Fix documentation

examples/bulletproof.rs

@@ -1,3 +1,13 @@
+//! This is the example of a zk proof that is relatively complex,
+//! with non-constant rounds, where the implementor wanted to get the job
+//! done without caring too much about which hash function to be used.
+//!
+//! Bulletproofs allow to prove that a vector commitment has the following form
+//!
+//! $$
+//! C = \langle a, G \rangle + \langle b, H \rangle + \langle a, b \rangle U
+//! $$
+
 use ark_ec::PrimeGroup;
 use ark_ec::{AffineRepr, CurveGroup, VariableBaseMSM};
 use ark_ff::Field;
@@ -14,11 +24,9 @@ trait BulletproofIOPattern<G: CurveGroup> {
     fn add_bulletproof(self, len: usize) -> Self;
 }
 
-impl<G, H> BulletproofIOPattern<G> for IOPattern<H>
+impl<G> BulletproofIOPattern<G> for IOPattern
 where
-    G: CurveGroup,
-    H: DuplexHash,
-    IOPattern<H>: GroupIOPattern<G> + FieldIOPattern<G::ScalarField>,
+    G: CurveGroup, IOPattern: GroupIOPattern<G> + FieldIOPattern<G::ScalarField>,
 {
     /// The IO of the bulletproof statement
     fn bulletproof_statement(self) -> Self {
@@ -103,12 +111,9 @@ where
 
     while n != 1 {
         let [left, right]: [G; 2] = merlin.next_points().unwrap();
-
         n /= 2;
-
         let (g_left, g_right) = g.split_at(n);
         let (h_left, h_right) = h.split_at(n);
-
         let [x]: [G::ScalarField; 1] = merlin.challenge_scalars().unwrap();
         let x_inv = x.inverse().expect("You just won the lottery!");
 

src/hash/keccak.rs

@@ -1,5 +1,5 @@
 //! **Warning**: this function is not SHA3.
-//! Despite internally we use the same permutation,
+//! Despite internally we use the same permutation function,
 //! we build a duplex sponge in overwrite mode
 //! on the top of it using the `DuplexSponge` trait.
 use super::sponge::{DuplexSponge, Sponge};

src/hash/mod.rs

@@ -44,7 +44,7 @@ where
     U: Unit,
 {
     /// Initializes a new sponge, setting up the state.
-    fn new(tag: [u8; 32]) -> Self;
+    fn new(iv: [u8; 32]) -> Self;
 
     /// Absorbs new elements in the sponge.
     fn absorb_unchecked(&mut self, input: &[U]) -> &mut Self;

src/lib.rs

@@ -15,7 +15,7 @@
 //! To build a secure Fiat-Shamir transform, the minimal requirement is a permutation function over some field,
 //! be it $\mathbb{F}_{2^8}$ or any large-characteristic prime field $\mathbb{F}_p$.
 //! - **Retro-compatibility** with MD hashes.
-//! We have a legacy interface for [`sha2`], [`blake2`], and any hash function that satisfies the [`digest::Digest`] trait.
+//! We have a legacy interface for `sha2`, `blake2`, and any hash function that satisfies the [`digest::Digest`] trait.
 //! - **Preprocessing**.
 //! In recursive SNARKs, minimizing the number of hash invocations
 //! while maintaining security is crucial. We offer tools for preprocessing the Transcript (i.e., the state of the Fiat-Shamir transform) to achieve this goal.
@@ -44,12 +44,12 @@
 //! use nimue::IOPattern;
 //! use nimue::hash::Keccak;
 //!
-//! let io = IOPattern::<Keccak>::new("a domain separator")
+//! let io = IOPattern::<Keccak>::new("👩‍💻🥷🏻👨‍💻 building 🔐🔒🗝️")
 //!         // this indicates the prover is sending 10 elements (bytes)
 //!         .absorb(10, "first")
 //!         // this indicates the verifier is sending 10 elements (bytes)
 //!         .squeeze(10, "second");
-//! assert_eq!(io.as_bytes(), b"a domain separator\0A10first\0S10second")
+//! assert_eq!(io.as_bytes(), "👩‍💻🥷🏻👨‍💻 building 🔐🔒🗝️\0A10first\0S10second".as_bytes())
 //! ```
 //! An [`IOPattern`] is a UTF8-encoded string wrapper. Absorptions are denoted as `format!(A{}, length)` and
 //! squeezes as `format!(S{}, length)`. A label is added at the end of the string, meant to describe the *type* and

src/plugins/ark/anemoi.rs

@@ -37,9 +37,9 @@ impl Sponge
 
     const RATE: usize = _AnemoiBls12_381_2_1::RATE;
 
-    fn new(tag: [u8; 32]) -> Self {
+    fn new(iv: [u8; 32]) -> Self {
         let mut state = Self::default();
-        state[RATE] = anemoi::bls12_381::Felt::from_le_bytes_mod_order(&tag);
+        state[RATE] = anemoi::bls12_381::Felt::from_le_bytes_mod_order(&iv);
         state
     }