crypto/dleq/src/cross_group/bits.rs

use rand_core::{RngCore, CryptoRng};

use transcript::Transcript;

use group::{ff::PrimeFieldBits, prime::PrimeGroup};
use multiexp::BatchVerifier;

use crate::cross_group::{
  Generators, DLEqError,
  aos::{Re, Aos},
};

#[cfg(feature = "serialize")]
use std::io::{Read, Write};
#[cfg(feature = "serialize")]
use crate::cross_group::read_point;

pub(crate) enum BitSignature {
  ClassicLinear,
  ConciseLinear,
  EfficientLinear,
  CompromiseLinear,
}

impl BitSignature {
  pub(crate) const fn to_u8(&self) -> u8 {
    match self {
      BitSignature::ClassicLinear => 0,
      BitSignature::ConciseLinear => 1,
      BitSignature::EfficientLinear => 2,
      BitSignature::CompromiseLinear => 3,
    }
  }

  pub(crate) const fn from(algorithm: u8) -> BitSignature {
    match algorithm {
      0 => BitSignature::ClassicLinear,
      1 => BitSignature::ConciseLinear,
      2 => BitSignature::EfficientLinear,
      3 => BitSignature::CompromiseLinear,
      _ => panic!("Unknown algorithm"),
    }
  }

  pub(crate) const fn bits(&self) -> usize {
    match self {
      BitSignature::ClassicLinear => 1,
      BitSignature::ConciseLinear => 2,
      BitSignature::EfficientLinear => 1,
      BitSignature::CompromiseLinear => 2,
    }
  }

  pub(crate) const fn ring_len(&self) -> usize {
    2_usize.pow(self.bits() as u32)
  }

  fn aos_form<G0: PrimeGroup, G1: PrimeGroup>(&self) -> Re<G0, G1> {
    match self {
      BitSignature::ClassicLinear => Re::e_default(),
      BitSignature::ConciseLinear => Re::e_default(),
      BitSignature::EfficientLinear => Re::R_default(),
      BitSignature::CompromiseLinear => Re::R_default(),
    }
  }
}

#[derive(Clone, PartialEq, Eq, Debug)]
pub(crate) struct Bits<G0: PrimeGroup, G1: PrimeGroup, const SIGNATURE: u8, const RING_LEN: usize> {
  pub(crate) commitments: (G0, G1),
  signature: Aos<G0, G1, RING_LEN>,
}

impl<G0: PrimeGroup, G1: PrimeGroup, const SIGNATURE: u8, const RING_LEN: usize>
  Bits<G0, G1, SIGNATURE, RING_LEN>
where
  G0::Scalar: PrimeFieldBits,
  G1::Scalar: PrimeFieldBits,
{
  fn transcript<T: Transcript>(transcript: &mut T, i: usize, commitments: (G0, G1)) {
    transcript.domain_separate(b"bits");
    transcript.append_message(b"group", &u16::try_from(i).unwrap().to_le_bytes());
    transcript.append_message(b"commitment_0", commitments.0.to_bytes().as_ref());
    transcript.append_message(b"commitment_1", commitments.1.to_bytes().as_ref());
  }

  fn ring(pow_2: (G0, G1), commitments: (G0, G1)) -> Vec<(G0, G1)> {
    let mut res = vec![commitments; RING_LEN];
    for i in 1 .. RING_LEN {
      res[i] = (res[i - 1].0 - pow_2.0, res[i - 1].1 - pow_2.1);
    }
    res
  }

  fn shift(pow_2: &mut (G0, G1)) {
    for _ in 0 .. BitSignature::from(SIGNATURE).bits() {
      pow_2.0 = pow_2.0.double();
      pow_2.1 = pow_2.1.double();
    }
  }

  pub(crate) fn prove<R: RngCore + CryptoRng, T: Clone + Transcript>(
    rng: &mut R,
    transcript: &mut T,
    generators: (Generators<G0>, Generators<G1>),
    i: usize,
    pow_2: &mut (G0, G1),
    bits: u8,
    blinding_key: (G0::Scalar, G1::Scalar),
  ) -> Self {
    let mut commitments =
      ((generators.0.alt * blinding_key.0), (generators.1.alt * blinding_key.1));
    commitments.0 += pow_2.0 * G0::Scalar::from(bits.into());
    commitments.1 += pow_2.1 * G1::Scalar::from(bits.into());

