kzg

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 23, 2021 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package kzg provides a KZG commitment scheme.

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrInvalidNbDigests              = errors.New("number of digests is not the same as the number of polynomials")
	ErrInvalidPolynomialSize         = errors.New("invalid polynomial size (larger than SRS or == 0)")
	ErrVerifyOpeningProof            = errors.New("can't verify opening proof")
	ErrVerifyBatchOpeningSinglePoint = errors.New("can't verify batch opening proof at single point")
	ErrInvalidDomain                 = errors.New("domain cardinality is smaller than polynomial degree")
	ErrMinSRSSize                    = errors.New("minimum srs size is 2")
)

Functions

func BatchVerifyMultiPoints

func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, srs *SRS) error

BatchVerifyMultiPoints batch verifies a list of opening proofs at different points. The purpose of the batching is to have only one pairing for verifying several proofs.

* digests list of committed polynomials which are opened * proofs list of opening proofs of the digest

func BatchVerifySinglePoint

func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningProof, hf hash.Hash, srs *SRS) error

BatchVerifySinglePoint verifies a batched opening proof at a single point of a list of polynomials.

* digests list of digests on which opening proof is done * batchOpeningProof proof of correct opening on the digests

func FoldProof

func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, hf hash.Hash) (OpeningProof, Digest, error)

FoldProof fold the digests and the proofs in batchOpeningProof using Fiat Shamir to obtain an opening proof at a single point.

* digests list of digests on which batchOpeningProof is based * batchOpeningProof opening proof of digests * returns the folded version of batchOpeningProof, Digest, the folded version of digests

func Verify

func Verify(commitment *Digest, proof *OpeningProof, srs *SRS) error

Verify verifies a KZG opening proof at a single point

Types

type BatchOpeningProof

type BatchOpeningProof struct {
	// H quotient polynomial Sum_i gamma**i*(f - f(z))/(x-z)
	H bls12381.G1Affine

	// Point at which the polynomials are evaluated
	Point fr.Element

	// ClaimedValues purported values
	ClaimedValues []fr.Element
}

BatchOpeningProof opening proof for many polynomials at the same point

implements io.ReaderFrom and io.WriterTo

func BatchOpenSinglePoint

func BatchOpenSinglePoint(polynomials []polynomial.Polynomial, digests []Digest, point *fr.Element, hf hash.Hash, domain *fft.Domain, srs *SRS) (BatchOpeningProof, error)

BatchOpenSinglePoint creates a batch opening proof at _val of a list of polynomials. It's an interactive protocol, made non interactive using Fiat Shamir. point is the point at which the polynomials are opened. digests is the list of committed polynomials to open, need to derive the challenge using Fiat Shamir. polynomials is the list of polynomials to open.

func (*BatchOpeningProof) ReadFrom

func (proof *BatchOpeningProof) ReadFrom(r io.Reader) (int64, error)

ReadFrom decodes BatchOpeningProof data from reader.

func (*BatchOpeningProof) WriteTo

func (proof *BatchOpeningProof) WriteTo(w io.Writer) (int64, error)

WriteTo writes binary encoding of a BatchOpeningProof

type Digest

type Digest = bls12381.G1Affine

Digest commitment of a polynomial.

func Commit

func Commit(p polynomial.Polynomial, srs *SRS, nbTasks ...int) (Digest, error)

Commit commits to a polynomial using a multi exponentiation with the SRS. It is assumed that the polynomial is in canonical form, in Montgomery form.

type OpeningProof

type OpeningProof struct {
	// H quotient polynomial (f - f(z))/(x-z)
	H bls12381.G1Affine

	// Point at which the polynomial is evaluated
	Point fr.Element

	// ClaimedValue purported value
	ClaimedValue fr.Element
}

OpeningProof KZG proof for opening at a single point.

implements io.ReaderFrom and io.WriterTo

func Open

func Open(p polynomial.Polynomial, point *fr.Element, domain *fft.Domain, srs *SRS) (OpeningProof, error)

Open computes an opening proof of polynomial p at given point. fft.Domain Cardinality must be larger than p.Degree()

func (*OpeningProof) ReadFrom

func (proof *OpeningProof) ReadFrom(r io.Reader) (int64, error)

ReadFrom decodes OpeningProof data from reader.

func (*OpeningProof) WriteTo

func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error)

WriteTo writes binary encoding of a OpeningProof

type SRS

type SRS struct {
	G1 []bls12381.G1Affine  // [gen [alpha]gen , [alpha**2]gen, ... ]
	G2 [2]bls12381.G2Affine // [gen, [alpha]gen ]
}

SRS stores the result of the MPC

func NewSRS

func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error)

NewSRS returns a new SRS using alpha as randomness source

In production, a SRS generated through MPC should be used.

implements io.ReaderFrom and io.WriterTo

func (*SRS) ReadFrom

func (srs *SRS) ReadFrom(r io.Reader) (int64, error)

ReadFrom decodes SRS data from reader.

func (*SRS) WriteTo

func (srs *SRS) WriteTo(w io.Writer) (int64, error)

WriteTo writes binary encoding of the SRS

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL