diff --git a/ecc/bls12-377/fr/kzg/kzg.go b/ecc/bls12-377/fr/kzg/kzg.go index a1b3a7690a..1e518b3664 100644 --- a/ecc/bls12-377/fr/kzg/kzg.go +++ b/ecc/bls12-377/fr/kzg/kzg.go @@ -252,8 +252,11 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr }(i) } + // wait for polynomial evaluations to be completed (res.ClaimedValues) + wg.Wait() + // derive the challenge γ, binded to the point and the commitments - gamma, err := deriveGamma(point, digests, hf) + gamma, err := deriveGamma(point, digests, res.ClaimedValues, hf) if err != nil { return BatchOpeningProof{}, err } @@ -262,8 +265,6 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr var foldedEvaluations fr.Element chSumGammai := make(chan struct{}, 1) go func() { - // wait for polynomial evaluations to be completed (res.ClaimedValues) - wg.Wait() foldedEvaluations = res.ClaimedValues[nbDigests-1] for i := nbDigests - 2; i >= 0; i-- { foldedEvaluations.Mul(&foldedEvaluations, &gamma). @@ -323,7 +324,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. } // derive the challenge γ, binded to the point and the commitments - gamma, err := deriveGamma(point, digests, hf) + gamma, err := deriveGamma(point, digests, batchOpeningProof.ClaimedValues, hf) if err != nil { return OpeningProof{}, Digest{}, ErrInvalidNbDigests } @@ -332,7 +333,10 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. // gammai = [1,γ,γ²,..,γⁿ⁻¹] gammai := make([]fr.Element, nbDigests) gammai[0].SetOne() - for i := 1; i < nbDigests; i++ { + if nbDigests > 1 { + gammai[1] = gamma + } + for i := 2; i < nbDigests; i++ { gammai[i].Mul(&gammai[i-1], &gamma) } @@ -361,7 +365,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro return err } - // verify the foldedProof againts the foldedDigest + // verify the foldedProof against the foldedDigest err = Verify(&foldedDigest, &foldedProof, point, srs) return err @@ -495,18 +499,23 @@ func fold(di []Digest, fai []fr.Element, ci []fr.Element) (Digest, fr.Element, e } // deriveGamma derives a challenge using Fiat Shamir to fold proofs. -func deriveGamma(point fr.Element, digests []Digest, hf hash.Hash) (fr.Element, error) { +func deriveGamma(point fr.Element, digests []Digest, claimedValues []fr.Element, hf hash.Hash) (fr.Element, error) { // derive the challenge gamma, binded to the point and the commitments fs := fiatshamir.NewTranscript(hf, "gamma") if err := fs.Bind("gamma", point.Marshal()); err != nil { return fr.Element{}, err } - for i := 0; i < len(digests); i++ { + for i := range digests { if err := fs.Bind("gamma", digests[i].Marshal()); err != nil { return fr.Element{}, err } } + for i := range claimedValues { + if err := fs.Bind("gamma", claimedValues[i].Marshal()); err != nil { + return fr.Element{}, err + } + } gammaByte, err := fs.ComputeChallenge("gamma") if err != nil { return fr.Element{}, err diff --git a/ecc/bls12-377/fr/kzg/kzg_test.go b/ecc/bls12-377/fr/kzg/kzg_test.go index 0836edb7c1..1fadd3782c 100644 --- a/ecc/bls12-377/fr/kzg/kzg_test.go +++ b/ecc/bls12-377/fr/kzg/kzg_test.go @@ -196,13 +196,13 @@ func TestBatchVerifySinglePoint(t *testing.T) { // create polynomials f := make([][]fr.Element, 10) - for i := 0; i < 10; i++ { + for i := range f { f[i] = randomPolynomial(size) } // commit the polynomials - digests := make([]Digest, 10) - for i := 0; i < 10; i++ { + digests := make([]Digest, len(f)) + for i := range f { digests[i], _ = Commit(f[i], testSRS) } @@ -219,10 +219,10 @@ func TestBatchVerifySinglePoint(t *testing.T) { } // verify the claimed values - for i := 0; i < 10; i++ { + for i := range f { expectedClaim := eval(f[i], point) if !expectedClaim.Equal(&proof.ClaimedValues[i]) { - t.Fatal("inconsistant claimed values") + t.Fatal("inconsistent claimed values") } } @@ -250,7 +250,6 @@ func TestBatchVerifySinglePoint(t *testing.T) { t.Fatal("verifying wrong proof should have failed") } } - } func TestBatchVerifyMultiPoints(t *testing.T) { diff --git a/ecc/bls12-378/fr/kzg/kzg.go b/ecc/bls12-378/fr/kzg/kzg.go index d0cde383bb..d9f58b8798 100644 --- a/ecc/bls12-378/fr/kzg/kzg.go +++ b/ecc/bls12-378/fr/kzg/kzg.go @@ -252,8 +252,11 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr }(i) } + // wait for polynomial evaluations to be completed (res.ClaimedValues) + wg.Wait() + // derive the challenge γ, binded to the point and the commitments - gamma, err := deriveGamma(point, digests, hf) + gamma, err := deriveGamma(point, digests, res.ClaimedValues, hf) if err != nil { return BatchOpeningProof{}, err } @@ -262,8 +265,6 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr var foldedEvaluations fr.Element chSumGammai := make(chan struct{}, 1) go func() { - // wait for polynomial evaluations to be completed (res.ClaimedValues) - wg.Wait() foldedEvaluations = res.ClaimedValues[nbDigests-1] for i := nbDigests - 2; i >= 0; i-- { foldedEvaluations.Mul(&foldedEvaluations, &gamma). @@ -323,7 +324,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. } // derive the challenge γ, binded to the point and the commitments - gamma, err := deriveGamma(point, digests, hf) + gamma, err := deriveGamma(point, digests, batchOpeningProof.ClaimedValues, hf) if err != nil { return OpeningProof{}, Digest{}, ErrInvalidNbDigests } @@ -332,7 +333,10 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. // gammai = [1,γ,γ²,..,γⁿ⁻¹] gammai := make([]fr.Element, nbDigests) gammai[0].SetOne() - for i := 1; i < nbDigests; i++ { + if nbDigests > 1 { + gammai[1] = gamma + } + for i := 2; i < nbDigests; i++ { gammai[i].Mul(&gammai[i-1], &gamma) } @@ -361,7 +365,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro return err } - // verify the foldedProof againts the foldedDigest + // verify the foldedProof against the foldedDigest err = Verify(&foldedDigest, &foldedProof, point, srs) return err @@ -495,18 +499,23 @@ func fold(di []Digest, fai []fr.Element, ci []fr.Element) (Digest, fr.Element, e } // deriveGamma derives a challenge using Fiat Shamir to fold proofs. -func deriveGamma(point fr.Element, digests []Digest, hf hash.Hash) (fr.Element, error) { +func deriveGamma(point fr.Element, digests []Digest, claimedValues []fr.Element, hf hash.Hash) (fr.Element, error) { // derive the challenge gamma, binded to the point and the commitments fs := fiatshamir.NewTranscript(hf, "gamma") if err := fs.Bind("gamma", point.Marshal()); err != nil { return fr.Element{}, err } - for i := 0; i < len(digests); i++ { + for i := range digests { if err := fs.Bind("gamma", digests[i].Marshal()); err != nil { return fr.Element{}, err } } + for i := range claimedValues { + if err := fs.Bind("gamma", claimedValues[i].Marshal()); err != nil { + return fr.Element{}, err + } + } gammaByte, err := fs.ComputeChallenge("gamma") if err != nil { return fr.Element{}, err diff --git a/ecc/bls12-378/fr/kzg/kzg_test.go b/ecc/bls12-378/fr/kzg/kzg_test.go index 475f39b33a..1c15fea7ac 100644 --- a/ecc/bls12-378/fr/kzg/kzg_test.go +++ b/ecc/bls12-378/fr/kzg/kzg_test.go @@ -196,13 +196,13 @@ func TestBatchVerifySinglePoint(t *testing.T) { // create polynomials f := make([][]fr.Element, 10) - for i := 0; i < 10; i++ { + for i := range f { f[i] = randomPolynomial(size) } // commit the polynomials - digests := make([]Digest, 10) - for i := 0; i < 10; i++ { + digests := make([]Digest, len(f)) + for i := range f { digests[i], _ = Commit(f[i], testSRS) } @@ -219,10 +219,10 @@ func TestBatchVerifySinglePoint(t *testing.T) { } // verify the claimed values - for i := 0; i < 10; i++ { + for i := range f { expectedClaim := eval(f[i], point) if !expectedClaim.Equal(&proof.ClaimedValues[i]) { - t.Fatal("inconsistant claimed values") + t.Fatal("inconsistent claimed values") } } @@ -250,7 +250,6 @@ func TestBatchVerifySinglePoint(t *testing.T) { t.Fatal("verifying wrong proof should have failed") } } - } func TestBatchVerifyMultiPoints(t *testing.T) { diff --git a/ecc/bls12-381/fr/kzg/kzg.go b/ecc/bls12-381/fr/kzg/kzg.go index 3f5c98b034..f670db852c 100644 --- a/ecc/bls12-381/fr/kzg/kzg.go +++ b/ecc/bls12-381/fr/kzg/kzg.go @@ -252,8 +252,11 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr }(i) } + // wait for polynomial evaluations to be completed (res.ClaimedValues) + wg.Wait() + // derive the challenge γ, binded to the point and the commitments - gamma, err := deriveGamma(point, digests, hf) + gamma, err := deriveGamma(point, digests, res.ClaimedValues, hf) if err != nil { return BatchOpeningProof{}, err } @@ -262,8 +265,6 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr var foldedEvaluations fr.Element chSumGammai := make(chan struct{}, 1) go func() { - // wait for polynomial evaluations to be completed (res.ClaimedValues) - wg.Wait() foldedEvaluations = res.ClaimedValues[nbDigests-1] for i := nbDigests - 2; i >= 0; i-- { foldedEvaluations.Mul(&foldedEvaluations, &gamma). @@ -323,7 +324,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. } // derive the challenge γ, binded to the point and the commitments - gamma, err := deriveGamma(point, digests, hf) + gamma, err := deriveGamma(point, digests, batchOpeningProof.ClaimedValues, hf) if err != nil { return OpeningProof{}, Digest{}, ErrInvalidNbDigests } @@ -332,7 +333,10 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. // gammai = [1,γ,γ²,..,γⁿ⁻¹] gammai := make([]fr.Element, nbDigests) gammai[0].SetOne() - for i := 1; i < nbDigests; i++ { + if nbDigests > 1 { + gammai[1] = gamma + } + for i := 2; i < nbDigests; i++ { gammai[i].Mul(&gammai[i-1], &gamma) } @@ -361,7 +365,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro return err } - // verify the foldedProof againts the foldedDigest + // verify the foldedProof against the foldedDigest err = Verify(&foldedDigest, &foldedProof, point, srs) return err @@ -495,18 +499,23 @@ func fold(di []Digest, fai []fr.Element, ci []fr.Element) (Digest, fr.Element, e } // deriveGamma derives a challenge using Fiat Shamir to fold proofs. -func deriveGamma(point fr.Element, digests []Digest, hf hash.Hash) (fr.Element, error) { +func deriveGamma(point fr.Element, digests []Digest, claimedValues []fr.Element, hf hash.Hash) (fr.Element, error) { // derive the challenge gamma, binded to the point and the commitments fs := fiatshamir.NewTranscript(hf, "gamma") if err := fs.Bind("gamma", point.Marshal()); err != nil { return fr.Element{}, err } - for i := 0; i < len(digests); i++ { + for i := range digests { if err := fs.Bind("gamma", digests[i].Marshal()); err != nil { return fr.Element{}, err } } + for i := range claimedValues { + if err := fs.Bind("gamma", claimedValues[i].Marshal()); err != nil { + return fr.Element{}, err + } + } gammaByte, err := fs.ComputeChallenge("gamma") if err != nil { return fr.Element{}, err diff --git a/ecc/bls12-381/fr/kzg/kzg_test.go b/ecc/bls12-381/fr/kzg/kzg_test.go index 94b32ee58e..1a7216e5a3 100644 --- a/ecc/bls12-381/fr/kzg/kzg_test.go +++ b/ecc/bls12-381/fr/kzg/kzg_test.go @@ -196,13 +196,13 @@ func TestBatchVerifySinglePoint(t *testing.T) { // create polynomials f := make([][]fr.Element, 10) - for i := 0; i < 10; i++ { + for i := range f { f[i] = randomPolynomial(size) } // commit the polynomials - digests := make([]Digest, 10) - for i := 0; i < 10; i++ { + digests := make([]Digest, len(f)) + for i := range f { digests[i], _ = Commit(f[i], testSRS) } @@ -219,10 +219,10 @@ func TestBatchVerifySinglePoint(t *testing.T) { } // verify the claimed values - for i := 0; i < 10; i++ { + for i := range f { expectedClaim := eval(f[i], point) if !expectedClaim.Equal(&proof.ClaimedValues[i]) { - t.Fatal("inconsistant claimed values") + t.Fatal("inconsistent claimed values") } } @@ -250,7 +250,6 @@ func TestBatchVerifySinglePoint(t *testing.T) { t.Fatal("verifying wrong proof should have failed") } } - } func TestBatchVerifyMultiPoints(t *testing.T) { diff --git a/ecc/bls24-315/fr/kzg/kzg.go b/ecc/bls24-315/fr/kzg/kzg.go index 9dfbc64313..72bc17fccc 100644 --- a/ecc/bls24-315/fr/kzg/kzg.go +++ b/ecc/bls24-315/fr/kzg/kzg.go @@ -252,8 +252,11 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr }(i) } + // wait for polynomial evaluations to be completed (res.ClaimedValues) + wg.Wait() + // derive the challenge γ, binded to the point and the commitments - gamma, err := deriveGamma(point, digests, hf) + gamma, err := deriveGamma(point, digests, res.ClaimedValues, hf) if err != nil { return BatchOpeningProof{}, err } @@ -262,8 +265,6 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr var foldedEvaluations fr.Element chSumGammai := make(chan struct{}, 1) go func() { - // wait for polynomial evaluations to be completed (res.ClaimedValues) - wg.Wait() foldedEvaluations = res.ClaimedValues[nbDigests-1] for i := nbDigests - 2; i >= 0; i-- { foldedEvaluations.Mul(&foldedEvaluations, &gamma). @@ -323,7 +324,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. } // derive the challenge γ, binded to the point and the commitments - gamma, err := deriveGamma(point, digests, hf) + gamma, err := deriveGamma(point, digests, batchOpeningProof.ClaimedValues, hf) if err != nil { return OpeningProof{}, Digest{}, ErrInvalidNbDigests } @@ -332,7 +333,10 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. // gammai = [1,γ,γ²,..,γⁿ⁻¹] gammai := make([]fr.Element, nbDigests) gammai[0].SetOne() - for i := 1; i < nbDigests; i++ { + if nbDigests > 1 { + gammai[1] = gamma + } + for i := 2; i < nbDigests; i++ { gammai[i].Mul(&gammai[i-1], &gamma) } @@ -361,7 +365,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro return err } - // verify the foldedProof againts the foldedDigest + // verify the foldedProof against the foldedDigest err = Verify(&foldedDigest, &foldedProof, point, srs) return err @@ -495,18 +499,23 @@ func fold(di []Digest, fai []fr.Element, ci []fr.Element) (Digest, fr.Element, e } // deriveGamma derives a challenge using Fiat Shamir to fold proofs. -func deriveGamma(point fr.Element, digests []Digest, hf hash.Hash) (fr.Element, error) { +func deriveGamma(point fr.Element, digests []Digest, claimedValues []fr.Element, hf hash.Hash) (fr.Element, error) { // derive the challenge gamma, binded to the point and the commitments fs := fiatshamir.NewTranscript(hf, "gamma") if err := fs.Bind("gamma", point.Marshal()); err != nil { return fr.Element{}, err } - for i := 0; i < len(digests); i++ { + for i := range digests { if err := fs.Bind("gamma", digests[i].Marshal()); err != nil { return fr.Element{}, err } } + for i := range claimedValues { + if err := fs.Bind("gamma", claimedValues[i].Marshal()); err != nil { + return fr.Element{}, err + } + } gammaByte, err := fs.ComputeChallenge("gamma") if err != nil { return fr.Element{}, err diff --git a/ecc/bls24-315/fr/kzg/kzg_test.go b/ecc/bls24-315/fr/kzg/kzg_test.go index 37fd8c023f..a9b79482b2 100644 --- a/ecc/bls24-315/fr/kzg/kzg_test.go +++ b/ecc/bls24-315/fr/kzg/kzg_test.go @@ -196,13 +196,13 @@ func TestBatchVerifySinglePoint(t *testing.T) { // create polynomials f := make([][]fr.Element, 10) - for i := 0; i < 10; i++ { + for i := range f { f[i] = randomPolynomial(size) } // commit the polynomials - digests := make([]Digest, 10) - for i := 0; i < 10; i++ { + digests := make([]Digest, len(f)) + for i := range f { digests[i], _ = Commit(f[i], testSRS) } @@ -219,10 +219,10 @@ func TestBatchVerifySinglePoint(t *testing.T) { } // verify the claimed values - for i := 0; i < 10; i++ { + for i := range f { expectedClaim := eval(f[i], point) if !expectedClaim.Equal(&proof.ClaimedValues[i]) { - t.Fatal("inconsistant claimed values") + t.Fatal("inconsistent claimed values") } } @@ -250,7 +250,6 @@ func TestBatchVerifySinglePoint(t *testing.T) { t.Fatal("verifying wrong proof should have failed") } } - } func TestBatchVerifyMultiPoints(t *testing.T) { diff --git a/ecc/bls24-317/fr/kzg/kzg.go b/ecc/bls24-317/fr/kzg/kzg.go index 39d229288a..ba1684293a 100644 --- a/ecc/bls24-317/fr/kzg/kzg.go +++ b/ecc/bls24-317/fr/kzg/kzg.go @@ -252,8 +252,11 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr }(i) } + // wait for polynomial evaluations to be completed (res.ClaimedValues) + wg.Wait() + // derive the challenge γ, binded to the point and the commitments - gamma, err := deriveGamma(point, digests, hf) + gamma, err := deriveGamma(point, digests, res.ClaimedValues, hf) if err != nil { return BatchOpeningProof{}, err } @@ -262,8 +265,6 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr var foldedEvaluations fr.Element chSumGammai := make(chan struct{}, 1) go func() { - // wait for polynomial evaluations to be completed (res.ClaimedValues) - wg.Wait() foldedEvaluations = res.ClaimedValues[nbDigests-1] for i := nbDigests - 2; i >= 0; i-- { foldedEvaluations.Mul(&foldedEvaluations, &gamma). @@ -323,7 +324,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. } // derive the challenge γ, binded to the point and the commitments - gamma, err := deriveGamma(point, digests, hf) + gamma, err := deriveGamma(point, digests, batchOpeningProof.ClaimedValues, hf) if err != nil { return OpeningProof{}, Digest{}, ErrInvalidNbDigests } @@ -332,7 +333,10 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. // gammai = [1,γ,γ²,..,γⁿ⁻¹] gammai := make([]fr.Element, nbDigests) gammai[0].SetOne() - for i := 1; i < nbDigests; i++ { + if nbDigests > 1 { + gammai[1] = gamma + } + for i := 2; i < nbDigests; i++ { gammai[i].Mul(&gammai[i-1], &gamma) } @@ -361,7 +365,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro return err } - // verify the foldedProof againts the foldedDigest + // verify the foldedProof against the foldedDigest err = Verify(&foldedDigest, &foldedProof, point, srs) return err @@ -495,18 +499,23 @@ func fold(di []Digest, fai []fr.Element, ci []fr.Element) (Digest, fr.Element, e } // deriveGamma derives a challenge using Fiat Shamir to fold proofs. -func deriveGamma(point fr.Element, digests []Digest, hf hash.Hash) (fr.Element, error) { +func deriveGamma(point fr.Element, digests []Digest, claimedValues []fr.Element, hf hash.Hash) (fr.Element, error) { // derive the challenge gamma, binded to the point and the commitments fs := fiatshamir.NewTranscript(hf, "gamma") if err := fs.Bind("gamma", point.Marshal()); err != nil { return fr.Element{}, err } - for i := 0; i < len(digests); i++ { + for i := range digests { if err := fs.Bind("gamma", digests[i].Marshal()); err != nil { return fr.Element{}, err } } + for i := range claimedValues { + if err := fs.Bind("gamma", claimedValues[i].Marshal()); err != nil { + return fr.Element{}, err + } + } gammaByte, err := fs.ComputeChallenge("gamma") if err != nil { return fr.Element{}, err diff --git a/ecc/bls24-317/fr/kzg/kzg_test.go b/ecc/bls24-317/fr/kzg/kzg_test.go index 1a68e59019..a018e67a9e 100644 --- a/ecc/bls24-317/fr/kzg/kzg_test.go +++ b/ecc/bls24-317/fr/kzg/kzg_test.go @@ -196,13 +196,13 @@ func TestBatchVerifySinglePoint(t *testing.T) { // create polynomials f := make([][]fr.Element, 10) - for i := 0; i < 10; i++ { + for i := range f { f[i] = randomPolynomial(size) } // commit the polynomials - digests := make([]Digest, 10) - for i := 0; i < 10; i++ { + digests := make([]Digest, len(f)) + for i := range f { digests[i], _ = Commit(f[i], testSRS) } @@ -219,10 +219,10 @@ func TestBatchVerifySinglePoint(t *testing.T) { } // verify the claimed values - for i := 0; i < 10; i++ { + for i := range f { expectedClaim := eval(f[i], point) if !expectedClaim.Equal(&proof.ClaimedValues[i]) { - t.Fatal("inconsistant claimed values") + t.Fatal("inconsistent claimed values") } } @@ -250,7 +250,6 @@ func TestBatchVerifySinglePoint(t *testing.T) { t.Fatal("verifying wrong proof should have failed") } } - } func TestBatchVerifyMultiPoints(t *testing.T) { diff --git