Simplify bit vector commitment

AaronFeickert · Jun 20, 2023 · eaa60fa · eaa60fa
1 parent 215bac6
commit eaa60fa
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 12 deletions.
diff --git a/src/protocols/curve_point_protocol.rs b/src/protocols/curve_point_protocol.rs
@@ -6,7 +6,8 @@
 use std::{
     borrow::Borrow,
     cmp::min,
-    ops::{Add, AddAssign, Mul},
+    iter::Sum,
+    ops::{Add, AddAssign, Mul, Neg},
 };
 
 use curve25519_dalek::{
@@ -33,6 +34,8 @@ pub trait CurvePointProtocol:
     + PartialEq
     + Compressable
     + Clone
+    + Neg<Output = Self>
+    + Sum
 {
     /// Generates an instance from the hash bytes of the input.
     fn hash_from_bytes_sha3_512(input: &[u8]) -> Self {

diff --git a/src/range_proof.rs b/src/range_proof.rs
@@ -15,7 +15,7 @@ use curve25519_dalek::{
     scalar::Scalar,
     traits::{Identity, IsIdentity, VartimePrecomputedMultiscalarMul},
 };
-use itertools::Itertools;
+use itertools::{izip, Itertools};
 use merlin::Transcript;
 use rand::thread_rng;
 use serde::{de::Visitor, Deserialize, Deserializer, Serialize, Serializer};
@@ -251,7 +251,7 @@ where
             }
         }
 
-        // Compute A by multi-scalar multiplication
+        // Compute the bit vector commitment
         let rng = &mut thread_rng();
         let mut alpha = Vec::with_capacity(extension_degree);
         for k in 0..extension_degree {
@@ -262,15 +262,14 @@ where
                 Scalar::random_not_zero(rng)
             });
         }
-        let a = P::vartime_multiscalar_mul(
-            alpha.iter().chain(a_li.iter()).chain(a_ri.iter()),
-            statement
-                .generators
-                .g_bases()
-                .iter()
-                .chain(statement.generators.gi_base_iter())
-                .chain(statement.generators.hi_base_iter()),
-        );
+        let a = P::vartime_multiscalar_mul(alpha.iter(), statement.generators.g_bases().iter()) +
+            izip!(
+                a_li.iter(),
+                statement.generators.gi_base_iter(),
+                statement.generators.hi_base_iter()
+            )
+            .map(|(&b, g, h)| if b == Scalar::zero() { -h.clone() } else { g.clone() })
+            .sum::<P>();
 
         // Get challenges
         let (y, z) = transcripts::transcript_point_a_challenges_y_z(&mut transcript, &a.compress())?;