kzg

package
v0.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 29, 2023 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Overview

Package kzg provides a KZG commitment scheme.

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrInvalidNbDigests              = errors.New("number of digests is not the same as the number of polynomials")
	ErrInvalidPolynomialSize         = errors.New("invalid polynomial size (larger than SRS or == 0)")
	ErrVerifyOpeningProof            = errors.New("can't verify opening proof")
	ErrVerifyBatchOpeningSinglePoint = errors.New("can't verify batch opening proof at single point")
	ErrMinSRSSize                    = errors.New("minimum srs size is 2")
)

Functions

func BatchVerifyMultiPoints

func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, srs *SRS) error

BatchVerifyMultiPoints batch verifies a list of opening proofs at different points. The purpose of the batching is to have only one pairing for verifying several proofs.

* digests list of committed polynomials * proofs list of opening proofs, one for each digest * points the list of points at which the opening are done

func BatchVerifySinglePoint

func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr.Element, hf hash.Hash, srs *SRS) error

BatchVerifySinglePoint verifies a batched opening proof at a single point of a list of polynomials.

* digests list of digests on which opening proof is done * batchOpeningProof proof of correct opening on the digests

func FoldProof

func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr.Element, hf hash.Hash) (OpeningProof, Digest, error)

FoldProof fold the digests and the proofs in batchOpeningProof using Fiat Shamir to obtain an opening proof at a single point.

* digests list of digests on which batchOpeningProof is based * batchOpeningProof opening proof of digests * returns the folded version of batchOpeningProof, Digest, the folded version of digests

func Verify

func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) error

Verify verifies a KZG opening proof at a single point

Types

type BatchOpeningProof

type BatchOpeningProof struct {
	// H quotient polynomial Sum_i gamma**i*(f - f(z))/(x-z)
	H bw6633.G1Affine

	// ClaimedValues purported values
	ClaimedValues []fr.Element
}

BatchOpeningProof opening proof for many polynomials at the same point

implements io.ReaderFrom and io.WriterTo

func BatchOpenSinglePoint

func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr.Element, hf hash.Hash, srs *SRS) (BatchOpeningProof, error)

BatchOpenSinglePoint creates a batch opening proof at point of a list of polynomials. It's an interactive protocol, made non interactive using Fiat Shamir.

* point is the point at which the polynomials are opened. * digests is the list of committed polynomials to open, need to derive the challenge using Fiat Shamir. * polynomials is the list of polynomials to open, they are supposed to be of the same size.

func (*BatchOpeningProof) ReadFrom

func (proof *BatchOpeningProof) ReadFrom(r io.Reader) (int64, error)

ReadFrom decodes BatchOpeningProof data from reader.

func (*BatchOpeningProof) WriteTo

func (proof *BatchOpeningProof) WriteTo(w io.Writer) (int64, error)

WriteTo writes binary encoding of a BatchOpeningProof

type Digest

type Digest = bw6633.G1Affine

Digest commitment of a polynomial.

func Commit

func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error)

Commit commits to a polynomial using a multi exponentiation with the SRS. It is assumed that the polynomial is in canonical form, in Montgomery form.

type OpeningProof

type OpeningProof struct {
	// H quotient polynomial (f - f(z))/(x-z)
	H bw6633.G1Affine

	// ClaimedValue purported value
	ClaimedValue fr.Element
}

OpeningProof KZG proof for opening at a single point.

implements io.ReaderFrom and io.WriterTo

func Open

func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error)

Open computes an opening proof of polynomial p at given point. fft.Domain Cardinality must be larger than p.Degree()

func (*OpeningProof) ReadFrom

func (proof *OpeningProof) ReadFrom(r io.Reader) (int64, error)

ReadFrom decodes OpeningProof data from reader.

func (*OpeningProof) WriteTo

func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error)

WriteTo writes binary encoding of a OpeningProof

type SRS

type SRS struct {
	G1 []bw6633.G1Affine  // [G₁ [α]G₁ , [α²]G₁, ... ]
	G2 [2]bw6633.G2Affine // [G₂, [α]G₂ ]
}

SRS stores the result of the MPC

func NewSRS

func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error)

NewSRS returns a new SRS using alpha as randomness source

In production, a SRS generated through MPC should be used.

implements io.ReaderFrom and io.WriterTo

func (*SRS) ReadFrom

func (srs *SRS) ReadFrom(r io.Reader) (int64, error)

ReadFrom decodes SRS data from reader.

func (*SRS) WriteTo

func (srs *SRS) WriteTo(w io.Writer) (int64, error)

WriteTo writes binary encoding of the SRS

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL