rename fields of signature

Author: curiecrypt

mithril-stm/src/signature_scheme/schnorr_signature/mod.rs

@@ -168,7 +168,7 @@ mod tests {
                 let recovered_signature = SchnorrSignature::from_bytes(&signature_bytes).unwrap();
                 assert_eq!(signature, recovered_signature, "Recovered signature does not match with the original!");
 
-                // Test invalid `sigma`
+                // Test invalid `commitment_point`
                 let mut corrupted_bytes = signature_bytes.clone();
                 corrupted_bytes[31] |= 0xff;
                 let result = SchnorrSignature::from_bytes(&corrupted_bytes).expect_err("From bytes conversion of signature should fail");
@@ -180,7 +180,7 @@ mod tests {
                     "Unexpected error: {result:?}"
                 );
 
-                // Test invalid `signature`
+                // Test invalid `response`
                 let mut corrupted_bytes = signature_bytes.clone();
                 corrupted_bytes[63] |= 0xff;
                 let result = SchnorrSignature::from_bytes(&corrupted_bytes).expect_err("From bytes conversion should fail");

mithril-stm/src/signature_scheme/schnorr_signature/signature.rs

@@ -8,15 +8,15 @@ use crate::StmResult;
 
 /// Structure of the Schnorr signature to use with the SNARK
 ///
-/// This signature includes a value `sigma` which depends only on
+/// This signature includes a value `commitment_point` which depends only on
 /// the message and the signing key.
 /// This value is used in the lottery process to determine the correct indices.
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
 pub struct SchnorrSignature {
     /// Deterministic value depending on the message and secret key
-    pub(crate) sigma: ProjectivePoint,
+    pub(crate) commitment_point: ProjectivePoint,
     /// Part of the Schnorr signature depending on the secret key
-    pub(crate) signature: ScalarFieldElement,
+    pub(crate) response: ScalarFieldElement,
     /// Part of the Schnorr signature NOT depending on the secret key
     pub(crate) challenge: ScalarFieldElement,
 }
@@ -33,11 +33,11 @@ impl SchnorrSignature {
     ///     - Ok(()) if the signature verifies and an error if not
     ///
     /// The protocol computes:
-    ///     - msg_hash = H(Sha256(msg))
-    ///     - random_point_1_recomputed = msg_hash * signature + sigma * challenge
-    ///     - random_point_2_recomputed = generator * signature + verification_key * challenge
+    ///     - msg_hash_point = H(Sha256(msg))
+    ///     - random_point_1_recomputed = response * msg_hash_point + challenge * commitment_point
+    ///     - random_point_2_recomputed = response * prime_order_generator_point + challenge * verification_key
     ///     - challenge_recomputed = Poseidon(DST || H(Sha256(msg)) || verification_key
-    ///     || sigma || random_point_1_recomputed || random_point_2_recomputed)
+    ///     || commitment_point || random_point_1_recomputed || random_point_2_recomputed)
     ///
     /// Check: challenge == challenge_recomputed
     ///
@@ -47,27 +47,30 @@ impl SchnorrSignature {
             .is_valid()
             .with_context(|| "Signature verification failed due to invalid verification key")?;
 
-        let generator = PrimeOrderProjectivePoint::create_generator();
+        let prime_order_generator_point = PrimeOrderProjectivePoint::create_generator();
 
         // First hashing the message to a scalar then hashing it to a curve point
-        let msg_hash = ProjectivePoint::hash_to_projective_point(msg);
+        let msg_hash_point = ProjectivePoint::hash_to_projective_point(msg);
 
-        // Computing R1 = H(msg) * s + sigma * c
-        let msg_hash_times_signature = msg_hash.scalar_multiplication(&self.signature);
-        let sigma_times_challenge = self.sigma.scalar_multiplication(&self.challenge);
-        let random_point_1_recomputed = msg_hash_times_signature.add(sigma_times_challenge);
+        // Computing random_point_1_recomputed = response *  H(msg) + challenge * commitment_point
+        let response_time_msg_hash_point = msg_hash_point.scalar_multiplication(&self.response);
+        let challenge_times_commitment_point =
+            self.commitment_point.scalar_multiplication(&self.challenge);
+        let random_point_1_recomputed =
+            response_time_msg_hash_point.add(challenge_times_commitment_point);
 
