- Complete list of tests implemented in Sage

- Bugs fixed in the verify, serialize, and deserialize functions in the implementation of the SigmaProtocol trait for the SchnorrProof structure

Author: nougzarm

src/toolbox/sigma/schnorr_proof.rs

@@ -74,7 +74,7 @@ where
         let lhs = self.morphismp.morphism.evaluate(response);
 
         let mut rhs = Vec::new();
-        for (i, g) in commitment.iter().enumerate().take(self.morphismp.morphism.num_scalars) {
+        for (i, g) in commitment.iter().enumerate().take(self.morphismp.morphism.num_statements()) {
             rhs.push(*g + self.morphismp.morphism.group_elements[self.morphismp.image[i]] * *challenge);
         }
 
@@ -93,9 +93,10 @@ where
     ) -> Vec<u8> {
         let mut bytes = Vec::new();
         let scalar_nb = self.morphismp.morphism.num_scalars;
+        let point_nb = self.morphismp.morphism.num_statements();
 
         // Serialize commitments
-        for commit in commitment.iter().take(scalar_nb) {
+        for commit in commitment.iter().take(point_nb) {
             bytes.extend_from_slice(commit.to_bytes().as_ref());
         }
 
@@ -112,18 +113,19 @@ where
     ) -> Option<(Self::Commitment, Self::Response)>
     {
         let scalar_nb = self.morphismp.morphism.num_scalars;
+        let point_nb = self.morphismp.morphism.num_statements();
         let point_size = G::generator().to_bytes().as_ref().len();
         let scalar_size = <<G as Group>::Scalar as PrimeField>::Repr::default().as_ref().len();
 
-        let expected_len = scalar_nb * (point_size + scalar_size);
+        let expected_len = scalar_nb * scalar_size + point_nb * point_size;
         if data.len() != expected_len {
             return None;
         }
 
         let mut commitments: Self::Commitment = Vec::new();
         let mut responses: Self::Response = Vec::new();
 
-        for i in 0..scalar_nb {
+        for i in 0..point_nb {
             let start = i * point_size;
             let end = start + point_size;
 
@@ -142,7 +144,7 @@ where
         }
 
         for i in 0..scalar_nb {
-            let start = scalar_nb * point_size + i * scalar_size;
+            let start = point_nb * point_size + i * scalar_size;
             let end = start + scalar_size;
 
             let mut buf = vec![0u8; scalar_size];

tests/sage_proofs.rs

@@ -6,7 +6,7 @@ use sigma_rs::toolbox::sigma::{
     GroupMorphismPreimage,
     SchnorrProof,
     transcript::KeccakTranscript,
-    NISigmaProtocol
+    NISigmaProtocol,
 };
 
 type G = RistrettoPoint;
@@ -138,7 +138,7 @@ fn bbs_blind_commitment_computation<G: Group + GroupEncoding>(
 ) -> (GroupMorphismPreimage<G>, Vec<G::Scalar>) {
     let mut morphismp: GroupMorphismPreimage<G> = GroupMorphismPreimage::new();
 
-    // lenght (committed_messages)
+    // length (committed_messages)
     let M = 3;
     // BBS.create_generators(M + 1, "BLIND_" || api_id)
     let (Q_2, J_1, J_2, J_3) = (G::random(&mut *rng), G::random(&mut *rng), G::random(&mut *rng), G::random(&mut *rng));
@@ -207,7 +207,7 @@ fn test_bbs_blind_commitment_computation() {
 #[test]
 fn NI_discrete_logarithm() {
     let mut rng = OsRng;
-    let (morphismp, witness) = bbs_blind_commitment_computation::<G>(&mut rng);
+    let (morphismp, witness) = discrete_logarithm::<G>(&mut rng);
 
     // The SigmaProtocol induced by morphismp
     let protocol = SchnorrProof { morphismp };
@@ -220,4 +220,80 @@ fn NI_discrete_logarithm() {
     // Verify
     let verified = nizk.verify(&proof_bytes).is_ok();
     assert!(verified, "Fiat-Shamir Schnorr proof verification failed");
+}
+
+#[allow(non_snake_case)]
+#[test]
+fn NI_dleq() {
+    let mut rng = OsRng;
+    let (morphismp, witness) = dleq::<G>(&mut rng);
+
+    // The SigmaProtocol induced by morphismp
+    let protocol = SchnorrProof { morphismp };
+    // Fiat-Shamir wrapper
+    let domain_sep = b"test-fiat-shamir-DLEQ";
+    let mut nizk = NISigmaProtocol::<SchnorrProof<G>, KeccakTranscript<G>, G>::new(domain_sep, protocol);
+    
+    // Prove
+    let proof_bytes = nizk.prove(&witness, &mut rng);
+    // Verify
+    let verified = nizk.verify(&proof_bytes).is_ok();
+    assert!(verified, "DLEQ proof verification failed");
+}
+
+#[allow(non_snake_case)]
+#[test]
+fn NI_pedersen_commitment() {
+    let mut rng = OsRng;
+    let (morphismp, witness) = pedersen_commitment::<G>(&mut rng);
+
+    // The SigmaProtocol induced by morphismp
+    let protocol = SchnorrProof { morphismp };
+    // Fiat-Shamir wrapper
+    let domain_sep = b"test-fiat-shamir-pedersen-commitment";
+    let mut nizk = NISigmaProtocol::<SchnorrProof<G>, KeccakTranscript<G>, G>::new(domain_sep, protocol);
+    
+    // Prove
+    let proof_bytes = nizk.prove(&witness, &mut rng);
+    // Verify
+    let verified = nizk.verify(&proof_bytes).is_ok();
+    assert!(verified, "DLEQ proof verification failed");
+}
+
+#[allow(non_snake_case)]
+#[test]
+fn NI_pedersen_commitment_dleq() {
+    let mut rng = OsRng;
+    let (morphismp, witness) = pedersen_commitment_dleq::<G>(&mut rng);
+
+    // The SigmaProtocol induced by morphismp
+    let protocol = SchnorrProof { morphismp };
+    // Fiat-Shamir wrapper
+    let domain_sep = b"test-fiat-shamir-pedersen-commitment-DLEQ";
+    let mut nizk = NISigmaProtocol::<SchnorrProof<G>, KeccakTranscript<G>, G>::new(domain_sep, protocol);
+    
+    // Prove
+    let proof_bytes = nizk.prove(&witness, &mut rng);
+    // Verify
+    let verified = nizk.verify(&proof_bytes).is_ok();
+    assert!(verified, "DLEQ proof verification failed");
+}
+
+#[allow(non_snake_case)]
+#[test]
+fn NI_bbs_blind_commitment_computation() {
+    let mut rng = OsRng;
+    let (morphismp, witness) = bbs_blind_commitment_computation::<G>(&mut rng);
+
+    // The SigmaProtocol induced by morphismp
+    let protocol = SchnorrProof { morphismp };
+    // Fiat-Shamir wrapper
+    let domain_sep = b"test-fiat-shamir-bbs-blind-commitment-computation";
+    let mut nizk = NISigmaProtocol::<SchnorrProof<G>, KeccakTranscript<G>, G>::new(domain_sep, protocol);
+    
+    // Prove
+    let proof_bytes = nizk.prove(&witness, &mut rng);
+    // Verify
+    let verified = nizk.verify(&proof_bytes).is_ok();
+    assert!(verified, "DLEQ proof verification failed");
 }