feat(protocols): enhance error handling and improve AND/OR composition

- feat: add error handling for prover_commit and prover_response in SigmaProtocol trait
- feat: redesign AND/OR composition protocols to support any number of SchnorrProtocol instances
- feat: enable Fiat-Shamir transformations for AND/OR composition protocols
- test: implement comprehensive tests for new AND/OR protocol functionality

Author: nougzarm

src/errors.rs

@@ -23,5 +23,8 @@ pub enum ProofError {
     NotImplemented(&'static str),
     /// Serialization of a group element/scalar failed
     #[error("Serialization of a group element/scalar failed")]
+    /// Other error
     GroupSerializationFailure,
+    #[error("Other")]
+    Other,
 }

src/fiat_shamir.rs

@@ -62,10 +62,10 @@ where
         &mut self,
         witness: &P::Witness,
         rng: &mut (impl RngCore + CryptoRng),
-    ) -> (P::Commitment, P::Challenge, P::Response) {
+    ) -> Result<(P::Commitment, P::Challenge, P::Response), ProofError> {
         let mut codec = self.hash_state.clone();
 
-        let (commitment, prover_state) = self.sigmap.prover_commit(witness, rng);
+        let (commitment, prover_state) = self.sigmap.prover_commit(witness, rng)?;
         // Commitment data for challenge generation
         let mut data = Vec::new();
         for commit in &commitment {
@@ -74,13 +74,10 @@ where
         // Fiat Shamir challenge
         let challenge = codec.prover_message(&data).verifier_challenge();
         // Prover's response
-        let response = self.sigmap.prover_response(prover_state, &challenge);
+        let response = self.sigmap.prover_response(prover_state, &challenge)?;
         // Local verification of the proof
-        assert!(self
-            .sigmap
-            .verifier(&commitment, &challenge, &response)
-            .is_ok());
-        (commitment, challenge, response)
+        self.sigmap.verifier(&commitment, &challenge, &response)?;
+        Ok((commitment, challenge, response))
     }
 
     /// Verify a non-interactive proof and returns a Result: `Ok(())` if the proof verifies successfully, `Err(())` otherwise.
@@ -110,11 +107,12 @@ where
         &mut self,
         witness: &P::Witness,
         rng: &mut (impl RngCore + CryptoRng),
-    ) -> Vec<u8> {
-        let (commitment, challenge, response) = self.prove(witness, rng);
-        self.sigmap
+    ) -> Result<Vec<u8>, ProofError> {
+        let (commitment, challenge, response) = self.prove(witness, rng)?;
+        Ok(self
+            .sigmap
             .serialize_batchable(&commitment, &challenge, &response)
-            .unwrap()
+            .unwrap())
     }
 
     pub fn verify_batchable(&mut self, proof: &[u8]) -> Result<(), ProofError> {
@@ -144,17 +142,18 @@ where
         &mut self,
         witness: &P::Witness,
         rng: &mut (impl RngCore + CryptoRng),
-    ) -> Vec<u8> {
-        let (commitment, challenge, response) = self.prove(witness, rng);
-        self.sigmap
+    ) -> Result<Vec<u8>, ProofError> {
+        let (commitment, challenge, response) = self.prove(witness, rng)?;
+        Ok(self
+            .sigmap
             .serialize_compact(&commitment, &challenge, &response)
-            .unwrap()
+            .unwrap())
     }
 
     pub fn verify_compact(&mut self, proof: &[u8]) -> Result<(), ProofError> {
         let (challenge, response) = self.sigmap.deserialize_compact(proof).unwrap();
         // Compute the commitments
-        let commitment = self.sigmap.get_commitment(&challenge, &response);
+        let commitment = self.sigmap.get_commitment(&challenge, &response)?;
         // Verify the proof
         self.verify(&commitment, &challenge, &response)
     }

src/group_morphism.rs

@@ -174,9 +174,7 @@ where
         self.morphism
             .group_elements
             .extend(iter::repeat(G::identity()).take(n));
-        let points = (start..start + n)
-            .map(PointVar)
-            .collect::<Vec<_>>();
+        let points = (start..start + n).map(PointVar).collect::<Vec<_>>();
         self.morphism.num_elements += n;
         points
     }

src/proof_builder.rs

@@ -16,10 +16,7 @@
 use group::{Group, GroupEncoding};
 use rand::{CryptoRng, RngCore};
 
