Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: rename opening_key to verification_key #285

Merged
merged 1 commit into from
Sep 26, 2024
Merged

chore: rename opening_key to verification_key #285

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions cryptography/kzg_multi_open/benches/benchmark.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,14 @@ use bls12_381::{ff::Field, G1Projective};
use bls12_381::{g1_batch_normalize, g2_batch_normalize, G2Projective, Scalar};
use crate_crypto_kzg_multi_open_fk20::Verifier;
use crate_crypto_kzg_multi_open_fk20::{
commit_key::CommitKey, opening_key::OpeningKey, Prover, ProverInput,
commit_key::CommitKey, verification_key::VerificationKey, Prover, ProverInput,
};
use criterion::{criterion_group, criterion_main, Criterion};

pub fn bench_compute_proof_fk20(c: &mut Criterion) {
const POLYNOMIAL_LEN: usize = 4096;
let polynomial_4096 = random_scalars(POLYNOMIAL_LEN);
let (ck, _) = create_insecure_commit_opening_keys();
let (ck, _) = create_insecure_commit_verification_keys();
const NUMBER_OF_POINTS_TO_EVALUATE: usize = 2 * POLYNOMIAL_LEN;

const NUMBER_OF_POINTS_PER_PROOF: usize = 64;
Expand Down Expand Up @@ -40,7 +40,7 @@ pub fn bench_compute_proof_fk20(c: &mut Criterion) {
pub fn bench_verify_proof_fk20(c: &mut Criterion) {
const POLYNOMIAL_LEN: usize = 4096;
let polynomial_4096 = random_scalars(POLYNOMIAL_LEN);
let (ck, vk) = create_insecure_commit_opening_keys();
let (ck, vk) = create_insecure_commit_verification_keys();
const NUMBER_OF_POINTS_TO_EVALUATE: usize = 2 * POLYNOMIAL_LEN;

const NUMBER_OF_POINTS_PER_PROOF: usize = 64;
Expand Down Expand Up @@ -89,7 +89,7 @@ fn random_scalars(size: usize) -> Vec<Scalar> {
// We duplicate this to ensure that the version in the src code is only ever compiled with the test feature.
//
// This code should never be used outside of benchmarks and tests.
pub fn create_insecure_commit_opening_keys() -> (CommitKey, OpeningKey) {
pub fn create_insecure_commit_verification_keys() -> (CommitKey, VerificationKey) {
// A single proof will attest to the opening of 64 points.
let multi_opening_size = 64;

Expand All @@ -115,15 +115,15 @@ pub fn create_insecure_commit_opening_keys() -> (CommitKey, OpeningKey) {
let secret = -Scalar::ONE;
let mut current_secret_pow = Scalar::ONE;
let g2_gen = G2Projective::generator();
// The setup needs 65 g1 elements for the opening key, in order
// The setup needs 65 g1 elements for the verification key, in order
// to commit to the remainder polynomial.
for _ in 0..multi_opening_size + 1 {
g2_points.push(g2_gen * current_secret_pow);
current_secret_pow *= secret;
}
let g2_points = g2_batch_normalize(&g2_points);

let vk = OpeningKey::new(
let vk = VerificationKey::new(
g1_points[0..multi_opening_size + 1].to_vec(),
g2_points,
multi_opening_size,
Expand Down
4 changes: 2 additions & 2 deletions cryptography/kzg_multi_open/src/fk20/h_poly.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ pub(crate) fn take_every_nth<T: Clone + Copy>(list: &[T], n: usize) -> Vec<Vec<T
#[cfg(test)]
mod tests {
use crate::{
create_insecure_commit_opening_keys,
create_insecure_commit_verification_keys,
fk20::{
h_poly::{compute_h_poly_commitments, take_every_nth},
naive,
Expand All @@ -92,7 +92,7 @@ mod tests {
fn check_consistency_of_toeplitz_h_polys() {
let poly: Vec<_> = (0..4096).map(|i| -Scalar::from(i)).collect();
let coset_size: usize = 64;
let (commit_key, _) = create_insecure_commit_opening_keys();
let (commit_key, _) = create_insecure_commit_verification_keys();

// Compute the commitment to the h_polynomials naively
//
Expand Down
12 changes: 6 additions & 6 deletions cryptography/kzg_multi_open/src/fk20/prover.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -218,7 +218,7 @@ mod tests {

use super::{FK20Prover, Input};
use crate::{
create_insecure_commit_opening_keys,
create_insecure_commit_verification_keys,
fk20::{cosets::generate_cosets, naive as fk20naive, verifier::FK20Verifier},
naive as kzgnaive,
};
Expand All @@ -229,7 +229,7 @@ mod tests {
// This tests that if we create proofs over Input::Data
// then the first set of cells will contain the data.

