refactor: invalid instance/witness pair error

mmaker · mmaker · commit b87c00ef9d22 · 2025-07-03T15:08:17.000-07:00
diff --git a/src/composition.rs b/src/composition.rs
@@ -112,7 +112,7 @@ impl<G: Group + GroupEncoding> SigmaProtocol for Protocol<G> {
             }
             (Protocol::And(ps), ProtocolWitness::And(ws)) => {
                 if ps.len() != ws.len() {
-                    return Err(Error::ProofSizeMismatch);
+                    return Err(Error::InvalidInstanceWitnessPair);
                 }
                 let mut commitments = Vec::with_capacity(ps.len());
                 let mut prover_states = Vec::with_capacity(ps.len());
@@ -168,7 +168,7 @@ impl<G: Group + GroupEncoding> SigmaProtocol for Protocol<G> {
             }
             (Protocol::And(ps), ProtocolProverState::And(states)) => {
                 if ps.len() != states.len() {
-                    return Err(Error::ProofSizeMismatch);
+                    return Err(Error::InvalidInstanceWitnessPair);
                 }
                 let mut responses = Vec::with_capacity(ps.len());
                 for (i, p) in ps.iter().enumerate() {
diff --git a/src/errors.rs b/src/errors.rs
@@ -15,9 +15,9 @@ pub enum Error {
     /// Something is wrong with the proof, causing a verification failure.
     #[error("Verification failed.")]
     VerificationFailure,
-    /// Indicates a mismatch in parameter sizes during batch verification.
-    #[error("Mismatched parameter sizes for batch verification.")]
-    ProofSizeMismatch,
+    /// Indicates an invalid statement/witness pair
+    #[error("Invalid instance/witness pair.")]
+    InvalidInstanceWitnessPair,
     /// Uninitialized group element variable.
     #[error("Uninitialized group element variable: {var_debug}")]
     UnassignedGroupVar { var_debug: String },
diff --git a/src/schnorr_protocol.rs b/src/schnorr_protocol.rs
@@ -68,14 +68,19 @@ where
     ///     - The prover state (random nonces and witness) used to compute the response.
     ///
     /// # Errors
-    /// -[`Error::ProofSizeMismatch`] if the witness vector length is incorrect.
+    /// -[`Error::InvalidInstanceWitnessPair`] if the witness vector length is incorrect.
     fn prover_commit(
         &self,
         witness: &Self::Witness,
         mut rng: &mut (impl RngCore + CryptoRng),
     ) -> Result<(Self::Commitment, Self::ProverState), Error> {
         if witness.len() != self.witness_length() {
-            return Err(Error::ProofSizeMismatch);
+            return Err(Error::InvalidInstanceWitnessPair);
+        }
+
+        // If the relation being proven is trivial, refuse to prove the statement.
+        if self.0.image()?.iter().all(|&x| x == G::identity()) {
+            return Err(Error::InvalidInstanceWitnessPair)
         }
 
         let nonces: Vec<G::Scalar> = (0..self.witness_length())
@@ -96,7 +101,7 @@ where
     /// - A vector of scalars forming the prover's response.
     ///
     /// # Errors
-    /// - Returns [`Error::ProofSizeMismatch`] if the prover state vectors have incorrect lengths.
+    /// - Returns [`Error::InvalidInstanceWitnessPair`] if the prover state vectors have incorrect lengths.
     fn prover_response(
         &self,
         prover_state: Self::ProverState,
@@ -105,7 +110,7 @@ where
         let (nonces, witness) = prover_state;
 
         if nonces.len() != self.witness_length() || witness.len() != self.witness_length() {
-            return Err(Error::ProofSizeMismatch);
+            return Err(Error::InvalidInstanceWitnessPair);
         }
 