a/ecc/bn254/fr/kzg/kzg.go b/ecc/bn254/fr/kzg/kzg.go index 3a90e10fd4..45737d814b 100644 --- a/ecc/bn254/fr/kzg/kzg.go +++ b/ecc/bn254/fr/kzg/kzg.go @@ -252,8 +252,11 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr }(i) } + // wait for polynomial evaluations to be completed (res.ClaimedValues) + wg.Wait() + // derive the challenge γ, binded to the point and the commitments - gamma, err := deriveGamma(point, digests, hf) + gamma, err := deriveGamma(point, digests, res.ClaimedValues, hf) if err != nil { return BatchOpeningProof{}, err } @@ -262,8 +265,6 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr var foldedEvaluations fr.Element chSumGammai := make(chan struct{}, 1) go func() { - // wait for polynomial evaluations to be completed (res.ClaimedValues) - wg.Wait() foldedEvaluations = res.ClaimedValues[nbDigests-1] for i := nbDigests - 2; i >= 0; i-- { foldedEvaluations.Mul(&foldedEvaluations, &gamma). @@ -323,7 +324,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. } // derive the challenge γ, binded to the point and the commitments - gamma, err := deriveGamma(point, digests, hf) + gamma, err := deriveGamma(point, digests, batchOpeningProof.ClaimedValues, hf) if err != nil { return OpeningProof{}, Digest{}, ErrInvalidNbDigests } @@ -332,7 +333,10 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. // gammai = [1,γ,γ²,..,γⁿ⁻¹] gammai := make([]fr.Element, nbDigests) gammai[0].SetOne() - for i := 1; i < nbDigests; i++ { + if nbDigests > 1 { + gammai[1] = gamma + } + for i := 2; i < nbDigests; i++ { gammai[i].Mul(&gammai[i-1], &gamma) } @@ -361,7 +365,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro return err } - // verify the foldedProof againts the foldedDigest + // verify the foldedProof against the foldedDigest err = Verify(&foldedDigest, &foldedProof, point, srs) return err @@ -495,18 +499,23 @@ func fold(di []Digest, fai []fr.Element, ci []fr.Element) (Digest, fr.Element, e } // deriveGamma derives a challenge using Fiat Shamir to fold proofs. -func deriveGamma(point fr.Element, digests []Digest, hf hash.Hash) (fr.Element, error) { +func deriveGamma(point fr.Element, digests []Digest, claimedValues []fr.Element, hf hash.Hash) (fr.Element, error) { // derive the challenge gamma, binded to the point and the commitments fs := fiatshamir.NewTranscript(hf, "gamma") if err := fs.Bind("gamma", point.Marshal()); err != nil { return fr.Element{}, err } - for i := 0; i < len(digests); i++ { + for i := range digests { if err := fs.Bind("gamma", digests[i].Marshal()); err != nil { return fr.Element{}, err } } + for i := range claimedValues { + if err := fs.Bind("gamma", claimedValues[i].Marshal()); err != nil { + return fr.Element{}, err + } + } gammaByte, err := fs.ComputeChallenge("gamma") if err != nil { return fr.Element{}, err diff --git a/ecc/bn254/fr/kzg/kzg_test.go b/ecc/bn254/fr/kzg/kzg_test.go index bf78f0d717..e60037467f 100644 --- a/ecc/bn254/fr/kzg/kzg_test.go +++ b/ecc/bn254/fr/kzg/kzg_test.go @@ -196,13 +196,13 @@ func TestBatchVerifySinglePoint(t *testing.T) { // create polynomials f := make([][]fr.Element, 10) - for i := 0; i < 10; i++ { + for i := range f { f[i] = randomPolynomial(size) } // commit the polynomials - digests := make([]Digest, 10) - for i := 0; i < 10; i++ { + digests := make([]Digest, len(f)) + for i := range f { digests[i], _ = Commit(f[i], testSRS) } @@ -219,10 +219,10 @@ func TestBatchVerifySinglePoint(t *testing.T) { } // verify the claimed values - for i := 0; i < 10; i++ { + for i := range f { expectedClaim := eval(f[i], point) if !expectedClaim.Equal(&proof.ClaimedValues[i]) { - t.Fatal("inconsistant claimed values") + t.Fatal("inconsistent claimed values") } } @@ -250,7 +250,6 @@ func TestBatchVerifySinglePoint(t *testing.T) { t.Fatal("verifying wrong proof should have failed") } } - } func TestBatchVerifyMultiPoints(t *testing.T) { diff --git a/ecc/bw6-633/fr/kzg/kzg.go b/ecc/bw6-633/fr/kzg/kzg.go index dfb5565a13..9d7274336e 100644 --- a/ecc/bw6-633/fr/kzg/kzg.go +++ b/ecc/bw6-633/fr/kzg/kzg.go @@ -252,8 +252,11 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr }(i) } + // wait for polynomial evaluations to be completed (res.ClaimedValues) + wg.Wait() + // derive the challenge γ, binded to the point and the commitments - gamma, err := deriveGamma(point, digests, hf) + gamma, err := deriveGamma(point, digests, res.ClaimedValues, hf) if err != nil { return BatchOpeningProof{}, err } @@ -262,8 +265,6 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr var foldedEvaluations fr.Element chSumGammai := make(chan struct{}, 1) go func() { - // wait for polynomial evaluations to be completed (res.ClaimedValues) - wg.Wait() foldedEvaluations = res.ClaimedValues[nbDigests-1] for i := nbDigests - 2; i >= 0; i-- { foldedEvaluations.Mul(&foldedEvaluations, &gamma). @@ -323,7 +324,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. } // derive the challenge