Skip to content

Commit

Permalink
rename opening_key to verification_key (#285)
Browse files Browse the repository at this point in the history
  • Loading branch information
@kevaundray
kevaundray authored Sep 26, 2024
1 parent afccc42 commit a3d89c6
Show file tree
Hide file tree
Showing 9 changed files with 71 additions and 61 deletions.
12 changes: 6 additions & 6 deletions cryptography/kzg_multi_open/benches/benchmark.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,14 @@ use bls12_381::{ff::Field, G1Projective};
use bls12_381::{g1_batch_normalize, g2_batch_normalize, G2Projective, Scalar};
use crate_crypto_kzg_multi_open_fk20::Verifier;
use crate_crypto_kzg_multi_open_fk20::{
commit_key::CommitKey, opening_key::OpeningKey, Prover, ProverInput,
commit_key::CommitKey, verification_key::VerificationKey, Prover, ProverInput,
};
use criterion::{criterion_group, criterion_main, Criterion};

pub fn bench_compute_proof_fk20(c: &mut Criterion) {
const POLYNOMIAL_LEN: usize = 4096;
let polynomial_4096 = random_scalars(POLYNOMIAL_LEN);
let (ck, _) = create_insecure_commit_opening_keys();
let (ck, _) = create_insecure_commit_verification_keys();
const NUMBER_OF_POINTS_TO_EVALUATE: usize = 2 * POLYNOMIAL_LEN;

const NUMBER_OF_POINTS_PER_PROOF: usize = 64;
Expand Down Expand Up @@ -40,7 +40,7 @@ pub fn bench_compute_proof_fk20(c: &mut Criterion) {
pub fn bench_verify_proof_fk20(c: &mut Criterion) {
const POLYNOMIAL_LEN: usize = 4096;
let polynomial_4096 = random_scalars(POLYNOMIAL_LEN);
let (ck, vk) = create_insecure_commit_opening_keys();
let (ck, vk) = create_insecure_commit_verification_keys();
const NUMBER_OF_POINTS_TO_EVALUATE: usize = 2 * POLYNOMIAL_LEN;

const NUMBER_OF_POINTS_PER_PROOF: usize = 64;
Expand Down Expand Up @@ -89,7 +89,7 @@ fn random_scalars(size: usize) -> Vec<Scalar> {
// We duplicate this to ensure that the version in the src code is only ever compiled with the test feature.
//
// This code should never be used outside of benchmarks and tests.
pub fn create_insecure_commit_opening_keys() -> (CommitKey, OpeningKey) {
pub fn create_insecure_commit_verification_keys() -> (CommitKey, VerificationKey) {
// A single proof will attest to the opening of 64 points.
let multi_opening_size = 64;

Expand All @@ -115,15 +115,15 @@ pub fn create_insecure_commit_opening_keys() -> (CommitKey, OpeningKey) {
let secret = -Scalar::ONE;
let mut current_secret_pow = Scalar::ONE;
let g2_gen = G2Projective::generator();
// The setup needs 65 g1 elements for the opening key, in order
// The setup needs 65 g1 elements for the verification key, in order
// to commit to the remainder polynomial.
for _ in 0..multi_opening_size + 1 {
g2_points.push(g2_gen * current_secret_pow);
current_secret_pow *= secret;
}
let g2_points = g2_batch_normalize(&g2_points);

let vk = OpeningKey::new(
let vk = VerificationKey::new(
g1_points[0..multi_opening_size + 1].to_vec(),
g2_points,
multi_opening_size,
Expand Down
4 changes: 2 additions & 2 deletions cryptography/kzg_multi_open/src/fk20/h_poly.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ pub(crate) fn take_every_nth<T: Clone + Copy>(list: &[T], n: usize) -> Vec<Vec<T
#[cfg(test)]
mod tests {
use crate::{
create_insecure_commit_opening_keys,
create_insecure_commit_verification_keys,
fk20::{
h_poly::{compute_h_poly_commitments, take_every_nth},
naive,
Expand All @@ -92,7 +92,7 @@ mod tests {
fn check_consistency_of_toeplitz_h_polys() {
let poly: Vec<_> = (0..4096).map(|i| -Scalar::from(i)).collect();
let coset_size: usize = 64;
let (commit_key, _) = create_insecure_commit_opening_keys();
let (commit_key, _) = create_insecure_commit_verification_keys();

