refactor(serialization): replace curve-specific serialization with generic approach

- refactor: remove GroupSerialization feature that required per-curve implementation
- feat: implement generic serialization functions applicable to any Group G
- test: preserve Sage test vectors to maintain compatibility verification

Author: nougzarm

src/codec/keccak_codec.rs

@@ -21,7 +21,6 @@
 //! - `KeccakDuplexSponge`: Duplex sponge over 200-byte state buffer
 //! - `ByteSchnorrCodec`: Fiat-Shamir transcript codec compatible with Sage Schnorr proofs
 use crate::codec::r#trait::{Codec, DuplexSpongeInterface};
-use crate::serialisation::GroupSerialisation;
 use ff::PrimeField;
 use group::{Group, GroupEncoding};
 use num_bigint::BigUint;
@@ -178,7 +177,7 @@ fn cardinal<F: PrimeField>() -> BigUint {
 #[derive(Clone)]
 pub struct ByteSchnorrCodec<G, H>
 where
-    G: Group + GroupEncoding + GroupSerialisation,
+    G: Group + GroupEncoding,
     H: DuplexSpongeInterface,
 {
     hasher: H,
@@ -187,7 +186,7 @@ where
 
 impl<G, H> Codec for ByteSchnorrCodec<G, H>
 where
-    G: Group + GroupEncoding + GroupSerialisation,
+    G: Group + GroupEncoding,
     H: DuplexSpongeInterface,
 {
     type Challenge = <G as Group>::Scalar;

src/group_serialisation.rs

@@ -1,103 +1,46 @@
-//! # Group Serialization Implementations
-//!
-//! This module implements the [`GroupSerialisation`] trait for specific elliptic curve.
-//!
-//! Supported groups:
-//! - [`RistrettoPoint`] from `curve25519-dalek`
-//! - [`G1Projective`] from `bls12_381`
-//!
-//! ## Trait Overview
-//!
-//! The [`GroupSerialisation`] trait defines:
-//! - `serialize_element` / `deserialize_element` for group points
-//! - `serialize_scalar` / `deserialize_scalar` for field elements (scalars)
-//!
-//! Implementations must guarantee:
-//! - Canonical and deterministic serialization
-//! - Rejection of malformed or non-canonical encodings on deserialization
-use std::convert::TryInto;
-
-use crate::serialisation::GroupSerialisation;
-use bls12_381::{G1Affine, G1Projective, Scalar as BlsScalar};
-use curve25519_dalek::{
-    ristretto::{CompressedRistretto, RistrettoPoint},
-    scalar::Scalar as RistrettoScalar,
-};
+use group::{Group, GroupEncoding};
 use ff::PrimeField;
 
-impl GroupSerialisation for RistrettoPoint {
-    /// Serializes a `RistrettoPoint` to 32-byte compressed form.
-    fn serialize_element(point: &Self) -> Vec<u8> {
-        point.compress().to_bytes().to_vec()
-    }
+pub fn serialize_element<G: Group + GroupEncoding>(element: &G) -> Vec<u8>{
+    element.to_bytes().as_ref().to_vec()
+}
 
-    /// Attempts to decompress a 32-byte slice into a `RistrettoPoint`.
-    /// Returns `None` if the input is not a valid compressed point.
-    fn deserialize_element(bytes: &[u8]) -> Option<Self> {
-        let point_size = 32;
-        if bytes.len() != point_size {
-            return None;
-        }
-        let mut buf = [0u8; 32];
-        buf.copy_from_slice(bytes);
-        CompressedRistretto(buf).decompress()
+pub fn deserialize_element<G: Group + GroupEncoding>(data: &[u8]) -> Option<G> {
+    let element_len = G::Repr::default().as_ref().len();
+    if data.len() != element_len {
+        return None;
     }
 
-    /// Serializes a `RistrettoScalar` to 32 bytes (little-endian).
-    fn serialize_scalar(scalar: &Self::Scalar) -> Vec<u8> {
-        scalar.to_bytes().to_vec()
-    }
+    let mut repr = G::Repr::default();
+    repr.as_mut().copy_from_slice(data);
+    let ct_point = G::from_bytes(&repr);
 
-    /// Deserializes a 32-byte little-endian encoding into a `RistrettoScalar`.
-    /// Returns `None` if the encoding is not canonical or invalid.
-    fn deserialize_scalar(bytes: &[u8]) -> Option<Self::Scalar> {
-        if bytes.len() != 32 {
-            return None;
-        }
-        let mut buf = [0u8; 32];
-        buf.copy_from_slice(bytes);
-        RistrettoScalar::from_canonical_bytes(buf).into()
+    if ct_point.is_some().into() {
+        let point = ct_point.unwrap();
+        Some(point)
+    } else {
+        None
     }
 }
 