γ, binded to the point and the commitments - gamma, err := deriveGamma(point, digests, hf) + gamma, err := deriveGamma(point, digests, batchOpeningProof.ClaimedValues, hf) if err != nil { return OpeningProof{}, Digest{}, ErrInvalidNbDigests } @@ -332,7 +333,10 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. // gammai = [1,γ,γ²,..,γⁿ⁻¹] gammai := make([]fr.Element, nbDigests) gammai[0].SetOne() - for i := 1; i < nbDigests; i++ { + if nbDigests > 1 { + gammai[1] = gamma + } + for i := 2; i < nbDigests; i++ { gammai[i].Mul(&gammai[i-1], &gamma) } @@ -361,7 +365,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro return err } - // verify the foldedProof againts the foldedDigest + // verify the foldedProof against the foldedDigest err = Verify(&foldedDigest, &foldedProof, point, srs) return err @@ -495,18 +499,23 @@ func fold(di []Digest, fai []fr.Element, ci []fr.Element) (Digest, fr.Element, e } // deriveGamma derives a challenge using Fiat Shamir to fold proofs. -func deriveGamma(point fr.Element, digests []Digest, hf hash.Hash) (fr.Element, error) { +func deriveGamma(point fr.Element, digests []Digest, claimedValues []fr.Element, hf hash.Hash) (fr.Element, error) { // derive the challenge gamma, binded to the point and the commitments fs := fiatshamir.NewTranscript(hf, "gamma") if err := fs.Bind("gamma", point.Marshal()); err != nil { return fr.Element{}, err } - for i := 0; i < len(digests); i++ { + for i := range digests { if err := fs.Bind("gamma", digests[i].Marshal()); err != nil { return fr.Element{}, err } } + for i := range claimedValues { + if err := fs.Bind("gamma", claimedValues[i].Marshal()); err != nil { + return fr.Element{}, err + } + } gammaByte, err := fs.ComputeChallenge("gamma") if err != nil { return fr.Element{}, err diff --git a/ecc/bw6-633/fr/kzg/kzg_test.go b/ecc/bw6-633/fr/kzg/kzg_test.go index 55daca27bc..bff77bf142 100644 --- a/ecc/bw6-633/fr/kzg/kzg_test.go +++ b/ecc/bw6-633/fr/kzg/kzg_test.go @@ -196,13 +196,13 @@ func TestBatchVerifySinglePoint(t *testing.T) { // create polynomials f := make([][]fr.Element, 10) - for i := 0; i < 10; i++ { + for i := range f { f[i] = randomPolynomial(size) } // commit the polynomials - digests := make([]Digest, 10) - for i := 0; i < 10; i++ { + digests := make([]Digest, len(f)) + for i := range f { digests[i], _ = Commit(f[i], testSRS) } @@ -219,10 +219,10 @@ func TestBatchVerifySinglePoint(t *testing.T) { } // verify the claimed values - for i := 0; i < 10; i++ { + for i := range f { expectedClaim := eval(f[i], point) if !expectedClaim.Equal(&proof.ClaimedValues[i]) { - t.Fatal("inconsistant claimed values") + t.Fatal("inconsistent claimed values") } } @@ -250,7 +250,6 @@ func TestBatchVerifySinglePoint(t *testing.T) { t.Fatal("verifying wrong proof should have failed") } } - } func TestBatchVerifyMultiPoints(t *testing.T) { diff --git a/ecc/bw6-756/fr/kzg/kzg.go b/ecc/bw6-756/fr/kzg/kzg.go index 9a03e34dfd..7063a83299 100644 --- a/ecc/bw6-756/fr/kzg/kzg.go +++ b/ecc/bw6-756/fr/kzg/kzg.go @@ -252,8 +252,11 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr }(i) } + // wait for polynomial evaluations to be completed (res.ClaimedValues) + wg.Wait() + // derive the challenge γ, binded to the point and the commitments - gamma, err := deriveGamma(point, digests, hf) + gamma, err := deriveGamma(point, digests, res.ClaimedValues, hf) if err != nil { return BatchOpeningProof{}, err } @@ -262,8 +265,6 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr var foldedEvaluations fr.Element chSumGammai := make(chan struct{}, 1) go func() { - // wait for polynomial evaluations to be completed (res.ClaimedValues) - wg.Wait() foldedEvaluations = res.ClaimedValues[nbDigests-1] for i := nbDigests - 2; i >= 0; i-- { foldedEvaluations.Mul(&foldedEvaluations, &gamma). @@ -323,7 +324,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. } // derive the challenge γ, binded to the point and the commitments - gamma, err := deriveGamma(point, digests, hf) + gamma, err := deriveGamma(point, digests, batchOpeningProof.ClaimedValues, hf) if err != nil { return OpeningProof{}, Digest{}, ErrInvalidNbDigests } @@ -332,7 +333,10 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. // gammai = [1,γ,γ²,..,γⁿ⁻¹] gammai := make([]fr.Element, nbDigests) gammai[0].SetOne() - for i := 1; i < nbDigests; i++ { + if nbDigests > 1 { + gammai[1] = gamma + } + for i := 2; i < nbDigests; i++ { gammai[i].Mul(&gammai[i-1], &gamma) } @@ -361,7 +365,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro return err } - // verify the foldedProof againts the foldedDigest + // verify the foldedProof against the foldedDigest err = Verify(&foldedDigest, &foldedProof, point, srs) return err @@ -495,18 +499,23 @@ func fold(di []Digest, fai []fr.Element, ci []fr.Element) (Digest, fr.Element, e } // deriveGamma derives a challenge using Fiat Shamir to fold proofs. -func