// Compute the commitment to the h_polynomials naively
//
Expand Down
12 changes: 6 additions & 6 deletions cryptography/kzg_multi_open/src/fk20/prover.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -218,7 +218,7 @@ mod tests {

use super::{FK20Prover, Input};
use crate::{
create_insecure_commit_opening_keys,
create_insecure_commit_verification_keys,
fk20::{cosets::generate_cosets, naive as fk20naive, verifier::FK20Verifier},
naive as kzgnaive,
};
Expand All @@ -229,7 +229,7 @@ mod tests {
// This tests that if we create proofs over Input::Data
// then the first set of cells will contain the data.

let (commit_key, _) = create_insecure_commit_opening_keys();
let (commit_key, _) = create_insecure_commit_verification_keys();

let poly_len = 4096;
let num_points_to_open = 2 * poly_len;
Expand All @@ -253,7 +253,7 @@ mod tests {

#[test]
fn smoke_test_prove_verify() {
let (commit_key, opening_key) = create_insecure_commit_opening_keys();
let (commit_key, verification_key) = create_insecure_commit_verification_keys();

let poly_len = 4096;
let num_points_to_open = 2 * poly_len;
Expand All @@ -267,7 +267,7 @@ mod tests {
num_points_to_open,
UsePrecomp::No,
);
let fk20_verifier = FK20Verifier::new(opening_key, num_points_to_open, num_cosets);
let fk20_verifier = FK20Verifier::new(verification_key, num_points_to_open, num_cosets);

let data: Vec<_> = (0..poly_len).map(|i| Scalar::from(i as u64)).collect();
let (proofs, cells) = fk20.compute_multi_opening_proofs(Input::Data(data.clone()));
Expand All @@ -291,7 +291,7 @@ mod tests {
let poly_len = 4096;
let poly: Vec<_> = (0..poly_len).map(|i| -Scalar::from(i as u64)).collect();
let coset_size = 64;
let (commit_key, _) = create_insecure_commit_opening_keys();
let (commit_key, _) = create_insecure_commit_verification_keys();

// Compute the proofs and evaluations using naive fk20
let (expected_proofs, expected_evaluations) =
Expand Down Expand Up @@ -319,7 +319,7 @@ mod tests {
fn test_consistency_between_naive_kzg_naive_fk20() {
// Setup
//
let (ck, _) = create_insecure_commit_opening_keys();
let (ck, _) = create_insecure_commit_verification_keys();

const POLYNOMIAL_LEN: usize = 4096;
const NUMBER_OF_POINTS_TO_EVALUATE: usize = 2 * POLYNOMIAL_LEN;
Expand Down
37 changes: 21 additions & 16 deletions cryptography/kzg_multi_open/src/fk20/verifier.rs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
use crate::{
fk20::cosets::{coset_gens, reverse_bit_order},
opening_key::OpeningKey,
verification_key::VerificationKey,
};
use bls12_381::{
batch_inversion::batch_inverse, ff::Field, g1_batch_normalize, lincomb::g1_lincomb,
Expand Down Expand Up @@ -36,7 +36,7 @@ pub type CommitmentIndex = u64;
/// - We only use FK20 to create proofs
#[derive(Debug)]
pub struct FK20Verifier {
pub opening_key: OpeningKey,
pub verification_key: VerificationKey,
pub coset_gens_bit_reversed: Vec<Scalar>,
coset_domain: Domain,
// Pre-computations for the verification algorithm
Expand All @@ -52,22 +52,26 @@ pub struct FK20Verifier {
}

impl FK20Verifier {
pub fn new(opening_key: OpeningKey, num_points_to_open: usize, num_cosets: usize) -> Self {
pub fn new(
verification_key: VerificationKey,
num_points_to_open: usize,
num_cosets: usize,
) -> Self {
const BIT_REVERSED: bool = true;
let coset_gens = coset_gens(num_points_to_open, num_cosets, BIT_REVERSED);

let coset_size = num_points_to_open / num_cosets;
assert!(
opening_key.g2s.len() >= coset_size,
verification_key.g2s.len() >= coset_size,
"need as many g2 points as coset size"
);
let coset_domain = polynomial::domain::Domain::new(opening_key.coset_size);
let coset_domain = polynomial::domain::Domain::new(verification_key.coset_size);

let n = opening_key.coset_size;
let n = verification_key.coset_size;
// [s^n]_2
let s_pow_n = G2Prepared::from(G2Point::from(opening_key.g2s[n]));
let s_pow_n = G2Prepared::from(G2Point::from(verification_key.g2s[n]));
// [-1]_2
let neg_g2_gen = G2Prepared::from(-opening_key.g2_gen());
let neg_g2_gen = G2Prepared::from(-verification_key.g2_gen());

let coset_gens_pow_n = coset_gens
.iter()
Expand All @@ -84,7 +88,7 @@ impl FK20Verifier {
.collect();

