fix: change validation criteria for identity elements.

Trivial relations that can be checked manually upon converting LinearRelation into
CanonicalLinearRelation can have 0 in the image.

Author: mmaker

src/linear_relation/canonical.rs

@@ -352,13 +352,6 @@ impl<G: PrimeGroup> TryFrom<&LinearRelation<G>> for CanonicalLinearRelation<G> {
             ));
         }
 
-        if !relation
-            .image()
-            .is_ok_and(|img| img.iter().all(|&x| x != G::identity()))
-        {
-            return Err(InvalidInstance::new("Image contains identity element"));
-        }
-
         let mut canonical = CanonicalLinearRelation::new();
         canonical.num_scalars = relation.linear_map.num_scalars;
 
@@ -367,17 +360,19 @@ impl<G: PrimeGroup> TryFrom<&LinearRelation<G>> for CanonicalLinearRelation<G> {
 
         // Process each constraint using the modular helper method
         for (lhs, rhs) in iter::zip(&relation.image, &relation.linear_map.linear_combinations) {
+
+            let lhs_value = relation
+                .linear_map
+                .group_elements
+                .get(*lhs)
+                .map_err(|_| InvalidInstance::new("Unassigned group variable in image"))?;
+
             // If the linear combination is trivial, check it directly and skip processing.
             if rhs
                 .0
                 .iter()
                 .all(|weighted| matches!(weighted.term.scalar, ScalarTerm::Unit))
             {
-                let lhs_value = relation
-                    .linear_map
-                    .group_elements
-                    .get(*lhs)
-                    .map_err(|_| InvalidInstance::new("Unassigned group variable in image"))?;
 
                 let rhs_value = rhs.0.iter().fold(G::identity(), |acc, weighted| {
                     acc + relation
@@ -398,6 +393,10 @@ impl<G: PrimeGroup> TryFrom<&LinearRelation<G>> for CanonicalLinearRelation<G> {
                 }
             }
 
+            if lhs_value == G::identity() {
+                return Err(InvalidInstance::new("Image contains identity element"));
+            }
+
             canonical.process_constraint(lhs, rhs, relation, &mut weighted_group_cache)?;
         }
 

src/tests/test_validation_criteria.rs

@@ -30,32 +30,27 @@ mod instance_validation {
     }
 
     #[test]
-    fn test_zero_image_elements() {
+    fn test_zero_image() {
         // Create a linear relation with zero elements in the image
+        // 0 = x * G (which is invalid)
         let mut relation = LinearRelation::<G>::new();
-
-        // Allocate scalars and elements
         let [var_x] = relation.allocate_scalars();
-        let [var_g] = relation.allocate_elements::<1>();
-
-        // Set the group element
-        relation.set_elements([(var_g, G::generator())]);
-
-        // Create an equation that results in zero (identity element)
-        // This simulates a malformed relation where the image contains zero
-        let zero_element = G::identity();
-        let [var_zero] = relation.allocate_elements::<1>();
-        relation.set_elements([(var_zero, zero_element)]);
-
-        // Add equation: 0 = x * G (which is invalid)
-        relation.linear_map.linear_combinations.push(
-            crate::linear_relation::LinearCombination::from(vec![(var_x, var_g)]),
-        );
-        relation.image.push(var_zero);
+        let [var_G] = relation.allocate_elements();
+        let var_X = relation.allocate_eq(var_G * var_x);
+        relation.set_element(var_G, G::generator());
+        relation.set_element(var_X, G::identity());
+        let result = CanonicalLinearRelation::try_from(&relation);
+        assert!(result.is_err());
 
-        // Try to convert to canonical form
+        // Create a trivially valid linear relation with zero elements in the image
+        // 0 = 0*B  (which is invalid)
+        let mut relation = LinearRelation::<G>::new();
+        let [var_B] = relation.allocate_elements();
+        let var_X = relation.allocate_eq(var_B * Scalar::from(0));
+        relation.set_element(var_B, G::generator());
+        relation.set_element(var_X, G::identity());
         let result = CanonicalLinearRelation::try_from(&relation);
-        assert!(result.is_err())
+        assert!(result.is_ok());
     }
 
     #[test]
@@ -64,19 +59,20 @@ mod instance_validation {
         use ff::Field;
 
         // This relation should fail for two reasons:
-        // 1. because B is not assigned
+        // 1. because var_B is not assigned
         let mut relation = LinearRelation::<G>::new();
         let x = relation.allocate_scalar();
-        let B = relation.allocate_element();
-        let _eq = relation.allocate_eq((x + (-Scalar::ONE)) * B + (-B));
+        let var_B = relation.allocate_element();
+        let var_X = relation.allocate_eq((x + (-Scalar::ONE)) * var_B + (-var_B));
+        relation.set_element(var_X, G::identity());
         assert!(CanonicalLinearRelation::try_from(&relation).is_err());
 
-        // 2. because the equation is void
+        // 2. because var_X is not assigned
         let mut relation = LinearRelation::<G>::new();
         let x = relation.allocate_scalar();
-        let B = relation.allocate_element();
-        let _eq = relation.allocate_eq((x + (-Scalar::ONE)) * B + (-B));
-        relation.set_element(B, G::generator());
+        let var_B = relation.allocate_element();
+        let _var_X = relation.allocate_eq((x + (-Scalar::ONE)) * var_B + (-var_B));
+        relation.set_element(var_B, G::generator());
         assert!(CanonicalLinearRelation::try_from(&relation).is_err());
     }
 
@@ -110,6 +106,14 @@ mod instance_validation {
         let nizk = relation.into_nizk(b"test_session").unwrap();
         let narg_string = nizk.prove_batchable(&vec![], rng).unwrap();
         assert!(narg_string.is_empty());
+
+
+        let mut relation = LinearRelation::<G>::new();
+        let var_B = relation.allocate_element();
+        let var_C = relation.allocate_eq(var_B * Scalar::from(1));
+        relation.set_element(var_B, G::generator());
+        relation.set_element(var_C, G::generator());
+        assert!(CanonicalLinearRelation::try_from(&relation).is_ok());
     }
 
     #[test]