deriveGamma(point fr.Element, digests []Digest, hf hash.Hash) (fr.Element, error) { +func deriveGamma(point fr.Element, digests []Digest, claimedValues []fr.Element, hf hash.Hash) (fr.Element, error) { // derive the challenge gamma, binded to the point and the commitments fs := fiatshamir.NewTranscript(hf, "gamma") if err := fs.Bind("gamma", point.Marshal()); err != nil { return fr.Element{}, err } - for i := 0; i < len(digests); i++ { + for i := range digests { if err := fs.Bind("gamma", digests[i].Marshal()); err != nil { return fr.Element{}, err } } + for i := range claimedValues { + if err := fs.Bind("gamma", claimedValues[i].Marshal()); err != nil { + return fr.Element{}, err + } + } gammaByte, err := fs.ComputeChallenge("gamma") if err != nil { return fr.Element{}, err diff --git a/ecc/bw6-756/fr/kzg/kzg_test.go b/ecc/bw6-756/fr/kzg/kzg_test.go index f86a9235ec..0d22e6c7e7 100644 --- a/ecc/bw6-756/fr/kzg/kzg_test.go +++ b/ecc/bw6-756/fr/kzg/kzg_test.go @@ -196,13 +196,13 @@ func TestBatchVerifySinglePoint(t *testing.T) { // create polynomials f := make([][]fr.Element, 10) - for i := 0; i < 10; i++ { + for i := range f { f[i] = randomPolynomial(size) } // commit the polynomials - digests := make([]Digest, 10) - for i := 0; i < 10; i++ { + digests := make([]Digest, len(f)) + for i := range f { digests[i], _ = Commit(f[i], testSRS) } @@ -219,10 +219,10 @@ func TestBatchVerifySinglePoint(t *testing.T) { } // verify the claimed values - for i := 0; i < 10; i++ { + for i := range f { expectedClaim := eval(f[i], point) if !expectedClaim.Equal(&proof.ClaimedValues[i]) { - t.Fatal("inconsistant claimed values") + t.Fatal("inconsistent claimed values") } } @@ -250,7 +250,6 @@ func TestBatchVerifySinglePoint(t *testing.T) { t.Fatal("verifying wrong proof should have failed") } } - } func TestBatchVerifyMultiPoints(t *testing.T) { diff --git a/ecc/bw6-761/fr/kzg/kzg.go b/ecc/bw6-761/fr/kzg/kzg.go index f6636b9948..64b3cb3aa2 100644 --- a/ecc/bw6-761/fr/kzg/kzg.go +++ b/ecc/bw6-761/fr/kzg/kzg.go @@ -252,8 +252,11 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr }(i) } + // wait for polynomial evaluations to be completed (res.ClaimedValues) + wg.Wait() + // derive the challenge γ, binded to the point and the commitments - gamma, err := deriveGamma(point, digests, hf) + gamma, err := deriveGamma(point, digests, res.ClaimedValues, hf) if err != nil { return BatchOpeningProof{}, err } @@ -262,8 +265,6 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr var foldedEvaluations fr.Element chSumGammai := make(chan struct{}, 1) go func() { - // wait for polynomial evaluations to be completed (res.ClaimedValues) - wg.Wait() foldedEvaluations = res.ClaimedValues[nbDigests-1] for i := nbDigests - 2; i >= 0; i-- { foldedEvaluations.Mul(&foldedEvaluations, &gamma). @@ -323,7 +324,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. } // derive the challenge γ, binded to the point and the commitments - gamma, err := deriveGamma(point, digests, hf) + gamma, err := deriveGamma(point, digests, batchOpeningProof.ClaimedValues, hf) if err != nil { return OpeningProof{}, Digest{}, ErrInvalidNbDigests } @@ -332,7 +333,10 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. // gammai = [1,γ,γ²,..,γⁿ⁻¹] gammai := make([]fr.Element, nbDigests) gammai[0].SetOne() - for i := 1; i < nbDigests; i++ { + if nbDigests > 1 { + gammai[1] = gamma + } + for i := 2; i < nbDigests; i++ { gammai[i].Mul(&gammai[i-1], &gamma) } @@ -361,7 +365,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro return err } - // verify the foldedProof againts the foldedDigest + // verify the foldedProof against the foldedDigest err = Verify(&foldedDigest, &foldedProof, point, srs) return err @@ -495,18 +499,23 @@ func fold(di []Digest, fai []fr.Element, ci []fr.Element) (Digest, fr.Element, e } // deriveGamma derives a challenge using Fiat Shamir to fold proofs. -func deriveGamma(point fr.Element, digests []Digest, hf hash.Hash) (fr.Element, error) { +func deriveGamma(point fr.Element, digests []Digest, claimedValues []fr.Element, hf hash.Hash) (fr.Element, error) { // derive the challenge gamma, binded to the point and the commitments fs := fiatshamir.NewTranscript(hf, "gamma") if err := fs.Bind("gamma", point.Marshal()); err != nil { return fr.Element{}, err } - for i := 0; i < len(digests); i++ { + for i := range digests { if err := fs.Bind("gamma", digests[i].Marshal()); err != nil { return fr.Element{}, err } } + for i := range claimedValues { + if err := fs.Bind("gamma", claimedValues[i].Marshal()); err != nil { + return fr.Element{}, err + } + } gammaByte, err := fs.ComputeChallenge("gamma") if err != nil { return fr.Element{}, err diff --git a/ecc/bw6-761/fr/kzg/kzg_test.go b/ecc/bw6-761/fr/kzg/kzg_test.go index 67c2025f6f..4d4c73e4f4 100644 --- a/ecc/bw6-761/fr/kzg/kzg_test.go +++ b/ecc/bw6-761/fr/kzg/kzg_test.go @@ -196,13 +196,13 @@ func