dalek-cryptography
diff --git a/‎Cargo.toml‎
Lines changed: 1 addition & 0 deletions b/‎Cargo.toml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎benches/bulletproofs.rs‎
Lines changed: 4 additions & 4 deletions b/‎benches/bulletproofs.rs‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎src/inner_product_proof.rs‎
Lines changed: 22 additions & 19 deletions b/‎src/inner_product_proof.rs‎
Lines changed: 22 additions & 19 deletions
diff --git a/‎src/lib.rs‎
Lines changed: 4 additions & 2 deletions b/‎src/lib.rs‎
Lines changed: 4 additions & 2 deletions
@@ -22,6 +22,7 @@ serde = "1"
 serde_derive = "1"
 tiny-keccak = "1.4.1"
 failure = "0.1"
+merlin = "0.3"
 
 [dev-dependencies]
 hex = "^0.3"
 
@@ -10,8 +10,8 @@ extern crate curve25519_dalek;
 use curve25519_dalek::scalar::Scalar;
 
 extern crate bulletproofs;
-use bulletproofs::ProofTranscript;
 use bulletproofs::RangeProof;
+use bulletproofs::Transcript;
 use bulletproofs::{Generators, PedersenGenerators};
 
 static AGGREGATION_SIZES: [usize; 6] = [1, 2, 4, 8, 16, 32];
@@ -31,7 +31,7 @@ fn create_aggregated_rangeproof_helper(n: usize, c: &mut Criterion) {
 
             b.iter(|| {
                 // Each proof creation requires a clean transcript.
-                let mut transcript = ProofTranscript::new(b"AggregateRangeProofBenchmark");
+                let mut transcript = Transcript::new(b"AggregateRangeProofBenchmark");
 
                 RangeProof::prove_multiple(
                     &generators,
@@ -76,7 +76,7 @@ fn verify_aggregated_rangeproof_helper(n: usize, c: &mut Criterion) {
             let values: Vec<u64> = (0..m).map(|_| rng.gen_range(min, max)).collect();
             let blindings: Vec<Scalar> = (0..m).map(|_| Scalar::random(&mut rng)).collect();
 
-            let mut transcript = ProofTranscript::new(b"AggregateRangeProofBenchmark");
+            let mut transcript = Transcript::new(b"AggregateRangeProofBenchmark");
             let proof = RangeProof::prove_multiple(
                 &generators,
                 &mut transcript,
@@ -96,7 +96,7 @@ fn verify_aggregated_rangeproof_helper(n: usize, c: &mut Criterion) {
 
             b.iter(|| {
                 // Each proof creation requires a clean transcript.
-                let mut transcript = ProofTranscript::new(b"AggregateRangeProofBenchmark");
+                let mut transcript = Transcript::new(b"AggregateRangeProofBenchmark");
 
                 proof.verify(
                     &value_commitments,
 
@@ -1,5 +1,4 @@
 #![allow(non_snake_case)]
-
 #![doc(include = "../docs/inner-product-protocol.md")]
 
 use std::borrow::Borrow;
@@ -8,10 +7,10 @@ use std::iter;
 use curve25519_dalek::ristretto::{CompressedRistretto, RistrettoPoint};
 use curve25519_dalek::scalar::Scalar;
 use curve25519_dalek::traits::VartimeMultiscalarMul;
-
-use proof_transcript::ProofTranscript;
+use merlin::Transcript;
 
 use errors::ProofError;
+use transcript::TranscriptProtocol;
 
 #[derive(Clone, Debug)]
 pub struct InnerProductProof {
@@ -34,7 +33,7 @@ impl InnerProductProof {
     /// The lengths of the vectors must all be the same, and must all be
     /// either 0 or a power of 2.
     pub fn create<I>(
-        verifier: &mut ProofTranscript,
+        transcript: &mut Transcript,
         Q: &RistrettoPoint,
         Hprime_factors: I,
         mut G_vec: Vec<RistrettoPoint>,
@@ -65,6 +64,8 @@ impl InnerProductProof {
         // All of the input vectors must have a length that is a power of two.
         assert!(n.is_power_of_two());
 