let (commit_key, _) = create_insecure_commit_opening_keys();
let (commit_key, _) = create_insecure_commit_verification_keys();

let poly_len = 4096;
let num_points_to_open = 2 * poly_len;
Expand All @@ -253,7 +253,7 @@ mod tests {

#[test]
fn smoke_test_prove_verify() {
let (commit_key, opening_key) = create_insecure_commit_opening_keys();
let (commit_key, verification_key) = create_insecure_commit_verification_keys();

let poly_len = 4096;
let num_points_to_open = 2 * poly_len;
Expand All @@ -267,7 +267,7 @@ mod tests {
num_points_to_open,
UsePrecomp::No,
);
let fk20_verifier = FK20Verifier::new(opening_key, num_points_to_open, num_cosets);
let fk20_verifier = FK20Verifier::new(verification_key, num_points_to_open, num_cosets);

let data: Vec<_> = (0..poly_len).map(|i| Scalar::from(i as u64)).collect();
let (proofs, cells) = fk20.compute_multi_opening_proofs(Input::Data(data.clone()));
Expand All @@ -291,7 +291,7 @@ mod tests {
let poly_len = 4096;
let poly: Vec<_> = (0..poly_len).map(|i| -Scalar::from(i as u64)).collect();
let coset_size = 64;
let (commit_key, _) = create_insecure_commit_opening_keys();
let (commit_key, _) = create_insecure_commit_verification_keys();

// Compute the proofs and evaluations using naive fk20
let (expected_proofs, expected_evaluations) =
Expand Down Expand Up @@ -319,7 +319,7 @@ mod tests {
fn test_consistency_between_naive_kzg_naive_fk20() {
// Setup
//
let (ck, _) = create_insecure_commit_opening_keys();
let (ck, _) = create_insecure_commit_verification_keys();

const POLYNOMIAL_LEN: usize = 4096;
const NUMBER_OF_POINTS_TO_EVALUATE: usize = 2 * POLYNOMIAL_LEN;
Expand Down
37 changes: 21 additions & 16 deletions cryptography/kzg_multi_open/src/fk20/verifier.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
use crate::{
fk20::cosets::{coset_gens, reverse_bit_order},
opening_key::OpeningKey,
verification_key::VerificationKey,
};
use bls12_381::{
batch_inversion::batch_inverse, ff::Field, g1_batch_normalize, lincomb::g1_lincomb,
Expand Down Expand Up @@ -36,7 +36,7 @@ pub type CommitmentIndex = u64;
/// - We only use FK20 to create proofs
#[derive(Debug)]
pub struct FK20Verifier {
pub opening_key: OpeningKey,
pub verification_key: VerificationKey,
pub coset_gens_bit_reversed: Vec<Scalar>,
coset_domain: Domain,
// Pre-computations for the verification algorithm
Expand All @@ -52,22 +52,26 @@ pub struct FK20Verifier {
}

impl FK20Verifier {
pub fn new(opening_key: OpeningKey, num_points_to_open: usize, num_cosets: usize) -> Self {
pub fn new(
verification_key: VerificationKey,
num_points_to_open: usize,
num_cosets: usize,
) -> Self {
const BIT_REVERSED: bool = true;
let coset_gens = coset_gens(num_points_to_open, num_cosets, BIT_REVERSED);

let coset_size = num_points_to_open / num_cosets;
assert!(
opening_key.g2s.len() >= coset_size,
verification_key.g2s.len() >= coset_size,
"need as many g2 points as coset size"
);
let coset_domain = polynomial::domain::Domain::new(opening_key.coset_size);
let coset_domain = polynomial::domain::Domain::new(verification_key.coset_size);

let n = opening_key.coset_size;
let n = verification_key.coset_size;
// [s^n]_2
let s_pow_n = G2Prepared::from(G2Point::from(opening_key.g2s[n]));
let s_pow_n = G2Prepared::from(G2Point::from(verification_key.g2s[n]));
// [-1]_2
let neg_g2_gen = G2Prepared::from(-opening_key.g2_gen());
let neg_g2_gen = G2Prepared::from(-verification_key.g2_gen());

let coset_gens_pow_n = coset_gens
.iter()
Expand All @@ -84,7 +88,7 @@ impl FK20Verifier {
.collect();

