diff --git a/ecc/bls12-377/fr/pedersen/pedersen.go b/ecc/bls12-377/fr/pedersen/pedersen.go index 9670e85c5..1ff3fda8d 100644 --- a/ecc/bls12-377/fr/pedersen/pedersen.go +++ b/ecc/bls12-377/fr/pedersen/pedersen.go @@ -33,8 +33,8 @@ type ProvingKey struct { } type VerifyingKey struct { - G curve.G2Affine - GSigma curve.G2Affine // GRootSigmaNeg = G^{-σ} + G curve.G2Affine + GSigmaNeg curve.G2Affine // GSigmaNeg = G^{-σ} } func randomFrSizedBytes() ([]byte, error) { @@ -94,7 +94,7 @@ func Setup(bases [][]curve.G1Affine, options ...SetupOption) (pk []ProvingKey, v sigma.Add(sigma, big.NewInt(1)) sigmaNeg := new(big.Int).Neg(sigma) - vk.GSigma.ScalarMultiplication(&vk.G, sigmaNeg) + vk.GSigmaNeg.ScalarMultiplication(&vk.G, sigmaNeg) pk = make([]ProvingKey, len(bases)) for i := range bases { @@ -211,7 +211,7 @@ func (vk *VerifyingKey) Verify(commitment curve.G1Affine, knowledgeProof curve.G return errors.New("subgroup check failed") } - if isOne, err := curve.PairingCheck([]curve.G1Affine{commitment, knowledgeProof}, []curve.G2Affine{vk.GSigma, vk.G}); err != nil { + if isOne, err := curve.PairingCheck([]curve.G1Affine{commitment, knowledgeProof}, []curve.G2Affine{vk.GSigmaNeg, vk.G}); err != nil { return err } else if !isOne { return errors.New("proof rejected") @@ -262,7 +262,7 @@ func BatchVerifyMultiVk(vk []VerifyingKey, commitments []curve.G1Affine, pok []c pairingG1[0] = commitments[0] var rI big.Int for i := range vk { - pairingG2[i] = vk[i].GSigma + pairingG2[i] = vk[i].GSigmaNeg if i != 0 { r.BigInt(&rI) pairingG1[i].ScalarMultiplication(&commitments[i], &rI) @@ -337,7 +337,7 @@ func (vk *VerifyingKey) writeTo(enc *curve.Encoder) (int64, error) { if err = enc.Encode(&vk.G); err != nil { return enc.BytesWritten(), err } - err = enc.Encode(&vk.GSigma) + err = enc.Encode(&vk.GSigmaNeg) return enc.BytesWritten(), err } @@ -356,6 +356,6 @@ func (vk *VerifyingKey) readFrom(r io.Reader, decOptions ...func(*curve.Decoder) if err = dec.Decode(&vk.G); err != nil { return dec.BytesRead(), err } - err = dec.Decode(&vk.GSigma) + err = dec.Decode(&vk.GSigmaNeg) return dec.BytesRead(), err } diff --git a/ecc/bls12-377/fr/pedersen/pedersen_test.go b/ecc/bls12-377/fr/pedersen/pedersen_test.go index 227579ca9..80718aa75 100644 --- a/ecc/bls12-377/fr/pedersen/pedersen_test.go +++ b/ecc/bls12-377/fr/pedersen/pedersen_test.go @@ -180,7 +180,7 @@ func TestMarshal(t *testing.T) { ) vk.G, err = curve.RandomOnG2() assert.NoError(t, err) - vk.GSigma, err = curve.RandomOnG2() + vk.GSigmaNeg, err = curve.RandomOnG2() assert.NoError(t, err) t.Run("ProvingKey -> Bytes -> ProvingKey must remain identical.", testutils.SerializationRoundTrip(&pk)) diff --git a/ecc/bls12-381/fr/pedersen/pedersen.go b/ecc/bls12-381/fr/pedersen/pedersen.go index e49828fc7..09830a775 100644 --- a/ecc/bls12-381/fr/pedersen/pedersen.go +++ b/ecc/bls12-381/fr/pedersen/pedersen.go @@ -33,8 +33,8 @@ type ProvingKey struct { } type VerifyingKey struct { - G curve.G2Affine - GSigma curve.G2Affine // GRootSigmaNeg = G^{-σ} + G curve.G2Affine + GSigmaNeg