refactor: sigma_rs::group_morphism -> sigma_rs::linear_relation.

mmaker · mmaker · commit 9e348fb3f5b6 · 2025-06-06T16:35:39.000+02:00
diff --git a/src/composition.rs b/src/composition.rs
@@ -16,7 +16,7 @@ use crate::traits::CompactProtocol;
 use crate::{
     errors::Error,
     fiat_shamir::{FiatShamir, HasGroupMorphism},
-    group_morphism::LinearRelation,
+    linear_relation::LinearRelation,
     group_serialization::{deserialize_scalar, serialize_scalar},
     schnorr_protocol::SchnorrProtocol,
     traits::{SigmaProtocol, SigmaProtocolSimulator},
diff --git a/src/errors.rs b/src/errors.rs
@@ -9,7 +9,7 @@
 //! - Unimplemented methods.
 //! - Group element or scalar serialization failures.
 
-use crate::group_morphism::GroupVar;
+use crate::linear_relation::GroupVar;
 
 /// An error during proving or verification, such as a verification failure.
 #[non_exhaustive]
diff --git a/src/lib.rs b/src/lib.rs
@@ -15,7 +15,7 @@
 pub mod composition;
 pub mod errors;
 pub mod fiat_shamir;
-pub mod group_morphism;
+pub mod linear_relation;
 pub mod group_serialization;
 pub mod schnorr_protocol;
 pub mod traits;
@@ -24,3 +24,6 @@ pub mod codec;
 
