Documentation ¶
Overview ¶
Package kzg provides a KZG commitment scheme.
Index ¶
- Variables
- func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, srs *SRS) error
- func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr.Element, ...) error
- func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr.Element, ...) (OpeningProof, Digest, error)
- func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) error
- type BatchOpeningProof
- type Digest
- type OpeningProof
- type SRS
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidNbDigests = errors.New("number of digests is not the same as the number of polynomials") ErrInvalidPolynomialSize = errors.New("invalid polynomial size (larger than SRS or == 0)") ErrVerifyOpeningProof = errors.New("can't verify opening proof") ErrVerifyBatchOpeningSinglePoint = errors.New("can't verify batch opening proof at single point") ErrMinSRSSize = errors.New("minimum srs size is 2") )
Functions ¶
func BatchVerifyMultiPoints ¶
func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, srs *SRS) error
BatchVerifyMultiPoints batch verifies a list of opening proofs at different points. The purpose of the batching is to have only one pairing for verifying several proofs.
* digests list of committed polynomials * proofs list of opening proofs, one for each digest * points the list of points at which the opening are done
func BatchVerifySinglePoint ¶
func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr.Element, hf hash.Hash, srs *SRS) error
BatchVerifySinglePoint verifies a batched opening proof at a single point of a list of polynomials.
* digests list of digests on which opening proof is done * batchOpeningProof proof of correct opening on the digests
func FoldProof ¶
func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr.Element, hf hash.Hash) (OpeningProof, Digest, error)
FoldProof fold the digests and the proofs in batchOpeningProof using Fiat Shamir to obtain an opening proof at a single point.
* digests list of digests on which batchOpeningProof is based * batchOpeningProof opening proof of digests * returns the folded version of batchOpeningProof, Digest, the folded version of digests
Types ¶
type BatchOpeningProof ¶
type BatchOpeningProof struct { // H quotient polynomial Sum_i gamma**i*(f - f(z))/(x-z) H bls12381.G1Affine // ClaimedValues purported values ClaimedValues []fr.Element }
BatchOpeningProof opening proof for many polynomials at the same point
implements io.ReaderFrom and io.WriterTo
func BatchOpenSinglePoint ¶
func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr.Element, hf hash.Hash, srs *SRS) (BatchOpeningProof, error)
BatchOpenSinglePoint creates a batch opening proof at point of a list of polynomials. It's an interactive protocol, made non interactive using Fiat Shamir.
* point is the point at which the polynomials are opened. * digests is the list of committed polynomials to open, need to derive the challenge using Fiat Shamir. * polynomials is the list of polynomials to open, they are supposed to be of the same size.
type OpeningProof ¶
type OpeningProof struct { // H quotient polynomial (f - f(z))/(x-z) H bls12381.G1Affine // ClaimedValue purported value ClaimedValue fr.Element }
OpeningProof KZG proof for opening at a single point.
implements io.ReaderFrom and io.WriterTo
func Open ¶
Open computes an opening proof of polynomial p at given point. fft.Domain Cardinality must be larger than p.Degree()
type SRS ¶
type SRS struct { G1 []bls12381.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] G2 [2]bls12381.G2Affine // [G₂, [α]G₂ ] }
SRS stores the result of the MPC
func NewSRS ¶
NewSRS returns a new SRS using alpha as randomness source
In production, a SRS generated through MPC should be used.
implements io.ReaderFrom and io.WriterTo