Don't short circuit the test

src/lib.rs

@@ -20,9 +20,6 @@ use std::ops::{Add, Mul, Sub};
 /// * Correctness: Valid tags constructed for a specific public key will always validate when tested using the detection key
 /// * Fuzziness: Invalid tags will produce false positives with probability _p_ related to the security property (_γ_)
 /// * Security: An adversarial server with access to the detection key is unable to distinguish false positives from true positives. (Detection Ambiguity)
-
-
-
 #[derive(Debug)]
 pub struct FuzzyMetaTag {
     u: RistrettoPoint,
@@ -52,6 +49,7 @@ impl FuzzyMetaDetectionKey {
         let w = g.mul(m).add(tag.u.mul(tag.y));
 
         // for each secret key part...
+        let mut result = true;
         for (i, x_i) in self.0.iter().enumerate() {
             // re-derive the key from the tag
             let k_i = FuzzyMetaTagKeyPair::h(tag.u, tag.u.mul(x_i), w);
@@ -61,13 +59,13 @@ impl FuzzyMetaDetectionKey {
                 true => 0x01,
                 false => 0x00,
             };
+
             let b_i = k_i ^ c_i;
-            // if these don't match then return false
-            if b_i != 1 {
-                return false;
-            }
+
+            // assert that the plaintext is all 1's
+            result = result & (b_i == 1);
         }
-        return true;
+        return result;
     }
 }
 
@@ -90,6 +88,7 @@ impl FuzzyMetaPublicKey {
         let mut ciphertexts = BitVec::new();
         for (_i, h_i) in self.0.iter().enumerate() {
             let k_i = FuzzyMetaTagKeyPair::h(u, h_i.mul(r), w);
+            // encrypt a plaintext of all 1's
             let c_i = k_i ^ 0x01;
             ciphertexts.push(c_i == 0x01);
         }