    Self::transcript(transcript, i, commitments);

    let signature = Aos::prove(
      rng,
      transcript.clone(),
      generators,
      &Self::ring(*pow_2, commitments),
      usize::from(bits),
      blinding_key,
      BitSignature::from(SIGNATURE).aos_form(),
    );

    Self::shift(pow_2);
    Bits { commitments, signature }
  }

  pub(crate) fn verify<R: RngCore + CryptoRng, T: Clone + Transcript>(
    &self,
    rng: &mut R,
    transcript: &mut T,
    generators: (Generators<G0>, Generators<G1>),
    batch: &mut (BatchVerifier<(), G0>, BatchVerifier<(), G1>),
    i: usize,
    pow_2: &mut (G0, G1),
  ) -> Result<(), DLEqError> {
    Self::transcript(transcript, i, self.commitments);

    self.signature.verify(
      rng,
      transcript.clone(),
      generators,
      batch,
      &Self::ring(*pow_2, self.commitments),
    )?;

    Self::shift(pow_2);
    Ok(())
  }

  #[cfg(feature = "serialize")]
  pub(crate) fn serialize<W: Write>(&self, w: &mut W) -> std::io::Result<()> {
    w.write_all(self.commitments.0.to_bytes().as_ref())?;
    w.write_all(self.commitments.1.to_bytes().as_ref())?;
    self.signature.serialize(w)
  }

  #[cfg(feature = "serialize")]
  pub(crate) fn deserialize<R: Read>(r: &mut R) -> std::io::Result<Self> {
    Ok(Bits {
      commitments: (read_point(r)?, read_point(r)?),
      signature: Aos::deserialize(r, BitSignature::from(SIGNATURE).aos_form())?,
    })
  }
}
Add a batch verified DLEq The batch verified one offers ~23% faster verification. While this massively refactors for modularity, I'm still not happy with the DLEq proofs at the top level, nor am I happy with the AOS signatures. I'll work on cleaning them up more later. 2022-07-05 19:10:30 -04:00			`use rand_core::{RngCore, CryptoRng};`

			`use transcript::Transcript;`

			`use group::{ff::PrimeFieldBits, prime::PrimeGroup};`
Consolidate concise/efficient and clean 2022-07-07 07:30:10 -04:00			`use multiexp::BatchVerifier;`
Add a batch verified DLEq The batch verified one offers ~23% faster verification. While this massively refactors for modularity, I'm still not happy with the DLEq proofs at the top level, nor am I happy with the AOS signatures. I'll work on cleaning them up more later. 2022-07-05 19:10:30 -04:00
Apply an initial set of rustfmt rules 2022-07-15 01:26:07 -04:00			`use crate::cross_group::{`
			`Generators, DLEqError,`
			`aos::{Re, Aos},`
			`};`
Add a batch verified DLEq The batch verified one offers ~23% faster verification. While this massively refactors for modularity, I'm still not happy with the DLEq proofs at the top level, nor am I happy with the AOS signatures. I'll work on cleaning them up more later. 2022-07-05 19:10:30 -04:00
			`#[cfg(feature = "serialize")]`
			`use std::io::{Read, Write};`
			`#[cfg(feature = "serialize")]`
			`use crate::cross_group::read_point;`