TestBatchVerifySinglePoint(t *testing.T) { // create polynomials f := make([][]fr.Element, 10) - for i := 0; i < 10; i++ { + for i := range f { f[i] = randomPolynomial(size) } // commit the polynomials - digests := make([]Digest, 10) - for i := 0; i < 10; i++ { + digests := make([]Digest, len(f)) + for i := range f { digests[i], _ = Commit(f[i], testSRS) } @@ -219,10 +219,10 @@ func TestBatchVerifySinglePoint(t *testing.T) { } // verify the claimed values - for i := 0; i < 10; i++ { + for i := range f { expectedClaim := eval(f[i], point) if !expectedClaim.Equal(&proof.ClaimedValues[i]) { - t.Fatal("inconsistant claimed values") + t.Fatal("inconsistent claimed values") } } @@ -250,7 +250,6 @@ func TestBatchVerifySinglePoint(t *testing.T) { t.Fatal("verifying wrong proof should have failed") } } - } func TestBatchVerifyMultiPoints(t *testing.T) { diff --git a/internal/generator/kzg/template/kzg.go.tmpl b/internal/generator/kzg/template/kzg.go.tmpl index 0f42fb5a27..c0e2b670dc 100644 --- a/internal/generator/kzg/template/kzg.go.tmpl +++ b/internal/generator/kzg/template/kzg.go.tmpl @@ -234,8 +234,11 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr }(i) } + // wait for polynomial evaluations to be completed (res.ClaimedValues) + wg.Wait() + // derive the challenge γ, binded to the point and the commitments - gamma, err := deriveGamma(point, digests, hf) + gamma, err := deriveGamma(point, digests, res.ClaimedValues, hf) if err != nil { return BatchOpeningProof{}, err } @@ -244,8 +247,6 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr var foldedEvaluations fr.Element chSumGammai := make(chan struct{}, 1) go func() { - // wait for polynomial evaluations to be completed (res.ClaimedValues) - wg.Wait() foldedEvaluations = res.ClaimedValues[nbDigests-1] for i := nbDigests - 2; i >= 0; i-- { foldedEvaluations.Mul(&foldedEvaluations, &gamma). @@ -305,7 +306,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. } // derive the challenge γ, binded to the point and the commitments - gamma, err := deriveGamma(point, digests, hf) + gamma, err := deriveGamma(point, digests, batchOpeningProof.ClaimedValues, hf) if err != nil { return OpeningProof{}, Digest{}, ErrInvalidNbDigests } @@ -314,7 +315,10 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. // gammai = [1,γ,γ²,..,γⁿ⁻¹] gammai := make([]fr.Element, nbDigests) gammai[0].SetOne() - for i := 1; i < nbDigests; i++ { + if nbDigests > 1 { + gammai[1] = gamma + } + for i := 2; i < nbDigests; i++ { gammai[i].Mul(&gammai[i-1], &gamma) } @@ -343,7 +347,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro return err } - // verify the foldedProof againts the foldedDigest + // verify the foldedProof against the foldedDigest err = Verify(&foldedDigest, &foldedProof, point, srs) return err @@ -477,18 +481,23 @@ func fold(di []Digest, fai []fr.Element, ci []fr.Element) (Digest, fr.Element, e } // deriveGamma derives a challenge using Fiat Shamir to fold proofs. -func deriveGamma(point fr.Element, digests []Digest, hf hash.Hash) (fr.Element, error) { +func deriveGamma(point fr.Element, digests []Digest, claimedValues []fr.Element, hf hash.Hash) (fr.Element, error) { // derive the challenge gamma, binded to the point and the commitments fs := fiatshamir.NewTranscript(hf, "gamma") if err := fs.Bind("gamma", point.Marshal()); err != nil { return fr.Element{}, err } - for i := 0; i < len(digests); i++ { + for i := range digests { if err := fs.Bind("gamma", digests[i].Marshal()); err != nil { return fr.Element{}, err } } + for i := range claimedValues { + if err := fs.Bind("gamma", claimedValues[i].Marshal()); err != nil { + return fr.Element{}, err + } + } gammaByte, err := fs.ComputeChallenge("gamma") if err != nil { return fr.Element{}, err diff --git a/internal/generator/kzg/template/kzg.test.go.tmpl b/internal/generator/kzg/template/kzg.test.go.tmpl index a0cd06300c..fe4ad7a23e 100644 --- a/internal/generator/kzg/template/kzg.test.go.tmpl +++ b/internal/generator/kzg/template/kzg.test.go.tmpl @@ -178,13 +178,13 @@ func TestBatchVerifySinglePoint(t *testing.T) { // create polynomials f := make([][]fr.Element, 10) - for i := 0; i < 10; i++ { + for i := range f { f[i] = randomPolynomial(size) } // commit the polynomials - digests := make([]Digest, 10) - for i := 0; i < 10; i++ { + digests := make([]Digest, len(f)) + for i := range f { digests[i], _ = Commit(f[i], testSRS) } @@ -201,10 +201,10 @@ func TestBatchVerifySinglePoint(t *testing.T) { } // verify the claimed values - for i := 0; i < 10; i++ { + for i := range f { expectedClaim := eval(f[i], point) if !expectedClaim.Equal(&proof.ClaimedValues[i]) { - t.Fatal("inconsistant claimed values") + t.Fatal("inconsistent claimed values") } } @@ -232,7 +232,6 @@ func TestBatchVerifySinglePoint(t *testing.T) { t.Fatal("verifying wrong proof should have failed") } } - } func TestBatchVerifyMultiPoints(t *testing.T) {