curve.G2Affine // GSigmaNeg = G^{-σ} } func randomFrSizedBytes() ([]byte, error) { @@ -94,7 +94,7 @@ func Setup(bases [][]curve.G1Affine, options ...SetupOption) (pk []ProvingKey, v sigma.Add(sigma, big.NewInt(1)) sigmaNeg := new(big.Int).Neg(sigma) - vk.GSigma.ScalarMultiplication(&vk.G, sigmaNeg) + vk.GSigmaNeg.ScalarMultiplication(&vk.G, sigmaNeg) pk = make([]ProvingKey, len(bases)) for i := range bases { @@ -211,7 +211,7 @@ func (vk *VerifyingKey) Verify(commitment curve.G1Affine, knowledgeProof curve.G return errors.New("subgroup check failed") } - if isOne, err := curve.PairingCheck([]curve.G1Affine{commitment, knowledgeProof}, []curve.G2Affine{vk.GSigma, vk.G}); err != nil { + if isOne, err := curve.PairingCheck([]curve.G1Affine{commitment, knowledgeProof}, []curve.G2Affine{vk.GSigmaNeg, vk.G}); err != nil { return err } else if !isOne { return errors.New("proof rejected") @@ -262,7 +262,7 @@ func BatchVerifyMultiVk(vk []VerifyingKey, commitments []curve.G1Affine, pok []c pairingG1[0] = commitments[0] var rI big.Int for i := range vk { - pairingG2[i] = vk[i].GSigma + pairingG2[i] = vk[i].GSigmaNeg if i != 0 { r.BigInt(&rI) pairingG1[i].ScalarMultiplication(&commitments[i], &rI) @@ -337,7 +337,7 @@ func (vk *VerifyingKey) writeTo(enc *curve.Encoder) (int64, error) { if err = enc.Encode(&vk.G); err != nil { return enc.BytesWritten(), err } - err = enc.Encode(&vk.GSigma) + err = enc.Encode(&vk.GSigmaNeg) return enc.BytesWritten(), err } @@ -356,6 +356,6 @@ func (vk *VerifyingKey) readFrom(r io.Reader, decOptions ...func(*curve.Decoder) if err = dec.Decode(&vk.G); err != nil { return dec.BytesRead(), err } - err = dec.Decode(&vk.GSigma) + err = dec.Decode(&vk.GSigmaNeg) return dec.BytesRead(), err } diff --git a/ecc/bls12-381/fr/pedersen/pedersen_test.go b/ecc/bls12-381/fr/pedersen/pedersen_test.go index ab04d7813..833f0c66a 100644 --- a/ecc/bls12-381/fr/pedersen/pedersen_test.go +++ b/ecc/bls12-381/fr/pedersen/pedersen_test.go @@ -180,7 +180,7 @@ func TestMarshal(t *testing.T) { ) vk.G, err = curve.RandomOnG2() assert.NoError(t, err) - vk.GSigma, err = curve.RandomOnG2() + vk.GSigmaNeg, err = curve.RandomOnG2() assert.NoError(t, err) t.Run("ProvingKey -> Bytes -> ProvingKey must remain identical.", testutils.SerializationRoundTrip(&pk)) diff --git a/ecc/bls24-315/fr/pedersen/pedersen.go b/ecc/bls24-315/fr/pedersen/pedersen.go index 65375a022..8bc6fef45 100644 --- a/ecc/bls24-315/fr/pedersen/pedersen.go +++ b/ecc/bls24-315/fr/pedersen/pedersen.go @@ -33,8 +33,8 @@ type ProvingKey struct { } type VerifyingKey struct { - G curve.G2Affine - GSigma curve.G2Affine // GRootSigmaNeg = G^{-σ} + G curve.G2Affine + GSigmaNeg curve.G2Affine // GSigmaNeg = G^{-σ} } func randomFrSizedBytes() ([]byte, error) { @@ -94,7 +94,7 @@ func Setup(bases [][]curve.G1Affine, options ...SetupOption) (pk []ProvingKey, v sigma.Add(sigma, big.NewInt(1)) sigmaNeg := new(big.Int).Neg(sigma) - vk.GSigma.ScalarMultiplication(&vk.G, sigmaNeg) + vk.GSigmaNeg.ScalarMultiplication(&vk.G, sigmaNeg) pk = make([]ProvingKey, len(bases)) for i := range bases { @@ -211,7 +211,7 @@ func (vk *VerifyingKey) Verify(commitment curve.G1Affine, knowledgeProof curve.G return errors.New("subgroup check failed") } - if isOne, err := curve.PairingCheck([]curve.G1Affine{commitment, knowledgeProof}, []curve.G2Affine{vk.GSigma, vk.G}); err != nil { + if isOne, err := curve.PairingCheck([]curve.G1Affine{commitment, knowledgeProof}, []curve.G2Affine{vk.GSigmaNeg, vk.G}); err != nil { return err } else if !isOne { return errors.New("proof rejected") @@ -262,7 +262,7 @@ func BatchVerifyMultiVk(vk []VerifyingKey, commitments []curve.G1Affine, pok []c pairingG1[0] = commitments[0] var rI big.Int for i := range vk { - pairingG2[i] = vk[i].GSigma + pairingG2[i] = vk[i].GSigmaNeg if i != 0 { r.BigInt(&rI) pairingG1[i].ScalarMultiplication(&commitments[i], &rI) @@ -337,7 +337,7 @@ func (vk *VerifyingKey) writeTo(enc *curve.Encoder) (int64, error) { if err = enc.Encode(&vk.G); err != nil { return enc.BytesWritten(), err } - err = enc.Encode(&vk.GSigma) + err = enc.Encode(&vk.GSigmaNeg) return enc.BytesWritten(), err } @@ -356,6 +356,6 @@ func (vk *VerifyingKey) readFrom(r io.Reader, decOptions ...func(*curve.Decoder) if err = dec.Decode(&vk.G); err != nil { return dec.BytesRead(), err } - err = dec.Decode(&vk.GSigma) + err = dec.Decode(&vk.GSigmaNeg) return dec.BytesRead(), err } diff --git a/ecc/bls24-315/fr/pedersen/pedersen_test.go b/ecc/bls24-315/fr/pedersen/pedersen_test.go index 78fbae523..5c162db58 100644 --- a/ecc/bls24-315/fr/pedersen/pedersen_test.go +++ b/ecc/bls24-315/fr/pedersen/pedersen_test.go @@ -180,7 +180,7 @@ func TestMarshal(t *testing.T) { ) vk.G, err = curve.RandomOnG2() assert.NoError(t, err) - vk.GSigma, err = curve.RandomOnG2() + vk.GSigmaNeg, err = curve.RandomOnG2() assert.NoError(t, err) t.Run("ProvingKey -> Bytes -> ProvingKey must remain identical.", testutils.SerializationRoundTrip(&pk)) diff --git a/ecc/bls24-317/fr/pedersen/pedersen.go b/ecc/bls24-317/fr/pedersen/pedersen.go index bbf2b51d5..9fca8b9fc 100644 --- a/ecc/bls24-317/fr/pedersen/pedersen.go +++ b/ecc/bls24-317/fr/pedersen/pedersen.go @@ -33,8 +33,8 @@ type ProvingKey struct { } type VerifyingKey struct { - G curve.G2Affine - GSigma curve.G2Affine // GRootSigmaNeg = G^{-σ} + G curve.G2Affine + GSigmaNeg curve.G2Affine // GSigmaNeg = G^{-σ} } func randomFrSizedBytes() ([]byte, error) { @@ -94,7 +94,7 @@ func Setup(bases [][]curve.G1Affine, options ...SetupOption) (pk []ProvingKey, v sigma.Add(sigma, big.NewInt(1)) sigmaNeg := new(big.Int).Neg(sigma) - vk.GSigma.ScalarMultiplication(&vk.G, sigmaNeg) + vk.GSigmaNeg.ScalarMultiplication(&vk.G, sigmaNeg) pk = make([]ProvingKey, len(bases)) for i := range bases { @@ -211,7 +211,7 @@ func (vk *VerifyingKey) Verify(commitment curve.G1Affine, knowledgeProof curve.G return errors.New("subgroup check failed") } - if isOne, err := curve.PairingCheck([]curve.G1Affine{commitment, knowledgeProof}, []curve.G2Affine{vk.GSigma, vk.G}); err != nil { + if isOne, err := curve.PairingCheck([]curve.G1Affine{commitment, knowledgeProof}, []curve.G2Affine{vk.GSigmaNeg, vk.G}); err != nil { return err } else if !isOne { return errors.New("proof rejected") @@ -262,7 +262,7 @@ func BatchVerifyMultiVk(vk []VerifyingKey, commitments []curve.G1Affine, pok []c pairingG1[0] = commitments[0] var rI big.Int for i := range vk { - pairingG2[i] = vk[i].GSigma + pairingG2[i] = vk[i].GSigmaNeg if i != 0 { r.BigInt(&rI) pairingG1[i].ScalarMultiplication(&commitments[i], &rI) @@ -337,7 +337,7 @@ func (vk *VerifyingKey) writeTo(enc *curve.Encoder) (int64, error) { if err = enc.Encode(&vk.G); err != nil { return enc.BytesWritten(), err } - err = enc.Encode(&vk.GSigma) + err = enc.Encode(&vk.GSigmaNeg) return enc.BytesWritten(), err } @@ -356,6 +356,6 @@ func (vk *VerifyingKey) readFrom(r io.Reader, decOptions ...func(*curve.Decoder) if err = dec.Decode(&vk.G); err != nil { return dec.BytesRead(), err } - err = dec.Decode(&vk.GSigma) + err = dec.Decode(&vk.GSigmaNeg) return dec.BytesRead(), err } diff --git a/ecc/bls24-317/fr/pedersen/pedersen_test.go b/ecc/bls24-317/fr/pedersen/pedersen_test.go index 9d3d35915..b732b3e02 100644 --- a/ecc/bls24-317/fr/pedersen/pedersen_test.go +++ b/ecc/bls24-317/fr/pedersen/pedersen_test.go @@ -180,7 +180,7 @@ func TestMarshal(t *testing.T) { ) vk.G, err = curve.RandomOnG2() assert.NoError(t, err) - vk.GSigma, err = curve.RandomOnG2() + vk.GSigmaNeg, err = curve.RandomOnG2() assert.NoError(t, err) t.Run("ProvingKey -> Bytes -> ProvingKey must remain identical.", testutils.SerializationRoundTrip(&pk)) diff --git a/ecc/bn254/fr/pedersen/pedersen.go b/ecc/bn254/fr/pedersen/pedersen.go index 81e55ebb4..1d0969fad 100644 --- a/ecc/bn254/fr/pedersen/pedersen.go +++ b/ecc/bn254/fr/pedersen/pedersen.go @@ -33,8 +33,8 @@ type ProvingKey struct { } type VerifyingKey struct { - G curve.G2Affine - GSigma curve.G2Affine // GRootSigmaNeg = G^{-σ} + G curve.G2Affine + GSigmaNeg curve.G2Affine // GSigmaNeg = G^{-σ} } func randomFrSizedBytes() ([]byte, error) { @@ -94,7 +94,7 @@ func Setup(bases [][]curve.G1Affine, options ...SetupOption) (pk []ProvingKey, v sigma.Add(sigma, big.NewInt(1)) sigmaNeg := new(big.Int).Neg(sigma) - vk.GSigma.ScalarMultiplication(&vk.G, sigmaNeg) + vk.GSigmaNeg.ScalarMultiplication(&vk.G, sigmaNeg) pk = make([]ProvingKey, len(bases)) for i := range bases { @@ -211,7 +211,7 @@ func (vk *VerifyingKey) Verify(commitment curve.G1Affine, knowledgeProof curve.G return errors.New("subgroup check failed") } - if isOne, err := curve.PairingCheck([]curve.G1Affine{commitment, knowledgeProof}, []curve.G2Affine{vk.GSigma, vk.G}); err != nil { + if isOne, err := curve.PairingCheck([]curve.G1Affine{commitment, knowledgeProof}, []curve.G2Affine{vk.GSigmaNeg, vk.G}); err != nil { return err } else if !isOne { return errors.New("proof rejected") @@ -262,7 +262,7 @@ func BatchVerifyMultiVk(vk []VerifyingKey, commitments []curve.G1Affine, pok []c pairingG1[0] = commitments[0] var rI big.Int for i := range vk { - pairingG2[i] = vk[i].GSigma + pairingG2[i] = vk[i].GSigmaNeg if i != 0 { r.BigInt(&rI) pairingG1[i].ScalarMultiplication(&commitments[i], &rI) @@ -337,7 +337,7 @@ func (vk *VerifyingKey) writeTo(enc *curve.Encoder) (int64, error) { if err = enc.Encode(&vk.G); err != nil { return enc.BytesWritten(), err } - err = enc.Encode(&vk.GSigma) + err = enc.Encode(&vk.GSigmaNeg) return enc.BytesWritten(), err } @@ -356,6 +356,6 @@ func (vk *VerifyingKey) readFrom(r io.Reader, decOptions ...func(*curve.Decoder) if err = dec.Decode(&vk.G); err != nil { return dec.BytesRead(), err } - err = dec.Decode(&vk.GSigma) + err = dec.Decode(&vk.GSigmaNeg) return dec.BytesRead(), err } diff --git a/ecc/bn254/fr/pedersen/pedersen_test.go b/ecc/bn254/fr/pedersen/pedersen_test.go index 0aafe1a62..1dc736cdd 100644 --- a/ecc/bn254/fr/pedersen/pedersen_test.go +++ b/ecc/bn254/fr/pedersen/pedersen_test.go @@ -180,7 +180,7 @@ func TestMarshal(t *testing.T) { ) vk.G, err = curve.RandomOnG2() assert.NoError(t, err) - vk.GSigma, err = curve.RandomOnG2() + vk.GSigmaNeg, err = curve.RandomOnG2() assert.NoError(t, err) t.Run("ProvingKey -> Bytes -> ProvingKey must remain identical.", testutils.SerializationRoundTrip(&pk)) diff --git a/ecc/bw6-633/fr/pedersen/pedersen.go b/ecc/bw6-633/fr/pedersen/pedersen.go index 832088a1c..be584fdcd 100644 --- a/ecc/bw6-633/fr/pedersen/pedersen.go +++ b/ecc/bw6-633/fr/pedersen/pedersen.go @@ -33,8 +33,8 @@ type ProvingKey struct { } type VerifyingKey struct { - G curve.G2Affine - GSigma curve.G2Affine // GRootSigmaNeg = G^{-σ} + G curve.G2Affine + GSigmaNeg curve.G2Affine // GSigmaNeg = G^{-σ} } func randomFrSizedBytes() ([]byte, error) { @@ -94,7 +94,7 @@ func Setup(bases [][]curve.G1Affine, options ...SetupOption) (pk []ProvingKey, v sigma.Add(sigma, big.NewInt(1)) sigmaNeg := new(big.Int).Neg(sigma) - vk.GSigma.ScalarMultiplication(&vk.G, sigmaNeg) + vk.GSigmaNeg.ScalarMultiplication(&vk.G, sigmaNeg) pk = make([]ProvingKey, len(bases)) for i := range bases { @@ -211,7 +211,7 @@ func (vk *VerifyingKey) Verify(commitment curve.G1Affine, knowledgeProof curve.G return errors.New("subgroup check failed") } - if isOne, err := curve.PairingCheck([]curve.G1Affine{commitment, knowledgeProof}, []curve.G2Affine{vk.GSigma, vk.G}); err != nil { + if isOne, err := curve.PairingCheck([]curve.G1Affine{commitment, knowledgeProof}, []curve.G2Affine{vk.GSigmaNeg, vk.G}); err != nil { return err } else if !isOne { return errors.New("proof rejected") @@ -262,7 +262,7 @@ func BatchVerifyMultiVk(vk []VerifyingKey, commitments []curve.G1Affine, pok []c pairingG1[0] = commitments[0] var rI big.Int for i := range vk { - pairingG2[i] = vk[i].GSigma + pairingG2[i] = vk[i].GSigmaNeg if i != 0 { r.BigInt(&rI) pairingG1[i].ScalarMultiplication(&commitments[i], &rI) @@ -337,7 +337,7 @@ func (vk *VerifyingKey) writeTo(enc *curve.Encoder) (int64, error) { if err = enc.Encode(&vk.G); err != nil { return enc.BytesWritten(), err } - err = enc.Encode(&vk.GSigma) + err = enc.Encode(&vk.GSigmaNeg) return enc.BytesWritten(), err } @@ -356,6 +356,6 @@ func (vk *VerifyingKey) readFrom(r io.Reader, decOptions ...func(*curve.Decoder) if err = dec.Decode(&vk.G); err != nil { return dec.BytesRead(), err } - err = dec.Decode(&vk.GSigma) + err = dec.Decode(&vk.GSigmaNeg) return dec.BytesRead(), err } diff --git a/ecc/bw6-633/fr/pedersen/pedersen_test.go b/ecc/bw6-633/fr/pedersen/pedersen_test.go index f8389334d..24e4e6094 100644 --- a/ecc/bw6-633/fr/pedersen/pedersen_test.go +++ b/ecc/bw6-633/fr/pedersen/pedersen_test.go @@ -180,7 +180,7 @@ func TestMarshal(t *testing.T) { ) vk.G, err = curve.RandomOnG2() assert.NoError(t, err) - vk.GSigma, err = curve.RandomOnG2() + vk.GSigmaNeg, err = curve.RandomOnG2() assert.NoError(t, err) t.Run("ProvingKey -> Bytes -> ProvingKey must remain identical.", testutils.SerializationRoundTrip(&pk)) diff --git a/ecc/bw6-761/fr/pedersen/pedersen.go b/ecc/bw6-761/fr/pedersen/pedersen.go index 35860442d..8b761fe4a 100644 --- a/ecc/bw6-761/fr/pedersen/pedersen.go +++ b/ecc/bw6-761/fr/pedersen/pedersen.go @@ -33,8 +33,8 @@ type ProvingKey struct { } type VerifyingKey struct { - G curve.G2Affine - GSigma curve.G2Affine // GRootSigmaNeg = G^{-σ} + G curve.G2Affine + GSigmaNeg curve.G2Affine // GSigmaNeg = G^{-σ} } func randomFrSizedBytes() ([]byte, error) { @@ -94,7 +94,7 @@ func Setup(bases [][]curve.G1Affine, options ...SetupOption) (pk []ProvingKey, v sigma.Add(sigma, big.NewInt(1)) sigmaNeg := new(big.Int).Neg(sigma) - vk.GSigma.ScalarMultiplication(&vk.G, sigmaNeg) + vk.GSigmaNeg.ScalarMultiplication(&vk.G, sigmaNeg) pk = make([]ProvingKey, len(bases)) for i := range bases { @@ -211,7 +211,7 @@ func (vk *VerifyingKey) Verify(commitment curve.G1Affine, knowledgeProof curve.G return errors.New("subgroup check failed") } - if isOne, err := curve.PairingCheck([]curve.G1Affine{commitment, knowledgeProof}, []curve.G2Affine{vk.GSigma, vk.G}); err != nil { + if isOne, err := curve.PairingCheck([]curve.G1Affine{commitment, knowledgeProof}, []curve.G2Affine{vk.GSigmaNeg, vk.G}); err != nil { return err } else if !isOne { return errors.New("proof rejected") @@ -262,7 +262,7 @@ func BatchVerifyMultiVk(vk []VerifyingKey, commitments []curve.G1Affine, pok []c pairingG1[0] = commitments[0] var rI big.Int for i := range vk { - pairingG2[i] = vk[i].GSigma + pairingG2[i] = vk[i].GSigmaNeg if i != 0 { r.BigInt(&rI) pairingG1[i].ScalarMultiplication(&commitments[i], &rI) @@ -337,7 +337,7 @@ func (vk *VerifyingKey) writeTo(enc *curve.Encoder) (int64, error) { if err = enc.Encode(&vk.G); err != nil { return enc.BytesWritten(), err } - err = enc.Encode(&vk.GSigma) + err = enc.Encode(&vk.GSigmaNeg) return enc.BytesWritten(), err } @@ -356,6 +356,6 @@ func (vk *VerifyingKey) readFrom(r io.Reader, decOptions ...func(*curve.Decoder) if err = dec.Decode(&vk.G); err != nil { return dec.BytesRead(), err } - err = dec.Decode(&vk.GSigma) + err = dec.Decode(&vk.GSigmaNeg) return dec.BytesRead(), err } diff --git a/ecc/bw6-761/fr/pedersen/pedersen_test.go b/ecc/bw6-761/fr/pedersen/pedersen_test.go index 5a0bb9603..d8ba4a1f1 100644 --- a/ecc/bw6-761/fr/pedersen/pedersen_test.go +++ b/ecc/bw6-761/fr/pedersen/pedersen_test.go @@ -180,7 +180,7 @@ func TestMarshal(t *testing.T) { ) vk.G, err = curve.RandomOnG2() assert.NoError(t, err) - vk.GSigma, err = curve.RandomOnG2() + vk.GSigmaNeg, err = curve.RandomOnG2() assert.NoError(t, err) t.Run("ProvingKey -> Bytes -> ProvingKey must remain identical.", testutils.SerializationRoundTrip(&pk)) diff --git a/internal/generator/pedersen/template/pedersen.go.tmpl b/internal/generator/pedersen/template/pedersen.go.tmpl index 496b9c253..3497987dc 100644 --- a/internal/generator/pedersen/template/pedersen.go.tmpl +++ b/internal/generator/pedersen/template/pedersen.go.tmpl @@ -16,7 +16,7 @@ type ProvingKey struct { type VerifyingKey struct { G curve.G2Affine - GSigma curve.G2Affine // GRootSigmaNeg = G^{-σ} + GSigmaNeg curve.G2Affine // GSigmaNeg = G^{-σ} } func randomFrSizedBytes() ([]byte, error) { @@ -76,7 +76,7 @@ func Setup(bases [][]curve.G1Affine, options ...SetupOption) (pk []ProvingKey, v sigma.Add(sigma, big.NewInt(1)) sigmaNeg := new(big.Int).Neg(sigma) - vk.GSigma.ScalarMultiplication(&vk.G, sigmaNeg) + vk.GSigmaNeg.ScalarMultiplication(&vk.G, sigmaNeg) pk = make([]ProvingKey, len(bases)) for i := range bases { @@ -193,7 +193,7 @@ func (vk *VerifyingKey) Verify(commitment curve.G1Affine, knowledgeProof curve.G return errors.New("subgroup check failed") } - if isOne, err := curve.PairingCheck([]curve.G1Affine{commitment, knowledgeProof}, []curve.G2Affine{vk.GSigma, vk.G}); err != nil { + if isOne, err := curve.PairingCheck([]curve.G1Affine{commitment, knowledgeProof}, []curve.G2Affine{vk.GSigmaNeg, vk.G}); err != nil { return err } else if !isOne { return errors.New("proof rejected") @@ -244,7 +244,7 @@ func BatchVerifyMultiVk(vk []VerifyingKey, commitments []curve.G1Affine, pok []c pairingG1[0] = commitments[0] var rI big.Int for i := range vk { - pairingG2[i] = vk[i].GSigma + pairingG2[i] = vk[i].GSigmaNeg if i != 0 { r.BigInt(&rI) pairingG1[i].ScalarMultiplication(&commitments[i], &rI) @@ -319,7 +319,7 @@ func (vk *VerifyingKey) writeTo(enc *curve.Encoder) (int64, error) { if err = enc.Encode(&vk.G); err != nil { return enc.BytesWritten(), err } - err = enc.Encode(&vk.GSigma) + err = enc.Encode(&vk.GSigmaNeg) return enc.BytesWritten(), err } @@ -338,6 +338,6 @@ func (vk *VerifyingKey) readFrom(r io.Reader, decOptions ...func(*curve.Decoder) if err = dec.Decode(&vk.G); err != nil { return dec.BytesRead(), err } - err = dec.Decode(&vk.GSigma) + err = dec.Decode(&vk.GSigmaNeg) return dec.BytesRead(), err } \ No newline at end of file diff --git a/internal/generator/pedersen/template/pedersen.test.go.tmpl b/internal/generator/pedersen/template/pedersen.test.go.tmpl index fdfa2f4fd..571e6ece6 100644 --- a/internal/generator/pedersen/template/pedersen.test.go.tmpl +++ b/internal/generator/pedersen/template/pedersen.test.go.tmpl @@ -162,7 +162,7 @@ func TestMarshal(t *testing.T) { ) vk.G, err = curve.RandomOnG2() assert.NoError(t, err) - vk.GSigma, err = curve.RandomOnG2() + vk.GSigmaNeg, err = curve.RandomOnG2() assert.NoError(t, err) t.Run("ProvingKey -> Bytes -> ProvingKey must remain identical.", testutils.SerializationRoundTrip(&pk))