-
Notifications
You must be signed in to change notification settings - Fork 5
/
prove.go
111 lines (94 loc) · 3.69 KB
/
prove.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
package gokzg4844
import (
"github.com/crate-crypto/go-kzg-4844/internal/kzg"
)
// BlobToKZGCommitment implements [blob_to_kzg_commitment].
//
// numGoRoutines is used to configure the amount of concurrency needed. Setting this
// value to a negative number or 0 will make it default to the number of CPUs.
//
// [blob_to_kzg_commitment]: https://github.com/ethereum/consensus-specs/blob/017a8495f7671f5fff2075a9bfc9238c1a0982f8/specs/deneb/polynomial-commitments.md#blob_to_kzg_commitment
func (c *Context) BlobToKZGCommitment(blob *Blob, numGoRoutines int) (KZGCommitment, error) {
// 1. Deserialization
//
// Deserialize blob into polynomial
polynomial, err := DeserializeBlob(blob)
if err != nil {
return KZGCommitment{}, err
}
// 2. Commit to polynomial
commitment, err := kzg.Commit(polynomial, c.commitKey, numGoRoutines)
if err != nil {
return KZGCommitment{}, err
}
// 3. Serialization
//
// Serialize commitment
serComm := SerializeG1Point(*commitment)
return KZGCommitment(serComm), nil
}
// ComputeBlobKZGProof implements [compute_blob_kzg_proof]. It takes a blob and returns the KZG proof that is used to
// verify it against the given KZG commitment at a random point.
//
// Note: This method does not check that the commitment corresponds to the `blob`. The method does still check that the
// commitment is a valid commitment. One should check this externally or call [Context.BlobToKZGCommitment].
//
// numGoRoutines is used to configure the amount of concurrency needed. Setting this
// value to a negative number or 0 will make it default to the number of CPUs.
//
// [compute_blob_kzg_proof]: https://github.com/ethereum/consensus-specs/blob/017a8495f7671f5fff2075a9bfc9238c1a0982f8/specs/deneb/polynomial-commitments.md#compute_blob_kzg_proof
func (c *Context) ComputeBlobKZGProof(blob *Blob, blobCommitment KZGCommitment, numGoRoutines int) (KZGProof, error) {
// 1. Deserialization
//
polynomial, err := DeserializeBlob(blob)
if err != nil {
return KZGProof{}, err
}
// Deserialize commitment
//
// We only do this to check if it is in the correct subgroup
_, err = DeserializeKZGCommitment(blobCommitment)
if err != nil {
return KZGProof{}, err
}
// 2. Compute Fiat-Shamir challenge
evaluationChallenge := computeChallenge(blob, blobCommitment)
// 3. Create opening proof
openingProof, err := kzg.Open(c.domain, polynomial, evaluationChallenge, c.commitKey, numGoRoutines)
if err != nil {
return KZGProof{}, err
}
// 4. Serialization
//
// Quotient commitment
kzgProof := SerializeG1Point(openingProof.QuotientCommitment)
return KZGProof(kzgProof), nil
}
// ComputeKZGProof implements [compute_kzg_proof].
//
// numGoRoutines is used to configure the amount of concurrency needed. Setting this
// value to a negative number or 0 will make it default to the number of CPUs.
//
// [compute_kzg_proof]: https://github.com/ethereum/consensus-specs/blob/017a8495f7671f5fff2075a9bfc9238c1a0982f8/specs/deneb/polynomial-commitments.md#compute_kzg_proof
func (c *Context) ComputeKZGProof(blob *Blob, inputPointBytes Scalar, numGoRoutines int) (KZGProof, Scalar, error) {
// 1. Deserialization
//
polynomial, err := DeserializeBlob(blob)
if err != nil {
return KZGProof{}, [32]byte{}, err
}
inputPoint, err := DeserializeScalar(inputPointBytes)
if err != nil {
return KZGProof{}, [32]byte{}, err
}
// 2. Create opening proof
openingProof, err := kzg.Open(c.domain, polynomial, inputPoint, c.commitKey, numGoRoutines)
if err != nil {
return KZGProof{}, [32]byte{}, err
}
// 3. Serialization
//
kzgProof := SerializeG1Point(openingProof.QuotientCommitment)
claimedValueBytes := SerializeScalar(openingProof.ClaimedValue)
return KZGProof(kzgProof), claimedValueBytes, nil
}