-        // Computing R2 = g * s + vk * c
-        let generator_times_signature = generator.scalar_multiplication(&self.signature);
-        let vk_times_challenge = verification_key.0.scalar_multiplication(&self.challenge);
-        let random_point_2_recomputed = generator_times_signature.add(vk_times_challenge);
+        // Computing random_point_2_recomputed = response * prime_order_generator_point + challenge * vk
+        let response_times_generator_point =
+            prime_order_generator_point.scalar_multiplication(&self.response);
+        let challenge_times_vk = verification_key.0.scalar_multiplication(&self.challenge);
+        let random_point_2_recomputed = response_times_generator_point.add(challenge_times_vk);
 
         // Since the hash function takes as input scalar elements
         // We need to convert the EC points to their coordinates
         let points_coordinates = collect_coordinates_of_list_of_points(&[
-            msg_hash,
+            msg_hash_point,
             ProjectivePoint::from_prime_order_projective_point(verification_key.0),
-            self.sigma,
+            self.commitment_point,
             random_point_1_recomputed,
             ProjectivePoint::from_prime_order_projective_point(random_point_2_recomputed),
         ]);
@@ -86,8 +89,8 @@ impl SchnorrSignature {
     /// Convert an `SchnorrSignature` into bytes.
     pub fn to_bytes(self) -> [u8; 96] {
         let mut out = [0; 96];
-        out[0..32].copy_from_slice(&self.sigma.to_bytes());
-        out[32..64].copy_from_slice(&self.signature.to_bytes());
+        out[0..32].copy_from_slice(&self.commitment_point.to_bytes());
+        out[32..64].copy_from_slice(&self.response.to_bytes());
         out[64..96].copy_from_slice(&self.challenge.to_bytes());
 
         out
@@ -106,19 +109,19 @@ impl SchnorrSignature {
             bytes
                 .get(0..32)
                 .ok_or(SchnorrSignatureError::SerializationError)
-                .with_context(|| "Could not get the bytes of `sigma`")?,
+                .with_context(|| "Could not get the bytes of `commitment_point`")?,
         );
-        let sigma = ProjectivePoint::from_bytes(&u8bytes)
-            .with_context(|| "Could not convert bytes to `sigma`")?;
+        let commitment_point = ProjectivePoint::from_bytes(&u8bytes)
+            .with_context(|| "Could not convert bytes to `commitment_point`")?;
 
         u8bytes.copy_from_slice(
             bytes
                 .get(32..64)
                 .ok_or(SchnorrSignatureError::SerializationError)
-                .with_context(|| "Could not get the bytes of `signature`")?,
+                .with_context(|| "Could not get the bytes of `response`")?,
         );
-        let signature = ScalarFieldElement::from_bytes(&u8bytes)
-            .with_context(|| "Could not convert the bytes to `signature`")?;
+        let response = ScalarFieldElement::from_bytes(&u8bytes)
+            .with_context(|| "Could not convert the bytes to `response`")?;
 
         u8bytes.copy_from_slice(
             bytes
@@ -130,8 +133,8 @@ impl SchnorrSignature {
             .with_context(|| "Could not convert bytes to `challenge`")?;
 
