[zk-sdk] Change ZeroBalanceProof to ZeroCiphertextProof

zk-sdk/src/sigma_proofs/errors.rs

@@ -34,9 +34,9 @@ pub struct ValidityProofVerificationError(#[from] pub(crate) SigmaProofVerificat
 impl_from_transcript_error!(ValidityProofVerificationError);
 
 #[derive(Error, Clone, Debug, Eq, PartialEq)]
-#[error("zero-balance proof verification failed: {0}")]
-pub struct ZeroBalanceProofVerificationError(#[from] pub(crate) SigmaProofVerificationError);
-impl_from_transcript_error!(ZeroBalanceProofVerificationError);
+#[error("zero-ciphertext proof verification failed: {0}")]
+pub struct ZeroCiphertextProofVerificationError(#[from] pub(crate) SigmaProofVerificationError);
+impl_from_transcript_error!(ZeroCiphertextProofVerificationError);
 
 #[derive(Error, Clone, Debug, Eq, PartialEq)]
 #[error("fee sigma proof verification failed: {0}")]

zk-sdk/src/sigma_proofs/mod.rs

@@ -15,7 +15,7 @@ pub mod ciphertext_commitment_equality;
 pub mod fee;
 pub mod grouped_ciphertext_validity;
 pub mod pubkey;
-pub mod zero_balance;
+pub mod zero_ciphertext;
 
 use {
     crate::{sigma_proofs::errors::SigmaProofVerificationError, RISTRETTO_POINT_LEN, SCALAR_LEN},

zk-sdk/src/sigma_proofs/zero_balance.rs → zk-sdk/src/sigma_proofs/zero_ciphertext.rs

@@ -1,4 +1,4 @@
-//! The zero-balance sigma proof system.
+//! The zero-ciphertext sigma proof system.
 //!
 //! The protocol guarantees computationally soundness (by the hardness of discrete log) and perfect
 //! zero-knowledge in the random oracle model.
@@ -19,7 +19,7 @@ use {
 };
 use {
     crate::{
-        sigma_proofs::errors::{SigmaProofVerificationError, ZeroBalanceProofVerificationError},
+        sigma_proofs::errors::{SigmaProofVerificationError, ZeroCiphertextProofVerificationError},
         transcript::TranscriptProtocol,
     },
     curve25519_dalek::{
@@ -30,24 +30,24 @@ use {
     merlin::Transcript,
 };
 
-/// Byte length of a zero-balance proof.
-const ZERO_BALANCE_PROOF_LEN: usize = UNIT_LEN * 3;
+/// Byte length of a zero-ciphertext proof.
+const ZERO_CIPHERTEXT_PROOF_LEN: usize = UNIT_LEN * 3;
 
-/// Zero-balance proof.
+/// Zero-ciphertext proof.
 ///
 /// Contains all the elliptic curve and scalar components that make up the sigma protocol.
 #[allow(non_snake_case)]
 #[derive(Clone)]
-pub struct ZeroBalanceProof {
+pub struct ZeroCiphertextProof {
     Y_P: CompressedRistretto,
     Y_D: CompressedRistretto,
     z: Scalar,
 }
 
 #[allow(non_snake_case)]
 #[cfg(not(target_os = "solana"))]
-impl ZeroBalanceProof {
-    /// Creates a zero-balance proof.
+impl ZeroCiphertextProof {
+    /// Creates a zero-ciphertext proof.
     ///
     /// The function does *not* hash the public key and ciphertext into the transcript. For
     /// security, the caller (the main protocol) should hash these public components prior to
@@ -94,7 +94,7 @@ impl ZeroBalanceProof {
         Self { Y_P, Y_D, z }
     }
 
-    /// Verifies a zero-balance proof.
+    /// Verifies a zero-ciphertext proof.
     ///
     /// * `elgamal_pubkey` - The ElGamal pubkey associated with the ciphertext to be proved
     /// * `ciphertext` - The main ElGamal ciphertext to be proved
@@ -104,7 +104,7 @@ impl ZeroBalanceProof {
         elgamal_pubkey: &ElGamalPubkey,
         ciphertext: &ElGamalCiphertext,
         transcript: &mut Transcript,
-    ) -> Result<(), ZeroBalanceProofVerificationError> {
+    ) -> Result<(), ZeroCiphertextProofVerificationError> {
         transcript.zero_balance_proof_domain_separator();
 
         // extract the relevant scalar and Ristretto points from the input
@@ -158,21 +158,21 @@ impl ZeroBalanceProof {
         }
     }
 