 #[cfg(test)]
 pub mod tests;
+
+
+pub use linear_relation::LinearRelation;
diff --git a/src/linear_relation.rs b/src/linear_relation.rs
@@ -339,7 +339,7 @@ where
     ///
     /// # Example
     /// ```
-    /// # use sigma_rs::group_morphism::LinearRelation;
+    /// # use sigma_rs::LinearRelation;
     /// use curve25519_dalek::RistrettoPoint as G;
     ///
     /// let mut morphism = LinearRelation::<G>::new();
@@ -367,7 +367,7 @@ where
     ///
     /// # Example
     /// ```
-    /// # use sigma_rs::group_morphism::LinearRelation;
+    /// # use sigma_rs::LinearRelation;
     /// use curve25519_dalek::RistrettoPoint as G;
     ///
     /// let mut morphism = LinearRelation::<G>::new();
diff --git a/src/linear_relation/ops.rs b/src/linear_relation/ops.rs
diff --git a/src/schnorr_protocol.rs b/src/schnorr_protocol.rs
@@ -7,7 +7,7 @@
 use crate::codec::Codec;
 use crate::errors::Error;
 use crate::fiat_shamir::{FiatShamir, HasGroupMorphism};
-use crate::group_morphism::LinearRelation;
+use crate::linear_relation::LinearRelation;
 use crate::{
     group_serialization::*,
     traits::{CompactProtocol, SigmaProtocol, SigmaProtocolSimulator},
diff --git a/src/tests/composition_protocol.rs b/src/tests/composition_protocol.rs
@@ -0,0 +1,103 @@
+use curve25519_dalek::ristretto::RistrettoPoint;
+use group::Group;
+use rand::rngs::OsRng;
+
+use super::test_utils::{
+    bbs_blind_commitment_computation, discrete_logarithm, dleq, pedersen_commitment,
+    pedersen_commitment_dleq,
+};
+use crate::codec::ShakeCodec;
+use crate::composition::{Protocol, ProtocolWitness};
+use crate::fiat_shamir::{HasGroupMorphism, NISigmaProtocol};
+use crate::schnorr_protocol::SchnorrProtocol;
+
+type G = RistrettoPoint;
+
+#[allow(non_snake_case)]
+#[test]
+fn composition_proof_correct() {
+    // Composition and verification of proof for the following protocol :
+    //
+    // protocol = And(
+    //     Or( dleq, pedersen_commitment ),
+    //     Simple( discrete_logarithm ),
+    //     And( pedersen_commitment_dleq, bbs_blind_commitment_computation )
+    // )
+    let mut rng = OsRng;
+    let domain_sep = b"hello world";
+
+    // definitions of the underlying protocols
+    let (morph1, witness1) = dleq(<G as Group>::Scalar::random(&mut rng), G::random(&mut rng));
+    let (morph2, _) = pedersen_commitment(
+        G::random(&mut rng),
+        <G as Group>::Scalar::random(&mut rng),
+        <G as Group>::Scalar::random(&mut rng),
+    );
+    let (morph3, witness3) = discrete_logarithm(<G as Group>::Scalar::random(&mut rng));
+    let (morph4, witness4) = pedersen_commitment_dleq(
+        (0..4)
+            .map(|_| G::random(&mut rng))
+            .collect::<Vec<_>>()
+            .try_into()
+            .unwrap(),
+        (0..2)
+            .map(|_| <G as Group>::Scalar::random(&mut rng))
+            .collect::<Vec<_>>()
+            .try_into()
+            .unwrap(),
+    );
+    let (morph5, witness5) = bbs_blind_commitment_computation(
+        (0..4)
+            .map(|_| G::random(&mut rng))
+            .collect::<Vec<_>>()
+            .try_into()
+            .unwrap(),
+        (0..3)
+            .map(|_| <G as Group>::Scalar::random(&mut rng))
+            .collect::<Vec<_>>()
+            .try_into()
+            .unwrap(),
+        <G as Group>::Scalar::random(&mut rng),
+    );
+
+    // second layer protocol definitions
+    let or_protocol1 = Protocol::Or(vec![
+        Protocol::Simple(SchnorrProtocol::from(morph1)),
+        Protocol::Simple(SchnorrProtocol::from(morph2)),
+    ]);
+    let or_witness1 = ProtocolWitness::Or(0, vec![ProtocolWitness::Simple(witness1)]);
+
+    let simple_protocol1 = Protocol::from(morph3);
+    let simple_witness1 = ProtocolWitness::Simple(witness3);
+
+    let and_protocol1 = Protocol::And(vec![
+        Protocol::Simple(SchnorrProtocol::from(morph4)),
+        Protocol::Simple(SchnorrProtocol::from(morph5)),
+    ]);
+    let and_witness1 = ProtocolWitness::And(vec![
+        ProtocolWitness::Simple(witness4),
+        ProtocolWitness::Simple(witness5),
+    ]);
+
+    // definition of the final protocol
+    let protocol = Protocol::And(vec![or_protocol1, simple_protocol1, and_protocol1]);
+    let witness = ProtocolWitness::And(vec![or_witness1, simple_witness1, and_witness1]);
+
+    let mut nizk =
+        NISigmaProtocol::<Protocol<RistrettoPoint>, ShakeCodec<G>>::new(domain_sep, protocol);
+
+    nizk.sigmap
+        .absorb_morphism_structure(&mut nizk.hash_state)
+        .unwrap();
+
+    // Batchable and compact proofs
+    let proof_batchable_bytes = nizk.prove_batchable(&witness, &mut rng).unwrap();
+    let proof_compact_bytes = nizk.prove_compact(&witness, &mut rng).unwrap();
+    // Verify proofs
+    let verified_batchable = nizk.verify_batchable(&proof_batchable_bytes).is_ok();
+    let verified_compact = nizk.verify_compact(&proof_compact_bytes).is_ok();
+    assert!(
+        verified_batchable & verified_compact,
+        "Fiat-Shamir Schnorr proof verification failed"
+    );
+}
diff --git a/src/tests/spec/custom_schnorr_protocol.rs b/src/tests/spec/custom_schnorr_protocol.rs
@@ -5,7 +5,7 @@ use rand::{CryptoRng, Rng};
 use crate::codec::Codec;
 use crate::errors::Error;
 use crate::fiat_shamir::FiatShamir;
-use crate::group_morphism::LinearRelation;
+use crate::linear_relation::LinearRelation;
 use crate::group_serialization::*;
 use crate::tests::spec::random::SRandom;
 use crate::traits::SigmaProtocol;
diff --git a/src/tests/test_utils.rs b/src/tests/test_utils.rs
@@ -2,7 +2,7 @@
 
 use group::{Group, GroupEncoding};
 
-use crate::group_morphism::{LinearRelation, msm_pr};
+use crate::linear_relation::{LinearRelation, msm_pr};
 
 /// Morphism for knowledge of a discrete logarithm relative to a fixed basepoint.
 #[allow(non_snake_case)]
