From edc6ee19d289d0716031deb5a7764c3fcb1142e2 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Fri, 7 Apr 2023 15:20:40 -0500 Subject: [PATCH 01/21] refactor: break up kzg srs; NewSRS for bn254 --- ecc/bls12-377/fr/kzg/kzg.go | 52 ++++++++------- ecc/bls12-378/fr/kzg/kzg.go | 52 ++++++++------- ecc/bls12-381/fr/kzg/kzg.go | 52 ++++++++------- ecc/bls24-315/fr/kzg/kzg.go | 52 ++++++++------- ecc/bls24-317/fr/kzg/kzg.go | 52 ++++++++------- ecc/bn254/fr/kzg/kzg.go | 71 +++++++++++---------- ecc/bw6-633/fr/kzg/kzg.go | 52 ++++++++------- ecc/bw6-756/fr/kzg/kzg.go | 52 ++++++++------- ecc/bw6-761/fr/kzg/kzg.go | 52 ++++++++------- internal/generator/kzg/template/kzg.go.tmpl | 50 ++++++++------- 10 files changed, 289 insertions(+), 248 deletions(-) diff --git a/ecc/bls12-377/fr/kzg/kzg.go b/ecc/bls12-377/fr/kzg/kzg.go index 1e518b3664..b729fc5330 100644 --- a/ecc/bls12-377/fr/kzg/kzg.go +++ b/ecc/bls12-377/fr/kzg/kzg.go @@ -41,10 +41,14 @@ var ( // Digest commitment of a polynomial. type Digest = bls12377.G1Affine -// SRS stores the result of the MPC -type SRS struct { - G1 []bls12377.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] +// Proving and Verifying keys together constitute the SRS (result of the MPC) +type ProvingKey struct { + G1 []bls12377.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] +} + +type VerifyingKey struct { G2 [2]bls12377.G2Affine // [G₂, [α]G₂ ] + G1 bn254.G1Affine } // eval returns p(point) where p is interpreted as a polynomial @@ -116,9 +120,9 @@ type BatchOpeningProof struct { // Commit commits to a polynomial using a multi exponentiation with the SRS. // It is assumed that the polynomial is in canonical form, in Montgomery form. -func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { +func Commit(p []fr.Element, pk ProvingKey, nbTasks ...int) (Digest, error) { - if len(p) == 0 || len(p) > len(srs.G1) { + if len(p) == 0 || len(p) > len(pk.G1) { return Digest{}, ErrInvalidPolynomialSize } @@ -128,7 +132,7 @@ func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { if len(nbTasks) > 0 { config.NbTasks = nbTasks[0] } - if _, err := res.MultiExp(srs.G1[:len(p)], p, config); err != nil { + if _, err := res.MultiExp(pk.G1[:len(p)], p, config); err != nil { return Digest{}, err } @@ -137,8 +141,8 @@ func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { // Open computes an opening proof of polynomial p at given point. // fft.Domain Cardinality must be larger than p.Degree() -func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { - if len(p) == 0 || len(p) > len(srs.G1) { +func Open(p []fr.Element, point fr.Element, pk ProvingKey) (OpeningProof, error) { + if len(p) == 0 || len(p) > len(pk.G1) { return OpeningProof{}, ErrInvalidPolynomialSize } @@ -155,7 +159,7 @@ func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { _p = nil // h re-use this memory // commit to H - hCommit, err := Commit(h, srs) + hCommit, err := Commit(h, pk) if err != nil { return OpeningProof{}, err } @@ -165,13 +169,13 @@ func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { } // Verify verifies a KZG opening proof at a single point -func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) error { +func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, vk VerifyingKey) error { // [f(a)]G₁ var claimedValueG1Aff bls12377.G1Jac var claimedValueBigInt big.Int proof.ClaimedValue.BigInt(&claimedValueBigInt) - claimedValueG1Aff.ScalarMultiplicationAffine(&srs.G1[0], &claimedValueBigInt) + claimedValueG1Aff.ScalarMultiplicationAffine(&vk.G1, &claimedValueBigInt) // [f(α) - f(a)]G₁ var fminusfaG1Jac bls12377.G1Jac @@ -186,8 +190,8 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) var alphaMinusaG2Jac, genG2Jac, alphaG2Jac bls12377.G2Jac var pointBigInt big.Int point.BigInt(&pointBigInt) - genG2Jac.FromAffine(&srs.G2[0]) - alphaG2Jac.FromAffine(&srs.G2[1]) + genG2Jac.FromAffine(&vk.G2[0]) + alphaG2Jac.FromAffine(&vk.G2[1]) alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt). Neg(&alphaMinusaG2Jac). AddAssign(&alphaG2Jac) @@ -203,7 +207,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // e([f(α) - f(a)]G₁, G₂).e([-H(α)]G₁, [α-a]G₂) ==? 1 check, err := bls12377.PairingCheck( []bls12377.G1Affine{fminusfaG1Aff, negH}, - []bls12377.G2Affine{srs.G2[0], xminusaG2Aff}, + []bls12377.G2Affine{vk.G2[0], xminusaG2Aff}, ) if err != nil { return err @@ -215,12 +219,12 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) } // BatchOpenSinglePoint creates a batch opening proof at point of a list of polynomials. -// It's an interactive protocol, made non interactive using Fiat Shamir. +// It's an interactive protocol, made non-interactive using Fiat Shamir. // // * point is the point at which the polynomials are opened. // * digests is the list of committed polynomials to open, need to derive the challenge using Fiat Shamir. // * polynomials is the list of polynomials to open, they are supposed to be of the same size. -func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr.Element, hf hash.Hash, srs *SRS) (BatchOpeningProof, error) { +func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr.Element, hf hash.Hash, pk ProvingKey) (BatchOpeningProof, error) { // check for invalid sizes nbDigests := len(digests) @@ -231,7 +235,7 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr // TODO ensure the polynomials are of the same size largestPoly := -1 for _, p := range polynomials { - if len(p) == 0 || len(p) > len(srs.G1) { + if len(p) == 0 || len(p) > len(pk.G1) { return BatchOpeningProof{}, ErrInvalidPolynomialSize } if len(p) > largestPoly { @@ -300,7 +304,7 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr h := dividePolyByXminusA(foldedPolynomials, foldedEvaluations, point) foldedPolynomials = nil // same memory as h - res.H, err = Commit(h, srs) + res.H, err = Commit(h, pk) if err != nil { return BatchOpeningProof{}, err } @@ -357,7 +361,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. // // * digests list of digests on which opening proof is done // * batchOpeningProof proof of correct opening on the digests -func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr.Element, hf hash.Hash, srs *SRS) error { +func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr.Element, hf hash.Hash, vk VerifyingKey) error { // fold the proof foldedProof, foldedDigest, err := FoldProof(digests, batchOpeningProof, point, hf) @@ -366,7 +370,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro } // verify the foldedProof against the foldedDigest - err = Verify(&foldedDigest, &foldedProof, point, srs) + err = Verify(&foldedDigest, &foldedProof, point, vk) return err } @@ -377,7 +381,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro // * digests list of committed polynomials // * proofs list of opening proofs, one for each digest // * points the list of points at which the opening are done -func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, srs *SRS) error { +func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, vk VerifyingKey) error { // check consistancy nb proogs vs nb digests if len(digests) != len(proofs) || len(digests) != len(points) { @@ -386,7 +390,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // if only one digest, call Verify if len(digests) == 1 { - return Verify(&digests[0], &proofs[0], points[0], srs) + return Verify(&digests[0], &proofs[0], points[0], vk) } // sample random numbers λᵢ for sampling @@ -428,7 +432,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr var foldedEvalsCommit bls12377.G1Affine var foldedEvalsBigInt big.Int foldedEvals.BigInt(&foldedEvalsBigInt) - foldedEvalsCommit.ScalarMultiplication(&srs.G1[0], &foldedEvalsBigInt) + foldedEvalsCommit.ScalarMultiplication(&vk.G1, &foldedEvalsBigInt) // compute foldedDigests = ∑ᵢλᵢ[fᵢ(α)]G₁ - [∑ᵢλᵢfᵢ(aᵢ)]G₁ foldedDigests.Sub(&foldedDigests, &foldedEvalsCommit) @@ -455,7 +459,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // e([∑ᵢλᵢ(fᵢ(α) - fᵢ(pᵢ) + pᵢHᵢ(α))]G₁, G₂).e([-∑ᵢλᵢ[Hᵢ(α)]G₁), [α]G₂) check, err := bls12377.PairingCheck( []bls12377.G1Affine{foldedDigests, foldedQuotients}, - []bls12377.G2Affine{srs.G2[0], srs.G2[1]}, + []bls12377.G2Affine{vk.G2[0], vk.G2[1]}, ) if err != nil { return err diff --git a/ecc/bls12-378/fr/kzg/kzg.go b/ecc/bls12-378/fr/kzg/kzg.go index d9f58b8798..466ac1ef67 100644 --- a/ecc/bls12-378/fr/kzg/kzg.go +++ b/ecc/bls12-378/fr/kzg/kzg.go @@ -41,10 +41,14 @@ var ( // Digest commitment of a polynomial. type Digest = bls12378.G1Affine -// SRS stores the result of the MPC -type SRS struct { - G1 []bls12378.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] +// Proving and Verifying keys together constitute the SRS (result of the MPC) +type ProvingKey struct { + G1 []bls12378.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] +} + +type VerifyingKey struct { G2 [2]bls12378.G2Affine // [G₂, [α]G₂ ] + G1 bn254.G1Affine } // eval returns p(point) where p is interpreted as a polynomial @@ -116,9 +120,9 @@ type BatchOpeningProof struct { // Commit commits to a polynomial using a multi exponentiation with the SRS. // It is assumed that the polynomial is in canonical form, in Montgomery form. -func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { +func Commit(p []fr.Element, pk ProvingKey, nbTasks ...int) (Digest, error) { - if len(p) == 0 || len(p) > len(srs.G1) { + if len(p) == 0 || len(p) > len(pk.G1) { return Digest{}, ErrInvalidPolynomialSize } @@ -128,7 +132,7 @@ func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { if len(nbTasks) > 0 { config.NbTasks = nbTasks[0] } - if _, err := res.MultiExp(srs.G1[:len(p)], p, config); err != nil { + if _, err := res.MultiExp(pk.G1[:len(p)], p, config); err != nil { return Digest{}, err } @@ -137,8 +141,8 @@ func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { // Open computes an opening proof of polynomial p at given point. // fft.Domain Cardinality must be larger than p.Degree() -func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { - if len(p) == 0 || len(p) > len(srs.G1) { +func Open(p []fr.Element, point fr.Element, pk ProvingKey) (OpeningProof, error) { + if len(p) == 0 || len(p) > len(pk.G1) { return OpeningProof{}, ErrInvalidPolynomialSize } @@ -155,7 +159,7 @@ func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { _p = nil // h re-use this memory // commit to H - hCommit, err := Commit(h, srs) + hCommit, err := Commit(h, pk) if err != nil { return OpeningProof{}, err } @@ -165,13 +169,13 @@ func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { } // Verify verifies a KZG opening proof at a single point -func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) error { +func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, vk VerifyingKey) error { // [f(a)]G₁ var claimedValueG1Aff bls12378.G1Jac var claimedValueBigInt big.Int proof.ClaimedValue.BigInt(&claimedValueBigInt) - claimedValueG1Aff.ScalarMultiplicationAffine(&srs.G1[0], &claimedValueBigInt) + claimedValueG1Aff.ScalarMultiplicationAffine(&vk.G1, &claimedValueBigInt) // [f(α) - f(a)]G₁ var fminusfaG1Jac bls12378.G1Jac @@ -186,8 +190,8 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) var alphaMinusaG2Jac, genG2Jac, alphaG2Jac bls12378.G2Jac var pointBigInt big.Int point.BigInt(&pointBigInt) - genG2Jac.FromAffine(&srs.G2[0]) - alphaG2Jac.FromAffine(&srs.G2[1]) + genG2Jac.FromAffine(&vk.G2[0]) + alphaG2Jac.FromAffine(&vk.G2[1]) alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt). Neg(&alphaMinusaG2Jac). AddAssign(&alphaG2Jac) @@ -203,7 +207,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // e([f(α) - f(a)]G₁, G₂).e([-H(α)]G₁, [α-a]G₂) ==? 1 check, err := bls12378.PairingCheck( []bls12378.G1Affine{fminusfaG1Aff, negH}, - []bls12378.G2Affine{srs.G2[0], xminusaG2Aff}, + []bls12378.G2Affine{vk.G2[0], xminusaG2Aff}, ) if err != nil { return err @@ -215,12 +219,12 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) } // BatchOpenSinglePoint creates a batch opening proof at point of a list of polynomials. -// It's an interactive protocol, made non interactive using Fiat Shamir. +// It's an interactive protocol, made non-interactive using Fiat Shamir. // // * point is the point at which the polynomials are opened. // * digests is the list of committed polynomials to open, need to derive the challenge using Fiat Shamir. // * polynomials is the list of polynomials to open, they are supposed to be of the same size. -func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr.Element, hf hash.Hash, srs *SRS) (BatchOpeningProof, error) { +func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr.Element, hf hash.Hash, pk ProvingKey) (BatchOpeningProof, error) { // check for invalid sizes nbDigests := len(digests) @@ -231,7 +235,7 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr // TODO ensure the polynomials are of the same size largestPoly := -1 for _, p := range polynomials { - if len(p) == 0 || len(p) > len(srs.G1) { + if len(p) == 0 || len(p) > len(pk.G1) { return BatchOpeningProof{}, ErrInvalidPolynomialSize } if len(p) > largestPoly { @@ -300,7 +304,7 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr h := dividePolyByXminusA(foldedPolynomials, foldedEvaluations, point) foldedPolynomials = nil // same memory as h - res.H, err = Commit(h, srs) + res.H, err = Commit(h, pk) if err != nil { return BatchOpeningProof{}, err } @@ -357,7 +361,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. // // * digests list of digests on which opening proof is done // * batchOpeningProof proof of correct opening on the digests -func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr.Element, hf hash.Hash, srs *SRS) error { +func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr.Element, hf hash.Hash, vk VerifyingKey) error { // fold the proof foldedProof, foldedDigest, err := FoldProof(digests, batchOpeningProof, point, hf) @@ -366,7 +370,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro } // verify the foldedProof against the foldedDigest - err = Verify(&foldedDigest, &foldedProof, point, srs) + err = Verify(&foldedDigest, &foldedProof, point, vk) return err } @@ -377,7 +381,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro // * digests list of committed polynomials // * proofs list of opening proofs, one for each digest // * points the list of points at which the opening are done -func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, srs *SRS) error { +func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, vk VerifyingKey) error { // check consistancy nb proogs vs nb digests if len(digests) != len(proofs) || len(digests) != len(points) { @@ -386,7 +390,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // if only one digest, call Verify if len(digests) == 1 { - return Verify(&digests[0], &proofs[0], points[0], srs) + return Verify(&digests[0], &proofs[0], points[0], vk) } // sample random numbers λᵢ for sampling @@ -428,7 +432,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr var foldedEvalsCommit bls12378.G1Affine var foldedEvalsBigInt big.Int foldedEvals.BigInt(&foldedEvalsBigInt) - foldedEvalsCommit.ScalarMultiplication(&srs.G1[0], &foldedEvalsBigInt) + foldedEvalsCommit.ScalarMultiplication(&vk.G1, &foldedEvalsBigInt) // compute foldedDigests = ∑ᵢλᵢ[fᵢ(α)]G₁ - [∑ᵢλᵢfᵢ(aᵢ)]G₁ foldedDigests.Sub(&foldedDigests, &foldedEvalsCommit) @@ -455,7 +459,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // e([∑ᵢλᵢ(fᵢ(α) - fᵢ(pᵢ) + pᵢHᵢ(α))]G₁, G₂).e([-∑ᵢλᵢ[Hᵢ(α)]G₁), [α]G₂) check, err := bls12378.PairingCheck( []bls12378.G1Affine{foldedDigests, foldedQuotients}, - []bls12378.G2Affine{srs.G2[0], srs.G2[1]}, + []bls12378.G2Affine{vk.G2[0], vk.G2[1]}, ) if err != nil { return err diff --git a/ecc/bls12-381/fr/kzg/kzg.go b/ecc/bls12-381/fr/kzg/kzg.go index f670db852c..8166d981cc 100644 --- a/ecc/bls12-381/fr/kzg/kzg.go +++ b/ecc/bls12-381/fr/kzg/kzg.go @@ -41,10 +41,14 @@ var ( // Digest commitment of a polynomial. type Digest = bls12381.G1Affine -// SRS stores the result of the MPC -type SRS struct { - G1 []bls12381.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] +// Proving and Verifying keys together constitute the SRS (result of the MPC) +type ProvingKey struct { + G1 []bls12381.