Self {
opening_key,
verification_key,
coset_gens_bit_reversed: coset_gens,
coset_domain,
s_pow_n,
Expand Down Expand Up @@ -146,7 +150,7 @@ impl FK20Verifier {
// We compute one challenge `r` using fiat-shamir and the rest are powers of `r`
// This is safe because of the Schwartz-Zippel Lemma.
let r = compute_fiat_shamir_challenge(
&self.opening_key,
&self.verification_key,
deduplicated_commitments,
commitment_indices,
bit_reversed_coset_indices,
Expand Down Expand Up @@ -215,8 +219,9 @@ impl FK20Verifier {
random_sum_interpolation_poly =
poly_add(random_sum_interpolation_poly, scaled_interpolation_poly);
}
let comm_random_sum_interpolation_poly =
self.opening_key.commit_g1(&random_sum_interpolation_poly);
let comm_random_sum_interpolation_poly = self
.verification_key
.commit_g1(&random_sum_interpolation_poly);

let mut weighted_r_powers = Vec::with_capacity(batch_size);
for (coset_index, r_power) in bit_reversed_coset_indices.iter().zip(r_powers) {
Expand Down Expand Up @@ -255,7 +260,7 @@ impl FK20Verifier {
/// The matching function in the spec is: https://github.com/ethereum/consensus-specs/blob/13ac373a2c284dc66b48ddd2ef0a10537e4e0de6/specs/_features/eip7594/polynomial-commitments-sampling.md#compute_verify_cell_kzg_proof_batch_challenge
#[allow(clippy::manual_slice_size_calculation)]
fn compute_fiat_shamir_challenge(
opening_key: &OpeningKey,
verification_key: &VerificationKey,
row_commitments: &[G1Point],
row_indices: &[u64],
coset_indices: &[u64],
Expand All @@ -271,14 +276,14 @@ fn compute_fiat_shamir_challenge(
+ row_commitments.len() * G1Point::compressed_size()
+ row_indices.len() * size_of::<u64>()
+ coset_indices.len() * size_of::<u64>()
+ coset_evals.len() * opening_key.coset_size * size_of::<Scalar>()
+ coset_evals.len() * verification_key.coset_size * size_of::<Scalar>()
+ proofs.len() * G1Point::compressed_size();

let mut hash_input: Vec<u8> = Vec::with_capacity(hash_input_size);

hash_input.extend(DOMAIN_SEP.as_bytes());
hash_input.extend((opening_key.num_coefficients_in_polynomial as u64).to_be_bytes());
hash_input.extend((opening_key.coset_size as u64).to_be_bytes());
hash_input.extend((verification_key.num_coefficients_in_polynomial as u64).to_be_bytes());
hash_input.extend((verification_key.coset_size as u64).to_be_bytes());

let num_commitments = row_commitments.len() as u64;
hash_input.extend(num_commitments.to_be_bytes());
Expand Down
12 changes: 6 additions & 6 deletions cryptography/kzg_multi_open/src/lib.rs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
pub mod commit_key;
mod fk20;
pub mod opening_key;
pub mod verification_key;

pub use fk20::{
recover_evaluations_in_domain_order, CommitmentIndex, CosetIndex, Prover, ProverInput,
Expand All @@ -11,11 +11,11 @@ pub use fk20::{
mod naive;

#[cfg(test)]
pub(crate) fn create_insecure_commit_opening_keys(
) -> (commit_key::CommitKey, opening_key::OpeningKey) {
pub(crate) fn create_insecure_commit_verification_keys(
) -> (commit_key::CommitKey, verification_key::VerificationKey) {
use bls12_381::{g1_batch_normalize, g2_batch_normalize, G1Projective, G2Projective, Scalar};
use commit_key::CommitKey;
use opening_key::OpeningKey;
use verification_key::VerificationKey;

// A single proof will attest to the opening of 64 points.
let multi_opening_size = 64;
Expand All @@ -42,15 +42,15 @@ pub(crate) fn create_insecure_commit_opening_keys(
let secret = -Scalar::ONE;
let mut current_secret_pow = Scalar::ONE;
let g2_gen = G2Projective::generator();
// The setup needs 65 g1 elements for the opening key, in order
// The setup needs 65 g1 elements for the verification key, in order
// to commit to the remainder polynomial.
for _ in 0..multi_opening_size + 1 {
g2_points.push(g2_gen * current_secret_pow);
current_secret_pow *= secret;
}
let g2_points = g2_batch_normalize(&g2_points);

