroupEncoding`].
 #[derive(Clone, Default, Debug)]
-pub struct SchnorrProtocol<G: Group + GroupEncoding>(pub LinearRelation<G>);
+pub struct SchnorrProof<G: Group + GroupEncoding>(pub LinearRelation<G>);
 
-impl<G: Group + GroupEncoding> SchnorrProtocol<G> {
+impl<G: Group + GroupEncoding> SchnorrProof<G> {
     pub fn scalars_nb(&self) -> usize {
         self.0.morphism.num_scalars
     }
@@ -37,7 +37,7 @@ impl<G: Group + GroupEncoding> SchnorrProtocol<G> {
     }
 }
 
-impl<G> From<LinearRelation<G>> for SchnorrProtocol<G>
+impl<G> From<LinearRelation<G>> for SchnorrProof<G>
 where
     G: Group + GroupEncoding,
 {
@@ -46,7 +46,7 @@ where
     }
 }
 
-impl<G> SigmaProtocol for SchnorrProtocol<G>
+impl<G> SigmaProtocol for SchnorrProof<G>
 where
     G: Group + GroupEncoding,
 {
@@ -246,7 +246,7 @@ where
     }
 }
 
-impl<G> CompactProtocol for SchnorrProtocol<G>
+impl<G> CompactProtocol for SchnorrProof<G>
 where
     G: Group + GroupEncoding,
 {
@@ -389,7 +389,7 @@ where
     }
 }
 
-impl<G> SigmaProtocolSimulator for SchnorrProtocol<G>
+impl<G> SigmaProtocolSimulator for SchnorrProof<G>
 where
     G: Group + GroupEncoding,
 {
@@ -430,7 +430,7 @@ where
     }
 }
 
-impl<G, C> FiatShamir<C> for SchnorrProtocol<G>
+impl<G, C> FiatShamir<C> for SchnorrProof<G>
 where
     C: Codec<Challenge = <G as Group>::Scalar>,
     G: Group + GroupEncoding,
@@ -439,9 +439,9 @@ where
     ///
     /// # Parameters
     /// - `codec`: the Codec that absorbs commitments
-    /// - `commitment`: a commitment of SchnorrProtocol
+    /// - `commitment`: a commitment of [`SchnorrProof`].
     fn absorb_commitment(&self, codec: &mut C, commitment: &Self::Commitment) {
-        let mut data = Vec::new();
+        let mut data = self.0.label();
         for commit in commitment {
             data.extend_from_slice(commit.to_bytes().as_ref());
         }

src/tests/composition.rs

@@ -9,7 +9,7 @@ use super::test_utils::{
 use crate::codec::ShakeCodec;
 use crate::composition::{Protocol, ProtocolWitness};
 use crate::fiat_shamir::NISigmaProtocol;
-use crate::schnorr_protocol::SchnorrProtocol;
+use crate::schnorr_protocol::SchnorrProof;
 
 type G = RistrettoPoint;
 
@@ -62,17 +62,17 @@ fn composition_proof_correct() {
 
     // second layer protocol definitions
     let or_protocol1 = Protocol::Or(vec![
-        Protocol::Simple(SchnorrProtocol::from(morph1)),
-        Protocol::Simple(SchnorrProtocol::from(morph2)),
+        Protocol::Simple(SchnorrProof::from(morph1)),
+        Protocol::Simple(SchnorrProof::from(morph2)),
     ]);
     let or_witness1 = ProtocolWitness::Or(0, vec![ProtocolWitness::Simple(witness1)]);
 
     let simple_protocol1 = Protocol::from(morph3);
     let simple_witness1 = ProtocolWitness::Simple(witness3);
 
     let and_protocol1 = Protocol::And(vec![
-        Protocol::Simple(SchnorrProtocol::from(morph4)),
-        Protocol::Simple(SchnorrProtocol::from(morph5)),
+        Protocol::Simple(SchnorrProof::from(morph4)),
+        Protocol::Simple(SchnorrProof::from(morph5)),
     ]);
     let and_witness1 = ProtocolWitness::And(vec![
         ProtocolWitness::Simple(witness4),

src/tests/relations.rs

@@ -7,7 +7,7 @@ use crate::tests::test_utils::{
     bbs_blind_commitment_computation, discrete_logarithm, dleq, pedersen_commitment,
     pedersen_commitment_dleq,
 };
-use crate::{codec::ShakeCodec, schnorr_protocol::SchnorrProtocol};
+use crate::{codec::ShakeCodec, schnorr_protocol::SchnorrProof};
 
 /// This part tests the functioning of morphisms
 /// as well as the implementation of LinearRelation
@@ -69,17 +69,17 @@ fn test_bbs_blind_commitment_computation() {
 }
 
 /// This part tests the implementation of the SigmaProtocol trait for the
-/// SchnorrProtocol structure as well as the Fiat-Shamir NISigmaProtocol transform
+/// SchnorrProof structure as well as the Fiat-Shamir NISigmaProtocol transform
 #[test]
 fn noninteractive_discrete_logarithm() {
     let mut rng = OsRng;
     let (morphismp, witness) = discrete_logarithm(Scalar::random(&mut rng));
 
     // The SigmaProtocol induced by morphismp
-    let protocol = SchnorrProtocol::from(morphismp);
+    let protocol = SchnorrProof::from(morphismp);
     // Fiat-Shamir wrapper
     let domain_sep = b"test-fiat-shamir-schnorr";
-    let nizk = NISigmaProtocol::<SchnorrProtocol<G>, ShakeCodec<G>>::new(domain_sep, protocol);
+    let nizk = NISigmaProtocol::<SchnorrProof<G>, ShakeCodec<G>>::new(domain_sep, protocol);
 
     // Batchable and compact proofs
     let proof_batchable_bytes = nizk.prove_batchable(&witness, &mut rng).unwrap();
@@ -103,10 +103,10 @@ fn noninteractive_dleq() {
     let (morphismp, witness) = dleq(Scalar::random(&mut rng), G::random(&mut rng));
 
     // The SigmaProtocol induced by morphismp
-    let protocol = SchnorrProtocol::from(morphismp);
+    let protocol = SchnorrProof::from(morphismp);
     // Fiat-Shamir wrapper
     let domain_sep = b"test-fiat-shamir-DLEQ";
-    let nizk = NISigmaProtocol::<SchnorrProtocol<G>, ShakeCodec<G>>::new(domain_sep, protocol);
+    let nizk = NISigmaProtocol::<SchnorrProof<G>, ShakeCodec<G>>::new(domain_sep, protocol);
 
     // Batchable and compact proofs
     let proof_batchable_bytes = nizk.prove_batchable(&witness, &mut rng).unwrap();
@@ -134,10 +134,10 @@ fn noninteractive_pedersen_commitment() {
     );
 
     // The SigmaProtocol induced by morphismp
-    let protocol = SchnorrProtocol::from(morphismp);
+    let protocol = SchnorrProof::from(morphismp);
     // Fiat-Shamir wrapper
     let domain_sep = b"test-fiat-shamir-pedersen-commitment";
-    let nizk = NISigmaProtocol::<SchnorrProtocol<G>, ShakeCodec<G>>::new(domain_sep, protocol);
+    let nizk = NISigmaProtocol::<SchnorrProof<G>, ShakeCodec<G>>::new(domain_sep, protocol);
 
     // Batchable and compact proofs
     let proof_batchable_bytes = nizk.prove_batchable(&witness, &mut rng).unwrap();
@@ -172,10 +172,10 @@ fn noninteractive_pedersen_commitment_dleq() {
     );
 
     // The SigmaProtocol induced by morphismp
-    let protocol = SchnorrProtocol::from(morphismp);
+    let protocol = SchnorrProof::from(morphismp);
     // Fiat-Shamir wrapper
     let domain_sep = b"test-fiat-shamir-pedersen-commitment-DLEQ";
-    let nizk = NISigmaProtocol::<SchnorrProtocol<G>, ShakeCodec<G>>::new(domain_sep, protocol);
+    let nizk = NISigmaProtocol::<SchnorrProof<G>, ShakeCodec<G>>::new(domain_sep, protocol);
 
     // Batchable and compact proofs
     let proof_batchable_bytes = nizk.prove_batchable(&witness, &mut rng).unwrap();
@@ -211,10 +211,10 @@ fn noninteractive_bbs_blind_commitment_computation() {
     );
 
     // The SigmaProtocol induced by morphismp
-    let protocol = SchnorrProtocol::from(morphismp);
+    let protocol = SchnorrProof::from(morphismp);
     // Fiat-Shamir wrapper
     let domain_sep = b"test-fiat-shamir-bbs-blind-commitment-computation";
-    let nizk = NISigmaProtocol::<SchnorrProtocol<G>, ShakeCodec<G>>::new(domain_sep, protocol);
+    let nizk = NISigmaProtocol::<SchnorrProof<G>, ShakeCodec<G>>::new(domain_sep, protocol);
 
     // Batchable and compact proofs
     let proof_batchable_bytes = nizk.prove_batchable(&witness, &mut rng).unwrap();