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] +} + +type VerifyingKey struct { G2 [2]bls12381.G2Affine // [G₂, [α]G₂ ] + G1 bn254.G1Affine } // eval returns p(point) where p is interpreted as a polynomial @@ -116,9 +120,9 @@ type BatchOpeningProof struct { // Commit commits to a polynomial using a multi exponentiation with the SRS. // It is assumed that the polynomial is in canonical form, in Montgomery form. -func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { +func Commit(p []fr.Element, pk ProvingKey, nbTasks ...int) (Digest, error) { - if len(p) == 0 || len(p) > len(srs.G1) { + if len(p) == 0 || len(p) > len(pk.G1) { return Digest{}, ErrInvalidPolynomialSize } @@ -128,7 +132,7 @@ func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { if len(nbTasks) > 0 { config.NbTasks = nbTasks[0] } - if _, err := res.MultiExp(srs.G1[:len(p)], p, config); err != nil { + if _, err := res.MultiExp(pk.G1[:len(p)], p, config); err != nil { return Digest{}, err } @@ -137,8 +141,8 @@ func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { // Open computes an opening proof of polynomial p at given point. // fft.Domain Cardinality must be larger than p.Degree() -func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { - if len(p) == 0 || len(p) > len(srs.G1) { +func Open(p []fr.Element, point fr.Element, pk ProvingKey) (OpeningProof, error) { + if len(p) == 0 || len(p) > len(pk.G1) { return OpeningProof{}, ErrInvalidPolynomialSize } @@ -155,7 +159,7 @@ func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { _p = nil // h re-use this memory // commit to H - hCommit, err := Commit(h, srs) + hCommit, err := Commit(h, pk) if err != nil { return OpeningProof{}, err } @@ -165,13 +169,13 @@ func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { } // Verify verifies a KZG opening proof at a single point -func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) error { +func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, vk VerifyingKey) error { // [f(a)]G₁ var claimedValueG1Aff bls12381.G1Jac var claimedValueBigInt big.Int proof.ClaimedValue.BigInt(&claimedValueBigInt) - claimedValueG1Aff.ScalarMultiplicationAffine(&srs.G1[0], &claimedValueBigInt) + claimedValueG1Aff.ScalarMultiplicationAffine(&vk.G1, &claimedValueBigInt) // [f(α) - f(a)]G₁ var fminusfaG1Jac bls12381.G1Jac @@ -186,8 +190,8 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) var alphaMinusaG2Jac, genG2Jac, alphaG2Jac bls12381.G2Jac var pointBigInt big.Int point.BigInt(&pointBigInt) - genG2Jac.FromAffine(&srs.G2[0]) - alphaG2Jac.FromAffine(&srs.G2[1]) + genG2Jac.FromAffine(&vk.G2[0]) + alphaG2Jac.FromAffine(&vk.G2[1]) alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt). Neg(&alphaMinusaG2Jac). AddAssign(&alphaG2Jac) @@ -203,7 +207,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // e([f(α) - f(a)]G₁, G₂).e([-H(α)]G₁, [α-a]G₂) ==? 1 check, err := bls12381.PairingCheck( []bls12381.G1Affine{fminusfaG1Aff, negH}, - []bls12381.G2Affine{srs.G2[0], xminusaG2Aff}, + []bls12381.G2Affine{vk.G2[0], xminusaG2Aff}, ) if err != nil { return err @@ -215,12 +219,12 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) } // BatchOpenSinglePoint creates a batch opening proof at point of a list of polynomials. -// It's an interactive protocol, made non interactive using Fiat Shamir. +// It's an interactive protocol, made non-interactive using Fiat Shamir. // // * point is the point at which the polynomials are opened. // * digests is the list of committed polynomials to open, need to derive the challenge using Fiat Shamir. // * polynomials is the list of polynomials to open, they are supposed to be of the same size. -func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr.Element, hf hash.Hash, srs *SRS) (BatchOpeningProof, error) { +func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr.Element, hf hash.Hash, pk ProvingKey) (BatchOpeningProof, error) { // check for invalid sizes nbDigests := len(digests) @@ -231,7 +235,7 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr // TODO ensure the polynomials are of the same size largestPoly := -1 for _, p := range polynomials { - if len(p) == 0 || len(p) > len(srs.G1) { + if len(p) == 0 || len(p) > len(pk.G1) { return BatchOpeningProof{}, ErrInvalidPolynomialSize } if len(p) > largestPoly { @@ -300,7 +304,7 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr h := dividePolyByXminusA(foldedPolynomials, foldedEvaluations, point) foldedPolynomials = nil // same memory as h - res.H, err = Commit(h, srs) + res.H, err = Commit(h, pk) if err != nil { return BatchOpeningProof{}, err } @@ -357,7 +361,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. // // * digests list of digests on which opening proof is done // * batchOpeningProof proof of correct opening on the digests -func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr.Element, hf hash.Hash, srs *SRS) error { +func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr.Element, hf hash.Hash, vk VerifyingKey) error { // fold the proof foldedProof, foldedDigest, err := FoldProof(digests, batchOpeningProof, point, hf) @@ -366,7 +370,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro } // verify the foldedProof against the foldedDigest - err = Verify(&foldedDigest, &foldedProof, point, srs) + err = Verify(&foldedDigest, &foldedProof, point, vk) return err } @@ -377,7 +381,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro // * digests list of committed polynomials // * proofs list of opening proofs, one for each digest // * points the list of points at which the opening are done -func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, srs *SRS) error { +func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, vk VerifyingKey) error { // check consistancy nb proogs vs nb digests if len(digests) != len(proofs) || len(digests) != len(points) { @@ -386,7 +390,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // if only one digest, call Verify if len(digests) == 1 { - return Verify(&digests[0], &proofs[0], points[0], srs) + return Verify(&digests[0], &proofs[0], points[0], vk) } // sample random numbers λᵢ for sampling @@ -428,7 +432,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr var foldedEvalsCommit bls12381.G1Affine var foldedEvalsBigInt big.Int foldedEvals.BigInt(&foldedEvalsBigInt) - foldedEvalsCommit.ScalarMultiplication(&srs.G1[0], &foldedEvalsBigInt) + foldedEvalsCommit.ScalarMultiplication(&vk.G1, &foldedEvalsBigInt) // compute foldedDigests = ∑ᵢλᵢ[fᵢ(α)]G₁ - [∑ᵢλᵢfᵢ(aᵢ)]G₁ foldedDigests.Sub(&foldedDigests, &foldedEvalsCommit) @@ -455,7 +459,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // e([∑ᵢλᵢ(fᵢ(α) - fᵢ(pᵢ) + pᵢHᵢ(α))]G₁, G₂).e([-∑ᵢλᵢ[Hᵢ(α)]G₁), [α]G₂) check, err := bls12381.PairingCheck( []bls12381.G1Affine{foldedDigests, foldedQuotients}, - []bls12381.G2Affine{srs.G2[0], srs.G2[1]}, + []bls12381.G2Affine{vk.G2[0], vk.G2[1]}, ) if err != nil { return err diff --git a/ecc/bls24-315/fr/kzg/kzg.go b/ecc/bls24-315/fr/kzg/kzg.go index 72bc17fccc..705dbe6976 100644 --- a/ecc/bls24-315/fr/kzg/kzg.go +++ b/ecc/bls24-315/fr/kzg/kzg.go @@ -41,10 +41,14 @@ var ( // Digest commitment of a polynomial. type Digest = bls24315.G1Affine -// SRS stores the result of the MPC -type SRS struct { - G1 []bls24315.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] +// Proving and Verifying keys together constitute the SRS (result of the MPC) +type ProvingKey struct { + G1 []bls24315.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] +} + +type VerifyingKey struct { G2 [2]bls24315.G2Affine // [G₂, [α]G₂ ] + G1 bn254.G1Affine } // eval returns p(point) where p is interpreted as a polynomial @@ -116,9 +120,9 @@ type BatchOpeningProof struct { // Commit commits to a polynomial using a multi exponentiation with the SRS. // It is assumed that the polynomial is in canonical form, in Montgomery form. -func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { +func Commit(p []fr.Element, pk ProvingKey, nbTasks ...int) (Digest, error) { - if len(p) == 0 || len(p) > len(srs.G1) { + if len(p) == 0 || len(p) > len(pk.G1) { return Digest{}, ErrInvalidPolynomialSize } @@ -128,7 +132,7 @@ func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { if len(nbTasks) > 0 { config.NbTasks = nbTasks[0] } - if _, err := res.MultiExp(srs.G1[:len(p)], p, config); err != nil { + if _, err := res.MultiExp(pk.G1[:len(p)], p, config); err != nil { return Digest{}, err } @@ -137,8 +141,8 @@ func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { // Open computes an opening proof of polynomial p at given point. // fft.Domain Cardinality must be larger than p.Degree() -func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { - if len(p) == 0 || len(p) > len(srs.G1) { +func Open(p []fr.Element, point fr.Element, pk ProvingKey) (OpeningProof, error) { + if len(p) == 0 || len(p) > len(pk.G1) { return OpeningProof{}, ErrInvalidPolynomialSize } @@ -155,7 +159,7 @@ func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { _p = nil // h re-use this memory // commit to H - hCommit, err := Commit(h, srs) + hCommit, err := Commit(h, pk) if err != nil { return OpeningProof{}, err } @@ -165,13 +169,13 @@ func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { } // Verify verifies a KZG opening proof at a single point -func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) error { +func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, vk VerifyingKey) error { // [f(a)]G₁ var claimedValueG1Aff bls24315.G1Jac var claimedValueBigInt big.Int proof.ClaimedValue.BigInt(&claimedValueBigInt) - claimedValueG1Aff.ScalarMultiplicationAffine(&srs.G1[0], &claimedValueBigInt) + claimedValueG1Aff.ScalarMultiplicationAffine(&vk.G1, &claimedValueBigInt) // [f(α) - f(a)]G₁ var fminusfaG1Jac bls24315.G1Jac @@ -186,8 +190,8 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) var alphaMinusaG2Jac, genG2Jac, alphaG2Jac bls24315.G2Jac var pointBigInt big.Int point.BigInt(&pointBigInt) - genG2Jac.FromAffine(&srs.G2[0]) - alphaG2Jac.FromAffine(&srs.G2[1]) + genG2Jac.FromAffine(&vk.G2[0]) + alphaG2Jac.FromAffine(&vk.G2[1]) alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt). Neg(&alphaMinusaG2Jac). AddAssign(&alphaG2Jac) @@ -203,7 +207,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // e([f(α) - f(a)]G₁, G₂).e([-H(α)]G₁, [α-a]G₂) ==? 1 check, err := bls24315.PairingCheck( []bls24315.G1Affine{fminusfaG1Aff, negH}, - []bls24315.G2Affine{srs.G2[0], xminusaG2Aff}, + []bls24315.G2Affine{vk.G2[0], xminusaG2Aff}, ) if err != nil { return err @@ -215,12 +219,12 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) } // BatchOpenSinglePoint creates a batch opening proof at point of a list of polynomials. -// It's an interactive protocol, made non interactive using Fiat Shamir. +// It's an interactive protocol, made non-interactive using Fiat Shamir. // // * point is the point at which the polynomials are opened. // * digests is the list of committed polynomials to open, need to derive the challenge using Fiat Shamir. // * polynomials is the list of polynomials to open, they are supposed to be of the same size. -func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr.Element, hf hash.Hash, srs *SRS) (BatchOpeningProof, error) { +func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr.Element, hf hash.Hash, pk ProvingKey) (BatchOpeningProof, error) { // check for invalid sizes nbDigests := len(digests) @@ -231,7 +235,7 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr // TODO ensure the polynomials are of the same size largestPoly := -1 for _, p := range polynomials { - if len(p) == 0 || len(p) > len(srs.G1) { + if len(p) == 0 || len(p) > len(pk.G1) { return BatchOpeningProof{}, ErrInvalidPolynomialSize } if len(p) > largestPoly { @@ -300,7 +304,7 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr h := dividePolyByXminusA(foldedPolynomials, foldedEvaluations, point) foldedPolynomials = nil // same memory as h - res.H, err = Commit(h, srs) + res.H, err = Commit(h, pk) if err != nil { return BatchOpeningProof{}, err } @@ -357,7 +361,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. // // * digests list of digests on which opening proof is done // * batchOpeningProof proof of correct opening on the digests -func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr.Element, hf hash.Hash, srs *SRS) error { +func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr.Element, hf hash.Hash, vk VerifyingKey) error { // fold the proof foldedProof, foldedDigest, err := FoldProof(digests, batchOpeningProof, point, hf) @@ -366,7 +370,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro } // verify the foldedProof against the foldedDigest - err = Verify(&foldedDigest, &foldedProof, point, srs) + err = Verify(&foldedDigest, &foldedProof, point, vk) return err } @@ -377,7 +381,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro // * digests list of committed polynomials // * proofs list of opening proofs, one for each digest // * points the list of points at which the opening are done -func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, srs *SRS) error { +func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, vk VerifyingKey) error { // check consistancy nb proogs vs nb digests if len(digests) != len(proofs) || len(digests) != len(points) { @@ -386,7 +390,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // if only one digest, call Verify if len(digests) == 1 { - return Verify(&digests[0], &proofs[0], points[0], srs) + return Verify(&digests[0], &proofs[0], points[0], vk) } // sample random numbers λᵢ for sampling @@ -428,7 +432,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr var foldedEvalsCommit bls24315.G1Affine var foldedEvalsBigInt big.Int foldedEvals.BigInt(&foldedEvalsBigInt) - foldedEvalsCommit.ScalarMultiplication(&srs.G1[0], &foldedEvalsBigInt) + foldedEvalsCommit.ScalarMultiplication(&vk.G1, &foldedEvalsBigInt) // compute foldedDigests = ∑ᵢλᵢ[fᵢ(α)]G₁ - [∑ᵢλᵢfᵢ(aᵢ)]G₁ foldedDigests.Sub(&foldedDigests, &foldedEvalsCommit) @@ -455,7 +459,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // e([∑ᵢλᵢ(fᵢ(α) - fᵢ(pᵢ) + pᵢHᵢ(α))]G₁, G₂).e([-∑ᵢλᵢ[Hᵢ(α)]G₁), [α]G₂) check, err := bls24315.PairingCheck( []bls24315.G1Affine{foldedDigests, foldedQuotients}, - []bls24315.G2Affine{srs.G2[0], srs.G2[1]}, + []bls24315.G2Affine{vk.G2[0], vk.G2[1]}, ) if err != nil { return err diff --git a/ecc/bls24-317/fr/kzg/kzg.go b/ecc/bls24-317/fr/kzg/kzg.go index ba1684293a..5c41651bc0 100644 --- a/ecc/bls24-317/fr/kzg/kzg.go +++ b/ecc/bls24-317/fr/kzg/kzg.go @@ -41,10 +41,14 @@ var ( // Digest commitment of a polynomial. type Digest = bls24317.G1Affine -// SRS stores the result of the MPC -type SRS struct { - G1 []bls24317.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] +// Proving and Verifying keys together constitute the SRS (result of the MPC) +type ProvingKey struct { + G1 []bls24317.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] +} + +type VerifyingKey struct { G2 [2]bls24317.G2Affine // [G₂, [α]G₂ ] + G1 bn254.G1Affine } // eval returns p(point) where p is interpreted as a polynomial @@ -116,9 +120,9 @@ type BatchOpeningProof struct { // Commit commits to a polynomial using a multi exponentiation with the SRS. // It is assumed that the polynomial is in canonical form, in Montgomery form. -func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { +func Commit(p []fr.Element, pk ProvingKey, nbTasks ...int) (Digest, error) { - if len(p) == 0 || len(p) > len(srs.G1) { + if len(p) == 0 || len(p) > len(pk.G1) { return Digest{}, ErrInvalidPolynomialSize } @@ -128,7 +132,7 @@ func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { if len(nbTasks) > 0 { config.NbTasks = nbTasks[0] } - if _, err := res.MultiExp(srs.G1[:len(p)], p, config); err != nil { + if _, err := res.MultiExp(pk.G1[:len(p)], p, config); err != nil { return Digest{}, err } @@ -137,8 +141,8 @@ func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { // Open computes an opening proof of polynomial p at given point. // fft.Domain Cardinality must be larger than p.Degree() -func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { - if len(p) == 0 || len(p) > len(srs.G1) { +func Open(p []fr.Element, point fr.Element, pk ProvingKey) (OpeningProof, error) { + if len(p) == 0 || len(p) > len(pk.G1) { return OpeningProof{}, ErrInvalidPolynomialSize } @@ -155,7 +159,7 @@ func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { _p = nil // h re-use this memory // commit to H - hCommit, err := Commit(h, srs) + hCommit, err := Commit(h, pk) if err != nil { return OpeningProof{}, err } @@ -165,13 +169,13 @@ func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { } // Verify verifies a KZG opening proof at a single point -func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) error { +func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, vk VerifyingKey) error { // [f(a)]G₁ var claimedValueG1Aff bls24317.G1Jac var claimedValueBigInt big.Int proof.ClaimedValue.BigInt(&claimedValueBigInt) - claimedValueG1Aff.ScalarMultiplicationAffine(&srs.G1[0], &claimedValueBigInt) + claimedValueG1Aff.ScalarMultiplicationAffine(&vk.G1, &claimedValueBigInt) // [f(α) - f(a)]G₁ var fminusfaG1Jac bls24317.G1Jac @@ -186,8 +190,8 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) var alphaMinusaG2Jac, genG2Jac, alphaG2Jac bls24317.G2Jac var pointBigInt big.Int point.BigInt(&pointBigInt) - genG2Jac.FromAffine(&srs.G2[0]) - alphaG2Jac.FromAffine(&srs.G2[1]) + genG2Jac.FromAffine(&vk.G2[0]) + alphaG2Jac.FromAffine(&vk.G2[1]) alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt). Neg(&alphaMinusaG2Jac). AddAssign(&alphaG2Jac) @@ -203,7 +207,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // e([f(α) - f(a)]G₁, G₂).e([-H(α)]G₁, [α-a]G₂) ==? 