Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidNumDigests = errors.New("number of digests is not the same as the number of polynomials") ErrInvalidPolynomialSize = errors.New("invalid polynomial size (larger than SRS or == 0)") ErrVerifyOpeningProof = errors.New("can't verify opening proof") ErrPolynomialMismatchedSizeDomain = errors.New("domain size does not equal the number of evaluations in the polynomial") ErrMinSRSSize = errors.New("minimum srs size is 2") )
Functions ¶
func BatchVerifyMultiPoints ¶
func BatchVerifyMultiPoints(commitments []Commitment, proofs []OpeningProof, openKey *OpeningKey) error
BatchVerifyMultiPoints verifies multiple KZG proofs in a batch. See verify_kzg_proof_batch.
- This method is more efficient than calling Verify multiple times.
- Randomness is used to combine multiple proofs into one.
Modified from gnark-crypto.
func Verify ¶
func Verify(commitment *Commitment, proof *OpeningProof, openKey *OpeningKey) error
Verify a single KZG proof. See verify_kzg_proof_impl. Returns `nil` if verification was successful, an error otherwise. If verification failed due to the pairings check it will return ErrVerifyOpeningProof.
Note: We could make this method faster by storing pre-computations for the generators in G1 and G2 as we only do scalar multiplications with those in this method.
Modified from gnark-crypto.
Types ¶
type CommitKey ¶
type CommitKey struct { // These are the G1 elements from the trusted setup. // In the specs this is denoted as `KZG_SETUP_G1` before // we processed it with `ifftG1`. Once we compute `ifftG1` // then this list is denoted as `KZG_SETUP_LAGRANGE` in the specs. G1 []bls12381.G1Affine }
CommitKey holds the data needed to commit to polynomials and by proxy make opening proofs TODO: We currently use this for both monomial and lagrange form points. TODO: consider using two types
func (*CommitKey) Commit ¶
func (c *CommitKey) Commit(p Polynomial, numGoRoutines int) (*Commitment, error)
Commit commits to a polynomial using a multi exponentiation with the Commitment key.
numGoRoutines is used to configure the amount of concurrency needed. Setting this value to a negative number or 0 will make it default to the number of CPUs.
func (*CommitKey) ReversePoints ¶
func (c *CommitKey) ReversePoints()
ReversePoints applies the bit reversal permutation to the G1 points stored inside the CommitKey c.
type Commitment ¶
A commitment to a polynomial Excluding tests, this will be produced by committing to a polynomial in lagrange form
type OpeningKey ¶
type OpeningKey struct { // This is the degree-0 G_1 element in the trusted setup. // In the specs, this is denoted as `KZG_SETUP_G1[0]` GenG1 bls12381.G1Affine // This is the degree-0 G_2 element in the trusted setup. // In the specs, this is denoted as `KZG_SETUP_G2[0]` GenG2 bls12381.G2Affine // This is the degree-1 G_2 element in the trusted setup. // In the specs, this is denoted as `KZG_SETUP_G2[1]` AlphaG2 bls12381.G2Affine }
OpeningKey is the key used to verify opening proofs
type OpeningProof ¶
type OpeningProof struct { // Commitment to quotient polynomial (f(X) - f(z))/(X-z) QuotientCommitment bls12381.G1Affine // Point that we are evaluating the polynomial at : `z` InputPoint fr.Element // ClaimedValue purported value : `f(z)` ClaimedValue fr.Element }
OpeningProof is a struct holding a (cryptographic) proof to the claim that a polynomial f(X) (represented by a commitment to it) evaluates at a point `z` to `f(z)`.
func Open ¶
func Open(domain *domain.Domain, p Polynomial, evaluationPoint fr.Element, ck *CommitKey, numGoRoutines int) (OpeningProof, error)
Open verifies that a polynomial f(x) when evaluated at a point `z` is equal to `f(z)`
numGoRoutines is used to configure the amount of concurrency needed. Setting this value to a negative number or 0 will make it default to the number of CPUs.
type Polynomial ¶
A polynomial in lagrange form
Note: This is intentionally not in the `poly` package as all methods, we want to do on the lagrange form as `kzg` related.
type SRS ¶
type SRS struct { CommitKey CommitKey OpeningKey OpeningKey }
SRS holds the structured reference string (SRS) for making and verifying KZG proofs
This codebase is only concerned with polynomials in Lagrange form, so we only expose methods to create the SRS in Lagrange form
The monomial SRS methods are solely used for testing.