commitment and bulletproof: fix a bunch of typos and stuff (thanks Tim Ruffing)

Author: apoelstra

include/secp256k1_bulletproofs.h

@@ -16,10 +16,10 @@ typedef struct secp256k1_bulletproof_generators secp256k1_bulletproof_generators
 #define SECP256K1_BULLETPROOF_CIRCUIT_VERSION	1
 
 /* Maximum depth of 31 lets us validate an aggregate of 2^25 64-bit proofs */
-#define SECP256K1_BULLETPROOF_MAX_DEPTH 60
+#define SECP256K1_BULLETPROOF_MAX_DEPTH 31
 
 /* Size of a hypothetical 31-depth rangeproof, in bytes */
-#define SECP256K1_BULLETPROOF_MAX_PROOF (160 + 66*32 + 7)
+#define SECP256K1_BULLETPROOF_MAX_PROOF (160 + 36*32 + 7)
 
 /* Maximum memory, in bytes, that may be allocated to store a circuit representation */
 #define SECP256K1_BULLETPROOF_MAX_CIRCUIT (1024 * 1024 * 1024)

include/secp256k1_commitment.h

@@ -17,9 +17,6 @@ extern "C" {
  *  however guaranteed to be 33 bytes in size, and can be safely copied/moved.
  *  If you need to convert to a format suitable for storage or transmission, use
  *  secp256k1_pedersen_commitment_serialize and secp256k1_pedersen_commitment_parse.
- *
- *  Furthermore, it is guaranteed to identical signatures will have identical
- *  representation, so they can be memcmp'ed.
  */
 typedef struct {
     unsigned char data[33];
@@ -55,7 +52,7 @@ SECP256K1_API int secp256k1_pedersen_commitment_serialize(
 /** Initialize a context for usage with Pedersen commitments. */
 void secp256k1_pedersen_context_initialize(secp256k1_context* ctx);
 
-/** Generate a pedersen commitment.
+/** Generate a Pedersen commitment.
  *  Returns 1: Commitment successfully created.
  *          0: Error. The blinding factor is larger than the group order
  *             (probability for random 32 byte number < 2^-127) or results in the
@@ -86,7 +83,7 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_pedersen_commit(
  *  In:     ctx:        pointer to a context object (cannot be NULL)
  *          blinds:     pointer to pointers to 32-byte character arrays for blinding factors. (cannot be NULL)
  *          n:          number of factors pointed to by blinds.
- *          npositive:       how many of the initial factors should be treated with a positive sign.
+ *          npositive:  how many of the input factors should be treated with a positive sign.
  *  Out:    blind_out:  pointer to a 32-byte array for the sum (cannot be NULL)
  */
 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_pedersen_blind_sum(
@@ -97,28 +94,28 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_pedersen_blind_sum(
   size_t npositive
 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
 
-/** Verify a tally of pedersen commitments
+/** Verify a tally of Pedersen commitments
  * Returns 1: commitments successfully sum to zero.
  *         0: Commitments do not sum to zero or other error.
- * In:     ctx:        pointer to a context object (cannot be NULL)
- *         commits:    pointer to array of pointers to the commitments. (cannot be NULL if pcnt is non-zero)
- *         pcnt:       number of commitments pointed to by commits.
- *         ncommits:   pointer to array of pointers to the negative commitments. (cannot be NULL if ncnt is non-zero)
- *         ncnt:       number of commitments pointed to by ncommits.
+ * In:     ctx:    pointer to a context object (cannot be NULL)
+ *         pos:    pointer to array of pointers to the commitments. (cannot be NULL if `n_pos` is non-zero)
+ *         n_pos:  number of commitments pointed to by `pos`.
+ *         neg:    pointer to array of pointers to the negative commitments. (cannot be NULL if `n_neg` is non-zero)
+ *         n_neg:  number of commitments pointed to by `neg`.
  *
- * This computes sum(commit[0..pcnt)) - sum(ncommit[0..ncnt)) == 0.
+ * This computes sum(pos[0..n_pos)) - sum(neg[0..n_neg)) == 0.
  *
- * A pedersen commitment is xG + vA where G and A are generators for the secp256k1 group and x is a blinding factor,
+ * A Pedersen commitment is xG + vA where G and A are generators for the secp256k1 group and x is a blinding factor,
  * while v is the committed value. For a collection of commitments to sum to zero, for each distinct generator
  * A all blinding factors and all values must sum to zero.
  *
  */
 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_pedersen_verify_tally(
   const secp256k1_context* ctx,
-  const secp256k1_pedersen_commitment * const* commits,
-  size_t pcnt,
-  const secp256k1_pedersen_commitment * const* ncommits,
-  size_t ncnt
+  const secp256k1_pedersen_commitment * const* pos,
+  size_t n_pos,
+  const secp256k1_pedersen_commitment * const* neg,
+  size_t n_neg
 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4);
 
 /** Sets the final Pedersen blinding factor correctly when the generators themselves

src/modules/commitment/main_impl.h

@@ -108,22 +108,22 @@ int secp256k1_pedersen_blind_sum(const secp256k1_context* ctx, unsigned char *bl
 }
 
 /* Takes two lists of commitments and sums the first set and subtracts the second and verifies that they sum to excess. */
-int secp256k1_pedersen_verify_tally(const secp256k1_context* ctx, const secp256k1_pedersen_commitment * const* commits, size_t pcnt, const secp256k1_pedersen_commitment * const* ncommits, size_t ncnt) {
+int secp256k1_pedersen_verify_tally(const secp256k1_context* ctx, const secp256k1_pedersen_commitment * const* pos, size_t n_pos, const secp256k1_pedersen_commitment * const* neg, size_t n_neg) {
     secp256k1_gej accj;
     secp256k1_ge add;
     size_t i;
     VERIFY_CHECK(ctx != NULL);
-    ARG_CHECK(!pcnt || (commits != NULL));
-    ARG_CHECK(!ncnt || (ncommits != NULL));
+    ARG_CHECK(!n_pos || (pos != NULL));
+    ARG_CHECK(!n_neg || (neg != NULL));
     (void) ctx;
     secp256k1_gej_set_infinity(&accj);
-    for (i = 0; i < ncnt; i++) {
-        secp256k1_pedersen_commitment_load(&add, ncommits[i]);
+    for (i = 0; i < n_pos; i++) {
+        secp256k1_pedersen_commitment_load(&add, neg[i]);
         secp256k1_gej_add_ge_var(&accj, &accj, &add, NULL);
     }
     secp256k1_gej_neg(&accj, &accj);
-    for (i = 0; i < pcnt; i++) {
-        secp256k1_pedersen_commitment_load(&add, commits[i]);
+    for (i = 0; i < n_neg; i++) {
+        secp256k1_pedersen_commitment_load(&add, pos[i]);
         secp256k1_gej_add_ge_var(&accj, &accj, &add, NULL);
     }
     return secp256k1_gej_is_infinity(&accj);