let vk = OpeningKey::new(
let vk = VerificationKey::new(
g1_points[0..multi_opening_size + 1].to_vec(),
g2_points,
multi_opening_size,
Expand Down
27 changes: 15 additions & 12 deletions cryptography/kzg_multi_open/src/naive.rs
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
use crate::{commit_key::CommitKey, opening_key::OpeningKey};
use crate::{commit_key::CommitKey, verification_key::VerificationKey};
use bls12_381::{ff::Field, multi_pairings, G1Point, G1Projective, G2Point, G2Prepared, Scalar};
use polynomial::poly_coeff::{
lagrange_interpolate, poly_eval, poly_sub, vanishing_poly, PolyCoeff,
Expand Down Expand Up @@ -37,13 +37,13 @@ pub(crate) fn compute_multi_opening(
/// Naively Verifies a multi-point opening proof.
pub(crate) fn verify_multi_opening(
quotient_commitment: G1Point,
opening_key: &OpeningKey,
verification_key: &VerificationKey,
commitment: G1Point,
input_points: &[Scalar],
output_points: &[Scalar],
) -> bool {
_verify_multi_opening_naive(
opening_key,
verification_key,
commitment,
quotient_commitment,
input_points,
Expand Down Expand Up @@ -135,7 +135,7 @@ fn _compute_multi_opening_naive(
/// holds by using the following pairing equation:
/// e([Q(X)]_1, [Z(X)]_2) == e([f(X)]_1 - [I(X)]_1, [1]_2)
fn _verify_multi_opening_naive(
opening_key: &OpeningKey,
verification_key: &VerificationKey,
commitment: G1Point,
proof: G1Point,
input_points: &[Scalar],
Expand All @@ -149,30 +149,33 @@ fn _verify_multi_opening_naive(
let r_x = lagrange_interpolate(&coordinates).unwrap();

let vanishing_poly = vanishing_poly(input_points);
let comm_vanishing_poly: G2Point = opening_key.commit_g2(&vanishing_poly).into();
let comm_vanishing_poly: G2Point = verification_key.commit_g2(&vanishing_poly).into();

let comm_r_x = opening_key.commit_g1(&r_x);
let comm_r_x = verification_key.commit_g1(&r_x);
let comm_minus_r_x: G1Point = (G1Projective::from(commitment) - comm_r_x).into();
multi_pairings(&[
(&proof, &G2Prepared::from(comm_vanishing_poly)),
(&comm_minus_r_x, &G2Prepared::from(-opening_key.g2_gen())),
(
&comm_minus_r_x,
&G2Prepared::from(-verification_key.g2_gen()),
),
])
}

#[cfg(test)]
mod tests {
use bls12_381::Scalar;

use crate::create_insecure_commit_opening_keys;
use crate::create_insecure_commit_verification_keys;

#[test]
fn smoke_test_naive_multi_opening() {
let (ck, opening_key) = create_insecure_commit_opening_keys();
let (ck, verification_key) = create_insecure_commit_verification_keys();

let num_points_to_open = 16;
let input_points: Vec<_> = (0..num_points_to_open).map(|i| Scalar::from(i)).collect();

let polynomial: Vec<_> = (0..opening_key.num_coefficients_in_polynomial)
let polynomial: Vec<_> = (0..verification_key.num_coefficients_in_polynomial)
.map(|i| -Scalar::from(i as u64))
.collect();
let commitment = ck.commit_g1(&polynomial).into();
Expand All @@ -181,7 +184,7 @@ mod tests {
super::compute_multi_opening(&ck, &polynomial, &input_points);
let proof_valid = super::verify_multi_opening(
quotient_commitment,
&opening_key,
&verification_key,
commitment,
&input_points,
&output_points,
Expand All @@ -194,7 +197,7 @@ mod tests {
.collect();
let proof_valid = super::verify_multi_opening(
quotient_commitment,
&opening_key,
&verification_key,
commitment,
&input_points,
&output_points,
Expand Down
6 changes: 3 additions & 3 deletions ...ography/kzg_multi_open/src/opening_key.rs → ...hy/kzg_multi_open/src/verification_key.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@ use bls12_381::{
G1Point, G1Projective, G2Point, G2Projective, Scalar,
};

/// Opening Key is used to verify opening proofs made about a committed polynomial.
/// Verification Key is used to verify opening proofs made about a committed polynomial.
#[derive(Clone, Debug)]
pub struct OpeningKey {
pub struct VerificationKey {
/// The powers of tau G1 used in the setup
///
/// ie group elements of the form `{ \tau^i G }`
Expand All @@ -32,7 +32,7 @@ pub struct OpeningKey {
pub num_coefficients_in_polynomial: usize,
}

impl OpeningKey {
impl VerificationKey {
pub fn new(
g1s: Vec<G1Point>,
g2s: Vec<G2Point>,
Expand Down
Loading

0 comments on commit a3d89c6

Please sign in to comment.