Self {
opening_key,
verification_key,
coset_gens_bit_reversed: coset_gens,
coset_domain,
s_pow_n,
Expand Down Expand Up @@ -146,7 +150,7 @@ impl FK20Verifier {
// We compute one challenge `r` using fiat-shamir and the rest are powers of `r`
// This is safe because of the Schwartz-Zippel Lemma.
let r = compute_fiat_shamir_challenge(
&self.opening_key,
&self.verification_key,
deduplicated_commitments,
commitment_indices,
bit_reversed_coset_indices,
Expand Down Expand Up @@ -215,8 +219,9 @@ impl FK20Verifier {
random_sum_interpolation_poly =
poly_add(random_sum_interpolation_poly, scaled_interpolation_poly);
}
let comm_random_sum_interpolation_poly =
self.opening_key.commit_g1(&random_sum_interpolation_poly);
let comm_random_sum_interpolation_poly = self
.verification_key
.commit_g1(&random_sum_interpolation_poly);

let mut weighted_r_powers = Vec::with_capacity(batch_size);
for (coset_index, r_power) in bit_reversed_coset_indices.iter().zip(r_powers) {
Expand Down Expand Up @@ -255,7 +260,7 @@ impl FK20Verifier {
/// The matching function in the spec is: https://github.com/ethereum/consensus-specs/blob/13ac373a2c284dc66b48ddd2ef0a10537e4e0de6/specs/_features/eip7594/polynomial-commitments-sampling.md#compute_verify_cell_kzg_proof_batch_challenge
#[allow(clippy::manual_slice_size_calculation)]
fn compute_fiat_shamir_challenge(
opening_key: &OpeningKey,
verification_key: &VerificationKey,
row_commitments: &[G1Point],
row_indices: &[u64],
coset_indices: &[u64],
Expand All @@ -271,14 +276,14 @@ fn compute_fiat_shamir_challenge(
+ row_commitments.len() * G1Point::compressed_size()
+ row_indices.len() * size_of::<u64>()
+ coset_indices.len() * size_of::<u64>()
+ coset_evals.len() * opening_key.coset_size * size_of::<Scalar>()
+ coset_evals.len() * verification_key.coset_size * size_of::<Scalar>()
+ proofs.len() * G1Point::compressed_size();

let mut hash_input: Vec<u8> = Vec::with_capacity(hash_input_size);

hash_input.extend(DOMAIN_SEP.as_bytes());
hash_input.extend((opening_key.num_coefficients_in_polynomial as u64).to_be_bytes());
hash_input.extend((opening_key.coset_size as u64).to_be_bytes());
hash_input.extend((verification_key.num_coefficients_in_polynomial as u64).to_be_bytes());
hash_input.extend((verification_key.coset_size as u64).to_be_bytes());

let num_commitments = row_commitments.len() as u64;
hash_input.extend(num_commitments.to_be_bytes());
Expand Down
12 changes: 6 additions & 6 deletions cryptography/kzg_multi_open/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
pub mod commit_key;
mod fk20;
pub mod opening_key;
pub mod verification_key;

pub use fk20::{
recover_evaluations_in_domain_order, CommitmentIndex, CosetIndex, Prover, ProverInput,
Expand All @@ -11,11 +11,11 @@ pub use fk20::{
mod naive;

#[cfg(test)]
pub(crate) fn create_insecure_commit_opening_keys(
) -> (commit_key::CommitKey, opening_key::OpeningKey) {
pub(crate) fn create_insecure_commit_verification_keys(
) -> (commit_key::CommitKey, verification_key::VerificationKey) {
use bls12_381::{g1_batch_normalize, g2_batch_normalize, G1Projective, G2Projective, Scalar};
use commit_key::CommitKey;
use opening_key::OpeningKey;
use verification_key::VerificationKey;

// A single proof will attest to the opening of 64 points.
let multi_opening_size = 64;
Expand All @@ -42,15 +42,15 @@ pub(crate) fn create_insecure_commit_opening_keys(
let secret = -Scalar::ONE;
let mut current_secret_pow = Scalar::ONE;
let g2_gen = G2Projective::generator();
// The setup needs 65 g1 elements for the opening key, in order
// The setup needs 65 g1 elements for the verification key, in order
// to commit to the remainder polynomial.
for _ in 0..multi_opening_size + 1 {
g2_points.push(g2_gen * current_secret_pow);
current_secret_pow *= secret;
}
let g2_points = g2_batch_normalize(&g2_points);