-impl GroupSerialisation for G1Projective {
-    /// Serializes a `G1Projective` element using compressed affine representation (48 bytes).
-    fn serialize_element(point: &G1Projective) -> Vec<u8> {
-        let affine = G1Affine::from(point);
-        affine.to_compressed().as_ref().to_vec()
-    }
+pub fn serialize_scalar<G: Group>(scalar: &G::Scalar) -> Vec<u8> {
+    let mut scalar_bytes = scalar.to_repr().as_ref().to_vec();
+    scalar_bytes.reverse();
+    scalar_bytes
+}
 
-    /// Deserializes a 48-byte compressed affine representation into a `G1Projective`.
-    /// Returns `None` if the point is invalid or not on the curve.
-    fn deserialize_element(bytes: &[u8]) -> Option<G1Projective> {
-        if bytes.len() != 48 {
-            return None;
-        }
-        let mut buf = [0u8; 48];
-        buf.copy_from_slice(bytes);
-        let affine_ctoption = G1Affine::from_compressed(&buf);
-        if affine_ctoption.is_some().into() {
-            let affine = affine_ctoption.unwrap();
-            Some(G1Projective::from(&affine))
-        } else {
-            None
-        }
+pub fn deserialize_scalar<G: Group>(data: &[u8]) -> Option<G::Scalar> {
+    let scalar_len = <<G as Group>::Scalar as PrimeField>::Repr::default().as_ref().len();
+    if data.len() != scalar_len {
+        return None;
     }
 
-    /// Serializes a `bls12_381::Scalar` using its canonical representation.
-    fn serialize_scalar(scalar: &Self::Scalar) -> Vec<u8> {
-        scalar.to_repr().as_ref().to_vec()
-    }
+    let mut repr = <<G as Group>::Scalar as PrimeField>::Repr::default();
+    repr.as_mut().copy_from_slice(&{
+        let mut tmp = data.to_vec();
+        tmp.reverse();
+        tmp
+    });
 
-    /// Deserializes a canonical byte representation into a `bls12_381::Scalar`.
-    /// Returns `None` if the scalar is malformed or out of range.
-    fn deserialize_scalar(bytes: &[u8]) -> Option<Self::Scalar> {
-        let repr = bytes.try_into().ok()?;
-        let result_ctoption = BlsScalar::from_repr(repr);
-        if result_ctoption.is_some().into() {
-            Some(result_ctoption.unwrap())
-        } else {
-            None
-        }
-    }
-}
+    G::Scalar::from_repr(repr).into()
+}

src/lib.rs

@@ -19,17 +19,17 @@ pub mod group_morphism;
 pub mod group_serialisation;
 pub mod proof_builder;
 pub mod proof_composition;
-pub mod schnorr_proof;
-pub mod serialisation;
+pub mod schnorr_protocol;
 pub mod r#trait;
 
 pub use errors::*;
 pub use fiat_shamir::*;
 pub use group_morphism::*;
+pub use group_serialisation::*;
 pub use proof_builder::*;
 pub use proof_composition::*;
 pub use r#trait::*;
-pub use schnorr_proof::*;
+pub use schnorr_protocol::*;
 
 pub mod codec;
 #[deprecated(

src/proof_builder.rs

@@ -13,11 +13,11 @@
 //! - Supports element assignment to statement variables
 //! - Offers one-shot `prove` and `verify` methods
 
-use group::Group;
+use group::{Group, GroupEncoding};
 use rand::{CryptoRng, RngCore};
 
 use crate::{
-    codec::ShakeCodec, serialisation::GroupSerialisation, GroupMorphismPreimage, NISigmaProtocol,
+    codec::ShakeCodec, GroupMorphismPreimage, NISigmaProtocol,
     PointVar, ProofError, ScalarVar, SchnorrProtocol,
 };
 
@@ -28,25 +28,25 @@ use crate::{
 /// for allocating variables, defining statements, and generating proofs.
 ///
 /// # Type Parameters
-/// - `G`: A group that implements both [`Group`] and [`GroupSerialisation`], such as `RistrettoPoint` or `G1Projective`.
+/// - `G`: A group that implements both [`Group`] and [`GroupEncoding`].
 pub struct ProofBuilder<G>
 where
-    G: Group + GroupSerialisation,
+    G: Group + GroupEncoding,
 {
     /// The underlying Sigma protocol instance with Fiat-Shamir transformation applied.
     pub protocol: NISigmaProtocol<SchnorrProtocol<G>, ShakeCodec<G>, G>,
 }
 