1 check, err := bls24317.PairingCheck( []bls24317.G1Affine{fminusfaG1Aff, negH}, - []bls24317.G2Affine{srs.G2[0], xminusaG2Aff}, + []bls24317.G2Affine{vk.G2[0], xminusaG2Aff}, ) if err != nil { return err @@ -215,12 +219,12 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) } // BatchOpenSinglePoint creates a batch opening proof at point of a list of polynomials. -// It's an interactive protocol, made non interactive using Fiat Shamir. +// It's an interactive protocol, made non-interactive using Fiat Shamir. // // * point is the point at which the polynomials are opened. // * digests is the list of committed polynomials to open, need to derive the challenge using Fiat Shamir. // * polynomials is the list of polynomials to open, they are supposed to be of the same size. -func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr.Element, hf hash.Hash, srs *SRS) (BatchOpeningProof, error) { +func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr.Element, hf hash.Hash, pk ProvingKey) (BatchOpeningProof, error) { // check for invalid sizes nbDigests := len(digests) @@ -231,7 +235,7 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr // TODO ensure the polynomials are of the same size largestPoly := -1 for _, p := range polynomials { - if len(p) == 0 || len(p) > len(srs.G1) { + if len(p) == 0 || len(p) > len(pk.G1) { return BatchOpeningProof{}, ErrInvalidPolynomialSize } if len(p) > largestPoly { @@ -300,7 +304,7 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr h := dividePolyByXminusA(foldedPolynomials, foldedEvaluations, point) foldedPolynomials = nil // same memory as h - res.H, err = Commit(h, srs) + res.H, err = Commit(h, pk) if err != nil { return BatchOpeningProof{}, err } @@ -357,7 +361,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. // // * digests list of digests on which opening proof is done // * batchOpeningProof proof of correct opening on the digests -func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr.Element, hf hash.Hash, srs *SRS) error { +func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr.Element, hf hash.Hash, vk VerifyingKey) error { // fold the proof foldedProof, foldedDigest, err := FoldProof(digests, batchOpeningProof, point, hf) @@ -366,7 +370,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro } // verify the foldedProof against the foldedDigest - err = Verify(&foldedDigest, &foldedProof, point, srs) + err = Verify(&foldedDigest, &foldedProof, point, vk) return err } @@ -377,7 +381,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro // * digests list of committed polynomials // * proofs list of opening proofs, one for each digest // * points the list of points at which the opening are done -func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, srs *SRS) error { +func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, vk VerifyingKey) error { // check consistancy nb proogs vs nb digests if len(digests) != len(proofs) || len(digests) != len(points) { @@ -386,7 +390,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // if only one digest, call Verify if len(digests) == 1 { - return Verify(&digests[0], &proofs[0], points[0], srs) + return Verify(&digests[0], &proofs[0], points[0], vk) } // sample random numbers λᵢ for sampling @@ -428,7 +432,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr var foldedEvalsCommit bls24317.G1Affine var foldedEvalsBigInt big.Int foldedEvals.BigInt(&foldedEvalsBigInt) - foldedEvalsCommit.ScalarMultiplication(&srs.G1[0], &foldedEvalsBigInt) + foldedEvalsCommit.ScalarMultiplication(&vk.G1, &foldedEvalsBigInt) // compute foldedDigests = ∑ᵢλᵢ[fᵢ(α)]G₁ - [∑ᵢλᵢfᵢ(aᵢ)]G₁ foldedDigests.Sub(&foldedDigests, &foldedEvalsCommit) @@ -455,7 +459,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // e([∑ᵢλᵢ(fᵢ(α) - fᵢ(pᵢ) + pᵢHᵢ(α))]G₁, G₂).e([-∑ᵢλᵢ[Hᵢ(α)]G₁), [α]G₂) check, err := bls24317.PairingCheck( []bls24317.G1Affine{foldedDigests, foldedQuotients}, - []bls24317.G2Affine{srs.G2[0], srs.G2[1]}, + []bls24317.G2Affine{vk.G2[0], vk.G2[1]}, ) if err != nil { return err diff --git a/ecc/bn254/fr/kzg/kzg.go b/ecc/bn254/fr/kzg/kzg.go index 45737d814b..e458f7c6ac 100644 --- a/ecc/bn254/fr/kzg/kzg.go +++ b/ecc/bn254/fr/kzg/kzg.go @@ -41,10 +41,14 @@ var ( // Digest commitment of a polynomial. type Digest = bn254.G1Affine -// SRS stores the result of the MPC -type SRS struct { - G1 []bn254.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] +// Proving and Verifying keys together constitute the SRS (result of the MPC) +type ProvingKey struct { + G1 []bn254.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] +} + +type VerifyingKey struct { G2 [2]bn254.G2Affine // [G₂, [α]G₂ ] + G1 bn254.G1Affine } // eval returns p(point) where p is interpreted as a polynomial @@ -64,22 +68,23 @@ func eval(p []fr.Element, point fr.Element) fr.Element { // In production, a SRS generated through MPC should be used. // // implements io.ReaderFrom and io.WriterTo -func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { +func NewSRS(size uint64, bAlpha *big.Int) (pk ProvingKey, vk VerifyingKey, err error) { if size < 2 { - return nil, ErrMinSRSSize + err = ErrMinSRSSize + return } - var srs SRS - srs.G1 = make([]bn254.G1Affine, size) + pk.G1 = make([]bn254.G1Affine, size) var alpha fr.Element alpha.SetBigInt(bAlpha) _, _, gen1Aff, gen2Aff := bn254.Generators() - srs.G1[0] = gen1Aff - srs.G2[0] = gen2Aff - srs.G2[1].ScalarMultiplication(&gen2Aff, bAlpha) + pk.G1[0] = gen1Aff + vk.G1 = gen1Aff + vk.G2[0] = gen2Aff + vk.G2[1].ScalarMultiplication(&gen2Aff, bAlpha) alphas := make([]fr.Element, size-1) alphas[0] = alpha @@ -87,9 +92,9 @@ func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { alphas[i].Mul(&alphas[i-1], &alpha) } g1s := bn254.BatchScalarMultiplicationG1(&gen1Aff, alphas) - copy(srs.G1[1:], g1s) + copy(pk.G1[1:], g1s) - return &srs, nil + return } // OpeningProof KZG proof for opening at a single point. @@ -116,9 +121,9 @@ type BatchOpeningProof struct { // Commit commits to a polynomial using a multi exponentiation with the SRS. // It is assumed that the polynomial is in canonical form, in Montgomery form. -func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { +func Commit(p []fr.Element, pk ProvingKey, nbTasks ...int) (Digest, error) { - if len(p) == 0 || len(p) > len(srs.G1) { + if len(p) == 0 || len(p) > len(pk.G1) { return Digest{}, ErrInvalidPolynomialSize } @@ -128,7 +133,7 @@ func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { if len(nbTasks) > 0 { config.NbTasks = nbTasks[0] } - if _, err := res.MultiExp(srs.G1[:len(p)], p, config); err != nil { + if _, err := res.MultiExp(pk.G1[:len(p)], p, config); err != nil { return Digest{}, err } @@ -137,8 +142,8 @@ func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { // Open computes an opening proof of polynomial p at given point. // fft.Domain Cardinality must be larger than p.Degree() -func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { - if len(p) == 0 || len(p) > len(srs.G1) { +func Open(p []fr.Element, point fr.Element, pk ProvingKey) (OpeningProof, error) { + if len(p) == 0 || len(p) > len(pk.G1) { return OpeningProof{}, ErrInvalidPolynomialSize } @@ -155,7 +160,7 @@ func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { _p = nil // h re-use this memory // commit to H - hCommit, err := Commit(h, srs) + hCommit, err := Commit(h, pk) if err != nil { return OpeningProof{}, err } @@ -165,13 +170,13 @@ func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { } // Verify verifies a KZG opening proof at a single point -func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) error { +func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, vk VerifyingKey) error { // [f(a)]G₁ var claimedValueG1Aff bn254.G1Jac var claimedValueBigInt big.Int proof.ClaimedValue.BigInt(&claimedValueBigInt) - claimedValueG1Aff.ScalarMultiplicationAffine(&srs.G1[0], &claimedValueBigInt) + claimedValueG1Aff.ScalarMultiplicationAffine(&vk.G1, &claimedValueBigInt) // [f(α) - f(a)]G₁ var fminusfaG1Jac bn254.G1Jac @@ -186,8 +191,8 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) var alphaMinusaG2Jac, genG2Jac, alphaG2Jac bn254.G2Jac var pointBigInt big.Int point.BigInt(&pointBigInt) - genG2Jac.FromAffine(&srs.G2[0]) - alphaG2Jac.FromAffine(&srs.G2[1]) + genG2Jac.FromAffine(&vk.G2[0]) + alphaG2Jac.FromAffine(&vk.G2[1]) alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt). Neg(&alphaMinusaG2Jac). AddAssign(&alphaG2Jac) @@ -203,7 +208,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // e([f(α) - f(a)]G₁, G₂).e([-H(α)]G₁, [α-a]G₂) ==? 1 check, err := bn254.PairingCheck( []bn254.G1Affine{fminusfaG1Aff, negH}, - []bn254.G2Affine{srs.G2[0], xminusaG2Aff}, + []bn254.G2Affine{vk.G2[0], xminusaG2Aff}, ) if err != nil { return err @@ -215,12 +220,12 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) } // BatchOpenSinglePoint creates a batch opening proof at point of a list of polynomials. -// It's an interactive protocol, made non interactive using Fiat Shamir. +// It's an interactive protocol, made non-interactive using Fiat Shamir. // // * point is the point at which the polynomials are opened. // * digests is the list of committed polynomials to open, need to derive the challenge using Fiat Shamir. // * polynomials is the list of polynomials to open, they are supposed to be of the same size. -func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr.Element, hf hash.Hash, srs *SRS) (BatchOpeningProof, error) { +func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr.Element, hf hash.Hash, pk ProvingKey) (BatchOpeningProof, error) { // check for invalid sizes nbDigests := len(digests) @@ -231,7 +236,7 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr // TODO ensure the polynomials are of the same size largestPoly := -1 for _, p := range polynomials { - if len(p) == 0 || len(p) > len(srs.G1) { + if len(p) == 0 || len(p) > len(pk.G1) { return BatchOpeningProof{}, ErrInvalidPolynomialSize } if len(p) > largestPoly { @@ -300,7 +305,7 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr h := dividePolyByXminusA(foldedPolynomials, foldedEvaluations, point) foldedPolynomials = nil // same memory as h - res.H, err = Commit(h, srs) + res.H, err = Commit(h, pk) if err != nil { return BatchOpeningProof{}, err } @@ -357,7 +362,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. // // * digests list of digests on which opening proof is done // * batchOpeningProof proof of correct opening on the digests -func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr.Element, hf hash.Hash, srs *SRS) error { +func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr.Element, hf hash.Hash, vk VerifyingKey) error { // fold the proof foldedProof, foldedDigest, err := FoldProof(digests, batchOpeningProof, point, hf) @@ -366,7 +371,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro } // verify the foldedProof against the foldedDigest - err = Verify(&foldedDigest, &foldedProof, point, srs) + err = Verify(&foldedDigest, &foldedProof, point, vk) return err } @@ -377,7 +382,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro // * digests list of committed polynomials // * proofs list of opening proofs, one for each digest // * points the list of points at which the opening are done -func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, srs *SRS) error { +func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, vk VerifyingKey) error { // check consistancy nb proogs vs nb digests if len(digests) != len(proofs) || len(digests) != len(points) { @@ -386,7 +391,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // if only one digest, call Verify if len(digests) == 1 { - return Verify(&digests[0], &proofs[0], points[0], srs) + return Verify(&digests[0], &proofs[0], points[0], vk) } // sample random numbers λᵢ for sampling @@ -428,7 +433,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr var foldedEvalsCommit bn254.G1Affine var foldedEvalsBigInt big.Int foldedEvals.BigInt(&foldedEvalsBigInt) - foldedEvalsCommit.ScalarMultiplication(&srs.G1[0], &foldedEvalsBigInt) + foldedEvalsCommit.ScalarMultiplication(&vk.G1, &foldedEvalsBigInt) // compute foldedDigests = ∑ᵢλᵢ[fᵢ(α)]G₁ - [∑ᵢλᵢfᵢ(aᵢ)]G₁ foldedDigests.Sub(&foldedDigests, &foldedEvalsCommit) @@ -455,7 +460,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // e([∑ᵢλᵢ(fᵢ(α) - fᵢ(pᵢ) + pᵢHᵢ(α))]G₁, G₂).e([-∑ᵢλᵢ[Hᵢ(α)]G₁), [α]G₂) check, err := bn254.PairingCheck( []bn254.G1Affine{foldedDigests, foldedQuotients}, - []bn254.G2Affine{srs.G2[0], srs.G2[1]}, + []bn254.G2Affine{vk.G2[0], vk.G2[1]}, ) if err != nil { return err diff --git a/ecc/bw6-633/fr/kzg/kzg.go b/ecc/bw6-633/fr/kzg/kzg.go index 9d7274336e..b485a75971 100644 --- a/ecc/bw6-633/fr/kzg/kzg.go +++ b/ecc/bw6-633/fr/kzg/kzg.go @@ -41,10 +41,14 @@ var ( // Digest commitment of a polynomial. type Digest = bw6633.G1Affine -// SRS stores the result of the MPC -type SRS struct { - G1 []bw6633.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] +// Proving and Verifying keys together constitute the SRS (result of the MPC) +type ProvingKey struct { + G1 []bw6633.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] +} + +type VerifyingKey struct { G2 [2]bw6633.G2Affine // [G₂, [α]G₂ ] + G1 bn254.G1Affine } // eval returns p(point) where p is interpreted as a polynomial @@ -116,9 +120,9 @@ type BatchOpeningProof struct { // Commit commits to a polynomial using a multi exponentiation with the SRS. // It is assumed that the polynomial is in canonical form, in Montgomery form. -func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { +func Commit(p []fr.Element, pk ProvingKey, nbTasks ...int) (Digest, error) { - if len(p) == 0 || len(p) > len(srs.G1) { + if len(p) == 0 || len(p) > len(pk.G1) { return Digest{}, ErrInvalidPolynomialSize } @@ -128,7 +132,7 @@ func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { if len(nbTasks) > 0 { config.NbTasks = nbTasks[0] } - if _, err := res.MultiExp(srs.G1[:len(p)], p, config); err != nil { + if _, err := res.MultiExp(pk.G1[:len(p)], p, config); err != nil { return Digest{}, err } @@ -137,8 +141,8 @@ func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { // Open computes an opening proof of polynomial p at given point. // fft.Domain Cardinality must be larger than p.Degree() -func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { - if len(p) == 0 || len(p) > len(srs.G1) { +func Open(p []fr.Element, point fr.Element, pk ProvingKey) (OpeningProof, error) { + if len(p) == 0 || len(p) > len(pk.G1) { return OpeningProof{}, ErrInvalidPolynomialSize } @@ -155,7 +159,7 @@ func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { _p = nil // h re-use this memory // commit to H - hCommit, err := Commit(h, srs) + hCommit, err := Commit(h, pk) if err != nil { return OpeningProof{}, err } @@ -165,13 +169,13 @@ func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { } // Verify verifies a KZG opening proof at a single point -func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) error { +func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, vk VerifyingKey) error { // [f(a)]G₁ var claimedValueG1Aff bw6633.G1Jac var claimedValueBigInt big.Int proof.ClaimedValue.BigInt(&claimedValueBigInt) - claimedValueG1Aff.ScalarMultiplicationAffine(&srs.G1[0], &claimedValueBigInt) + claimedValueG1Aff.ScalarMultiplicationAffine(&vk.G1, &claimedValueBigInt) // [f(α) - f(a)]G₁ var fminusfaG1Jac bw6633.G1Jac @@ -186,8 +190,8 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) var alphaMinusaG2Jac, genG2Jac, alphaG2Jac bw6633.G2Jac var pointBigInt big.Int point.BigInt(&pointBigInt) - genG2Jac.FromAffine(&srs.G2[0]) - alphaG2Jac.FromAffine(&srs.G2[1]) + genG2Jac.FromAffine(&vk.G2[0]) + alphaG2Jac.FromAffine(&vk.G2[1]) alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt). Neg(&alphaMinusaG2Jac). AddAssign(&alphaG2Jac) @@ -203,7 +207,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // e([f(α) - f(a)]G₁, G₂).e([-H(α)]G₁, [α-a]G₂) ==? 