Consolidate concise/efficient and clean 2022-07-07 07:30:10 -04:00			`pub(crate) enum BitSignature {`
Add Classic/Compromise DLEqs and a benchmark Formatted results from my laptop: EfficientLinear had a average prove time of 188ms EfficientLinear had a average verify time of 126ms CompromiseLinear had a average prove time of 176ms CompromiseLinear had a average verify time of 141ms ConciseLinear had a average prove time of 191ms ConciseLinear had a average verify time of 160ms ClassicLinear had a average prove time of 214ms ClassicLinear had a average verify time of 159ms There is a decent error margin here. Concise is a drop-in replacement for Classic, in practice not theory. Efficient is optimal for performance, yet largest. Compromise is a middleground. 2022-07-07 08:26:59 -04:00			`ClassicLinear,`
Consolidate concise/efficient and clean 2022-07-07 07:30:10 -04:00			`ConciseLinear,`
Add Classic/Compromise DLEqs and a benchmark Formatted results from my laptop: EfficientLinear had a average prove time of 188ms EfficientLinear had a average verify time of 126ms CompromiseLinear had a average prove time of 176ms CompromiseLinear had a average verify time of 141ms ConciseLinear had a average prove time of 191ms ConciseLinear had a average verify time of 160ms ClassicLinear had a average prove time of 214ms ClassicLinear had a average verify time of 159ms There is a decent error margin here. Concise is a drop-in replacement for Classic, in practice not theory. Efficient is optimal for performance, yet largest. Compromise is a middleground. 2022-07-07 08:26:59 -04:00			`EfficientLinear,`
Apply an initial set of rustfmt rules 2022-07-15 01:26:07 -04:00			`CompromiseLinear,`
Consolidate concise/efficient and clean 2022-07-07 07:30:10 -04:00			`}`
Add a batch verified DLEq The batch verified one offers ~23% faster verification. While this massively refactors for modularity, I'm still not happy with the DLEq proofs at the top level, nor am I happy with the AOS signatures. I'll work on cleaning them up more later. 2022-07-05 19:10:30 -04:00
Consolidate concise/efficient and clean 2022-07-07 07:30:10 -04:00			`impl BitSignature {`
			`pub(crate) const fn to_u8(&self) -> u8 {`
			`match self {`
Add Classic/Compromise DLEqs and a benchmark Formatted results from my laptop: EfficientLinear had a average prove time of 188ms EfficientLinear had a average verify time of 126ms CompromiseLinear had a average prove time of 176ms CompromiseLinear had a average verify time of 141ms ConciseLinear had a average prove time of 191ms ConciseLinear had a average verify time of 160ms ClassicLinear had a average prove time of 214ms ClassicLinear had a average verify time of 159ms There is a decent error margin here. Concise is a drop-in replacement for Classic, in practice not theory. Efficient is optimal for performance, yet largest. Compromise is a middleground. 2022-07-07 08:26:59 -04:00			`BitSignature::ClassicLinear => 0,`
			`BitSignature::ConciseLinear => 1,`
			`BitSignature::EfficientLinear => 2,`
Apply an initial set of rustfmt rules 2022-07-15 01:26:07 -04:00			`BitSignature::CompromiseLinear => 3,`
Consolidate concise/efficient and clean 2022-07-07 07:30:10 -04:00			`}`
			`}`
Add a batch verified DLEq The batch verified one offers ~23% faster verification. While this massively refactors for modularity, I'm still not happy with the DLEq proofs at the top level, nor am I happy with the AOS signatures. I'll work on cleaning them up more later. 2022-07-05 19:10:30 -04:00
Consolidate concise/efficient and clean 2022-07-07 07:30:10 -04:00			`pub(crate) const fn from(algorithm: u8) -> BitSignature {`
			`match algorithm {`
Add Classic/Compromise DLEqs and a benchmark Formatted results from my laptop: EfficientLinear had a average prove time of 188ms EfficientLinear had a average verify time of 126ms CompromiseLinear had a average prove time of 176ms CompromiseLinear had a average verify time of 141ms ConciseLinear had a average prove time of 191ms ConciseLinear had a average verify time of 160ms ClassicLinear had a average prove time of 214ms ClassicLinear had a average verify time of 159ms There is a decent error margin here. Concise is a drop-in replacement for Classic, in practice not theory. Efficient is optimal for performance, yet largest. Compromise is a middleground. 2022-07-07 08:26:59 -04:00			`0 => BitSignature::ClassicLinear,`
			`1 => BitSignature::ConciseLinear,`
			`2 => BitSignature::EfficientLinear,`
			`3 => BitSignature::CompromiseLinear,`
Apply an initial set of rustfmt rules 2022-07-15 01:26:07 -04:00			`_ => panic!("Unknown algorithm"),`
Consolidate concise/efficient and clean 2022-07-07 07:30:10 -04:00			`}`
			`}`
Add a batch verified DLEq The batch verified one offers ~23% faster verification. While this massively refactors for modularity, I'm still not happy with the DLEq proofs at the top level, nor am I happy with the AOS signatures. I'll work on cleaning them up more later. 2022-07-05 19:10:30 -04:00
Consolidate concise/efficient and clean 2022-07-07 07:30:10 -04:00			`pub(crate) const fn bits(&self) -> usize {`
			`match self {`
Add Classic/Compromise DLEqs and a benchmark Formatted results from my laptop: EfficientLinear had a average prove time of 188ms EfficientLinear had a average verify time of 126ms CompromiseLinear had a average prove time of 176ms CompromiseLinear had a average verify time of 141ms ConciseLinear had a average prove time of 191ms ConciseLinear had a average verify time of 160ms ClassicLinear had a average prove time of 214ms ClassicLinear had a average verify time of 159ms There is a decent error margin here. Concise is a drop-in replacement for Classic, in practice not theory. Efficient is optimal for performance, yet largest. Compromise is a middleground. 2022-07-07 08:26:59 -04:00			`BitSignature::ClassicLinear => 1,`
Consolidate concise/efficient and clean 2022-07-07 07:30:10 -04:00			`BitSignature::ConciseLinear => 2,`
Add Classic/Compromise DLEqs and a benchmark Formatted results from my laptop: EfficientLinear had a average prove time of 188ms EfficientLinear had a average verify time of 126ms CompromiseLinear had a average prove time of 176ms CompromiseLinear had a average verify time of 141ms ConciseLinear had a average prove time of 191ms ConciseLinear had a average verify time of 160ms ClassicLinear had a average prove time of 214ms ClassicLinear had a average verify time of 159ms There is a decent error margin here. Concise is a drop-in replacement for Classic, in practice not theory. Efficient is optimal for performance, yet largest. Compromise is a middleground. 2022-07-07 08:26:59 -04:00			`BitSignature::EfficientLinear => 1,`
Apply an initial set of rustfmt rules 2022-07-15 01:26:07 -04:00			`BitSignature::CompromiseLinear => 2,`
Consolidate concise/efficient and clean 2022-07-07 07:30:10 -04:00			`}`
			`}`
Add a batch verified DLEq The batch verified one offers ~23% faster verification. While this massively refactors for modularity, I'm still not happy with the DLEq proofs at the top level, nor am I happy with the AOS signatures. I'll work on cleaning them up more later. 2022-07-05 19:10:30 -04:00
Consolidate concise/efficient and clean 2022-07-07 07:30:10 -04:00			`pub(crate) const fn ring_len(&self) -> usize {`
			`2_usize.pow(self.bits() as u32)`
			`}`