         Ok(Self {
-            sigma,
-            signature,
+            commitment_point,
+            response,
             challenge,
         })
     }

mithril-stm/src/signature_scheme/schnorr_signature/signing_key.rs

@@ -21,67 +21,66 @@ impl SchnorrSigningKey {
     }
 
     /// This function is an adapted version of the Schnorr signature scheme that includes
-    /// the computation of a deterministic value (called sigma) based on the message and the signing key
+    /// the computation of a deterministic value (called commitment_point) based on the message and the signing key
     /// and works with the Jubjub elliptic curve and the Poseidon hash function.
     ///
     /// Input:
     ///     - a message: some bytes
     ///     - a secret key: an element of the scalar field of the Jubjub curve
     /// Output:
-    ///     - a signature of the form (sigma, signature, challenge):
-    ///         - sigma is deterministic depending only on the message and secret key
-    ///         - the signature and challenge depends on a random value generated during the signature
+    ///     - a signature of the form (commitment_point, response, challenge):
+    ///         - commitment_point is deterministic depending only on the message and secret key
+    ///         - the response and challenge depends on a random value generated during the signature
     ///
     /// The protocol computes:
-    ///     - sigma = H(Sha256(msg)) * secret_key
+    ///     - commitment_point = secret_key * H(Sha256(msg))
     ///     - random_scalar, a random value
-    ///     - random_point_1 = H(Sha256(msg)) * random_scalar
-    ///     - random_point_2 = generator * random_scalar, where generator is a generator of the prime-order subgroup of Jubjub
-    ///     - challenge = Poseidon(DST || H(Sha256(msg)) || verification_key || sigma || random_point_1 || random_point_2)
-    ///     - signature = random_scalar - challenge * signing_key
+    ///     - random_point_1 = random_scalar * H(Sha256(msg))
+    ///     - random_point_2 = random_scalar * prime_order_generator_point, where generator is a generator of the prime-order subgroup of Jubjub
+    ///     - challenge = Poseidon(DST || H(Sha256(msg)) || verification_key || commitment_point || random_point_1 || random_point_2)
+    ///     - response = random_scalar - challenge * signing_key
     ///
-    /// Output the signature (sigma, signature, challenge)
+    /// Output the signature (commitment_point, response, challenge)
     ///
     pub fn sign<R: RngCore + CryptoRng>(
         &self,
         msg: &[u8],
         rng: &mut R,
     ) -> StmResult<SchnorrSignature> {
         // Use the subgroup generator to compute the curve points
-        let generator = PrimeOrderProjectivePoint::create_generator();
+        let prime_order_generator_point = PrimeOrderProjectivePoint::create_generator();
         let verification_key = SchnorrVerificationKey::new_from_signing_key(self.clone())
             .with_context(|| "Could not generate verification key from signing key.")?;
 
         // First hashing the message to a scalar then hashing it to a curve point
-        let msg_hash = ProjectivePoint::hash_to_projective_point(msg);
+        let msg_hash_point = ProjectivePoint::hash_to_projective_point(msg);
 
-        let sigma = msg_hash.scalar_multiplication(&self.0);
+        let commitment_point = msg_hash_point.scalar_multiplication(&self.0);
 
-        // r1 = H(msg) * r, r2 = g * r
         let random_scalar = ScalarFieldElement::new_random_nonzero_scalar(rng)
             .with_context(|| "Random scalar generation failed during signing.")?;
 
-        let random_point_1 = msg_hash.scalar_multiplication(&random_scalar);
-        let random_point_2 = generator.scalar_multiplication(&random_scalar);
+        let random_point_1 = msg_hash_point.scalar_multiplication(&random_scalar);
+        let random_point_2 = prime_order_generator_point.scalar_multiplication(&random_scalar);
 
         // Since the hash function takes as input scalar elements
         // We need to convert the EC points to their coordinates
         // The order must be preserved
         let points_coordinates = collect_coordinates_of_list_of_points(&[
-            msg_hash,
+            msg_hash_point,
             ProjectivePoint::from_prime_order_projective_point(verification_key.0),
-            sigma,
+            commitment_point,
             random_point_1,
             ProjectivePoint::from_prime_order_projective_point(random_point_2),
         ]);
 
         let challenge = compute_truncated_digest(&points_coordinates);
-        let mut signature = challenge.mul(&self.0);
-        signature = random_scalar.sub(&signature);
+        let mut response = challenge.mul(&self.0);
+        response = random_scalar.sub(&response);
 
         Ok(SchnorrSignature {
-            sigma,
-            signature,
+            commitment_point,
+            response,
             challenge,
         })
     }