         let responses = nonces
@@ -125,20 +130,20 @@ where
     /// # Returns
     /// - `Ok(())` if the proof is valid.
     /// - `Err(Error::VerificationFailure)` if the proof is invalid.
-    /// - `Err(Error::ProofSizeMismatch)` if the lengths of commitment or response do not match the expected counts.
+    /// - `Err(Error::InvalidInstanceWitnessPair)` if the lengths of commitment or response do not match the expected counts.
     ///
     /// # Errors
     /// -[`Error::VerificationFailure`] if the computed relation
     /// does not hold for the provided challenge and response, indicating proof invalidity.
-    /// -[`Error::ProofSizeMismatch`] if the commitment or response length is incorrect.
+    /// -[`Error::InvalidInstanceWitnessPair`] if the commitment or response length is incorrect.
     fn verifier(
         &self,
         commitment: &Self::Commitment,
         challenge: &Self::Challenge,
         response: &Self::Response,
     ) -> Result<(), Error> {
         if commitment.len() != self.commitment_length() || response.len() != self.witness_length() {
-            return Err(Error::ProofSizeMismatch);
+            return Err(Error::InvalidInstanceWitnessPair);
         }
 
         let lhs = self.0.linear_map.evaluate(response)?;
@@ -307,14 +312,14 @@ where
     /// - A vector of group elements representing the simulated commitment (one per linear constraint).
     ///
     /// # Errors
-    /// - [`Error::ProofSizeMismatch`] if the response length does not match the expected number of scalars.
+    /// - [`Error::InvalidInstanceWitnessPair`] if the response length does not match the expected number of scalars.
     fn simulate_commitment(
         &self,
         challenge: &Self::Challenge,
         response: &Self::Response,
     ) -> Result<Self::Commitment, Error> {
         if response.len() != self.witness_length() {
-            return Err(Error::ProofSizeMismatch);
+            return Err(Error::InvalidInstanceWitnessPair);
         }
 
         let response_image = self.0.linear_map.evaluate(response)?;
diff --git a/src/tests/spec/custom_schnorr_protocol.rs b/src/tests/spec/custom_schnorr_protocol.rs
@@ -33,7 +33,7 @@ where
         rng: &mut (impl Rng + CryptoRng),
     ) -> Result<(Self::Commitment, Self::ProverState), Error> {
         if witness.len() != self.witness_len() {
-            return Err(Error::ProofSizeMismatch);
+            return Err(Error::InvalidInstanceWitnessPair);
         }
 
         let mut nonces: Vec<G::Scalar> = Vec::new();
@@ -51,7 +51,7 @@ where
         challenge: &Self::Challenge,
     ) -> Result<Self::Response, Error> {
         if state.0.len() != self.witness_len() || state.1.len() != self.witness_len() {
-            return Err(Error::ProofSizeMismatch);
+            return Err(Error::InvalidInstanceWitnessPair);
         }
 
         let mut responses = Vec::new();
@@ -129,7 +129,7 @@ impl<G: SRandom + GroupEncoding> SigmaProtocolSimulator for SchnorrProtocolCusto
         response: &Self::Response,
     ) -> Result<Self::Commitment, Error> {
         if response.len() != self.0.linear_map.num_scalars {
-            return Err(Error::ProofSizeMismatch);
+            return Err(Error::InvalidInstanceWitnessPair);
         }
 
         let response_image = self.0.linear_map.evaluate(response)?;

Original file line number	Diff line number	Diff line change
`@@ -112,7 +112,7 @@ impl<G: Group + GroupEncoding> SigmaProtocol for Protocol<G> {`
`112`	`112`	`}`
`113`	`113`	`(Protocol::And(ps), ProtocolWitness::And(ws)) => {`
`114`	`114`	`if ps.len() != ws.len() {`
`115`		`- return Err(Error::ProofSizeMismatch);`
	`115`	`+ return Err(Error::InvalidInstanceWitnessPair);`
`116`	`116`	`}`
`117`	`117`	`let mut commitments = Vec::with_capacity(ps.len());`
`118`	`118`	`let mut prover_states = Vec::with_capacity(ps.len());`
`@@ -168,7 +168,7 @@ impl<G: Group + GroupEncoding> SigmaProtocol for Protocol<G> {`
`168`	`168`	`}`
`169`	`169`	`(Protocol::And(ps), ProtocolProverState::And(states)) => {`
`170`	`170`	`if ps.len() != states.len() {`
`171`		`- return Err(Error::ProofSizeMismatch);`
	`171`	`+ return Err(Error::InvalidInstanceWitnessPair);`
`172`	`172`	`}`
`173`	`173`	`let mut responses = Vec::with_capacity(ps.len());`
`174`	`174`	`for (i, p) in ps.iter().enumerate() {`