let vk = OpeningKey::new(
let vk = VerificationKey::new(
g1_points[0..multi_opening_size + 1].to_vec(),
g2_points,
multi_opening_size,
Expand Down
27 changes: 15 additions & 12 deletions cryptography/kzg_multi_open/src/naive.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
use crate::{commit_key::CommitKey, opening_key::OpeningKey};
use crate::{commit_key::CommitKey, verification_key::VerificationKey};
use bls12_381::{ff::Field, multi_pairings, G1Point, G1Projective, G2Point, G2Prepared, Scalar};
use polynomial::poly_coeff::{
lagrange_interpolate, poly_eval, poly_sub, vanishing_poly, PolyCoeff,
Expand Down Expand Up @@ -37,13 +37,13 @@ pub(crate) fn compute_multi_opening(
/// Naively Verifies a multi-point opening proof.
pub(crate) fn verify_multi_opening(
quotient_commitment: G1Point,
opening_key: &OpeningKey,
verification_key: &VerificationKey,
commitment: G1Point,
input_points: &[Scalar],
output_points: &[Scalar],
) -> bool {
_verify_multi_opening_naive(
opening_key,
verification_key,
commitment,
quotient_commitment,
input_points,
Expand Down Expand Up @@ -135,7 +135,7 @@ fn _compute_multi_opening_naive(
/// holds by using the following pairing equation:
/// e([Q(X)]_1, [Z(X)]_2) == e([f(X)]_1 - [I(X)]_1, [1]_2)
fn _verify_multi_opening_naive(
opening_key: &OpeningKey,
verification_key: &VerificationKey,
commitment: G1Point,
proof: G1Point,
input_points: &[Scalar],
Expand All @@ -149,30 +149,33 @@ fn _verify_multi_opening_naive(
let r_x = lagrange_interpolate(&coordinates).unwrap();

let vanishing_poly = vanishing_poly(input_points);
let comm_vanishing_poly: G2Point = opening_key.commit_g2(&vanishing_poly).into();
let comm_vanishing_poly: G2Point = verification_key.commit_g2(&vanishing_poly).into();

let comm_r_x = opening_key.commit_g1(&r_x);
let comm_r_x = verification_key.commit_g1(&r_x);
let comm_minus_r_x: G1Point = (G1Projective::from(commitment) - comm_r_x).into();
multi_pairings(&[
(&proof, &G2Prepared::from(comm_vanishing_poly)),
(&comm_minus_r_x, &G2Prepared::from(-opening_key.g2_gen())),
(
&comm_minus_r_x,
&G2Prepared::from(-verification_key.g2_gen()),
),
])
}

#[cfg(test)]
mod tests {
use bls12_381::Scalar;

use crate::create_insecure_commit_opening_keys;
use crate::create_insecure_commit_verification_keys;

#[test]
fn smoke_test_naive_multi_opening() {
let (ck, opening_key) = create_insecure_commit_opening_keys();
let (ck, verification_key) = create_insecure_commit_verification_keys();

let num_points_to_open = 16;
let input_points: Vec<_> = (0..num_points_to_open).map(|i| Scalar::from(i)).collect();

let polynomial: Vec<_> = (0..opening_key.num_coefficients_in_polynomial)
let polynomial: Vec<_> = (0..verification_key.num_coefficients_in_polynomial)
.map(|i| -Scalar::from(i as u64))
.collect();
let commitment = ck.commit_g1(&polynomial).into();
Expand All @@ -181,7 +184,7 @@ mod tests {
super::compute_multi_opening(&ck, &polynomial, &input_points);
let proof_valid = super::verify_multi_opening(
quotient_commitment,
&opening_key,
&verification_key,
commitment,
&input_points,
&output_points,
Expand All @@ -194,7 +197,7 @@ mod tests {
.collect();
let proof_valid = super::verify_multi_opening(
quotient_commitment,
&opening_key,
&verification_key,
commitment,
&input_points,
&output_points,
Expand Down
6 changes: 3 additions & 3 deletions ...ography/kzg_multi_open/src/opening_key.rs → ...hy/kzg_multi_open/src/verification_key.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@ use bls12_381::{
G1Point, G1Projective, G2Point, G2Projective, Scalar,
};

/// Opening Key is used to verify opening proofs made about a committed polynomial.
/// Verification Key is used to verify opening proofs made about a committed polynomial.
#[derive(Clone, Debug)]
pub struct OpeningKey {
pub struct VerificationKey {
/// The powers of tau G1 used in the setup
///
/// ie group elements of the form `{ \tau^i G }`
Expand All @@ -32,7 +32,7 @@ pub struct OpeningKey {
pub num_coefficients_in_polynomial: usize,
}

impl OpeningKey {
impl VerificationKey {
pub fn new(
g1s: Vec<G1Point>,
g2s: Vec<G2Point>,
Expand Down
Loading
Loading