From 8cbcd7739c9911b183aa5e93e26ef832099d1870 Mon Sep 17 00:00:00 2001
From: Sean Bowe <ewillbefull@gmail.com>
Date: Mon, 5 Mar 2018 15:12:51 -0700
Subject: [PATCH] Rename into_bits and into_bits_strict to signify endianness.

---
 src/circuit/ecc.rs |  4 ++--
 src/circuit/mod.rs |  8 +++++---
 src/circuit/num.rs | 10 +++++-----
 3 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/src/circuit/ecc.rs b/src/circuit/ecc.rs
index 3e84ede..07640cd 100644
--- a/src/circuit/ecc.rs
+++ b/src/circuit/ecc.rs
@@ -105,11 +105,11 @@ impl<E: JubjubEngine> EdwardsPoint<E> {
     {
         let mut tmp = vec![];
 
-        let x = self.x.into_bits_strict(
+        let x = self.x.into_bits_le_strict(
             cs.namespace(|| "unpack x")
         )?;
 
-        let y = self.y.into_bits_strict(
+        let y = self.y.into_bits_le_strict(
             cs.namespace(|| "unpack y")
         )?;
 
diff --git a/src/circuit/mod.rs b/src/circuit/mod.rs
index 8058d02..1d0bc7b 100644
--- a/src/circuit/mod.rs
+++ b/src/circuit/mod.rs
@@ -250,10 +250,12 @@ impl<'a, E: JubjubEngine> Circuit<E> for Spend<'a, E> {
             )?;
 
             // We don't need to be strict, because the function is
-            // collision-resistant.
+            // collision-resistant. If the prover witnesses a congruency,
+            // they will be unable to find an authentication path in the
+            // tree with high probability.
             let mut preimage = vec![];
-            preimage.extend(xl.into_bits(cs.namespace(|| "xl into bits"))?);
-            preimage.extend(xr.into_bits(cs.namespace(|| "xr into bits"))?);
+            preimage.extend(xl.into_bits_le(cs.namespace(|| "xl into bits"))?);
+            preimage.extend(xr.into_bits_le(cs.namespace(|| "xr into bits"))?);
 
             cur = pedersen_hash::pedersen_hash(
                 cs.namespace(|| "computation of pedersen hash"),
diff --git a/src/circuit/num.rs b/src/circuit/num.rs
index 1325e90..35b12da 100644
--- a/src/circuit/num.rs
+++ b/src/circuit/num.rs
@@ -88,7 +88,7 @@ impl<E: Engine> AllocatedNum<E> {
     /// order, requiring that the representation
     /// strictly exists "in the field" (i.e., a
     /// congruency is not allowed.)
-    pub fn into_bits_strict<CS>(
+    pub fn into_bits_le_strict<CS>(
         &self,
         mut cs: CS
     ) -> Result<Vec<Boolean>, SynthesisError>
@@ -220,7 +220,7 @@ impl<E: Engine> AllocatedNum<E> {
     /// Convert the allocated number into its little-endian representation.
     /// Note that this does not strongly enforce that the commitment is
     /// "in the field."
-    pub fn into_bits<CS>(
+    pub fn into_bits_le<CS>(
         &self,
         mut cs: CS
     ) -> Result<Vec<Boolean>, SynthesisError>
@@ -565,7 +565,7 @@ mod test {
         let mut cs = TestConstraintSystem::<Bls12>::new();
 
         let n = AllocatedNum::alloc(&mut cs, || Ok(negone)).unwrap();
-        n.into_bits_strict(&mut cs).unwrap();
+        n.into_bits_le_strict(&mut cs).unwrap();
 
         assert!(cs.is_satisfied());
 
@@ -587,9 +587,9 @@ mod test {
             let n = AllocatedNum::alloc(&mut cs, || Ok(r)).unwrap();
 
             let bits = if i % 2 == 0 {
-                n.into_bits(&mut cs).unwrap()
+                n.into_bits_le(&mut cs).unwrap()
             } else {
-                n.into_bits_strict(&mut cs).unwrap()
+                n.into_bits_le_strict(&mut cs).unwrap()
             };
 
             assert!(cs.is_satisfied());