Clarify commentary on the BatchVerifiers

kayabaNerve · Jan 6, 2025 · 5b2b6c2 · 5b2b6c2
1 parent abca01f
commit 5b2b6c2
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 1 deletion.
diff --git a/crypto/fcmps/src/lib.rs b/crypto/fcmps/src/lib.rs
@@ -761,7 +761,9 @@ where
   /// the amount of layers, the specified amount of layers must be checked to be equal to the
   /// actual amount of layers.
   ///
-  /// If this function returns an error, the batch verifiers are corrupted and must be discarded.
+  /// This only queues the FCMP for batch verification. The BatchVerifiers MUST also be verified.
+  ///
+  /// If this function returns an error, the batch verifiers are corrupted and MUST be discarded.
   // This may be collision resistant regardless of layer count thanks to the expected usage of a
   // distinct curve for the leaves, yet the layer count is cheap to check and avoids the question.
   #[allow(clippy::too_many_arguments)]

diff --git a/crypto/generalized-bulletproofs/src/arithmetic_circuit_proof.rs b/crypto/generalized-bulletproofs/src/arithmetic_circuit_proof.rs
@@ -495,6 +495,11 @@ impl<'a, C: Ciphersuite> ArithmeticCircuitStatement<'a, C> {
   }
 
   /// Verify a proof for this statement.
+  ///
+  /// This solely queues the statement for batch verification. The resulting BatchVerifier MUST
+  /// still be verified.
+  ///
+  /// If this proof returns an error, the BatchVerifier MUST be assumed corrupted and discarded.
   pub fn verify<R: RngCore + CryptoRng>(
     self,
     rng: &mut R,

diff --git a/crypto/generalized-bulletproofs/src/inner_product.rs b/crypto/generalized-bulletproofs/src/inner_product.rs
@@ -271,6 +271,8 @@ impl<'a, C: Ciphersuite> IpStatement<'a, C> {
   /// This will return Err if there is an error. This will return Ok if the proof was successfully
   /// queued for batch verification. The caller is required to verify the batch in order to ensure
   /// the proof is actually correct.
+  ///
+  /// If this proof returns an error, the BatchVerifier MUST be assumed corrupted and discarded.
   pub(crate) fn verify(
     self,
     verifier: &mut BatchVerifier<C>,

diff --git a/networks/monero/ringct/fcmp++/src/lib.rs b/networks/monero/ringct/fcmp++/src/lib.rs
@@ -311,6 +311,11 @@ impl FcmpPlusPlus {
   ///
   /// `signable_tx_hash` must be binding to the transaction prefix, the RingCT base, and the
   /// pseudo-outs.
+  ///
+  /// This only queues the proofs for batch verification. The BatchVerifiers MUST also be verified.
+  ///
+  /// If this function returns an error, the BatchVerifiers MUST be considered corrupted and
+  /// discarded.
   #[allow(clippy::too_many_arguments)]
   pub fn verify(
     &self,

diff --git a/networks/monero/ringct/fcmp++/src/sal/mod.rs b/networks/monero/ringct/fcmp++/src/sal/mod.rs
@@ -253,6 +253,11 @@ impl SpendAuthAndLinkability {
   }
 
   /// Verify a Spend-Authorization and Linkability proof.
+  ///
+  /// This only queues the proof for batch verification. The BatchVerifier MUST also be verified.
+  ///
+  /// If this function returns an error, the BatchVerifier MUST be considered corrupted and
+  /// discarded.
   #[allow(clippy::result_unit_err)]
   pub fn verify(
     &self,