From 936f127c7d8624bec29ce013383d525017c8aa42 Mon Sep 17 00:00:00 2001
From: Bogdan Opanchuk <bogdan@opanchuk.net>
Date: Thu, 19 Dec 2024 20:56:46 -0800
Subject: [PATCH] Use BitVec in prm

---
 synedrion/src/cggmp21/sigma/prm.rs | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/synedrion/src/cggmp21/sigma/prm.rs b/synedrion/src/cggmp21/sigma/prm.rs
index 2ce9b94..59cc30b 100644
--- a/synedrion/src/cggmp21/sigma/prm.rs
+++ b/synedrion/src/cggmp21/sigma/prm.rs
@@ -3,17 +3,19 @@
 //! Publish $(N, s, t)$ and prove that we know a secret $\lambda$ such that
 //! $s = t^\lambda \mod N$.
 
-use alloc::{vec, vec::Vec};
+use alloc::vec::Vec;
 
 use crypto_bigint::modular::Retrieve;
-use digest::XofReader;
 use rand_core::CryptoRngCore;
 use serde::{Deserialize, Serialize};
 
 use super::super::SchemeParams;
 use crate::{
     paillier::{PaillierParams, RPParams, RPSecret},
-    tools::hashing::{Chain, Hashable, XofHasher},
+    tools::{
+        bitvec::BitVec,
+        hashing::{Chain, Hashable, XofHasher},
+    },
     uint::{Exponentiable, PublicSigned, SecretUnsigned, ToMontgomery},
 };
 
@@ -43,7 +45,7 @@ impl<P: SchemeParams> PrmCommitment<P> {
 }
 
 #[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
-struct PrmChallenge(Vec<bool>);
+struct PrmChallenge(BitVec);
 
 impl PrmChallenge {
     fn new<P: SchemeParams>(commitment: &PrmCommitment<P>, setup: &RPParams<P::Paillier>, aux: &impl Hashable) -> Self {
@@ -53,9 +55,7 @@ impl PrmChallenge {
             .chain(&setup.to_wire())
             .chain(aux)
             .finalize_to_reader();
-        let mut bytes = vec![0u8; P::SECURITY_PARAMETER];
-        reader.read(&mut bytes);
-        Self(bytes.iter().map(|b| b & 1 == 1).collect())
+        Self(BitVec::from_xof_reader(&mut reader, P::SECURITY_PARAMETER))
     }
 }
 
@@ -96,7 +96,7 @@ impl<P: SchemeParams> PrmProof<P> {
         let proof = proof_secret
             .0
             .iter()
-            .zip(challenge.0.iter())
+            .zip(challenge.0.bits().iter())
             .map(|(a, e)| {
                 let x = a.add_mod(secret.lambda(), &totient);
 
@@ -122,7 +122,13 @@ impl<P: SchemeParams> PrmProof<P> {
             return false;
         }
 
-        for ((e, z), a) in challenge.0.iter().zip(self.proof.iter()).zip(self.commitment.0.iter()) {
+        for ((e, z), a) in challenge
+            .0
+            .bits()
+            .iter()
+            .zip(self.proof.iter())
+            .zip(self.commitment.0.iter())
+        {
             let a = a.to_montgomery(monty_params);
             let pwr = setup.base_randomizer().pow(z);
             let test = if *e { pwr == a * setup.base_value() } else { pwr == a };