Bundle M into shuffle proof

[dapplion]

From a consumer point of view, the permutation commitment and shuffle proof and produced, transported and verified together. It adds less overhead to bundle M into the shuffle proof black box for easier implementations downstream

[asn-d6]

Hmm, I have mixed feelings about this PR. On one hand, I definitely see how it's convenient, but on the other hand I think it modifies curdleproofs in an undocumented way. If we wanted to go this way, I think we should very clearly document why M is moved to the shuffle proof and also change the curdleproofs paper to reflect that. Also, I'm not a huge fan of how it makes curdleproofs less useful as a generic shuffle proof system by removing the usefulness of M.

Here is another approach:

Define a new structure WhiskProof which contains a CurdleproofsProof and anything else useful for Whisk (i.e. M). Then clients can work with WhiskProof and whisk.rs can translate between WhiskProof and CurdleproofsProof.

This way we keep the curdleproofs code closer to the original ZK protocol, but we also provide convenient methods for clients as part of whisk.rs. At some point in the future, we might want to reflect this approach more clearly in the codebase of curdleproofs as well.

Do you think this is a sensible approach? Would it work for you?

[dapplion]

Yes makes much more sense, thanks for the suggestion!

• Closing for Bundle M into ShuffleProof wrapper #11