-    pub fn to_bytes(&self) -> [u8; ZERO_BALANCE_PROOF_LEN] {
-        let mut buf = [0_u8; ZERO_BALANCE_PROOF_LEN];
+    pub fn to_bytes(&self) -> [u8; ZERO_CIPHERTEXT_PROOF_LEN] {
+        let mut buf = [0_u8; ZERO_CIPHERTEXT_PROOF_LEN];
         let mut chunks = buf.chunks_mut(UNIT_LEN);
         chunks.next().unwrap().copy_from_slice(self.Y_P.as_bytes());
         chunks.next().unwrap().copy_from_slice(self.Y_D.as_bytes());
         chunks.next().unwrap().copy_from_slice(self.z.as_bytes());
         buf
     }
 
-    pub fn from_bytes(bytes: &[u8]) -> Result<Self, ZeroBalanceProofVerificationError> {
+    pub fn from_bytes(bytes: &[u8]) -> Result<Self, ZeroCiphertextProofVerificationError> {
         let mut chunks = bytes.chunks(UNIT_LEN);
         let Y_P = ristretto_point_from_optional_slice(chunks.next())?;
         let Y_D = ristretto_point_from_optional_slice(chunks.next())?;
         let z = canonical_scalar_from_optional_slice(chunks.next())?;
-        Ok(ZeroBalanceProof { Y_P, Y_D, z })
+        Ok(ZeroCiphertextProof { Y_P, Y_D, z })
     }
 }
 
@@ -187,7 +187,7 @@ mod test {
     };
 
     #[test]
-    fn test_zero_balance_proof_correctness() {
+    fn test_zero_cipehrtext_proof_correctness() {
         let source_keypair = ElGamalKeypair::new_rand();
 
         let mut prover_transcript = Transcript::new(b"test");
@@ -196,7 +196,7 @@ mod test {
         // general case: encryption of 0
         let elgamal_ciphertext = source_keypair.pubkey().encrypt(0_u64);
         let proof =
-            ZeroBalanceProof::new(&source_keypair, &elgamal_ciphertext, &mut prover_transcript);
+            ZeroCiphertextProof::new(&source_keypair, &elgamal_ciphertext, &mut prover_transcript);
         assert!(proof
             .verify(
                 source_keypair.pubkey(),
@@ -208,7 +208,7 @@ mod test {
         // general case: encryption of > 0
         let elgamal_ciphertext = source_keypair.pubkey().encrypt(1_u64);
         let proof =
-            ZeroBalanceProof::new(&source_keypair, &elgamal_ciphertext, &mut prover_transcript);
+            ZeroCiphertextProof::new(&source_keypair, &elgamal_ciphertext, &mut prover_transcript);
         assert!(proof
             .verify(
                 source_keypair.pubkey(),
@@ -219,7 +219,7 @@ mod test {
     }
 
     #[test]
-    fn test_zero_balance_proof_edge_cases() {
+    fn test_zero_ciphertext_proof_edge_cases() {
         let source_keypair = ElGamalKeypair::new_rand();
 
         let mut prover_transcript = Transcript::new(b"test");
@@ -228,7 +228,7 @@ mod test {
         // all zero ciphertext should always be a valid encryption of 0
         let ciphertext = ElGamalCiphertext::from_bytes(&[0u8; 64]).unwrap();
 
-        let proof = ZeroBalanceProof::new(&source_keypair, &ciphertext, &mut prover_transcript);
+        let proof = ZeroCiphertextProof::new(&source_keypair, &ciphertext, &mut prover_transcript);
 
         assert!(proof
             .verify(
@@ -253,7 +253,7 @@ mod test {
             handle,
         };
 
-        let proof = ZeroBalanceProof::new(&source_keypair, &ciphertext, &mut prover_transcript);
+        let proof = ZeroCiphertextProof::new(&source_keypair, &ciphertext, &mut prover_transcript);
 
         assert!(proof
             .verify(
@@ -272,7 +272,7 @@ mod test {
             handle: DecryptHandle::from_bytes(&[0u8; 32]).unwrap(),
         };
 
-        let proof = ZeroBalanceProof::new(&source_keypair, &ciphertext, &mut prover_transcript);
+        let proof = ZeroCiphertextProof::new(&source_keypair, &ciphertext, &mut prover_transcript);
 
         assert!(proof
             .verify(
@@ -289,7 +289,7 @@ mod test {
         let public = ElGamalPubkey::try_from([0u8; 32].as_slice()).unwrap();
         let ciphertext = public.encrypt(0_u64);
 
-        let proof = ZeroBalanceProof::new(&source_keypair, &ciphertext, &mut prover_transcript);
+        let proof = ZeroCiphertextProof::new(&source_keypair, &ciphertext, &mut prover_transcript);
 
         assert!(proof
             .verify(