			`fn aos_form<G0: PrimeGroup, G1: PrimeGroup>(&self) -> Re<G0, G1> {`
			`match self {`
Add Classic/Compromise DLEqs and a benchmark Formatted results from my laptop: EfficientLinear had a average prove time of 188ms EfficientLinear had a average verify time of 126ms CompromiseLinear had a average prove time of 176ms CompromiseLinear had a average verify time of 141ms ConciseLinear had a average prove time of 191ms ConciseLinear had a average verify time of 160ms ClassicLinear had a average prove time of 214ms ClassicLinear had a average verify time of 159ms There is a decent error margin here. Concise is a drop-in replacement for Classic, in practice not theory. Efficient is optimal for performance, yet largest. Compromise is a middleground. 2022-07-07 08:26:59 -04:00			`BitSignature::ClassicLinear => Re::e_default(),`
Consolidate concise/efficient and clean 2022-07-07 07:30:10 -04:00			`BitSignature::ConciseLinear => Re::e_default(),`
Add Classic/Compromise DLEqs and a benchmark Formatted results from my laptop: EfficientLinear had a average prove time of 188ms EfficientLinear had a average verify time of 126ms CompromiseLinear had a average prove time of 176ms CompromiseLinear had a average verify time of 141ms ConciseLinear had a average prove time of 191ms ConciseLinear had a average verify time of 160ms ClassicLinear had a average prove time of 214ms ClassicLinear had a average verify time of 159ms There is a decent error margin here. Concise is a drop-in replacement for Classic, in practice not theory. Efficient is optimal for performance, yet largest. Compromise is a middleground. 2022-07-07 08:26:59 -04:00			`BitSignature::EfficientLinear => Re::R_default(),`
Apply an initial set of rustfmt rules 2022-07-15 01:26:07 -04:00			`BitSignature::CompromiseLinear => Re::R_default(),`
Consolidate concise/efficient and clean 2022-07-07 07:30:10 -04:00			`}`
			`}`
Add a batch verified DLEq The batch verified one offers ~23% faster verification. While this massively refactors for modularity, I'm still not happy with the DLEq proofs at the top level, nor am I happy with the AOS signatures. I'll work on cleaning them up more later. 2022-07-05 19:10:30 -04:00			`}`

