Documentation ¶
Overview ¶
Package kzg provides a KZG commitment scheme.
Index ¶
- Variables
- func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, srs *SRS) error
- func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningProof, hf hash.Hash, srs *SRS) error
- func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, hf hash.Hash) (OpeningProof, Digest, error)
- func Verify(commitment *Digest, proof *OpeningProof, srs *SRS) error
- type BatchOpeningProof
- type Digest
- type OpeningProof
- type SRS
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidNbDigests = errors.New("number of digests is not the same as the number of polynomials") ErrInvalidPolynomialSize = errors.New("invalid polynomial size (larger than SRS or == 0)") ErrVerifyOpeningProof = errors.New("can't verify opening proof") ErrVerifyBatchOpeningSinglePoint = errors.New("can't verify batch opening proof at single point") ErrInvalidDomain = errors.New("domain cardinality is smaller than polynomial degree") ErrMinSRSSize = errors.New("minimum srs size is 2") )
Functions ¶
func BatchVerifyMultiPoints ¶
func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, srs *SRS) error
BatchVerifyMultiPoints batch verifies a list of opening proofs at different points. The purpose of the batching is to have only one pairing for verifying several proofs.
* digests list of committed polynomials which are opened * proofs list of opening proofs of the digest
func BatchVerifySinglePoint ¶
func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningProof, hf hash.Hash, srs *SRS) error
BatchVerifySinglePoint verifies a batched opening proof at a single point of a list of polynomials.
* digests list of digests on which opening proof is done * batchOpeningProof proof of correct opening on the digests
func FoldProof ¶
func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, hf hash.Hash) (OpeningProof, Digest, error)
FoldProof fold the digests and the proofs in batchOpeningProof using Fiat Shamir to obtain an opening proof at a single point.
* digests list of digests on which batchOpeningProof is based * batchOpeningProof opening proof of digests * returns the folded version of batchOpeningProof, Digest, the folded version of digests
Types ¶
type BatchOpeningProof ¶
type BatchOpeningProof struct { // H quotient polynomial Sum_i gamma**i*(f - f(z))/(x-z) H bls12381.G1Affine // Point at which the polynomials are evaluated Point fr.Element // ClaimedValues purported values ClaimedValues []fr.Element }
BatchOpeningProof opening proof for many polynomials at the same point
implements io.ReaderFrom and io.WriterTo
func BatchOpenSinglePoint ¶
func BatchOpenSinglePoint(polynomials []polynomial.Polynomial, digests []Digest, point *fr.Element, hf hash.Hash, domain *fft.Domain, srs *SRS) (BatchOpeningProof, error)
BatchOpenSinglePoint creates a batch opening proof at _val of a list of polynomials. It's an interactive protocol, made non interactive using Fiat Shamir. point is the point at which the polynomials are opened. digests is the list of committed polynomials to open, need to derive the challenge using Fiat Shamir. polynomials is the list of polynomials to open.
type Digest ¶
type Digest = bls12381.G1Affine
Digest commitment of a polynomial.
func Commit ¶
func Commit(p polynomial.Polynomial, srs *SRS, nbTasks ...int) (Digest, error)
Commit commits to a polynomial using a multi exponentiation with the SRS. It is assumed that the polynomial is in canonical form, in Montgomery form.
type OpeningProof ¶
type OpeningProof struct { // H quotient polynomial (f - f(z))/(x-z) H bls12381.G1Affine // Point at which the polynomial is evaluated Point fr.Element // ClaimedValue purported value ClaimedValue fr.Element }
OpeningProof KZG proof for opening at a single point.
implements io.ReaderFrom and io.WriterTo
func Open ¶
func Open(p polynomial.Polynomial, point *fr.Element, domain *fft.Domain, srs *SRS) (OpeningProof, error)
Open computes an opening proof of polynomial p at given point. fft.Domain Cardinality must be larger than p.Degree()
type SRS ¶
type SRS struct { G1 []bls12381.G1Affine // [gen [alpha]gen , [alpha**2]gen, ... ] G2 [2]bls12381.G2Affine // [gen, [alpha]gen ] }
SRS stores the result of the MPC
func NewSRS ¶
NewSRS returns a new SRS using alpha as randomness source
In production, a SRS generated through MPC should be used.
implements io.ReaderFrom and io.WriterTo