Simplify struct for SchnorrProof

Author: mmaker

src/toolbox/sigma/group_morphism.rs

@@ -33,7 +33,7 @@ pub struct Morphism<G: Group> {
 /// Perform a simple multi-scalar multiplication (MSM) over scalars and points.
 fn msm_pr<G: Group>(scalars: &[G::Scalar], bases: &[G]) -> G {
     let mut acc = G::identity();
-    for (s, p) in scalars.iter().zip(bases.iter()) {
+    for (s, p) in scalars.iter().zip(bases.into_iter()) {
         acc += *p * s;
     }
     acc

src/toolbox/sigma/schnorr_proof.rs

@@ -15,13 +15,7 @@ use rand::{CryptoRng, Rng};
 /// A Schnorr protocol proving knowledge some discrete logarithm relation.
 ///
 /// The specific proof instance is defined by a [`GroupMorphismPreimage`] over a group `G`.
-pub struct SchnorrProof<G>
-where
-    G: Group + GroupEncoding + GroupSerialisation,
-{
-    /// The public instance and its associated group morphism.
-    pub morphismp: GroupMorphismPreimage<G>,
-}
+pub struct SchnorrProof<G: Group + GroupEncoding + GroupSerialisation>(pub GroupMorphismPreimage<G>);
 
 /// Internal prover state during the protocol execution: (random nonce, witness)
 pub struct SchnorrState<S> {
@@ -47,9 +41,9 @@ where
         witness: &Self::Witness,
         mut rng: &mut (impl Rng + CryptoRng),
     ) -> (Self::Commitment, Self::ProverState) {
-        let nonces: Vec<G::Scalar> =  (0..self.morphismp.morphism.num_scalars).map(|_| G::Scalar::random(&mut rng)).collect();
+        let nonces: Vec<G::Scalar> =  (0..self.0.morphism.num_scalars).map(|_| G::Scalar::random(&mut rng)).collect();
         let prover_state = (nonces.clone(), witness.clone());
-        let commitment = self.morphismp.morphism.evaluate(&nonces);
+        let commitment = self.0.morphism.evaluate(&nonces);
         (commitment, prover_state)
     }
 
@@ -60,8 +54,8 @@ where
         challenge: &Self::Challenge,
     ) -> Self::Response {
         let mut responses = Vec::new();
-        for i in 0..self.morphismp.morphism.num_scalars {
-            responses.push(state.0[i] + *challenge * state.1[i]);
+        for i in 0..self.0.morphism.num_scalars {
+            responses.push(state.0[i] + state.1[i] * challenge);
         }
         responses
     }
@@ -73,16 +67,16 @@ where
         challenge: &Self::Challenge,
         response: &Self::Response,
     ) -> Result<(), ProofError> {
-        let lhs = self.morphismp.morphism.evaluate(response);
+        let lhs = self.0.morphism.evaluate(response);
 
         let mut rhs = Vec::new();
         for (i, g) in commitment
             .iter()
             .enumerate()
-            .take(self.morphismp.morphism.num_statements())
+            .take(self.0.morphism.num_statements())
         {
             rhs.push(
-                self.morphismp.morphism.group_elements[self.morphismp.image[i]] * challenge + g,
+                self.0.morphism.group_elements[self.0.image[i]] * challenge + g,
             );
         }
 
@@ -100,8 +94,8 @@ where
         response: &Self::Response,
     ) -> Vec<u8> {
         let mut bytes = Vec::new();
-        let scalar_nb = self.morphismp.morphism.num_scalars;
-        let point_nb = self.morphismp.morphism.num_statements();
+        let scalar_nb = self.0.morphism.num_scalars;
+        let point_nb = self.0.morphism.num_statements();
 
         // Serialize commitments
         for commit in commitment.iter().take(point_nb) {
@@ -117,8 +111,8 @@ where
 
     /// Deserializes a batchable proof format back into (`commitment`, `response`).
     fn deserialize_batchable(&self, data: &[u8]) -> Option<(Self::Commitment, Self::Response)> {
-        let scalar_nb = self.morphismp.morphism.num_scalars;
-        let point_nb = self.morphismp.morphism.num_statements();
+        let scalar_nb = self.0.morphism.num_scalars;
+        let point_nb = self.0.morphism.num_statements();
 
         let point_size = G::generator().to_bytes().as_ref().len();
         let scalar_size = <<G as Group>::Scalar as PrimeField>::Repr::default()

tests/non_interactive_protocol.rs

@@ -36,7 +36,7 @@ fn fiat_shamir_schnorr_proof_ristretto() {
     morphismp.append_equation(1, &[(0, 0)]);
 
     // The SigmaProtocol induced by morphismp
-    let protocol = SchnorrProof { morphismp };
+    let protocol = SchnorrProof(morphismp);
 
     // Fiat-Shamir wrapper
     let mut nizk =

tests/various_tests.rs

@@ -231,7 +231,7 @@ fn NI_discrete_logarithm() {
     let (morphismp, witness) = discrete_logarithm::<G>(&mut rng);
 
     // The SigmaProtocol induced by morphismp
-    let protocol = SchnorrProof { morphismp };
+    let protocol = SchnorrProof(morphismp);
     // Fiat-Shamir wrapper
     let domain_sep = b"test-fiat-shamir-schnorr";
     let mut nizk =
@@ -251,7 +251,7 @@ fn NI_dleq() {
     let (morphismp, witness) = dleq::<G>(&mut rng);
 
     // The SigmaProtocol induced by morphismp
-    let protocol = SchnorrProof { morphismp };
+    let protocol = SchnorrProof(morphismp);
     // Fiat-Shamir wrapper
     let domain_sep = b"test-fiat-shamir-DLEQ";
     let mut nizk =
@@ -271,7 +271,7 @@ fn NI_pedersen_commitment() {
     let (morphismp, witness) = pedersen_commitment::<G>(&mut rng);
 
     // The SigmaProtocol induced by morphismp
-    let protocol = SchnorrProof { morphismp };
+    let protocol = SchnorrProof(morphismp);
     // Fiat-Shamir wrapper
     let domain_sep = b"test-fiat-shamir-pedersen-commitment";
     let mut nizk =
@@ -291,7 +291,7 @@ fn NI_pedersen_commitment_dleq() {
     let (morphismp, witness) = pedersen_commitment_dleq::<G>(&mut rng);
 
     // The SigmaProtocol induced by morphismp
-    let protocol = SchnorrProof { morphismp };
+    let protocol = SchnorrProof(morphismp);
     // Fiat-Shamir wrapper
     let domain_sep = b"test-fiat-shamir-pedersen-commitment-DLEQ";
     let mut nizk =
@@ -311,7 +311,7 @@ fn NI_bbs_blind_commitment_computation() {
     let (morphismp, witness) = bbs_blind_commitment_computation::<G>(&mut rng);
 
     // The SigmaProtocol induced by morphismp
-    let protocol = SchnorrProof { morphismp };
+    let protocol = SchnorrProof(morphismp);
     // Fiat-Shamir wrapper
     let domain_sep = b"test-fiat-shamir-bbs-blind-commitment-computation";
     let mut nizk =