			`#[derive(Clone, PartialEq, Eq, Debug)]`
Apply an initial set of rustfmt rules 2022-07-15 01:26:07 -04:00			`pub(crate) struct Bits<G0: PrimeGroup, G1: PrimeGroup, const SIGNATURE: u8, const RING_LEN: usize> {`
Add a batch verified DLEq The batch verified one offers ~23% faster verification. While this massively refactors for modularity, I'm still not happy with the DLEq proofs at the top level, nor am I happy with the AOS signatures. I'll work on cleaning them up more later. 2022-07-05 19:10:30 -04:00			`pub(crate) commitments: (G0, G1),`
Apply an initial set of rustfmt rules 2022-07-15 01:26:07 -04:00			`signature: Aos<G0, G1, RING_LEN>,`
Add a batch verified DLEq The batch verified one offers ~23% faster verification. While this massively refactors for modularity, I'm still not happy with the DLEq proofs at the top level, nor am I happy with the AOS signatures. I'll work on cleaning them up more later. 2022-07-05 19:10:30 -04:00			`}`

Apply an initial set of rustfmt rules 2022-07-15 01:26:07 -04:00			`impl<G0: PrimeGroup, G1: PrimeGroup, const SIGNATURE: u8, const RING_LEN: usize>`
			`Bits<G0, G1, SIGNATURE, RING_LEN>`
			`where`
			`G0::Scalar: PrimeFieldBits,`
			`G1::Scalar: PrimeFieldBits,`
			`{`
Add a batch verified DLEq The batch verified one offers ~23% faster verification. While this massively refactors for modularity, I'm still not happy with the DLEq proofs at the top level, nor am I happy with the AOS signatures. I'll work on cleaning them up more later. 2022-07-05 19:10:30 -04:00			`fn transcript<T: Transcript>(transcript: &mut T, i: usize, commitments: (G0, G1)) {`
Consolidate concise/efficient and clean 2022-07-07 07:30:10 -04:00			`transcript.domain_separate(b"bits");`
			`transcript.append_message(b"group", &u16::try_from(i).unwrap().to_le_bytes());`
Add a batch verified DLEq The batch verified one offers ~23% faster verification. While this massively refactors for modularity, I'm still not happy with the DLEq proofs at the top level, nor am I happy with the AOS signatures. I'll work on cleaning them up more later. 2022-07-05 19:10:30 -04:00			`transcript.append_message(b"commitment_0", commitments.0.to_bytes().as_ref());`
			`transcript.append_message(b"commitment_1", commitments.1.to_bytes().as_ref());`
			`}`