1 check, err := bw6633.PairingCheck( []bw6633.G1Affine{fminusfaG1Aff, negH}, - []bw6633.G2Affine{srs.G2[0], xminusaG2Aff}, + []bw6633.G2Affine{vk.G2[0], xminusaG2Aff}, ) if err != nil { return err @@ -215,12 +219,12 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) } // BatchOpenSinglePoint creates a batch opening proof at point of a list of polynomials. -// It's an interactive protocol, made non interactive using Fiat Shamir. +// It's an interactive protocol, made non-interactive using Fiat Shamir. // // * point is the point at which the polynomials are opened. // * digests is the list of committed polynomials to open, need to derive the challenge using Fiat Shamir. // * polynomials is the list of polynomials to open, they are supposed to be of the same size. -func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr.Element, hf hash.Hash, srs *SRS) (BatchOpeningProof, error) { +func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr.Element, hf hash.Hash, pk ProvingKey) (BatchOpeningProof, error) { // check for invalid sizes nbDigests := len(digests) @@ -231,7 +235,7 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr // TODO ensure the polynomials are of the same size largestPoly := -1 for _, p := range polynomials { - if len(p) == 0 || len(p) > len(srs.G1) { + if len(p) == 0 || len(p) > len(pk.G1) { return BatchOpeningProof{}, ErrInvalidPolynomialSize } if len(p) > largestPoly { @@ -300,7 +304,7 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr h := dividePolyByXminusA(foldedPolynomials, foldedEvaluations, point) foldedPolynomials = nil // same memory as h - res.H, err = Commit(h, srs) + res.H, err = Commit(h, pk) if err != nil { return BatchOpeningProof{}, err } @@ -357,7 +361,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. // // * digests list of digests on which opening proof is done // * batchOpeningProof proof of correct opening on the digests -func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr.Element, hf hash.Hash, srs *SRS) error { +func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr.Element, hf hash.Hash, vk VerifyingKey) error { // fold the proof foldedProof, foldedDigest, err := FoldProof(digests, batchOpeningProof, point, hf) @@ -366,7 +370,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro } // verify the foldedProof against the foldedDigest - err = Verify(&foldedDigest, &foldedProof, point, srs) + err = Verify(&foldedDigest, &foldedProof, point, vk) return err } @@ -377,7 +381,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro // * digests list of committed polynomials // * proofs list of opening proofs, one for each digest // * points the list of points at which the opening are done -func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, srs *SRS) error { +func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, vk VerifyingKey) error { // check consistancy nb proogs vs nb digests if len(digests) != len(proofs) || len(digests) != len(points) { @@ -386,7 +390,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // if only one digest, call Verify if len(digests) == 1 { - return Verify(&digests[0], &proofs[0], points[0], srs) + return Verify(&digests[0], &proofs[0], points[0], vk) } // sample random numbers λᵢ for sampling @@ -428,7 +432,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr var foldedEvalsCommit bw6633.G1Affine var foldedEvalsBigInt big.Int foldedEvals.BigInt(&foldedEvalsBigInt) - foldedEvalsCommit.ScalarMultiplication(&srs.G1[0], &foldedEvalsBigInt) + foldedEvalsCommit.ScalarMultiplication(&vk.G1, &foldedEvalsBigInt) // compute foldedDigests = ∑ᵢλᵢ[fᵢ(α)]G₁ - [∑ᵢλᵢfᵢ(aᵢ)]G₁ foldedDigests.Sub(&foldedDigests, &foldedEvalsCommit) @@ -455,7 +459,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // e([∑ᵢλᵢ(fᵢ(α) - fᵢ(pᵢ) + pᵢHᵢ(α))]G₁, G₂).e([-∑ᵢλᵢ[Hᵢ(α)]G₁), [α]G₂) check, err := bw6633.PairingCheck( []bw6633.G1Affine{foldedDigests, foldedQuotients}, - []bw6633.G2Affine{srs.G2[0], srs.G2[1]}, + []bw6633.G2Affine{vk.G2[0], vk.G2[1]}, ) if err != nil { return err diff --git a/ecc/bw6-756/fr/kzg/kzg.go b/ecc/bw6-756/fr/kzg/kzg.go index 7063a83299..581c43ca06 100644 --- a/ecc/bw6-756/fr/kzg/kzg.go +++ b/ecc/bw6-756/fr/kzg/kzg.go @@ -41,10 +41,14 @@ var ( // Digest commitment of a polynomial. type Digest = bw6756.G1Affine -// SRS stores the result of the MPC -type SRS struct { - G1 []bw6756.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] +// Proving and Verifying keys together constitute the SRS (result of the MPC) +type ProvingKey struct { + G1 []bw6756.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] +} + +type VerifyingKey struct { G2 [2]bw6756.G2Affine // [G₂, [α]G₂ ] + G1 bn254.G1Affine } // eval returns p(point) where p is interpreted as a polynomial @@ -116,9 +120,9 @@ type BatchOpeningProof struct { // Commit commits to a polynomial using a multi exponentiation with the SRS. // It is assumed that the polynomial is in canonical form, in Montgomery form. -func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { +func Commit(p []fr.Element, pk ProvingKey, nbTasks ...int) (Digest, error) { - if len(p) == 0 || len(p) > len(srs.G1) { + if len(p) == 0 || len(p) > len(pk.G1) { return Digest{}, ErrInvalidPolynomialSize } @@ -128,7 +132,7 @@ func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { if len(nbTasks) > 0 { config.NbTasks = nbTasks[0] } - if _, err := res.MultiExp(srs.G1[:len(p)], p, config); err != nil { + if _, err := res.MultiExp(pk.G1[:len(p)], p, config); err != nil { return Digest{}, err } @@ -137,8 +141,8 @@ func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { // Open computes an opening proof of polynomial p at given point. // fft.Domain Cardinality must be larger than p.Degree() -func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { - if len(p) == 0 || len(p) > len(srs.G1) { +func Open(p []fr.Element, point fr.Element, pk ProvingKey) (OpeningProof, error) { + if len(p) == 0 || len(p) > len(pk.G1) { return OpeningProof{}, ErrInvalidPolynomialSize } @@ -155,7 +159,7 @@ func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { _p = nil // h re-use this memory // commit to H - hCommit, err := Commit(h, srs) + hCommit, err := Commit(h, pk) if err != nil { return OpeningProof{}, err } @@ -165,13 +169,13 @@ func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { } // Verify verifies a KZG opening proof at a single point -func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) error { +func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, vk VerifyingKey) error { // [f(a)]G₁ var claimedValueG1Aff bw6756.G1Jac var claimedValueBigInt big.Int proof.ClaimedValue.BigInt(&claimedValueBigInt) - claimedValueG1Aff.ScalarMultiplicationAffine(&srs.G1[0], &claimedValueBigInt) + claimedValueG1Aff.ScalarMultiplicationAffine(&vk.G1, &claimedValueBigInt) // [f(α) - f(a)]G₁ var fminusfaG1Jac bw6756.G1Jac @@ -186,8 +190,8 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) var alphaMinusaG2Jac, genG2Jac, alphaG2Jac bw6756.G2Jac var pointBigInt big.Int point.BigInt(&pointBigInt) - genG2Jac.FromAffine(&srs.G2[0]) - alphaG2Jac.FromAffine(&srs.G2[1]) + genG2Jac.FromAffine(&vk.G2[0]) + alphaG2Jac.FromAffine(&vk.G2[1]) alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt). Neg(&alphaMinusaG2Jac). AddAssign(&alphaG2Jac) @@ -203,7 +207,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // e([f(α) - f(a)]G₁, G₂).e([-H(α)]G₁, [α-a]G₂) ==? 1 check, err := bw6756.PairingCheck( []bw6756.G1Affine{fminusfaG1Aff, negH}, - []bw6756.G2Affine{srs.G2[0], xminusaG2Aff}, + []bw6756.G2Affine{vk.G2[0], xminusaG2Aff}, ) if err != nil { return err @@ -215,12 +219,12 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) } // BatchOpenSinglePoint creates a batch opening proof at point of a list of polynomials. -// It's an interactive protocol, made non interactive using Fiat Shamir. +// It's an interactive protocol, made non-interactive using Fiat Shamir. // // * point is the point at which the polynomials are opened. // * digests is the list of committed polynomials to open, need to derive the challenge using Fiat Shamir. // * polynomials is the list of polynomials to open, they are supposed to be of the same size. -func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr.Element, hf hash.Hash, srs *SRS) (BatchOpeningProof, error) { +func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr.Element, hf hash.Hash, pk ProvingKey) (BatchOpeningProof, error) { // check for invalid sizes nbDigests := len(digests) @@ -231,7 +235,7 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr // TODO ensure the polynomials are of the same size largestPoly := -1 for _, p := range polynomials { - if len(p) == 0 || len(p) > len(srs.G1) { + if len(p) == 0 || len(p) > len(pk.G1) { return BatchOpeningProof{}, ErrInvalidPolynomialSize } if len(p) > largestPoly { @@ -300,7 +304,7 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr h := dividePolyByXminusA(foldedPolynomials, foldedEvaluations, point) foldedPolynomials = nil // same memory as h - res.H, err = Commit(h, srs) + res.H, err = Commit(h, pk) if err != nil { return BatchOpeningProof{}, err } @@ -357,7 +361,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. // // * digests list of digests on which opening proof is done // * batchOpeningProof proof of correct opening on the digests -func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr.Element, hf hash.Hash, srs *SRS) error { +func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr.Element, hf hash.Hash, vk VerifyingKey) error { // fold the proof foldedProof, foldedDigest, err := FoldProof(digests, batchOpeningProof, point, hf) @@ -366,7 +370,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro } // verify the foldedProof against the foldedDigest - err = Verify(&foldedDigest, &foldedProof, point, srs) + err = Verify(&foldedDigest, &foldedProof, point, vk) return err } @@ -377,7 +381,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro // * digests list of committed polynomials // * proofs list of opening proofs, one for each digest // * points the list of points at which the opening are done -func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, srs *SRS) error { +func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, vk VerifyingKey) error { // check consistancy nb proogs vs nb digests if len(digests) != len(proofs) || len(digests) != len(points) { @@ -386,7 +390,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // if only one digest, call Verify if len(digests) == 1 { - return Verify(&digests[0], &proofs[0], points[0], srs) + return Verify(&digests[0], &proofs[0], points[0], vk) } // sample random numbers λᵢ for sampling @@ -428,7 +432,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr var foldedEvalsCommit bw6756.G1Affine var foldedEvalsBigInt big.Int foldedEvals.BigInt(&foldedEvalsBigInt) - foldedEvalsCommit.ScalarMultiplication(&srs.G1[0], &foldedEvalsBigInt) + foldedEvalsCommit.ScalarMultiplication(&vk.G1, &foldedEvalsBigInt) // compute foldedDigests = ∑ᵢλᵢ[fᵢ(α)]G₁ - [∑ᵢλᵢfᵢ(aᵢ)]G₁ foldedDigests.Sub(&foldedDigests, &foldedEvalsCommit) @@ -455,7 +459,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // e([∑ᵢλᵢ(fᵢ(α) - fᵢ(pᵢ) + pᵢHᵢ(α))]G₁, G₂).e([-∑ᵢλᵢ[Hᵢ(α)]G₁), [α]G₂) check, err := bw6756.PairingCheck( []bw6756.G1Affine{foldedDigests, foldedQuotients}, - []bw6756.G2Affine{srs.G2[0], srs.G2[1]}, + []bw6756.G2Affine{vk.G2[0], vk.G2[1]}, ) if err != nil { return err diff --git a/ecc/bw6-761/fr/kzg/kzg.go b/ecc/bw6-761/fr/kzg/kzg.go index 64b3cb3aa2..814df2245c 100644 --- a/ecc/bw6-761/fr/kzg/kzg.go +++ b/ecc/bw6-761/fr/kzg/kzg.go @@ -41,10 +41,14 @@ var ( // Digest commitment of a polynomial. type Digest = bw6761.G1Affine -// SRS stores the result of the MPC -type SRS struct { - G1 []bw6761.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] +// Proving and Verifying keys together constitute the SRS (result of the MPC) +type ProvingKey struct { + G1 []bw6761.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] +} + +type VerifyingKey struct { G2 [2]bw6761.G2Affine // [G₂, [α]G₂ ] + G1 bn254.G1Affine } // eval returns p(point) where p is interpreted as a polynomial @@ -116,9 +120,9 @@ type BatchOpeningProof struct { // Commit commits to a polynomial using a multi exponentiation with the SRS. // It is assumed that the polynomial is in canonical form, in Montgomery form. -func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { +func Commit(p []fr.Element, pk ProvingKey, nbTasks ...int) (Digest, error) { - if len(p) == 0 || len(p) > len(srs.G1) { + if len(p) == 0 || len(p) > len(pk.G1) { return Digest{}, ErrInvalidPolynomialSize } @@ -128,7 +132,7 @@ func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { if len(nbTasks) > 0 { config.NbTasks = nbTasks[0] } - if _, err := res.MultiExp(srs.G1[:len(p)], p, config); err != nil { + if _, err := res.MultiExp(pk.G1[:len(p)], p, config); err != nil { return Digest{}, err } @@ -137,8 +141,8 @@ func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { // Open computes an opening proof of polynomial p at given point. // fft.Domain Cardinality must be larger than p.Degree() -func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { - if len(p) == 0 || len(p) > len(srs.G1) { +func Open(p []fr.Element, point fr.Element, pk ProvingKey) (OpeningProof, error) { + if len(p) == 0 || len(p) > len(pk.G1) { return OpeningProof{}, ErrInvalidPolynomialSize } @@ -155,7 +159,7 @@ func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { _p = nil // h re-use this memory // commit to H - hCommit, err := Commit(h, srs) + hCommit, err := Commit(h, pk) if err != nil { return OpeningProof{}, err } @@ -165,13 +169,13 @@ func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { } // Verify verifies a KZG opening proof at a single point -func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) error { +func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, vk VerifyingKey) error { // [f(a)]G₁ var claimedValueG1Aff bw6761.G1Jac var claimedValueBigInt big.Int proof.ClaimedValue.BigInt(&claimedValueBigInt) - claimedValueG1Aff.ScalarMultiplicationAffine(&srs.G1[0], &claimedValueBigInt) + claimedValueG1Aff.ScalarMultiplicationAffine(&vk.G1, &claimedValueBigInt) // [f(α) - f(a)]G₁ var fminusfaG1Jac bw6761.G1Jac @@ -186,8 +190,8 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) var alphaMinusaG2Jac, genG2Jac, alphaG2Jac bw6761.G2Jac var pointBigInt big.Int point.BigInt(&pointBigInt) - genG2Jac.FromAffine(&srs.G2[0]) - alphaG2Jac.FromAffine(&srs.G2[1]) + genG2Jac.FromAffine(&vk.G2[0]) + alphaG2Jac.FromAffine(&vk.G2[1]) alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt). Neg(&alphaMinusaG2Jac). AddAssign(&alphaG2Jac) @@ -203,7 +207,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // e([f(α) - f(a)]G₁, G₂).e([-H(α)]G₁, [α-a]G₂) ==? 1 check, err := bw6761.PairingCheck( []bw6761.G1Affine{fminusfaG1Aff, negH}, - []bw6761.G2Affine{srs.G2[0], xminusaG2Aff}, + []bw6761.G2Affine{vk.G2[0], xminusaG2Aff}, ) if err != nil { return err @@ -215,12 +219,12 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) } // BatchOpenSinglePoint creates a batch opening proof at point of a list of polynomials. -// It's an interactive protocol, made non interactive using Fiat Shamir. +// It's an interactive protocol, made non-interactive using Fiat Shamir. // // * point is the point at which the polynomials are opened. // * digests is the list of committed polynomials to open, need to derive the challenge using Fiat Shamir. // * polynomials is the list of polynomials to open, they are supposed to be of the same size. -func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr.Element, hf hash.Hash, srs *SRS) (BatchOpeningProof, error) { +func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr.Element, hf hash.Hash, pk ProvingKey) (BatchOpeningProof, error) { // check for invalid sizes nbDigests := len(digests) @@ -231,7 +235,7 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr // TODO ensure the polynomials are of the same size largestPoly := -1 for _, p := range polynomials { - if len(p) == 0 || len(p) > len(srs.G1) { + if len(p) == 0 || len(p) > len(pk.G1) { return BatchOpeningProof{}, ErrInvalidPolynomialSize } if len(p) > largestPoly { @@ -300,7 +304,7 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr h := dividePolyByXminusA(foldedPolynomials, foldedEvaluations, point) foldedPolynomials = nil // same memory as h - res.H, err = Commit(h, srs) + res.H, err = Commit(h, pk) if err != nil { return BatchOpeningProof{}, err } @@ -357,7 +361,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. // // * digests list of digests on which opening proof is done // * batchOpeningProof proof of correct opening on the digests -func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr.Element, hf hash.Hash, srs *SRS) error { +func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr.Element, hf hash.Hash, vk VerifyingKey) error { // fold the proof foldedProof, foldedDigest, err := FoldProof(digests, batchOpeningProof, point, hf) @@ -366,7 +370,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro } // verify the foldedProof against the foldedDigest - err = Verify(&foldedDigest, &foldedProof, point, srs) + err = Verify(&foldedDigest, &foldedProof, point, vk) return err } @@ -377,7 +381,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro // * digests list of committed polynomials // * proofs list of opening proofs, one for each digest // * points the list of points at which the opening are done -func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, srs *SRS) error { +func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, vk VerifyingKey) error { // check consistancy nb proogs vs nb digests if len(digests) != len(proofs) || len(digests) != len(points) { @@ -386,7 +390,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // if only one digest, call Verify if len(digests) == 1 { - return Verify(&digests[0], &proofs[0], points[0], srs) + return Verify(&digests[0], &proofs[0], points[0], vk) } // sample random numbers λᵢ for sampling @@ -428,7 +432,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr var foldedEvalsCommit bw6761.G1Affine var foldedEvalsBigInt big.Int foldedEvals.BigInt(&foldedEvalsBigInt) - foldedEvalsCommit.ScalarMultiplication(&srs.G1[0], &foldedEvalsBigInt) + foldedEvalsCommit.ScalarMultiplication(&vk.G1, &foldedEvalsBigInt) // compute foldedDigests = ∑ᵢλᵢ[fᵢ(α)]G₁ - [∑ᵢλᵢfᵢ(aᵢ)]G₁ foldedDigests.Sub(&foldedDigests, &foldedEvalsCommit) @@ -455,7 +459,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // e([∑ᵢλᵢ(fᵢ(α) - fᵢ(pᵢ) + pᵢHᵢ(α))]G₁, G₂).e([-∑ᵢλᵢ[Hᵢ(α)]G₁), [α]G₂) check, err := bw6761.PairingCheck( []bw6761.G1Affine{foldedDigests, foldedQuotients}, - []bw6761.G2Affine{srs.G2[0], srs.G2[1]}, + []bw6761.G2Affine{vk.G2[0], vk.G2[1]}, ) if err != nil { return err diff --git a/internal/generator/kzg/template/kzg.go.tmpl b/internal/generator/kzg/template/kzg.go.tmpl index c0e2b670dc..99e817454a 100644 --- a/internal/generator/kzg/template/kzg.go.tmpl +++ b/internal/generator/kzg/template/kzg.go.tmpl @@ -23,10 +23,14 @@ var ( // Digest commitment of a polynomial. type Digest = {{ .CurvePackage }}.G1Affine -// SRS stores the result of the MPC -type SRS struct { +// Proving and Verifying keys together constitute the SRS (result of the MPC) +type ProvingKey struct { G1 []{{ .CurvePackage }}.