chore: wrap ProverState and make it non-clonable.

Author: mmaker

src/composition.rs

@@ -76,7 +76,6 @@ pub enum ComposedCommitment<G: PrimeGroup> {
 }
 
 // Structure representing the ProverState type of Protocol as SigmaProtocol
-#[derive(Clone)]
 pub enum ComposedProverState<G: PrimeGroup> {
     Simple(<SchnorrProof<G> as SigmaProtocol>::ProverState),
     And(Vec<ComposedProverState<G>>),
@@ -175,7 +174,7 @@ impl<G: PrimeGroup> SigmaProtocol for ComposedRelation<G> {
     fn prover_response(
         &self,
         state: Self::ProverState,
-        challenge: &Self::Challenge,
+        mut challenge: &Self::Challenge,
     ) -> Result<Self::Response, Error> {
         match (self, state) {
             (ComposedRelation::Simple(p), ComposedProverState::Simple(state)) => p
@@ -201,17 +200,12 @@ impl<G: PrimeGroup> SigmaProtocol for ComposedRelation<G> {
                     (simulated_challenges, simulated_responses),
                 ),
             ) => {
-                let mut challenges = Vec::with_capacity(ps.len());
-                let mut responses = Vec::with_capacity(ps.len());
-
-                let mut real_challenge = *challenge;
-                for ch in &simulated_challenges {
-                    real_challenge -= ch;
-                }
-                let real_response =
-                    ps[w_index].prover_response(real_state[0].clone(), &real_challenge)?;
+                let n = ps.len();
+                let mut challenges = Vec::with_capacity(n);
+                let mut responses = Vec::with_capacity(n);
 
                 for (i, _) in ps.iter().enumerate() {
+                    ps
                     if i == w_index {
                         challenges.push(real_challenge);
                         responses.push(real_response.clone());

src/linear_relation/canonical.rs

@@ -1,14 +1,12 @@
-
 use std::collections::HashMap;
 use std::iter;
 use std::marker::PhantomData;
 
 use ff::Field;
 use group::prime::PrimeGroup;
 
+use super::{GroupMap, GroupVar, LinearCombination, LinearRelation, ScalarTerm, ScalarVar};
 use crate::errors::{Error, InvalidInstance};
-use super::{ScalarVar, GroupVar, GroupMap, LinearRelation, LinearCombination, ScalarTerm};
-
 
 /// A normalized form of the [`LinearRelation`], which is used for serialization into the transcript.
 ///
@@ -28,6 +26,10 @@ pub struct CanonicalLinearRelation<G: PrimeGroup> {
     pub num_scalars: usize,
 }
 
+
+type GroupExpr<G> =  Vec<(<G as group::Group>::Scalar, GroupVar<G>)>;
+
+
 impl<G: PrimeGroup> CanonicalLinearRelation<G> {
     /// Create a new empty canonical linear relation
     pub fn new() -> Self {
@@ -45,7 +47,7 @@ impl<G: PrimeGroup> CanonicalLinearRelation<G> {
         group_var: GroupVar<G>,
         weight: &G::Scalar,
         original_group_elements: &GroupMap<G>,
-        weighted_group_cache: &mut HashMap<GroupVar<G>, Vec<(G::Scalar, GroupVar<G>)>>,
+        weighted_group_cache: &mut HashMap<GroupVar<G>, GroupExpr<G>>,
     ) -> Result<GroupVar<G>, InvalidInstance> {
         // Check if we already have this (weight, group_var) combination
         let entry = weighted_group_cache.entry(group_var).or_default();
@@ -74,7 +76,7 @@ impl<G: PrimeGroup> CanonicalLinearRelation<G> {
         &image_var: &GroupVar<G>,
         equation: &LinearCombination<G>,
         original_relation: &LinearRelation<G>,
-        weighted_group_cache: &mut HashMap<GroupVar<G>, Vec<(G::Scalar, GroupVar<G>)>>,
+        weighted_group_cache: &mut HashMap<GroupVar<G>, GroupExpr<G>>,
     ) -> Result<(), InvalidInstance> {
         let mut rhs_terms = Vec::new();
 
