Added testing of a protocol with two non-linear relation (translated dleq)

Author: nougzarm

src/tests/relations.rs

@@ -5,7 +5,7 @@ use rand::rngs::OsRng;
 use crate::fiat_shamir::NISigmaProtocol;
 use crate::tests::test_utils::{
     bbs_blind_commitment_computation, discrete_logarithm, dleq, pedersen_commitment,
-    pedersen_commitment_dleq, translated_discrete_logarithm,
+    pedersen_commitment_dleq, translated_discrete_logarithm, translated_dleq,
 };
 use crate::{codec::ShakeCodec, schnorr_protocol::SchnorrProof};
 
@@ -29,6 +29,12 @@ fn test_dleq() {
     dleq(G::random(&mut rng), Scalar::random(&mut rng));
 }
 
+#[test]
+fn test_translated_dleq() {
+    let mut rng = OsRng;
+    dleq(G::random(&mut rng), Scalar::random(&mut rng));
+}
+
 #[test]
 fn test_pedersen_commitment() {
     let mut rng = OsRng;
@@ -111,7 +117,7 @@ fn noninteractive_translated_discrete_logarithm() {
     // The SigmaProtocol induced by relation
     let protocol = SchnorrProof::from(relation);
     // Fiat-Shamir wrapper
-    let domain_sep = b"test-fiat-shamir-schnorr";
+    let domain_sep = b"test-fiat-shamir-translated-schnorr";
     let nizk = NISigmaProtocol::<SchnorrProof<G>, ShakeCodec<G>>::new(domain_sep, protocol);
 
     // Batchable and compact proofs
@@ -157,6 +163,33 @@ fn noninteractive_dleq() {
     );
 }
 
+#[test]
+fn noninteractive_translated_dleq() {
+    let mut rng = OsRng;
+    let (relation, witness) = translated_dleq(G::random(&mut rng), Scalar::random(&mut rng));
+
+    // The SigmaProtocol induced by relation
+    let protocol = SchnorrProof::from(relation);
+    // Fiat-Shamir wrapper
+    let domain_sep = b"test-fiat-shamir-translated-DLEQ";
+    let nizk = NISigmaProtocol::<SchnorrProof<G>, ShakeCodec<G>>::new(domain_sep, protocol);
+
+    // Batchable and compact proofs
+    let proof_batchable_bytes = nizk.prove_batchable(&witness, &mut rng).unwrap();
+    let proof_compact_bytes = nizk.prove_compact(&witness, &mut rng).unwrap();
+    // Verify proofs
+    let verified_batchable = nizk.verify_batchable(&proof_batchable_bytes).is_ok();
+    let verified_compact = nizk.verify_compact(&proof_compact_bytes).is_ok();
+    assert!(
+        verified_batchable,
+        "Fiat-Shamir Schnorr proof verification failed"
+    );
+    assert!(
+        verified_compact,
+        "Fiat-Shamir Schnorr proof verification failed"
+    );
+}
+
 #[test]
 fn noninteractive_pedersen_commitment() {
     let mut rng = OsRng;

src/tests/test_utils.rs

@@ -69,6 +69,31 @@ pub fn dleq<G: Group + GroupEncoding>(H: G, x: G::Scalar) -> (LinearRelation<G>,
     (relation, vec![x])
 }
 
+/// LinearMap for knowledge of a translated dleq.
+#[allow(non_snake_case)]
+pub fn translated_dleq<G: Group + GroupEncoding>(
+    H: G,
+    x: G::Scalar,
+) -> (LinearRelation<G>, Vec<G::Scalar>) {
+    let mut relation: LinearRelation<G> = LinearRelation::new();
+
+    let var_x = relation.allocate_scalar();
+    let [var_G, var_H] = relation.allocate_elements();
+
+    let var_X = relation.allocate_eq(var_x * var_G + var_H);
+    let var_Y = relation.allocate_eq(var_x * var_H + var_G);
+
+    relation.set_elements([(var_G, G::generator()), (var_H, H)]);
+    relation.compute_image(&[x]).unwrap();
+
+    let X = relation.linear_map.group_elements.get(var_X).unwrap();
+    let Y = relation.linear_map.group_elements.get(var_Y).unwrap();
+
+    assert_eq!(X, G::generator() * x + H);
+    assert_eq!(Y, H * x + G::generator());
+    (relation, vec![x])
+}
+
 /// LinearMap for knowledge of an opening to a Pederson commitment.
 #[allow(non_snake_case)]
 pub fn pedersen_commitment<G: Group + GroupEncoding>(