			`fn ring(pow_2: (G0, G1), commitments: (G0, G1)) -> Vec<(G0, G1)> {`
Consolidate concise/efficient and clean 2022-07-07 07:30:10 -04:00			`let mut res = vec![commitments; RING_LEN];`
Apply an initial set of rustfmt rules 2022-07-15 01:26:07 -04:00			`for i in 1 .. RING_LEN {`
Consolidate concise/efficient and clean 2022-07-07 07:30:10 -04:00			`res[i] = (res[i - 1].0 - pow_2.0, res[i - 1].1 - pow_2.1);`
Add a batch verified DLEq The batch verified one offers ~23% faster verification. While this massively refactors for modularity, I'm still not happy with the DLEq proofs at the top level, nor am I happy with the AOS signatures. I'll work on cleaning them up more later. 2022-07-05 19:10:30 -04:00			`}`
			`res`
			`}`

			`fn shift(pow_2: &mut (G0, G1)) {`
Consolidate concise/efficient and clean 2022-07-07 07:30:10 -04:00			`for _ in 0 .. BitSignature::from(SIGNATURE).bits() {`
Add a batch verified DLEq The batch verified one offers ~23% faster verification. While this massively refactors for modularity, I'm still not happy with the DLEq proofs at the top level, nor am I happy with the AOS signatures. I'll work on cleaning them up more later. 2022-07-05 19:10:30 -04:00			`pow_2.0 = pow_2.0.double();`
			`pow_2.1 = pow_2.1.double();`
			`}`
			`}`

			`pub(crate) fn prove<R: RngCore + CryptoRng, T: Clone + Transcript>(`
			`rng: &mut R,`
			`transcript: &mut T,`
			`generators: (Generators<G0>, Generators<G1>),`
			`i: usize,`
			`pow_2: &mut (G0, G1),`
			`bits: u8,`
Apply an initial set of rustfmt rules 2022-07-15 01:26:07 -04:00			`blinding_key: (G0::Scalar, G1::Scalar),`
Add a batch verified DLEq The batch verified one offers ~23% faster verification. While this massively refactors for modularity, I'm still not happy with the DLEq proofs at the top level, nor am I happy with the AOS signatures. I'll work on cleaning them up more later. 2022-07-05 19:10:30 -04:00			`) -> Self {`
Apply an initial set of rustfmt rules 2022-07-15 01:26:07 -04:00			`let mut commitments =`
			`((generators.0.alt * blinding_key.0), (generators.1.alt * blinding_key.1));`
Add a batch verified DLEq The batch verified one offers ~23% faster verification. While this massively refactors for modularity, I'm still not happy with the DLEq proofs at the top level, nor am I happy with the AOS signatures. I'll work on cleaning them up more later. 2022-07-05 19:10:30 -04:00			`commitments.0 += pow_2.0 * G0::Scalar::from(bits.into());`
			`commitments.1 += pow_2.1 * G1::Scalar::from(bits.into());`
Consolidate concise/efficient and clean 2022-07-07 07:30:10 -04:00
Add a batch verified DLEq The batch verified one offers ~23% faster verification. While this massively refactors for modularity, I'm still not happy with the DLEq proofs at the top level, nor am I happy with the AOS signatures. I'll work on cleaning them up more later. 2022-07-05 19:10:30 -04:00			`Self::transcript(transcript, i, commitments);`