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] +} + +type VerifyingKey struct { G2 [2]{{ .CurvePackage }}.G2Affine // [G₂, [α]G₂ ] + G1 bn254.G1Affine } // eval returns p(point) where p is interpreted as a polynomial @@ -98,9 +102,9 @@ type BatchOpeningProof struct { // Commit commits to a polynomial using a multi exponentiation with the SRS. // It is assumed that the polynomial is in canonical form, in Montgomery form. -func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { +func Commit(p []fr.Element, pk ProvingKey, nbTasks ...int) (Digest, error) { - if len(p) == 0 || len(p) > len(srs.G1) { + if len(p) == 0 || len(p) > len(pk.G1) { return Digest{}, ErrInvalidPolynomialSize } @@ -110,7 +114,7 @@ func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { if len(nbTasks) > 0 { config.NbTasks = nbTasks[0] } - if _, err := res.MultiExp(srs.G1[:len(p)], p, config); err != nil { + if _, err := res.MultiExp(pk.G1[:len(p)], p, config); err != nil { return Digest{}, err } @@ -119,8 +123,8 @@ func Commit(p []fr.Element, srs *SRS, nbTasks ...int) (Digest, error) { // Open computes an opening proof of polynomial p at given point. // fft.Domain Cardinality must be larger than p.Degree() -func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { - if len(p) == 0 || len(p) > len(srs.G1) { +func Open(p []fr.Element, point fr.Element, pk ProvingKey) (OpeningProof, error) { + if len(p) == 0 || len(p) > len(pk.G1) { return OpeningProof{}, ErrInvalidPolynomialSize } @@ -137,7 +141,7 @@ func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { _p = nil // h re-use this memory // commit to H - hCommit, err := Commit(h, srs) + hCommit, err := Commit(h, pk) if err != nil { return OpeningProof{}, err } @@ -147,13 +151,13 @@ func Open(p []fr.Element, point fr.Element, srs *SRS) (OpeningProof, error) { } // Verify verifies a KZG opening proof at a single point -func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) error { +func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, vk VerifyingKey) error { // [f(a)]G₁ var claimedValueG1Aff {{ .CurvePackage }}.G1Jac var claimedValueBigInt big.Int proof.ClaimedValue.BigInt(&claimedValueBigInt) - claimedValueG1Aff.ScalarMultiplicationAffine(&srs.G1[0], &claimedValueBigInt) + claimedValueG1Aff.ScalarMultiplicationAffine(&vk.G1, &claimedValueBigInt) // [f(α) - f(a)]G₁ var fminusfaG1Jac {{ .CurvePackage }}.G1Jac @@ -168,8 +172,8 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) var alphaMinusaG2Jac, genG2Jac, alphaG2Jac {{ .CurvePackage }}.G2Jac var pointBigInt big.Int point.BigInt(&pointBigInt) - genG2Jac.FromAffine(&srs.G2[0]) - alphaG2Jac.FromAffine(&srs.G2[1]) + genG2Jac.FromAffine(&vk.G2[0]) + alphaG2Jac.FromAffine(&vk.G2[1]) alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt). Neg(&alphaMinusaG2Jac). AddAssign(&alphaG2Jac) @@ -185,7 +189,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // e([f(α) - f(a)]G₁, G₂).e([-H(α)]G₁, [α-a]G₂) ==? 1 check, err := {{ .CurvePackage }}.PairingCheck( []{{ .CurvePackage }}.G1Affine{fminusfaG1Aff, negH}, - []{{ .CurvePackage }}.G2Affine{srs.G2[0], xminusaG2Aff}, + []{{ .CurvePackage }}.G2Affine{vk.G2[0], xminusaG2Aff}, ) if err != nil { return err @@ -197,12 +201,12 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) } // BatchOpenSinglePoint creates a batch opening proof at point of a list of polynomials. -// It's an interactive protocol, made non interactive using Fiat Shamir. +// It's an interactive protocol, made non-interactive using Fiat Shamir. // // * point is the point at which the polynomials are opened. // * digests is the list of committed polynomials to open, need to derive the challenge using Fiat Shamir. // * polynomials is the list of polynomials to open, they are supposed to be of the same size. -func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr.Element, hf hash.Hash, srs *SRS) (BatchOpeningProof, error) { +func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr.Element, hf hash.Hash, pk ProvingKey) (BatchOpeningProof, error) { // check for invalid sizes nbDigests := len(digests) @@ -213,7 +217,7 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr // TODO ensure the polynomials are of the same size largestPoly := -1 for _, p := range polynomials { - if len(p) == 0 || len(p) > len(srs.G1) { + if len(p) == 0 || len(p) > len(pk.G1) { return BatchOpeningProof{}, ErrInvalidPolynomialSize } if len(p) > largestPoly { @@ -282,7 +286,7 @@ func BatchOpenSinglePoint(polynomials [][]fr.Element, digests []Digest, point fr h := dividePolyByXminusA(foldedPolynomials, foldedEvaluations, point) foldedPolynomials = nil // same memory as h - res.H, err = Commit(h, srs) + res.H, err = Commit(h, pk) if err != nil { return BatchOpeningProof{}, err } @@ -339,7 +343,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. // // * digests list of digests on which opening proof is done // * batchOpeningProof proof of correct opening on the digests -func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr.Element, hf hash.Hash, srs *SRS) error { +func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr.Element, hf hash.Hash, vk VerifyingKey) error { // fold the proof foldedProof, foldedDigest, err := FoldProof(digests, batchOpeningProof, point, hf) @@ -348,7 +352,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro } // verify the foldedProof against the foldedDigest - err = Verify(&foldedDigest, &foldedProof, point, srs) + err = Verify(&foldedDigest, &foldedProof, point, vk) return err } @@ -359,7 +363,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro // * digests list of committed polynomials // * proofs list of opening proofs, one for each digest // * points the list of points at which the opening are done -func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, srs *SRS) error { +func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, vk VerifyingKey) error { // check consistancy nb proogs vs nb digests if len(digests) != len(proofs) || len(digests) != len(points) { @@ -368,7 +372,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // if only one digest, call Verify if len(digests) == 1 { - return Verify(&digests[0], &proofs[0], points[0], srs) + return Verify(&digests[0], &proofs[0], points[0], vk) } // sample random numbers λᵢ for sampling @@ -410,7 +414,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr var foldedEvalsCommit {{ .CurvePackage }}.G1Affine var foldedEvalsBigInt big.Int foldedEvals.BigInt(&foldedEvalsBigInt) - foldedEvalsCommit.ScalarMultiplication(&srs.G1[0], &foldedEvalsBigInt) + foldedEvalsCommit.ScalarMultiplication(&vk.G1, &foldedEvalsBigInt) // compute foldedDigests = ∑ᵢλᵢ[fᵢ(α)]G₁ - [∑ᵢλᵢfᵢ(aᵢ)]G₁ foldedDigests.Sub(&foldedDigests, &foldedEvalsCommit) @@ -437,7 +441,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // e([∑ᵢλᵢ(fᵢ(α) - fᵢ(pᵢ) + pᵢHᵢ(α))]G₁, G₂).e([-∑ᵢλᵢ[Hᵢ(α)]G₁), [α]G₂) check, err := {{ .CurvePackage }}.PairingCheck( []{{ .CurvePackage }}.G1Affine{foldedDigests, foldedQuotients}, - []{{ .CurvePackage }}.G2Affine{srs.G2[0], srs.G2[1]}, + []{{ .CurvePackage }}.G2Affine{vk.G2[0], vk.G2[1]}, ) if err != nil { return err From b7f7e86418ac04806252f02e7b5fe0075babf402 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Fri, 7 Apr 2023 15:36:39 -0500 Subject: [PATCH 02/21] refactor: marshal pk, vk separately --- ecc/bls12-377/fr/kzg/kzg.go | 19 +++-- ecc/bls12-377/fr/kzg/kzg_test.go | 9 +- ecc/bls12-377/fr/kzg/marshal.go | 83 ++++++++++++++----- ecc/bls12-378/fr/kzg/kzg.go | 19 +++-- ecc/bls12-378/fr/kzg/kzg_test.go | 9 +- ecc/bls12-378/fr/kzg/marshal.go | 83 ++++++++++++++----- ecc/bls12-381/fr/kzg/kzg.go | 19 +++-- ecc/bls12-381/fr/kzg/kzg_test.go | 9 +- ecc/bls12-381/fr/kzg/marshal.go | 83 ++++++++++++++----- ecc/bls24-315/fr/kzg/kzg.go | 19 +++-- ecc/bls24-315/fr/kzg/kzg_test.go | 9 +- ecc/bls24-315/fr/kzg/marshal.go | 83 ++++++++++++++----- ecc/bls24-317/fr/kzg/kzg.go | 19 +++-- ecc/bls24-317/fr/kzg/kzg_test.go | 9 +- ecc/bls24-317/fr/kzg/marshal.go | 83 ++++++++++++++----- ecc/bn254/fr/kzg/kzg_test.go | 15 ++-- ecc/bn254/fr/kzg/marshal.go | 83 ++++++++++++++----- ecc/bw6-633/fr/kzg/kzg.go | 19 +++-- ecc/bw6-633/fr/kzg/kzg_test.go | 9 +- ecc/bw6-633/fr/kzg/marshal.go | 83 ++++++++++++++----- ecc/bw6-756/fr/kzg/kzg.go | 19 +++-- ecc/bw6-756/fr/kzg/kzg_test.go | 9 +- ecc/bw6-756/fr/kzg/marshal.go | 83 ++++++++++++++----- ecc/bw6-761/fr/kzg/kzg.go | 19 +++-- ecc/bw6-761/fr/kzg/kzg_test.go | 9 +- ecc/bw6-761/fr/kzg/marshal.go | 83 ++++++++++++++----- internal/generator/kzg/template/kzg.go.tmpl | 19 +++-- .../generator/kzg/template/kzg.test.go.tmpl | 9 +- .../generator/kzg/template/marshal.go.tmpl | 53 ++++++++++-- 29 files changed, 747 insertions(+), 320 deletions(-) diff --git a/ecc/bls12-377/fr/kzg/kzg.go b/ecc/bls12-377/fr/kzg/kzg.go index b729fc5330..fe2c874474 100644 --- a/ecc/bls12-377/fr/kzg/kzg.go +++ b/ecc/bls12-377/fr/kzg/kzg.go @@ -68,22 +68,23 @@ func eval(p []fr.Element, point fr.Element) fr.Element { // In production, a SRS generated through MPC should be used. // // implements io.ReaderFrom and io.WriterTo -func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { +func NewSRS(size uint64, bAlpha *big.Int) (pk ProvingKey, vk VerifyingKey, err error) { if size < 2 { - return nil, ErrMinSRSSize + err = ErrMinSRSSize + return } - var srs SRS - srs.G1 = make([]bls12377.G1Affine, size) + pk.G1 = make([]bls12377.G1Affine, size) var alpha fr.Element alpha.SetBigInt(bAlpha) _, _, gen1Aff, gen2Aff := bls12377.Generators() - srs.G1[0] = gen1Aff - srs.G2[0] = gen2Aff - srs.G2[1].ScalarMultiplication(&gen2Aff, bAlpha) + pk.G1[0] = gen1Aff + vk.G1 = gen1Aff + vk.G2[0] = gen2Aff + vk.G2[1].ScalarMultiplication(&gen2Aff, bAlpha) alphas := make([]fr.Element, size-1) alphas[0] = alpha @@ -91,9 +92,9 @@ func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { alphas[i].Mul(&alphas[i-1], &alpha) } g1s := bls12377.BatchScalarMultiplicationG1(&gen1Aff, alphas) - copy(srs.G1[1:], g1s) + copy(pk.G1[1:], g1s) - return &srs, nil + return } // OpeningProof KZG proof for opening at a single point. diff --git a/ecc/bls12-377/fr/kzg/kzg_test.go b/ecc/bls12-377/fr/kzg/kzg_test.go index 1fadd3782c..8bb3b31be5 100644 --- a/ecc/bls12-377/fr/kzg/kzg_test.go +++ b/ecc/bls12-377/fr/kzg/kzg_test.go @@ -28,12 +28,15 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls12-377/fr" ) -// testSRS re-used accross tests of the KZG scheme -var testSRS *SRS +// Test SRS re-used across tests of the KZG scheme +var ( + pk ProvingKey + vk VerifyingKey +) func init() { const srsSize = 230 - testSRS, _ = NewSRS(ecc.NextPowerOfTwo(srsSize), new(big.Int).SetInt64(42)) + pk, vk, _ = NewSRS(ecc.NextPowerOfTwo(srsSize), new(big.Int).SetInt64(42)) } func TestDividePolyByXminusA(t *testing.T) { diff --git a/ecc/bls12-377/fr/kzg/marshal.go b/ecc/bls12-377/fr/kzg/marshal.go index 0c6e43cfc6..34c04300dc 100644 --- a/ecc/bls12-377/fr/kzg/marshal.go +++ b/ecc/bls12-377/fr/kzg/marshal.go @@ -1,35 +1,55 @@ -// Copyright 2020 ConsenSys Software Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. + // Copyright 2020 ConsenSys Software Inc. + // + // Licensed under the Apache License, Version 2.0 (the "License"); + // you may not use this file except in compliance with the License. + // You may obtain a copy of the License at + // + // http://www.apache.org/licenses/LICENSE-2.0 + // + // Unless required by applicable law or agreed to in writing, software + // distributed under the License is distributed on an "AS IS" BASIS, + // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + // See the License for the specific language governing permissions and + // limitations under the License. + // Code generated by consensys/gnark-crypto DO NOT EDIT package kzg + import ( - "github.com/consensys/gnark-crypto/ecc/bls12-377" "io" + "github.com/consensys/gnark-crypto/ecc/bls12-377" ) -// WriteTo writes binary encoding of the SRS -func (srs *SRS) WriteTo(w io.Writer) (int64, error) { +// WriteTo writes binary encoding of the ProvingKey +func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { + // encode the ProvingKey + enc := bls12377.NewEncoder(w) + + toEncode := []interface{}{ + pk.G1, + } + + for _, v := range toEncode { + if err := enc.Encode(v); err != nil { + return enc.BytesWritten(), err + } + } + + return enc.BytesWritten(), nil +} + +// WriteTo writes binary encoding of the VerifyingKey +func (vk *VerifyingKey]) WriteTo(w io.Writer) (int64, error) { // encode the SRS enc := bls12377.NewEncoder(w) toEncode := []interface{}{ &srs.G2[0], &srs.G2[1], - srs.G1, + &srs.G1, } for _, v := range toEncode { @@ -41,15 +61,33 @@ func (srs *SRS) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } -// ReadFrom decodes SRS data from reader. -func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { +// ReadFrom decodes ProvingKey data from reader. +func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the SRS dec := bls12377.NewDecoder(r) toDecode := []interface{}{ - &srs.G2[0], - &srs.G2[1], - &srs.G1, + &pk.G1, + } + + for _, v := range toDecode { + if err := dec.Decode(v); err != nil { + return dec.BytesRead(), err + } + } + + return dec.BytesRead(), nil +} + +// ReadFrom decodes VerifyingKey data from reader. +func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { + // decode the SRS + dec := bls12377.NewDecoder(r) + + toDecode := []interface{}{ + &vk.G2[0], + &vk.G2[1], + &vk.G1, } for _, v := range toDecode { @@ -61,6 +99,7 @@ func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } + // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { enc := bls12377.NewEncoder(w) diff --git a/ecc/bls12-378/fr/kzg/kzg.go b/ecc/bls12-378/fr/kzg/kzg.go index 466ac1ef67..7752310c50 100644 --- a/ecc/bls12-378/fr/kzg/kzg.go +++ b/ecc/bls12-378/fr/kzg/kzg.go @@ -68,22 +68,23 @@ func eval(p []fr.Element, point fr.Element) fr.Element { // In production, a SRS generated through MPC should be used. // // implements io.ReaderFrom and io.WriterTo -func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { +func NewSRS(size uint64, bAlpha *big.Int) (pk ProvingKey, vk VerifyingKey, err error) { if size < 2 { - return nil, ErrMinSRSSize + err = ErrMinSRSSize + return } - var srs SRS - srs.G1 = make([]bls12378.G1Affine, size) + pk.G1 = make([]bls12378.G1Affine, size) var alpha fr.Element alpha.SetBigInt(bAlpha) _, _, gen1Aff, gen2Aff := bls12378.Generators() - srs.G1[0] = gen1Aff - srs.G2[0] = gen2Aff - srs.G2[1].ScalarMultiplication(&gen2Aff, bAlpha) + pk.G1[0] = gen1Aff + vk.G1 = gen1Aff + vk.G2[0] = gen2Aff + vk.G2[1].ScalarMultiplication(&gen2Aff, bAlpha) alphas := make([]fr.Element, size-1) alphas[0] = alpha @@ -91,9 +92,9 @@ func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { alphas[i].Mul(&alphas[i-1], &alpha) } g1s := bls12378.BatchScalarMultiplicationG1(&gen1Aff, alphas) - copy(srs.G1[1:], g1s) + copy(pk.G1[1:], g1s) - return &srs, nil + return } // OpeningProof KZG proof for opening at a single point. diff --git a/ecc/bls12-378/fr/kzg/kzg_test.go b/ecc/bls12-378/fr/kzg/kzg_test.go index 1c15fea7ac..eb63b8e605 100644 --- a/ecc/bls12-378/fr/kzg/kzg_test.go +++ b/ecc/bls12-378/fr/kzg/kzg_test.go @@ -28,12 +28,15 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls12-378/fr" ) -// testSRS re-used accross tests of the KZG scheme -var testSRS *SRS +// Test SRS re-used across tests of the KZG scheme +var ( + pk ProvingKey + vk VerifyingKey +) func init() { const srsSize = 230 - testSRS, _ = NewSRS(ecc.NextPowerOfTwo(srsSize), new(big.Int).SetInt64(42)) + pk, vk, _ = NewSRS(ecc.NextPowerOfTwo(srsSize), new(big.Int).SetInt64(42)) } func TestDividePolyByXminusA(t *testing.T) { diff --git a/ecc/bls12-378/fr/kzg/marshal.go b/ecc/bls12-378/fr/kzg/marshal.go index f7cc449fed..77f89667fe 100644 --- a/ecc/bls12-378/fr/kzg/marshal.go +++ b/ecc/bls12-378/fr/kzg/marshal.go @@ -1,35 +1,55 @@ -// Copyright 2020 ConsenSys Software Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. + // Copyright 2020 ConsenSys Software Inc. + // + // Licensed under the Apache License, Version 2.0 (the "License"); + // you may not use this file except in compliance with the License. + // You may obtain a copy of the License at + // + // http://www.apache.org/licenses/LICENSE-2.0 + // + // Unless required by applicable law or agreed to in writing, software + // distributed under the License is distributed on an "AS IS" BASIS, + // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + // See the License for the specific language governing permissions and + // limitations under the License. + // Code generated by consensys/gnark-crypto DO NOT EDIT package kzg + import ( - "github.com/consensys/gnark-crypto/ecc/bls12-378" "io" + "github.com/consensys/gnark-crypto/ecc/bls12-378" ) -// WriteTo writes binary encoding of the SRS -func (srs *SRS) WriteTo(w io.Writer) (int64, error) { +// WriteTo writes binary encoding of the ProvingKey +func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { + // encode the ProvingKey + enc := bls12378.NewEncoder(w) + + toEncode := []interface{}{ + pk.G1, + } + + for _, v := range