@@ -302,10 +304,7 @@ impl<G: PrimeGroup> CanonicalLinearRelation<G> {
             repr.as_mut().copy_from_slice(elem_bytes);
 
             let elem = Option::<G>::from(G::from_bytes(&repr)).ok_or_else(|| {
-                Error::from(InvalidInstance::new(format!(
-                    "Invalid group element at index {}",
-                    i
-                )))
+                Error::from(InvalidInstance::new(format!("Invalid group element at index {i}")))
             })?;
 
             group_elements_ordered.push(elem);
@@ -367,11 +366,13 @@ impl<G: PrimeGroup> TryFrom<&LinearRelation<G>> for CanonicalLinearRelation<G> {
         let mut weighted_group_cache = HashMap::new();
 
         // Process each constraint using the modular helper method
-        for (lhs, rhs) in
-            iter::zip(&relation.image, &relation.linear_map.linear_combinations)
-        {
+        for (lhs, rhs) in iter::zip(&relation.image, &relation.linear_map.linear_combinations) {
             // If the linear combination is trivial, check it directly and skip processing.
-            if rhs.0.iter().all(|weighted| matches!(weighted.term.scalar, ScalarTerm::Unit)) {
+            if rhs
+                .0
+                .iter()
+                .all(|weighted| matches!(weighted.term.scalar, ScalarTerm::Unit))
+            {
                 let lhs_value = relation
                     .linear_map
                     .group_elements
@@ -383,22 +384,21 @@ impl<G: PrimeGroup> TryFrom<&LinearRelation<G>> for CanonicalLinearRelation<G> {
                         .linear_map
                         .group_elements
                         .get(weighted.term.elem)
-                        .unwrap_or_else(|_| panic!("Unassigned group variable in linear combination"))
+                        .unwrap_or_else(|_| {
+                            panic!("Unassigned group variable in linear combination")
+                        })
                         * weighted.weight
                 });
                 if lhs_value != rhs_value {
-                    return Err(InvalidInstance::new("Trivial linear combination does not match image"));
+                    return Err(InvalidInstance::new(
+                        "Trivial linear combination does not match image",
+                    ));
                 } else {
                     continue; // Skip processing trivial constraints
                 }
             }
 
-            canonical.process_constraint(
-                lhs,
-                rhs,
-                relation,
-                &mut weighted_group_cache,
-            )?;
+            canonical.process_constraint(lhs, rhs, relation, &mut weighted_group_cache)?;
         }
 
         Ok(canonical)

src/linear_relation/mod.rs

@@ -8,8 +8,8 @@
 //! - [`LinearMap`]: a collection of linear combinations acting on group elements.
 //! - [`LinearRelation`]: a higher-level structure managing linear maps and their associated images.
 
-use std::marker::PhantomData;
 use std::iter;
+use std::marker::PhantomData;
 
 use ff::Field;
 use group::prime::PrimeGroup;
@@ -24,7 +24,6 @@ mod convert;
 /// Implementations of core ops for the linear combination types.
 mod ops;
 
-
 /// Implementation of canonical linear relation.
 mod canonical;
 pub use canonical::CanonicalLinearRelation;

src/schnorr_protocol.rs

@@ -27,6 +27,8 @@ use rand::{CryptoRng, Rng, RngCore};
 #[derive(Clone, Default, Debug)]
 pub struct SchnorrProof<G: PrimeGroup>(pub CanonicalLinearRelation<G>);
 
+struct ProverState<G: PrimeGroup>(Vec<G::Scalar>, Vec<G::Scalar>);
+
 impl<G: PrimeGroup> SchnorrProof<G> {
     pub fn witness_length(&self) -> usize {
         self.0.num_scalars
@@ -58,7 +60,7 @@ impl<G: PrimeGroup> SchnorrProof<G> {
         &self,
         witness: &[G::Scalar],
         nonces: &[G::Scalar],
-    ) -> Result<(Vec<G>, (Vec<G::Scalar>, Vec<G::Scalar>)), Error> {
+    ) -> Result<(Vec<G>, ProverState<G>), Error> {
         if witness.len() != self.witness_length() {
             return Err(Error::InvalidInstanceWitnessPair);
         }
@@ -79,7 +81,7 @@ impl<G: PrimeGroup> SchnorrProof<G> {
         }
 