+        transcript.innerproduct_domain_sep(n as u64);
+
         // XXX save these scalar mults by unrolling them into the
         // first iteration of the loop below
         for (H_i, h_i) in H.iter_mut().zip(Hprime_factors.into_iter()) {
@@ -88,20 +89,20 @@ impl InnerProductProof {
             let L = RistrettoPoint::vartime_multiscalar_mul(
                 a_L.iter().chain(b_R.iter()).chain(iter::once(&c_L)),
                 G_R.iter().chain(H_L.iter()).chain(iter::once(Q)),
-            );
+            ).compress();
 
             let R = RistrettoPoint::vartime_multiscalar_mul(
                 a_R.iter().chain(b_L.iter()).chain(iter::once(&c_R)),
                 G_L.iter().chain(H_R.iter()).chain(iter::once(Q)),
-            );
+            ).compress();
 
-            L_vec.push(L.compress());
-            R_vec.push(R.compress());
+            L_vec.push(L);
+            R_vec.push(R);
 
-            verifier.commit(L.compress().as_bytes());
-            verifier.commit(R.compress().as_bytes());
+            transcript.commit_point(b"L", &L);
+            transcript.commit_point(b"R", &R);
 
-            let u = verifier.challenge_scalar();
+            let u = transcript.challenge_scalar(b"u");
             let u_inv = u.invert();
 
             for i in 0..n {
@@ -129,18 +130,20 @@ impl InnerProductProof {
     /// in a parent protocol. See [inner product protocol notes](index.html#verification-equation) for details.
     pub(crate) fn verification_scalars(
         &self,
-        transcript: &mut ProofTranscript,
+        transcript: &mut Transcript,
     ) -> (Vec<Scalar>, Vec<Scalar>, Vec<Scalar>) {
         let lg_n = self.L_vec.len();
         let n = 1 << lg_n;
 
+        transcript.innerproduct_domain_sep(n as u64);
+
         // 1. Recompute x_k,...,x_1 based on the proof transcript
 
         let mut challenges = Vec::with_capacity(lg_n);
         for (L, R) in self.L_vec.iter().zip(self.R_vec.iter()) {
-            transcript.commit(L.as_bytes());
-            transcript.commit(R.as_bytes());
-            challenges.push(transcript.challenge_scalar());
+            transcript.commit_point(b"L", L);
+            transcript.commit_point(b"R", R);
+            challenges.push(transcript.challenge_scalar(b"u"));
         }
 
         // 2. Compute 1/(u_k...u_1) and 1/u_k, ..., 1/u_1
@@ -181,7 +184,7 @@ impl InnerProductProof {
     #[allow(dead_code)]
     pub fn verify<I>(
         &self,
-        transcript: &mut ProofTranscript,
+        transcript: &mut Transcript,
         Hprime_factors: I,
         P: &RistrettoPoint,
         Q: &RistrettoPoint,
@@ -362,7 +365,7 @@ mod tests {
             G.iter().chain(H.iter()).chain(iter::once(&Q)),
         );
 
-        let mut verifier = ProofTranscript::new(b"innerproducttest");
+        let mut verifier = Transcript::new(b"innerproducttest");
         let proof = InnerProductProof::create(
             &mut verifier,
             &Q,
@@ -373,15 +376,15 @@ mod tests {
             b.clone(),
         );
 
-        let mut verifier = ProofTranscript::new(b"innerproducttest");
+        let mut verifier = Transcript::new(b"innerproducttest");
         assert!(
             proof
                 .verify(&mut verifier, util::exp_iter(y_inv), &P, &Q, &G, &H)
                 .is_ok()
         );
 
         let proof = InnerProductProof::from_bytes(proof.to_bytes().as_slice()).unwrap();
-        let mut verifier = ProofTranscript::new(b"innerproducttest");
+        let mut verifier = Transcript::new(b"innerproducttest");
         assert!(
             proof
                 .verify(&mut verifier, util::exp_iter(y_inv), &P, &Q, &G, &H)
 
@@ -14,6 +14,7 @@ extern crate curve25519_dalek;
 extern crate digest;
 #[macro_use]
 extern crate failure;
+extern crate merlin;
 extern crate rand;
 extern crate sha3;
 extern crate subtle;
@@ -34,12 +35,13 @@ mod notes {}
 mod errors;
 mod generators;
 mod inner_product_proof;
-mod proof_transcript;
 mod range_proof;
+mod transcript;
+
+pub use merlin::Transcript;
 
 pub use errors::ProofError;
 pub use generators::{Generators, GeneratorsView, PedersenGenerators};
-pub use proof_transcript::ProofTranscript;
 pub use range_proof::RangeProof;
 
 #[doc(include = "../docs/aggregation-api.md")]