-use crate::{
-    codec::ShakeCodec, GroupMorphismPreimage, NISigmaProtocol, PointVar, ProofError, ScalarVar,
-    SchnorrProtocol,
-};
+use crate::{codec::ShakeCodec, NISigmaProtocol, PointVar, ProofError, ScalarVar, SchnorrProtocol};
 
 /// A builder that helps construct Sigma proofs for linear group relations.
 ///
@@ -44,7 +41,7 @@ where
 {
     /// Creates a new proof builder with a Schnorr protocol instance using the given domain separator.
     pub fn new(domain_sep: &[u8]) -> Self {
-        let schnorr_protocol = SchnorrProtocol(GroupMorphismPreimage::<G>::new());
+        let schnorr_protocol = SchnorrProtocol::<G>::new();
         let protocol = NISigmaProtocol::<SchnorrProtocol<G>, ShakeCodec<G>, G>::new(
             domain_sep,
             schnorr_protocol,
@@ -59,36 +56,36 @@ where
     /// - `lhs`: The variable representing the left-hand group element
     /// - `rhs`: A list of (scalar variable, point variable) tuples for the linear combination
     pub fn append_equation(&mut self, lhs: PointVar, rhs: &[(ScalarVar, PointVar)]) {
-        self.protocol.sigmap.0.append_equation(lhs, rhs);
+        self.protocol.sigmap.append_equation(lhs, rhs);
     }
 
     /// Allocates `n` scalar variables for use in the proof.
     ///
     /// Returns a vector of `ScalarVar` indices.
     pub fn allocate_scalars(&mut self, n: usize) -> Vec<ScalarVar> {
-        self.protocol.sigmap.0.allocate_scalars(n)
+        self.protocol.sigmap.allocate_scalars(n)
     }
 
     /// Allocates `n` point variables (group elements) for use in the proof.
     ///
     /// Returns a vector of `PointVar` indices.
     pub fn allocate_elements(&mut self, n: usize) -> Vec<PointVar> {
-        self.protocol.sigmap.0.allocate_elements(n)
+        self.protocol.sigmap.allocate_elements(n)
     }
 
     /// Assigns specific group elements to point variables (indices).
     ///
     /// # Parameters
     /// - `elements`: A list of `(PointVar, GroupElement)` pairs
     pub fn set_elements(&mut self, elements: &[(PointVar, G)]) {
-        self.protocol.sigmap.0.set_elements(elements);
+        self.protocol.sigmap.set_elements(elements);
     }
 
     /// Returns the expected group element results (`lhs`) of the current equations.
     ///
     /// This corresponds to the image values of the equations under the morphism.
     pub fn image(&self) -> Vec<G> {
-        self.protocol.sigmap.0.image()
+        self.protocol.sigmap.image()
     }
 
     /// Generates a non-interactive zero-knowledge proof for the current statement using the given witness.
@@ -103,7 +100,7 @@ where
         &mut self,
         witness: &[<G as Group>::Scalar],
         rng: &mut (impl RngCore + CryptoRng),
-    ) -> Vec<u8> {
+    ) -> Result<Vec<u8>, ProofError> {
         let witness_tmp = witness.to_vec();
         self.protocol.prove_batchable(&witness_tmp, rng)
     }
@@ -131,7 +128,7 @@ where
         &mut self,
         witness: &[<G as Group>::Scalar],
         rng: &mut (impl RngCore + CryptoRng),
-    ) -> Vec<u8> {
+    ) -> Result<Vec<u8>, ProofError> {
         let witness_tmp = witness.to_vec();
         self.protocol.prove_compact(&witness_tmp, rng)
     }