         let commitment = self.evaluate(nonces)?;
-        let prover_state = (nonces.to_vec(), witness.to_vec());
+        let prover_state = ProverState(nonces.to_vec(), witness.to_vec());
         Ok((commitment, prover_state))
     }
 }
@@ -98,7 +100,7 @@ where
     G: PrimeGroup,
 {
     type Commitment = Vec<G>;
-    type ProverState = (Vec<G::Scalar>, Vec<G::Scalar>);
+    type ProverState = ProverState<G>;
     type Response = Vec<G::Scalar>;
     type Witness = Vec<G::Scalar>;
     type Challenge = G::Scalar;
@@ -159,7 +161,7 @@ where
         prover_state: Self::ProverState,
         challenge: &Self::Challenge,
     ) -> Result<Self::Response, Error> {
-        let (nonces, witness) = prover_state;
+        let ProverState(nonces, witness) = prover_state;
 
         if nonces.len() != self.witness_length() || witness.len() != self.witness_length() {
             return Err(Error::InvalidInstanceWitnessPair);

src/tests/spec/custom_schnorr_protocol.rs

@@ -24,14 +24,12 @@ impl<G: PrimeGroup> From<CanonicalLinearRelation<G>> for DeterministicSchnorrPro
     }
 }
 
-impl<G: PrimeGroup> DeterministicSchnorrProof<G> {}
-
 impl<G: SRandom + PrimeGroup> SigmaProtocol for DeterministicSchnorrProof<G> {
-    type Commitment = Vec<G>;
-    type ProverState = (Vec<G::Scalar>, Vec<G::Scalar>);
-    type Response = Vec<G::Scalar>;
-    type Witness = Vec<G::Scalar>;
-    type Challenge = G::Scalar;
+    type Commitment = <SchnorrProof<G> as SigmaProtocol>::Commitment;
+    type ProverState = <SchnorrProof<G> as SigmaProtocol>::ProverState;
+    type Response = <SchnorrProof<G> as SigmaProtocol>::Response;
+    type Witness = <SchnorrProof<G> as SigmaProtocol>::Witness;
+    type Challenge = <SchnorrProof<G> as SigmaProtocol>::Challenge;
 
     fn prover_commit(
         &self,

src/tests/test_relations.rs

@@ -1,4 +1,4 @@
-use ff::{Field, PrimeField};
+use ff::Field;
 use group::prime::PrimeGroup;
 use rand::rngs::OsRng;
 use rand::RngCore;
@@ -290,12 +290,12 @@ fn simple_subtractions<G: PrimeGroup, R: RngCore>(
 ) -> (CanonicalLinearRelation<G>, Vec<G::Scalar>) {
     let x = G::Scalar::random(&mut rng);
     let B = G::random(&mut rng);
-    let X = B * (x - G::Scalar::from_u128(1u128));
+    let X = B * (x - G::Scalar::from(1));
 
     let mut linear_relation = LinearRelation::<G>::new();
     let var_x = linear_relation.allocate_scalar();
     let var_B = linear_relation.allocate_element();
-    let var_X = linear_relation.allocate_eq((var_x + (-G::Scalar::from_u128(1u128))) * var_B);
+    let var_X = linear_relation.allocate_eq((var_x + (-G::Scalar::from(1))) * var_B);
     linear_relation.set_element(var_B, B);
     linear_relation.set_element(var_X, X);
 
@@ -314,8 +314,7 @@ fn subtractions_with_shift<G: PrimeGroup, R: RngCore>(
     let mut linear_relation = LinearRelation::<G>::new();
     let var_x = linear_relation.allocate_scalar();
     let var_B = linear_relation.allocate_element();
-    let var_X =
-        linear_relation.allocate_eq((var_x + (-G::Scalar::from_u128(1u128))) * var_B + (-var_B));
+    let var_X = linear_relation.allocate_eq((var_x + (-G::Scalar::from(1))) * var_B + (-var_B));
 
     linear_relation.set_element(var_B, B);
     linear_relation.set_element(var_X, X);
@@ -370,7 +369,6 @@ fn cmz_wallet_spend_relation<G: PrimeGroup, R: RngCore>(
     (instance, witness)
 }
 
-
 fn nested_affine_relation<G: PrimeGroup, R: RngCore>(
     mut rng: &mut R,
 ) -> (CanonicalLinearRelation<G>, Vec<G::Scalar>) {
@@ -395,7 +393,6 @@ fn nested_affine_relation<G: PrimeGroup, R: RngCore>(
     (instance, witness)
 }
 
-
 #[test]
 fn test_cmz_wallet_with_fee() {
     use group::Group;