 impl<G> ProofBuilder<G>
 where
-    G: Group + GroupSerialisation,
+    G: Group + GroupEncoding,
     ShakeCodec<G>: Clone,
 {
     /// Creates a new proof builder with a Schnorr protocol instance using the given domain separator.
     pub fn new(domain_sep: &[u8]) -> Self {
-        let schnorr_proof = SchnorrProtocol(GroupMorphismPreimage::<G>::new());
+        let schnorr_protocol = SchnorrProtocol(GroupMorphismPreimage::<G>::new());
         let protocol =
-            NISigmaProtocol::<SchnorrProtocol<G>, ShakeCodec<G>, G>::new(domain_sep, schnorr_proof);
+            NISigmaProtocol::<SchnorrProtocol<G>, ShakeCodec<G>, G>::new(domain_sep, schnorr_protocol);
         Self { protocol }
     }
 

src/schnorr_proof.rs renamed to src/schnorr_protocol.rs

@@ -5,7 +5,8 @@
 //! through a group morphism abstraction (see Maurer09).
 
 use crate::{
-    serialisation::GroupSerialisation, CompactProtocol, GroupMorphismPreimage, ProofError,
+    group_serialisation::*,
+    CompactProtocol, GroupMorphismPreimage, ProofError,
     SigmaProtocol,
 };
 
@@ -16,13 +17,13 @@ use rand::{CryptoRng, Rng};
 /// A Schnorr protocol proving knowledge some discrete logarithm relation.
 ///
 /// The specific proof instance is defined by a [`GroupMorphismPreimage`] over a group `G`.
-pub struct SchnorrProtocol<G: Group + GroupEncoding + GroupSerialisation>(
+pub struct SchnorrProtocol<G: Group + GroupEncoding>(
     pub GroupMorphismPreimage<G>,
 );
 
 impl<G> SigmaProtocol for SchnorrProtocol<G>
 where
-    G: Group + GroupEncoding + GroupSerialisation,
+    G: Group + GroupEncoding,
 {
     type Commitment = Vec<G>;
     type ProverState = (Vec<<G as Group>::Scalar>, Vec<<G as Group>::Scalar>);
@@ -94,12 +95,12 @@ where
 
         // Serialize commitments
         for commit in commitment.iter().take(commit_nb) {
-            bytes.extend_from_slice(&G::serialize_element(commit));
+            bytes.extend_from_slice(&serialize_element(commit));
         }
 
         // Serialize responses
         for response in response.iter().take(response_nb) {
-            bytes.extend_from_slice(&G::serialize_scalar(response));
+            bytes.extend_from_slice(&serialize_scalar::<G>(response));
         }
         Ok(bytes)
     }
@@ -130,7 +131,7 @@ where
             let end = start + commit_size;
 
             let slice = &data[start..end];
-            let elem = G::deserialize_element(slice).ok_or(ProofError::GroupSerialisationFailure)?;
+            let elem = deserialize_element(slice).ok_or(ProofError::GroupSerialisationFailure)?;
             commitments.push(elem);
         }
 
@@ -139,7 +140,7 @@ where
             let end = start + response_size;
 
             let slice = &data[start..end];
-            let scalar = G::deserialize_scalar(slice).ok_or(ProofError::GroupSerialisationFailure)?;
+            let scalar = deserialize_scalar::<G>(slice).ok_or(ProofError::GroupSerialisationFailure)?;
             responses.push(scalar);
         }
 
@@ -149,7 +150,7 @@ where
 
 impl<G> CompactProtocol for SchnorrProtocol<G>
 where
-    G: Group + GroupEncoding + GroupSerialisation,
+    G: Group + GroupEncoding,
 {
     fn get_commitment(
         &self,
@@ -177,11 +178,11 @@ where
         let response_nb = self.0.morphism.num_scalars;
 
         // Serialize challenge
-        bytes.extend_from_slice(&G::serialize_scalar(challenge));
+        bytes.extend_from_slice(&serialize_scalar::<G>(challenge));
 
         // Serialize responses
         for response in response.iter().take(response_nb) {
-            bytes.extend_from_slice(&G::serialize_scalar(response));
+            bytes.extend_from_slice(&serialize_scalar::<G>(response));
         }
         Ok(bytes)
     }
@@ -205,14 +206,14 @@ where
         let mut responses: Self::Response = Vec::new();
 
         let slice = &data[0..response_size];
-        let challenge = G::deserialize_scalar(slice).ok_or(ProofError::GroupSerialisationFailure)?;
+        let challenge = deserialize_scalar::<G>(slice).ok_or(ProofError::GroupSerialisationFailure)?;
 
         for i in 0..response_nb {
             let start = (i + 1) * response_size;
             let end = start + response_size;
 
             let slice = &data[start..end];
-            let scalar = G::deserialize_scalar(slice).ok_or(ProofError::GroupSerialisationFailure)?;
+            let scalar = deserialize_scalar::<G>(slice).ok_or(ProofError::GroupSerialisationFailure)?;
             responses.push(scalar);
         }