Consolidate concise/efficient and clean 2022-07-07 07:30:10 -04:00			`let signature = Aos::prove(`
			`rng,`
			`transcript.clone(),`
			`generators,`
			`&Self::ring(*pow_2, commitments),`
			`usize::from(bits),`
			`blinding_key,`
Apply an initial set of rustfmt rules 2022-07-15 01:26:07 -04:00			`BitSignature::from(SIGNATURE).aos_form(),`
Consolidate concise/efficient and clean 2022-07-07 07:30:10 -04:00			`);`
Add a batch verified DLEq The batch verified one offers ~23% faster verification. While this massively refactors for modularity, I'm still not happy with the DLEq proofs at the top level, nor am I happy with the AOS signatures. I'll work on cleaning them up more later. 2022-07-05 19:10:30 -04:00
			`Self::shift(pow_2);`
			`Bits { commitments, signature }`
			`}`

			`pub(crate) fn verify<R: RngCore + CryptoRng, T: Clone + Transcript>(`
			`&self,`
			`rng: &mut R,`
			`transcript: &mut T,`
			`generators: (Generators<G0>, Generators<G1>),`
Consolidate concise/efficient and clean 2022-07-07 07:30:10 -04:00			`batch: &mut (BatchVerifier<(), G0>, BatchVerifier<(), G1>),`
Add a batch verified DLEq The batch verified one offers ~23% faster verification. While this massively refactors for modularity, I'm still not happy with the DLEq proofs at the top level, nor am I happy with the AOS signatures. I'll work on cleaning them up more later. 2022-07-05 19:10:30 -04:00			`i: usize,`
Apply an initial set of rustfmt rules 2022-07-15 01:26:07 -04:00			`pow_2: &mut (G0, G1),`
Add a batch verified DLEq The batch verified one offers ~23% faster verification. While this massively refactors for modularity, I'm still not happy with the DLEq proofs at the top level, nor am I happy with the AOS signatures. I'll work on cleaning them up more later. 2022-07-05 19:10:30 -04:00			`) -> Result<(), DLEqError> {`
			`Self::transcript(transcript, i, self.commitments);`
Consolidate concise/efficient and clean 2022-07-07 07:30:10 -04:00
Add a batch verified DLEq The batch verified one offers ~23% faster verification. While this massively refactors for modularity, I'm still not happy with the DLEq proofs at the top level, nor am I happy with the AOS signatures. I'll work on cleaning them up more later. 2022-07-05 19:10:30 -04:00			`self.signature.verify(`
			`rng,`
			`transcript.clone(),`
			`generators,`
Consolidate concise/efficient and clean 2022-07-07 07:30:10 -04:00			`batch,`
Apply an initial set of rustfmt rules 2022-07-15 01:26:07 -04:00			`&Self::ring(*pow_2, self.commitments),`
Add a batch verified DLEq The batch verified one offers ~23% faster verification. While this massively refactors for modularity, I'm still not happy with the DLEq proofs at the top level, nor am I happy with the AOS signatures. I'll work on cleaning them up more later. 2022-07-05 19:10:30 -04:00			`)?;`

			`Self::shift(pow_2);`
			`Ok(())`
			`}`

			`#[cfg(feature = "serialize")]`
			`pub(crate) fn serialize<W: Write>(&self, w: &mut W) -> std::io::Result<()> {`
			`w.write_all(self.commitments.0.to_bytes().as_ref())?;`
			`w.write_all(self.commitments.1.to_bytes().as_ref())?;`
			`self.signature.serialize(w)`
			`}`

			`#[cfg(feature = "serialize")]`
Consolidate concise/efficient and clean 2022-07-07 07:30:10 -04:00			`pub(crate) fn deserialize<R: Read>(r: &mut R) -> std::io::Result<Self> {`
Apply an initial set of rustfmt rules 2022-07-15 01:26:07 -04:00			`Ok(Bits {`
			`commitments: (read_point(r)?, read_point(r)?),`
			`signature: Aos::deserialize(r, BitSignature::from(SIGNATURE).aos_form())?,`
			`})`
Add a batch verified DLEq The batch verified one offers ~23% faster verification. While this massively refactors for modularity, I'm still not happy with the DLEq proofs at the top level, nor am I happy with the AOS signatures. I'll work on cleaning them up more later. 2022-07-05 19:10:30 -04:00			`}`
			`}`