On taking a final pass in #443, we identified the following remaining issues in the PiSch proof:
[x] commitment field in PiSchProof doesn't need to be pub(crate)
[x] CommonInput field name needs to be Rust-canonical, not a capital X.
[x] CommonInput::new can put the where clause inline and remove the type parameter (param: &'a impl AsRef<CurvePoint>)
[x] ProverSecret field name could use a more descriptive rename
[x] L149 - use CurvePoint method instead of constructing it manually and calling bn_to_scalar
[x] L153 error log should contain something descriptive about what actually failed
[x] The from_message method should have validation of the challenge and response fields (both must be in the range [0, k256_order), yes.
[x] The from_message method should not use the name keygen_decommit for a proof
[x] The fill_transcript parameter name A is non-canonical; it should match the name of whatever is passed to it
[x] Won't look at proofs carefully now because #115 is in progress, but there's a capital X in with_random_schnorr_proof. IT can be renamed to whatever the common input field name gets changed to.
On taking a final pass in #443, we identified the following remaining issues in the PiSch proof:
commitment
field inPiSchProof
doesn't need to bepub(crate)
CommonInput
field name needs to be Rust-canonical, not a capitalX
.CommonInput::new
can put thewhere
clause inline and remove the type parameter (param: &'a impl AsRef<CurvePoint>
)ProverSecret
field name could use a more descriptive renameCurvePoint
method instead of constructing it manually and callingbn_to_scalar
from_message
method should have validation of thechallenge
andresponse
fields (both must be in the range[0, k256_order)
, yes.from_message
method should not use the namekeygen_decommit
for a prooffill_transcript
parameter nameA
is non-canonical; it should match the name of whatever is passed to itX
inwith_random_schnorr_proof
. IT can be renamed to whatever the common input field name gets changed to.