toEncode { + if err := enc.Encode(v); err != nil { + return enc.BytesWritten(), err + } + } + + return enc.BytesWritten(), nil +} + +// WriteTo writes binary encoding of the VerifyingKey +func (vk *VerifyingKey]) WriteTo(w io.Writer) (int64, error) { // encode the SRS enc := bls12378.NewEncoder(w) toEncode := []interface{}{ &srs.G2[0], &srs.G2[1], - srs.G1, + &srs.G1, } for _, v := range toEncode { @@ -41,15 +61,33 @@ func (srs *SRS) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } -// ReadFrom decodes SRS data from reader. -func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { +// ReadFrom decodes ProvingKey data from reader. +func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the SRS dec := bls12378.NewDecoder(r) toDecode := []interface{}{ - &srs.G2[0], - &srs.G2[1], - &srs.G1, + &pk.G1, + } + + for _, v := range toDecode { + if err := dec.Decode(v); err != nil { + return dec.BytesRead(), err + } + } + + return dec.BytesRead(), nil +} + +// ReadFrom decodes VerifyingKey data from reader. +func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { + // decode the SRS + dec := bls12378.NewDecoder(r) + + toDecode := []interface{}{ + &vk.G2[0], + &vk.G2[1], + &vk.G1, } for _, v := range toDecode { @@ -61,6 +99,7 @@ func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } + // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { enc := bls12378.NewEncoder(w) diff --git a/ecc/bls12-381/fr/kzg/kzg.go b/ecc/bls12-381/fr/kzg/kzg.go index 8166d981cc..0ec8453135 100644 --- a/ecc/bls12-381/fr/kzg/kzg.go +++ b/ecc/bls12-381/fr/kzg/kzg.go @@ -68,22 +68,23 @@ func eval(p []fr.Element, point fr.Element) fr.Element { // In production, a SRS generated through MPC should be used. // // implements io.ReaderFrom and io.WriterTo -func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { +func NewSRS(size uint64, bAlpha *big.Int) (pk ProvingKey, vk VerifyingKey, err error) { if size < 2 { - return nil, ErrMinSRSSize + err = ErrMinSRSSize + return } - var srs SRS - srs.G1 = make([]bls12381.G1Affine, size) + pk.G1 = make([]bls12381.G1Affine, size) var alpha fr.Element alpha.SetBigInt(bAlpha) _, _, gen1Aff, gen2Aff := bls12381.Generators() - srs.G1[0] = gen1Aff - srs.G2[0] = gen2Aff - srs.G2[1].ScalarMultiplication(&gen2Aff, bAlpha) + pk.G1[0] = gen1Aff + vk.G1 = gen1Aff + vk.G2[0] = gen2Aff + vk.G2[1].ScalarMultiplication(&gen2Aff, bAlpha) alphas := make([]fr.Element, size-1) alphas[0] = alpha @@ -91,9 +92,9 @@ func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { alphas[i].Mul(&alphas[i-1], &alpha) } g1s := bls12381.BatchScalarMultiplicationG1(&gen1Aff, alphas) - copy(srs.G1[1:], g1s) + copy(pk.G1[1:], g1s) - return &srs, nil + return } // OpeningProof KZG proof for opening at a single point. diff --git a/ecc/bls12-381/fr/kzg/kzg_test.go b/ecc/bls12-381/fr/kzg/kzg_test.go index 1a7216e5a3..a361630ce3 100644 --- a/ecc/bls12-381/fr/kzg/kzg_test.go +++ b/ecc/bls12-381/fr/kzg/kzg_test.go @@ -28,12 +28,15 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls12-381/fr" ) -// testSRS re-used accross tests of the KZG scheme -var testSRS *SRS +// Test SRS re-used across tests of the KZG scheme +var ( + pk ProvingKey + vk VerifyingKey +) func init() { const srsSize = 230 - testSRS, _ = NewSRS(ecc.NextPowerOfTwo(srsSize), new(big.Int).SetInt64(42)) + pk, vk, _ = NewSRS(ecc.NextPowerOfTwo(srsSize), new(big.Int).SetInt64(42)) } func TestDividePolyByXminusA(t *testing.T) { diff --git a/ecc/bls12-381/fr/kzg/marshal.go b/ecc/bls12-381/fr/kzg/marshal.go index 527d3ddf39..1d5540c772 100644 --- a/ecc/bls12-381/fr/kzg/marshal.go +++ b/ecc/bls12-381/fr/kzg/marshal.go @@ -1,35 +1,55 @@ -// Copyright 2020 ConsenSys Software Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. + // Copyright 2020 ConsenSys Software Inc. + // + // Licensed under the Apache License, Version 2.0 (the "License"); + // you may not use this file except in compliance with the License. + // You may obtain a copy of the License at + // + // http://www.apache.org/licenses/LICENSE-2.0 + // + // Unless required by applicable law or agreed to in writing, software + // distributed under the License is distributed on an "AS IS" BASIS, + // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + // See the License for the specific language governing permissions and + // limitations under the License. + // Code generated by consensys/gnark-crypto DO NOT EDIT package kzg + import ( - "github.com/consensys/gnark-crypto/ecc/bls12-381" "io" + "github.com/consensys/gnark-crypto/ecc/bls12-381" ) -// WriteTo writes binary encoding of the SRS -func (srs *SRS) WriteTo(w io.Writer) (int64, error) { +// WriteTo writes binary encoding of the ProvingKey +func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { + // encode the ProvingKey + enc := bls12381.NewEncoder(w) + + toEncode := []interface{}{ + pk.G1, + } + + for _, v := range toEncode { + if err := enc.Encode(v); err != nil { + return enc.BytesWritten(), err + } + } + + return enc.BytesWritten(), nil +} + +// WriteTo writes binary encoding of the VerifyingKey +func (vk *VerifyingKey]) WriteTo(w io.Writer) (int64, error) { // encode the SRS enc := bls12381.NewEncoder(w) toEncode := []interface{}{ &srs.G2[0], &srs.G2[1], - srs.G1, + &srs.G1, } for _, v := range toEncode { @@ -41,15 +61,33 @@ func (srs *SRS) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } -// ReadFrom decodes SRS data from reader. -func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { +// ReadFrom decodes ProvingKey data from reader. +func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the SRS dec := bls12381.NewDecoder(r) toDecode := []interface{}{ - &srs.G2[0], - &srs.G2[1], - &srs.G1, + &pk.G1, + } + + for _, v := range toDecode { + if err := dec.Decode(v); err != nil { + return dec.BytesRead(), err + } + } + + return dec.BytesRead(), nil +} + +// ReadFrom decodes VerifyingKey data from reader. +func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { + // decode the SRS + dec := bls12381.NewDecoder(r) + + toDecode := []interface{}{ + &vk.G2[0], + &vk.G2[1], + &vk.G1, } for _, v := range toDecode { @@ -61,6 +99,7 @@ func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } + // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { enc := bls12381.NewEncoder(w) diff --git a/ecc/bls24-315/fr/kzg/kzg.go b/ecc/bls24-315/fr/kzg/kzg.go index 705dbe6976..0aac37afed 100644 --- a/ecc/bls24-315/fr/kzg/kzg.go +++ b/ecc/bls24-315/fr/kzg/kzg.go @@ -68,22 +68,23 @@ func eval(p []fr.Element, point fr.Element) fr.Element { // In production, a SRS generated through MPC should be used. // // implements io.ReaderFrom and io.WriterTo -func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { +func NewSRS(size uint64, bAlpha *big.Int) (pk ProvingKey, vk VerifyingKey, err error) { if size < 2 { - return nil, ErrMinSRSSize + err = ErrMinSRSSize + return } - var srs SRS - srs.G1 = make([]bls24315.G1Affine, size) + pk.G1 = make([]bls24315.G1Affine, size) var alpha fr.Element alpha.SetBigInt(bAlpha) _, _, gen1Aff, gen2Aff := bls24315.Generators() - srs.G1[0] = gen1Aff - srs.G2[0] = gen2Aff - srs.G2[1].ScalarMultiplication(&gen2Aff, bAlpha) + pk.G1[0] = gen1Aff + vk.G1 = gen1Aff + vk.G2[0] = gen2Aff + vk.G2[1].ScalarMultiplication(&gen2Aff, bAlpha) alphas := make([]fr.Element, size-1) alphas[0] = alpha @@ -91,9 +92,9 @@ func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { alphas[i].Mul(&alphas[i-1], &alpha) } g1s := bls24315.BatchScalarMultiplicationG1(&gen1Aff, alphas) - copy(srs.G1[1:], g1s) + copy(pk.G1[1:], g1s) - return &srs, nil + return } // OpeningProof KZG proof for opening at a single point. diff --git a/ecc/bls24-315/fr/kzg/kzg_test.go b/ecc/bls24-315/fr/kzg/kzg_test.go index a9b79482b2..3b7e026413 100644 --- a/ecc/bls24-315/fr/kzg/kzg_test.go +++ b/ecc/bls24-315/fr/kzg/kzg_test.go @@ -28,12 +28,15 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls24-315/fr" ) -// testSRS re-used accross tests of the KZG scheme -var testSRS *SRS +// Test SRS re-used across tests of the KZG scheme +var ( + pk ProvingKey + vk VerifyingKey +) func init() { const srsSize = 230 - testSRS, _ = NewSRS(ecc.NextPowerOfTwo(srsSize), new(big.Int).SetInt64(42)) + pk, vk, _ = NewSRS(ecc.NextPowerOfTwo(srsSize), new(big.Int).SetInt64(42)) } func TestDividePolyByXminusA(t *testing.T) { diff --git a/ecc/bls24-315/fr/kzg/marshal.go b/ecc/bls24-315/fr/kzg/marshal.go index 157c265a60..476deba786 100644 --- a/ecc/bls24-315/fr/kzg/marshal.go +++ b/ecc/bls24-315/fr/kzg/marshal.go @@ -1,35 +1,55 @@ -// Copyright 2020 ConsenSys Software Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. + // Copyright 2020 ConsenSys Software Inc. + // + // Licensed under the Apache License, Version 2.0 (the "License"); + // you may not use this file except in compliance with the License. + // You may obtain a copy of the License at + // + // http://www.apache.org/licenses/LICENSE-2.0 + // + // Unless required by applicable law or agreed to in writing, software + // distributed under the License is distributed on an "AS IS" BASIS, + // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + // See the License for the specific language governing permissions and + // limitations under the License. + // Code generated by consensys/gnark-crypto DO NOT EDIT package kzg + import ( - "github.com/consensys/gnark-crypto/ecc/bls24-315" "io" + "github.com/consensys/gnark-crypto/ecc/bls24-315" ) -// WriteTo writes binary encoding of the SRS -func (srs *SRS) WriteTo(w io.Writer) (int64, error) { +// WriteTo writes binary encoding of the ProvingKey +func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { + // encode the ProvingKey + enc := bls24315.NewEncoder(w) + + toEncode := []interface{}{ + pk.G1, + } + + for _, v := range toEncode { + if err := enc.Encode(v); err != nil { + return enc.BytesWritten(), err + } + } + + return enc.BytesWritten(), nil +} + +// WriteTo writes binary encoding of the VerifyingKey +func (vk *VerifyingKey]) WriteTo(w io.Writer) (int64, error) { // encode the SRS enc := bls24315.NewEncoder(w) toEncode := []interface{}{ &srs.G2[0], &srs.G2[1], - srs.G1, + &srs.G1, } for _, v := range toEncode { @@ -41,15 +61,33 @@ func (srs *SRS) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } -// ReadFrom decodes SRS data from reader. -func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { +// ReadFrom decodes ProvingKey data from reader. +func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the SRS dec := bls24315.NewDecoder(r) toDecode := []interface{}{ - &srs.G2[0], - &srs.G2[1], - &srs.G1, + &pk.G1, + } + + for _, v := range toDecode { + if err := dec.Decode(v); err != nil { + return dec.BytesRead(), err + } + } + + return dec.BytesRead(), nil +} + +// ReadFrom decodes VerifyingKey data from reader. +func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { + // decode the SRS + dec := bls24315.NewDecoder(r) + + toDecode := []interface{}{ + &vk.G2[0], + &vk.G2[1], + &vk.G1, } for _, v := range toDecode { @@ -61,6 +99,7 @@ func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } + // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { enc := bls24315.NewEncoder(w) diff --git a/ecc/bls24-317/fr/kzg/kzg.go b/ecc/bls24-317/fr/kzg/kzg.go index 5c41651bc0..299ce0ccda 100644 --- a/ecc/bls24-317/fr/kzg/kzg.go +++ b/ecc/bls24-317/fr/kzg/kzg.go @@ -68,22 +68,23 @@ func eval(p []fr.Element, point fr.Element) fr.Element { // In production, a SRS generated through MPC should be used. // // implements io.ReaderFrom and io.WriterTo -func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { +func NewSRS(size uint64, bAlpha *big.Int) (pk ProvingKey, vk VerifyingKey, err error) { if size < 2 { - return nil, ErrMinSRSSize + err = ErrMinSRSSize + return } - var srs SRS - srs.G1 = make([]bls24317.G1Affine, size) + pk.G1 = make([]bls24317.G1Affine, size) var alpha fr.Element alpha.SetBigInt(bAlpha) _, _, gen1Aff, gen2Aff := bls24317.Generators() - srs.G1[0] = gen1Aff - srs.G2[0] = gen2Aff - srs.G2[1].ScalarMultiplication(&gen2Aff, bAlpha) + pk.G1[0] = gen1Aff + vk.G1 = gen1Aff + vk.G2[0] = gen2Aff + vk.G2[1].ScalarMultiplication(&gen2Aff, bAlpha) alphas := make([]fr.Element, size-1) alphas[0] = alpha @@ -91,9 +92,9 @@ func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { alphas[i].Mul(&alphas[i-1], &alpha) } g1s := bls24317.BatchScalarMultiplicationG1(&gen1Aff, alphas) - copy(srs.G1[1:], g1s) + copy(pk.G1[1:], g1s) - return &srs, nil + return } // OpeningProof KZG proof for opening at a single point. diff --git a/ecc/bls24-317/fr/kzg/kzg_test.go b/ecc/bls24-317/fr/kzg/kzg_test.go index a018e67a9e..7abfb35421 100644 --- a/ecc/bls24-317/fr/kzg/kzg_test.go +++ b/ecc/bls24-317/fr/kzg/kzg_test.go @@ -28,12 +28,15 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls24-317/fr" ) -// testSRS re-used accross tests of the KZG scheme -var testSRS *SRS +// Test SRS re-used across tests of the KZG scheme +var ( + pk ProvingKey + vk VerifyingKey +) func init() { const srsSize = 230 - testSRS, _ = NewSRS(ecc.NextPowerOfTwo(srsSize), new(big.Int).SetInt64(42)) + pk, vk, _ = NewSRS(ecc.NextPowerOfTwo(srsSize), new(big.Int).SetInt64(42)) } func TestDividePolyByXminusA(t *testing.T) { diff --git a/ecc/bls24-317/fr/kzg/marshal.go b/ecc/bls24-317/fr/kzg/marshal.go index 6d508202e8..8b6c2ff77f 100644 --- a/ecc/bls24-317/fr/kzg/marshal.go +++ b/ecc/bls24-317/fr/kzg/marshal.go @@ -1,35 +1,55 @@ -// Copyright 2020 ConsenSys Software Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. + // Copyright 2020 ConsenSys Software Inc. + // + // Licensed under the Apache License, Version 2.0 (the "License"); + // you may not use this file except in compliance with the License. + // You may obtain a copy of the License at + // + // http://www.apache.org/licenses/LICENSE-2.0 + // + // Unless required by applicable law or agreed to in writing, software + // distributed under the License is distributed on an "AS IS" BASIS, + // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + // See the License for the specific language governing permissions and + // limitations under the License. + // Code generated by consensys/gnark-crypto DO NOT EDIT package kzg + import ( - "github.com/consensys/gnark-crypto/ecc/bls24-317" "io" + "github.com/consensys/gnark-crypto/ecc/bls24-317" ) -// WriteTo writes binary encoding of the SRS -func (srs *SRS) WriteTo(w io.Writer) (int64, error) { +// WriteTo writes binary encoding of the ProvingKey +func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { + // encode the ProvingKey + enc := bls24317.NewEncoder(w) + + toEncode := []interface{}{ + pk.G1, + } + + for _, v := range toEncode { + if err := enc.Encode(v); err != nil { + return enc.BytesWritten(), err + } + } + + return enc.BytesWritten(), nil +} + +// WriteTo writes binary encoding of the VerifyingKey +func (vk *VerifyingKey]) WriteTo(w io.Writer) (int64, error) { // encode the SRS enc := bls24317.NewEncoder(w) toEncode := []interface{}{ &srs.G2[0], &srs.G2[1], - srs.G1, + &srs.G1, } for _, v := range toEncode { @@ -41,15 +61,33 @@ func (srs *SRS) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } -// ReadFrom decodes SRS data from reader. -func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { +// ReadFrom decodes ProvingKey data from reader. +func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the SRS dec := bls24317.NewDecoder(r) toDecode := []interface{}{ - &srs.G2[0], - &srs.G2[1], - &srs.G1, + &pk.G1, + } + + for _, v := range toDecode { + if err := dec.Decode(v); err != nil { + return dec.BytesRead(), err + } + } + + return dec.BytesRead(), nil +} + +// ReadFrom decodes VerifyingKey data from reader. +func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { + // decode the SRS + dec := bls24317.NewDecoder(r) + + toDecode := []interface{}{ + &vk.G2[0], + &vk.G2[1], + &vk.G1, } for _, v := range toDecode { @@ -61,6 +99,7 @@ func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } + // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { enc := bls24317.NewEncoder(w) diff --git a/ecc/bn254/fr/kzg/kzg_test.go b/ecc/bn254/fr/kzg/kzg_test.go index e60037467f..67f1e28ef0 100644 --- a/ecc/bn254/fr/kzg/kzg_test.go +++ b/ecc/bn254/fr/kzg/kzg_test.go @@ -28,12 +28,15 @@ import ( "github.com/consensys/gnark-crypto/ecc/bn254/fr" ) -// testSRS re-used accross tests of the KZG scheme -var testSRS *SRS +// Test SRS re-used across tests of the KZG scheme +var ( + pk ProvingKey + vk VerifyingKey +) func init() { const srsSize = 230 - testSRS, _ = NewSRS(ecc.NextPowerOfTwo(srsSize), new(big.Int).SetInt64(42)) + pk, vk, _ = NewSRS(ecc.NextPowerOfTwo(srsSize), new(big.Int).SetInt64(42)) } func TestDividePolyByXminusA(t *testing.T) { @@ -80,14 +83,14 @@ func TestDividePolyByXminusA(t *testing.T) { func TestSerializationSRS(t *testing.T) { // create a SRS - srs, err := NewSRS(64, new(big.Int).SetInt64(42)) + pk, vk, err := NewSRS(64, new(big.Int).SetInt64(42)) if err != nil { t.Fatal(err) } - // serialize it... + // serialize them... var buf bytes.Buffer - _, err = srs.WriteTo(&buf) + _, err = pk.WriteTo(&buf) if err != nil { t.Fatal(err) } diff --git a/ecc/bn254/fr/kzg/marshal.go b/ecc/bn254/fr/kzg/marshal.go index 9b0bb9bf38..aefd3dbd5a 100644 --- a/ecc/bn254/fr/kzg/marshal.go +++ b/ecc/bn254/fr/kzg/marshal.go @@ -1,35 +1,55 @@ -// Copyright 2020 ConsenSys Software Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. + // Copyright 2020 ConsenSys Software Inc. + // + // Licensed under the Apache License, Version 2.0 (the "License"); + // you may not use this file except in compliance with the License. + // You may obtain a copy of the License at + // + // http://www.apache.org/licenses/LICENSE-2.0 + // + // Unless required by applicable law or agreed to in writing, software + // distributed under the License is distributed on an "AS IS" BASIS, + // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + // See the License for the specific language governing permissions and + // limitations under the License. + // Code generated by consensys/gnark-crypto DO NOT EDIT package kzg + import ( - "github.com/consensys/gnark-crypto/ecc/bn254" "io" + "github.com/consensys/gnark-crypto/ecc/bn254" ) -// WriteTo writes binary encoding of the SRS -func (srs *SRS) WriteTo(w io.Writer) (int64, error) { +// WriteTo writes binary encoding of the ProvingKey +func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { + // encode the ProvingKey + enc := bn254.NewEncoder(w) + + toEncode := []interface{}{ + pk.G1, + } + + for _, v := range toEncode { + if err := enc.Encode(v); err != nil { + return enc.BytesWritten(), err + } + } + + return enc.BytesWritten(), nil +} + +// WriteTo writes binary encoding of the VerifyingKey +func (vk *VerifyingKey]) WriteTo(w io.Writer) (int64, error) { // encode the SRS enc := bn254.NewEncoder(w) toEncode := []interface{}{ &srs.G2[0], &srs.G2[1], - srs.G1, + &srs.G1, } for _, v := range toEncode { @@ -41,15 +61,33 @@ func (srs *SRS) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } -// ReadFrom decodes SRS data from reader. -func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { +// ReadFrom decodes ProvingKey data from reader. +func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the SRS dec := bn254.NewDecoder(r) toDecode := []interface{}{ - &srs.G2[0], - &srs.G2[1], - &srs.G1, + &pk.G1, + } + + for _, v := range toDecode { + if err := dec.Decode(v); err != nil { + return dec.BytesRead(), err + } + } + + return dec.BytesRead(), nil +} + +// ReadFrom decodes VerifyingKey data from reader. +func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { + // decode the SRS + dec := bn254.NewDecoder(r) + + toDecode := []interface{}{ + &vk.G2[0], + &vk.G2[1], + &vk.G1, } for _, v := range toDecode { @@ -61,6 +99,7 @@ func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } + // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { enc := bn254.NewEncoder(w) diff --git a/ecc/bw6-633/fr/kzg/kzg.go b/ecc/bw6-633/fr/kzg/kzg.go index b485a75971..b0740b53ec 100644 --- a/ecc/bw6-633/fr/kzg/kzg.go +++ b/ecc/bw6-633/fr/kzg/kzg.go @@ -68,22 +68,23 @@ func eval(p []fr.Element, point fr.Element) fr.Element { // In production, a SRS generated through MPC should be used. // // implements io.ReaderFrom and io.WriterTo -func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { +func NewSRS(size uint64, bAlpha *big.Int) (pk ProvingKey, vk VerifyingKey, err error) { if size < 2 { - return nil, ErrMinSRSSize + err = ErrMinSRSSize + return } - var srs SRS - srs.G1 = make([]bw6633.G1Affine, size) + pk.G1 = make([]bw6633.G1Affine, size) var alpha fr.Element alpha.SetBigInt(bAlpha) _, _, gen1Aff, gen2Aff := bw6633.Generators() - srs.G1[0] = gen1Aff - srs.G2[0] = gen2Aff - srs.G2[1].ScalarMultiplication(&gen2Aff, bAlpha) + pk.G1[0] = gen1Aff + vk.G1 = gen1Aff + vk.G2[0] = gen2Aff + vk.G2[1].ScalarMultiplication(&gen2Aff, bAlpha) alphas := make([]fr.Element, size-1) alphas[0] = alpha @@ -91,9 +92,9 @@ func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { alphas[i].Mul(&alphas[i-1], &alpha) } g1s := bw6633.BatchScalarMultiplicationG1(&gen1Aff, alphas) - copy(srs.G1[1:], g1s) + copy(pk.G1[1:], g1s) - return &srs, nil + return } // OpeningProof KZG proof for opening at a single point. diff --git a/ecc/bw6-633/fr/kzg/kzg_test.go b/ecc/bw6-633/fr/kzg/kzg_test.go index bff77bf142..e1a129fafc 100644 --- a/ecc/bw6-633/fr/kzg/kzg_test.go +++ b/ecc/bw6-633/fr/kzg/kzg_test.go @@ -28,12 +28,15 @@ import ( "github.com/consensys/gnark-crypto/ecc/bw6-633/fr" ) -// testSRS re-used accross tests of the KZG scheme -var testSRS *SRS +// Test SRS re-used across tests of the KZG scheme +var ( + pk ProvingKey + vk VerifyingKey +) func init() { const srsSize = 230 - testSRS, _ = NewSRS(ecc.NextPowerOfTwo(srsSize), new(big.Int).SetInt64(42)) + pk, vk, _ = NewSRS(ecc.NextPowerOfTwo(srsSize), new(big.Int).SetInt64(42)) } func TestDividePolyByXminusA(t *testing.T) { diff --git a/ecc/bw6-633/fr/kzg/marshal.go b/ecc/bw6-633/fr/kzg/marshal.go index c9b0f9dbe4..5449bf9090 100644 --- a/ecc/bw6-633/fr/kzg/marshal.go +++ b/ecc/bw6-633/fr/kzg/marshal.go @@ -1,35 +1,55 @@ -// Copyright 2020 ConsenSys Software Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. + // Copyright 2020 ConsenSys Software Inc. + // + // Licensed under the Apache License, Version 2.0 (the "License"); + // you may not use this file except in compliance with the License. + // You may obtain a copy of the License at + // + // http://www.apache.org/licenses/LICENSE-2.0 + // + // Unless required by applicable law or agreed to in writing, software + // distributed under the License is distributed on an "AS IS" BASIS, + // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + // See the License for the specific language governing permissions and + // limitations under the License. + // Code generated by consensys/gnark-crypto DO NOT EDIT package kzg + import ( - "github.com/consensys/gnark-crypto/ecc/bw6-633" "io" + "github.com/consensys/gnark-crypto/ecc/bw6-633" ) -// WriteTo writes binary encoding of the SRS -func (srs *SRS) WriteTo(w io.Writer) (int64, error) { +// WriteTo writes binary encoding of the ProvingKey +func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { + // encode the ProvingKey + enc := bw6633.NewEncoder(w) + + toEncode := []interface{}{ + pk.G1, + } + + for _, v := range toEncode { + if err := enc.Encode(v); err != nil { + return enc.BytesWritten(), err + } + } + + return enc.BytesWritten(), nil +} + +// WriteTo writes binary encoding of the VerifyingKey +func (vk *VerifyingKey]) WriteTo(w io.Writer) (int64, error) { // encode the SRS enc := bw6633.NewEncoder(w) toEncode := []interface{}{ &srs.G2[0], &srs.G2[1], - srs.G1, + &srs.G1, } for _, v := range toEncode { @@ -41,15 +61,33 @@ func (srs *SRS) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } -// ReadFrom decodes SRS data from reader. -func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { +// ReadFrom decodes ProvingKey data from reader. +func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the SRS dec := bw6633.NewDecoder(r) toDecode := []interface{}{ - &srs.G2[0], - &srs.G2[1], - &srs.G1, + &pk.G1, + } + + for _, v := range toDecode { + if err := dec.Decode(v); err != nil { + return dec.BytesRead(), err + } + } + + return dec.BytesRead(), nil +} + +// ReadFrom decodes VerifyingKey data from reader. +func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { + // decode the SRS + dec := bw6633.NewDecoder(r) + + toDecode := []interface{}{ + &vk.G2[0], + &vk.G2[1], + &vk.G1, } for _, v := range toDecode { @@ -61,6 +99,7 @@ func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } + // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { enc := bw6633.NewEncoder(w) diff --git a/ecc/bw6-756/fr/kzg/kzg.go b/ecc/bw6-756/fr/kzg/kzg.go index 581c43ca06..72bfaa3a47 100644 --- a/ecc/bw6-756/fr/kzg/kzg.go +++ b/ecc/bw6-756/fr/kzg/kzg.go @@ -68,22 +68,23 @@ func eval(p []fr.Element, point fr.Element) fr.Element { // In production, a SRS generated through MPC should be used. // // implements io.ReaderFrom and io.WriterTo -func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { +func NewSRS(size uint64, bAlpha *big.Int) (pk ProvingKey, vk VerifyingKey, err error) { if size < 2 { - return nil, ErrMinSRSSize + err = ErrMinSRSSize + return } - var srs SRS - srs.G1 = make([]bw6756.G1Affine, size) + pk.G1 = make([]bw6756.G1Affine, size) var alpha fr.Element alpha.SetBigInt(bAlpha) _, _, gen1Aff, gen2Aff := bw6756.Generators() - srs.G1[0] = gen1Aff - srs.G2[0] = gen2Aff - srs.G2[1].ScalarMultiplication(&gen2Aff, bAlpha) + pk.G1[0] = gen1Aff + vk.G1 = gen1Aff + vk.G2[0] = gen2Aff + vk.G2[1].ScalarMultiplication(&gen2Aff, bAlpha) alphas := make([]fr.Element, size-1) alphas[0] = alpha @@ -91,9 +92,9 @@ func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { alphas[i].Mul(&alphas[i-1], &alpha) } g1s := bw6756.BatchScalarMultiplicationG1(&gen1Aff, alphas) - copy(srs.G1[1:], g1s) + copy(pk.G1[1:], g1s) - return &srs, nil + return } // OpeningProof KZG proof for opening at a single point. diff --git a/ecc/bw6-756/fr/kzg/kzg_test.go b/ecc/bw6-756/fr/kzg/kzg_test.go index 0d22e6c7e7..97ad42ab3c 100644 --- a/ecc/bw6-756/fr/kzg/kzg_test.go +++ b/ecc/bw6-756/fr/kzg/kzg_test.go @@ -28,12 +28,15 @@ import ( "github.com/consensys/gnark-crypto/ecc/bw6-756/fr" ) -// testSRS re-used accross tests of the KZG scheme -var testSRS *SRS +// Test SRS re-used across tests of the KZG scheme +var ( + pk ProvingKey + vk VerifyingKey +) func init() { const srsSize = 230 - testSRS, _ = NewSRS(ecc.NextPowerOfTwo(srsSize), new(big.Int).SetInt64(42)) + pk, vk, _ = NewSRS(ecc.NextPowerOfTwo(srsSize), new(big.Int).SetInt64(42)) } func TestDividePolyByXminusA(t *testing.T) { diff --git a/ecc/bw6-756/fr/kzg/marshal.go b/ecc/bw6-756/fr/kzg/marshal.go index 2f61ed281e..971910b8a0 100644 --- a/ecc/bw6-756/fr/kzg/marshal.go +++ b/ecc/bw6-756/fr/kzg/marshal.go @@ -1,35 +1,55 @@ -// Copyright 2020 ConsenSys Software Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. + // Copyright 2020 ConsenSys Software Inc. + // + // Licensed under the Apache License, Version 2.0 (the "License"); + // you may not use this file except in compliance with the License. + // You may obtain a copy of the License at + // + // http://www.apache.org/licenses/LICENSE-2.0 + // + // Unless required by applicable law or agreed to in writing, software + // distributed under the License is distributed on an "AS IS" BASIS, + // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + // See the License for the specific language governing permissions and + // limitations under the License. + // Code generated by consensys/gnark-crypto DO NOT EDIT package kzg + import ( - "github.com/consensys/gnark-crypto/ecc/bw6-756" "io" + "github.com/consensys/gnark-crypto/ecc/bw6-756" ) -// WriteTo writes binary encoding of the SRS -func (srs *SRS) WriteTo(w io.Writer) (int64, error) { +// WriteTo writes binary encoding of the ProvingKey +func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { + // encode the ProvingKey + enc := bw6756.NewEncoder(w) + + toEncode := []interface{}{ + pk.G1, + } + + for _, v := range toEncode { + if err := enc.Encode(v); err != nil { + return enc.BytesWritten(), err + } + } + + return enc.BytesWritten(), nil +} + +// WriteTo writes binary encoding of the VerifyingKey +func (vk *VerifyingKey]) WriteTo(w io.Writer) (int64, error) { // encode the SRS enc := bw6756.NewEncoder(w) toEncode := []interface{}{ &srs.G2[0], &srs.G2[1], - srs.G1, + &srs.G1, } for _, v := range toEncode { @@ -41,15 +61,33 @@ func (srs *SRS) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } -// ReadFrom decodes SRS data from reader. -func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { +// ReadFrom decodes ProvingKey data from reader. +func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the SRS dec := bw6756.NewDecoder(r) toDecode := []interface{}{ - &srs.G2[0], - &srs.G2[1], - &srs.G1, + &pk.G1, + } + + for _, v := range toDecode { + if err := dec.Decode(v); err != nil { + return dec.BytesRead(), err + } + } + + return dec.BytesRead(), nil +} + +// ReadFrom decodes VerifyingKey data from reader. +func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { + // decode the SRS + dec := bw6756.NewDecoder(r) + + toDecode := []interface{}{ + &vk.G2[0], + &vk.G2[1], + &vk.G1, } for _, v := range toDecode { @@ -61,6 +99,7 @@ func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } + // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { enc := bw6756.NewEncoder(w) diff --git a/ecc/bw6-761/fr/kzg/kzg.go b/ecc/bw6-761/fr/kzg/kzg.go index 814df2245c..c63361686c 100644 --- a/ecc/bw6-761/fr/kzg/kzg.go +++ b/ecc/bw6-761/fr/kzg/kzg.go @@ -68,22 +68,23 @@ func eval(p []fr.Element, point fr.Element) fr.Element { // In production, a SRS generated through MPC should be used. // // implements io.ReaderFrom and io.WriterTo -func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { +func NewSRS(size uint64, bAlpha *big.Int) (pk ProvingKey, vk VerifyingKey, err error) { if size < 2 { - return nil, ErrMinSRSSize + err = ErrMinSRSSize + return } - var srs SRS - srs.G1 = make([]bw6761.G1Affine, size) + pk.G1 = make([]bw6761.G1Affine, size) var alpha fr.Element alpha.SetBigInt(bAlpha) _, _, gen1Aff, gen2Aff := bw6761.Generators() - srs.G1[0] = gen1Aff - srs.G2[0] = gen2Aff - srs.G2[1].ScalarMultiplication(&gen2Aff, bAlpha) + pk.G1[0] = gen1Aff + vk.G1 = gen1Aff + vk.G2[0] = gen2Aff + vk.G2[1].ScalarMultiplication(&gen2Aff, bAlpha) alphas := make([]fr.Element, size-1) alphas[0] = alpha @@ -91,9 +92,9 @@ func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { alphas[i].Mul(&alphas[i-1], &alpha) } g1s := bw6761.BatchScalarMultiplicationG1(&gen1Aff, alphas) - copy(srs.G1[1:], g1s) + copy(pk.G1[1:], g1s) - return &srs, nil + return } // OpeningProof KZG proof for opening at a single point. diff --git a/ecc/bw6-761/fr/kzg/kzg_test.go b/ecc/bw6-761/fr/kzg/kzg_test.go index 4d4c73e4f4..42cd378c15 100644 --- a/ecc/bw6-761/fr/kzg/kzg_test.go +++ b/ecc/bw6-761/fr/kzg/kzg_test.go @@ -28,12 +28,15 @@ import ( "github.com/consensys/gnark-crypto/ecc/bw6-761/fr" ) -// testSRS re-used accross tests of the KZG scheme -var testSRS *SRS +// Test SRS re-used across tests of the KZG scheme +var ( + pk ProvingKey + vk VerifyingKey +) func init() { const srsSize = 230 - testSRS, _ = NewSRS(ecc.NextPowerOfTwo(srsSize), new(big.Int).SetInt64(42)) + pk, vk, _ = NewSRS(ecc.NextPowerOfTwo(srsSize), new(big.Int).SetInt64(42)) } func TestDividePolyByXminusA(t *testing.T) { diff --git a/ecc/bw6-761/fr/kzg/marshal.go b/ecc/bw6-761/fr/kzg/marshal.go index 92cb2a1a71..a742e52dd8 100644 --- a/ecc/bw6-761/fr/kzg/marshal.go +++ b/ecc/bw6-761/fr/kzg/marshal.go @@ -1,35 +1,55 @@ -// Copyright 2020 ConsenSys Software Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. + // Copyright 2020 ConsenSys Software Inc. + // + // Licensed under the Apache License, Version 2.0 (the "License"); + // you may not use this file except in compliance with the License. + // You may obtain a copy of the License at + // + // http://www.apache.org/licenses/LICENSE-2.0 + // + // Unless required by applicable law or agreed to in writing, software + // distributed under the License is distributed on an "AS IS" BASIS, + // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + // See the License for the specific language governing permissions and + // limitations under the License. + // Code generated by consensys/gnark-crypto DO NOT EDIT package kzg + import ( - "github.com/consensys/gnark-crypto/ecc/bw6-761" "io" + "github.com/consensys/gnark-crypto/ecc/bw6-761" ) -// WriteTo writes binary encoding of the SRS -func (srs *SRS) WriteTo(w io.Writer) (int64, error) { +// WriteTo writes binary encoding of the ProvingKey +func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { + // encode the ProvingKey + enc := bw6761.NewEncoder(w) + + toEncode := []interface{}{ + pk.G1, + } + + for _, v := range toEncode { + if err := enc.Encode(v); err != nil { + return enc.BytesWritten(), err + } + } + + return enc.BytesWritten(), nil +} + +// WriteTo writes binary encoding of the VerifyingKey +func (vk *VerifyingKey]) WriteTo(w io.Writer) (int64, error) { // encode the SRS enc := bw6761.NewEncoder(w) toEncode := []interface{}{ &srs.G2[0], &srs.G2[1], - srs.G1, + &srs.G1, } for _, v := range toEncode { @@ -41,15 +61,33 @@ func (srs *SRS) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } -// ReadFrom decodes SRS data from reader. -func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { +// ReadFrom decodes ProvingKey data from reader. +func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the SRS dec := bw6761.NewDecoder(r) toDecode := []interface{}{ - &srs.G2[0], - &srs.G2[1], - &srs.G1, + &pk.G1, + } + + for _, v := range toDecode { + if err := dec.Decode(v); err != nil { + return dec.BytesRead(), err + } + } + + return dec.BytesRead(), nil +} + +// ReadFrom decodes VerifyingKey data from reader. +func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { + // decode the SRS + dec := bw6761.NewDecoder(r) + + toDecode := []interface{}{ + &vk.G2[0], + &vk.G2[1], + &vk.G1, } for _, v := range toDecode { @@ -61,6 +99,7 @@ func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } + // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { enc := bw6761.NewEncoder(w) diff --git a/internal/generator/kzg/template/kzg.go.tmpl b/internal/generator/kzg/template/kzg.go.tmpl index 99e817454a..f4d6d69c3f 100644 --- a/internal/generator/kzg/template/kzg.go.tmpl +++ b/internal/generator/kzg/template/kzg.go.tmpl @@ -50,22 +50,23 @@ func eval(p []fr.Element, point fr.Element) fr.Element { // In production, a SRS generated through MPC should be used. // // implements io.ReaderFrom and io.WriterTo -func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { +func NewSRS(size uint64, bAlpha *big.Int) (pk ProvingKey, vk VerifyingKey, err error) { if size < 2 { - return nil, ErrMinSRSSize + err = ErrMinSRSSize + return } - var srs SRS - srs.G1 = make([]{{ .CurvePackage }}.G1Affine, size) + pk.G1 = make([]{{ .CurvePackage }}.G1Affine, size) var alpha fr.Element alpha.SetBigInt(bAlpha) _, _, gen1Aff, gen2Aff := {{ .CurvePackage }}.Generators() - srs.G1[0] = gen1Aff - srs.G2[0] = gen2Aff - srs.G2[1].ScalarMultiplication(&gen2Aff, bAlpha) + pk.G1[0] = gen1Aff + vk.G1 = gen1Aff + vk.G2[0] = gen2Aff + vk.G2[1].ScalarMultiplication(&gen2Aff, bAlpha) alphas := make([]fr.Element, size-1) alphas[0] = alpha @@ -73,9 +74,9 @@ func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { alphas[i].Mul(&alphas[i-1], &alpha) } g1s := {{ .CurvePackage }}.BatchScalarMultiplicationG1(&gen1Aff, alphas) - copy(srs.G1[1:], g1s) + copy(pk.G1[1:], g1s) - return &srs, nil + return } // OpeningProof KZG proof for opening at a single point. diff --git a/internal/generator/kzg/template/kzg.test.go.tmpl b/internal/generator/kzg/template/kzg.test.go.tmpl index fe4ad7a23e..63d4332b7f 100644 --- a/internal/generator/kzg/template/kzg.test.go.tmpl +++ b/internal/generator/kzg/template/kzg.test.go.tmpl @@ -10,12 +10,15 @@ import ( "github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr" ) -// testSRS re-used accross tests of the KZG scheme -var testSRS *SRS +// Test SRS re-used across tests of the KZG scheme +var ( + pk ProvingKey + vk VerifyingKey +) func init() { const srsSize = 230 - testSRS, _ = NewSRS(ecc.NextPowerOfTwo(srsSize), new(big.Int).SetInt64(42)) + pk, vk, _ = NewSRS(ecc.NextPowerOfTwo(srsSize), new(big.Int).SetInt64(42)) } func TestDividePolyByXminusA(t *testing.T) { diff --git a/internal/generator/kzg/template/marshal.go.tmpl b/internal/generator/kzg/template/marshal.go.tmpl index d1caf3c86e..d6002dfd05 100644 --- a/internal/generator/kzg/template/marshal.go.tmpl +++ b/internal/generator/kzg/template/marshal.go.tmpl @@ -4,15 +4,33 @@ import ( "github.com/consensys/gnark-crypto/ecc/{{ .Name }}" ) -// WriteTo writes binary encoding of the SRS -func (srs *SRS) WriteTo(w io.Writer) (int64, error) { +// WriteTo writes binary encoding of the ProvingKey +func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { + // encode the ProvingKey + enc := {{ .CurvePackage }}.NewEncoder(w) + + toEncode := []interface{}{ + pk.G1, + } + + for _, v := range toEncode { + if err := enc.Encode(v); err != nil { + return enc.BytesWritten(), err + } + } + + return enc.BytesWritten(), nil +} + +// WriteTo writes binary encoding of the VerifyingKey +func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { // encode the SRS enc := {{ .CurvePackage }}.NewEncoder(w) toEncode := []interface{}{ &srs.G2[0], &srs.G2[1], - srs.G1, + &srs.G1, } for _, v := range toEncode { @@ -24,15 +42,13 @@ func (srs *SRS) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } -// ReadFrom decodes SRS data from reader. -func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { +// ReadFrom decodes ProvingKey data from reader. +func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the SRS dec := {{ .CurvePackage }}.NewDecoder(r) toDecode := []interface{}{ - &srs.G2[0], - &srs.G2[1], - &srs.G1, + &pk.G1, } for _, v := range toDecode { @@ -44,6 +60,27 @@ func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } +// ReadFrom decodes VerifyingKey data from reader. +func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { + // decode the SRS + dec := {{ .CurvePackage }}.NewDecoder(r) + + toDecode := []interface{}{ + &vk.G2[0], + &vk.G2[1], + &vk.G1, + } + + for _, v := range toDecode { + if err := dec.Decode(v); err != nil { + return dec.BytesRead(), err + } + } + + return dec.BytesRead(), nil +} + + // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { enc := {{ .CurvePackage }}.NewEncoder(w) From b905afeb90d2a0797910fe4f08245b4d39e0a633 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Fri, 7 Apr 2023 15:45:28 -0500 Subject: [PATCH 03/21] build: generify marshal changes --- ecc/bls12-377/fr/kzg/marshal.go | 45 +++++++++---------- ecc/bls12-378/fr/kzg/marshal.go | 45 +++++++++---------- ecc/bls12-381/fr/kzg/marshal.go | 45 +++++++++---------- ecc/bls24-315/fr/kzg/marshal.go | 45 +++++++++---------- ecc/bls24-317/fr/kzg/marshal.go | 45 +++++++++---------- ecc/bn254/fr/kzg/kzg_test.go | 6 +-- ecc/bn254/fr/kzg/marshal.go | 45 +++++++++---------- ecc/bw6-633/fr/kzg/marshal.go | 45 +++++++++---------- ecc/bw6-756/fr/kzg/marshal.go | 45 +++++++++---------- ecc/bw6-761/fr/kzg/marshal.go | 45 +++++++++---------- .../generator/kzg/template/marshal.go.tmpl | 12 ++--- 11 files changed, 198 insertions(+), 225 deletions(-) diff --git a/ecc/bls12-377/fr/kzg/marshal.go b/ecc/bls12-377/fr/kzg/marshal.go index 34c04300dc..1fd9f88292 100644 --- a/ecc/bls12-377/fr/kzg/marshal.go +++ b/ecc/bls12-377/fr/kzg/marshal.go @@ -1,26 +1,24 @@ +// Copyright 2020 ConsenSys Software Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. - // Copyright 2020 ConsenSys Software Inc. - // - // Licensed under the Apache License, Version 2.0 (the "License"); - // you may not use this file except in compliance with the License. - // You may obtain a copy of the License at - // - // http://www.apache.org/licenses/LICENSE-2.0 - // - // Unless required by applicable law or agreed to in writing, software - // distributed under the License is distributed on an "AS IS" BASIS, - // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - // See the License for the specific language governing permissions and - // limitations under the License. - // Code generated by consensys/gnark-crypto DO NOT EDIT package kzg - import ( - "io" "github.com/consensys/gnark-crypto/ecc/bls12-377" + "io" ) // WriteTo writes binary encoding of the ProvingKey @@ -42,14 +40,14 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { } // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey]) WriteTo(w io.Writer) (int64, error) { - // encode the SRS +func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { + // encode the VerifyingKey enc := bls12377.NewEncoder(w) toEncode := []interface{}{ - &srs.G2[0], - &srs.G2[1], - &srs.G1, + &vk.G2[0], + &vk.G2[1], + &vk.G1, } for _, v := range toEncode { @@ -63,7 +61,7 @@ func (vk *VerifyingKey]) WriteTo(w io.Writer) (int64, error) { // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { - // decode the SRS + // decode the ProvingKey dec := bls12377.NewDecoder(r) toDecode := []interface{}{ @@ -81,7 +79,7 @@ func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // ReadFrom decodes VerifyingKey data from reader. func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { - // decode the SRS + // decode the VerifyingKey dec := bls12377.NewDecoder(r) toDecode := []interface{}{ @@ -99,7 +97,6 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } - // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { enc := bls12377.NewEncoder(w) diff --git a/ecc/bls12-378/fr/kzg/marshal.go b/ecc/bls12-378/fr/kzg/marshal.go index 77f89667fe..d84cfd502c 100644 --- a/ecc/bls12-378/fr/kzg/marshal.go +++ b/ecc/bls12-378/fr/kzg/marshal.go @@ -1,26 +1,24 @@ +// Copyright 2020 ConsenSys Software Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. - // Copyright 2020 ConsenSys Software Inc. - // - // Licensed under the Apache License, Version 2.0 (the "License"); - // you may not use this file except in compliance with the License. - // You may obtain a copy of the License at - // - // http://www.apache.org/licenses/LICENSE-2.0 - // - // Unless required by applicable law or agreed to in writing, software - // distributed under the License is distributed on an "AS IS" BASIS, - // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - // See the License for the specific language governing permissions and - // limitations under the License. - // Code generated by consensys/gnark-crypto DO NOT EDIT package kzg - import ( - "io" "github.com/consensys/gnark-crypto/ecc/bls12-378" + "io" ) // WriteTo writes binary encoding of the ProvingKey @@ -42,14 +40,14 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { } // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey]) WriteTo(w io.Writer) (int64, error) { - // encode the SRS +func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { + // encode the VerifyingKey enc := bls12378.NewEncoder(w) toEncode := []interface{}{ - &srs.G2[0], - &srs.G2[1], - &srs.G1, + &vk.G2[0], + &vk.G2[1], + &vk.G1, } for _, v := range toEncode { @@ -63,7 +61,7 @@ func (vk *VerifyingKey]) WriteTo(w io.Writer) (int64, error) { // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { - // decode the SRS + // decode the ProvingKey dec := bls12378.NewDecoder(r) toDecode := []interface{}{ @@ -81,7 +79,7 @@ func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // ReadFrom decodes VerifyingKey data from reader. func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { - // decode the SRS + // decode the VerifyingKey dec := bls12378.NewDecoder(r) toDecode := []interface{}{ @@ -99,7 +97,6 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } - // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { enc := bls12378.NewEncoder(w) diff --git a/ecc/bls12-381/fr/kzg/marshal.go b/ecc/bls12-381/fr/kzg/marshal.go index 1d5540c772..4e01b1e4b5 100644 --- a/ecc/bls12-381/fr/kzg/marshal.go +++ b/ecc/bls12-381/fr/kzg/marshal.go @@ -1,26 +1,24 @@ +// Copyright 2020 ConsenSys Software Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. - // Copyright 2020 ConsenSys Software Inc. - // - // Licensed under the Apache License, Version 2.0 (the "License"); - // you may not use this file except in compliance with the License. - // You may obtain a copy of the License at - // - // http://www.apache.org/licenses/LICENSE-2.0 - // - // Unless required by applicable law or agreed to in writing, software - // distributed under the License is distributed on an "AS IS" BASIS, - // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - // See the License for the specific language governing permissions and - // limitations under the License. - // Code generated by consensys/gnark-crypto DO NOT EDIT package kzg - import ( - "io" "github.com/consensys/gnark-crypto/ecc/bls12-381" + "io" ) // WriteTo writes binary encoding of the ProvingKey @@ -42,14 +40,14 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { } // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey]) WriteTo(w io.Writer) (int64, error) { - // encode the SRS +func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { + // encode the VerifyingKey enc := bls12381.NewEncoder(w) toEncode := []interface{}{ - &srs.G2[0], - &srs.G2[1], - &srs.G1, + &vk.G2[0], + &vk.G2[1], + &vk.G1, } for _, v := range toEncode { @@ -63,7 +61,7 @@ func (vk *VerifyingKey]) WriteTo(w io.Writer) (int64, error) { // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { - // decode the SRS + // decode the ProvingKey dec := bls12381.NewDecoder(r) toDecode := []interface{}{ @@ -81,7 +79,7 @@ func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // ReadFrom decodes VerifyingKey data from reader. func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { - // decode the SRS + // decode the VerifyingKey dec := bls12381.NewDecoder(r) toDecode := []interface{}{ @@ -99,7 +97,6 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } - // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { enc := bls12381.NewEncoder(w) diff --git a/ecc/bls24-315/fr/kzg/marshal.go b/ecc/bls24-315/fr/kzg/marshal.go index 476deba786..71a47b6deb 100644 --- a/ecc/bls24-315/fr/kzg/marshal.go +++ b/ecc/bls24-315/fr/kzg/marshal.go @@ -1,26 +1,24 @@ +// Copyright 2020 ConsenSys Software Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. - // Copyright 2020 ConsenSys Software Inc. - // - // Licensed under the Apache License, Version 2.0 (the "License"); - // you may not use this file except in compliance with the License. - // You may obtain a copy of the License at - // - // http://www.apache.org/licenses/LICENSE-2.0 - // - // Unless required by applicable law or agreed to in writing, software - // distributed under the License is distributed on an "AS IS" BASIS, - // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - // See the License for the specific language governing permissions and - // limitations under the License. - // Code generated by consensys/gnark-crypto DO NOT EDIT package kzg - import ( - "io" "github.com/consensys/gnark-crypto/ecc/bls24-315" + "io" ) // WriteTo writes binary encoding of the ProvingKey @@ -42,14 +40,14 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { } // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey]) WriteTo(w io.Writer) (int64, error) { - // encode the SRS +func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { + // encode the VerifyingKey enc := bls24315.NewEncoder(w) toEncode := []interface{}{ - &srs.G2[0], - &srs.G2[1], - &srs.G1, + &vk.G2[0], + &vk.G2[1], + &vk.G1, } for _, v := range toEncode { @@ -63,7 +61,7 @@ func (vk *VerifyingKey]) WriteTo(w io.Writer) (int64, error) { // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { - // decode the SRS + // decode the ProvingKey dec := bls24315.NewDecoder(r) toDecode := []interface{}{ @@ -81,7 +79,7 @@ func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // ReadFrom decodes VerifyingKey data from reader. func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { - // decode the SRS + // decode the VerifyingKey dec := bls24315.NewDecoder(r) toDecode := []interface{}{ @@ -99,7 +97,6 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } - // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { enc := bls24315.NewEncoder(w) diff --git a/ecc/bls24-317/fr/kzg/marshal.go b/ecc/bls24-317/fr/kzg/marshal.go index 8b6c2ff77f..76a28d5200 100644 --- a/ecc/bls24-317/fr/kzg/marshal.go +++ b/ecc/bls24-317/fr/kzg/marshal.go @@ -1,26 +1,24 @@ +// Copyright 2020 ConsenSys Software Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. - // Copyright 2020 ConsenSys Software Inc. - // - // Licensed under the Apache License, Version 2.0 (the "License"); - // you may not use this file except in compliance with the License. - // You may obtain a copy of the License at - // - // http://www.apache.org/licenses/LICENSE-2.0 - // - // Unless required by applicable law or agreed to in writing, software - // distributed under the License is distributed on an "AS IS" BASIS, - // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - // See the License for the specific language governing permissions and - // limitations under the License. - // Code generated by consensys/gnark-crypto DO NOT EDIT package kzg - import ( - "io" "github.com/consensys/gnark-crypto/ecc/bls24-317" + "io" ) // WriteTo writes binary encoding of the ProvingKey @@ -42,14 +40,14 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { } // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey]) WriteTo(w io.Writer) (int64, error) { - // encode the SRS +func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { + // encode the VerifyingKey enc := bls24317.NewEncoder(w) toEncode := []interface{}{ - &srs.G2[0], - &srs.G2[1], - &srs.G1, + &vk.G2[0], + &vk.G2[1], + &vk.G1, } for _, v := range toEncode { @@ -63,7 +61,7 @@ func (vk *VerifyingKey]) WriteTo(w io.Writer) (int64, error) { // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { - // decode the SRS + // decode the ProvingKey dec := bls24317.NewDecoder(r) toDecode := []interface{}{ @@ -81,7 +79,7 @@ func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // ReadFrom decodes VerifyingKey data from reader. func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { - // decode the SRS + // decode the VerifyingKey dec := bls24317.NewDecoder(r) toDecode := []interface{}{ @@ -99,7 +97,6 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } - // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { enc := bls24317.NewEncoder(w) diff --git a/ecc/bn254/fr/kzg/kzg_test.go b/ecc/bn254/fr/kzg/kzg_test.go index 67f1e28ef0..0fe8329195 100644 --- a/ecc/bn254/fr/kzg/kzg_test.go +++ b/ecc/bn254/fr/kzg/kzg_test.go @@ -83,14 +83,14 @@ func TestDividePolyByXminusA(t *testing.T) { func TestSerializationSRS(t *testing.T) { // create a SRS - pk, vk, err := NewSRS(64, new(big.Int).SetInt64(42)) + srs, err := NewSRS(64, new(big.Int).SetInt64(42)) if err != nil { t.Fatal(err) } - // serialize them... + // serialize it... var buf bytes.Buffer - _, err = pk.WriteTo(&buf) + _, err = srs.WriteTo(&buf) if err != nil { t.Fatal(err) } diff --git a/ecc/bn254/fr/kzg/marshal.go b/ecc/bn254/fr/kzg/marshal.go index aefd3dbd5a..75c0584167 100644 --- a/ecc/bn254/fr/kzg/marshal.go +++ b/ecc/bn254/fr/kzg/marshal.go @@ -1,26 +1,24 @@ +// Copyright 2020 ConsenSys Software Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. - // Copyright 2020 ConsenSys Software Inc. - // - // Licensed under the Apache License, Version 2.0 (the "License"); - // you may not use this file except in compliance with the License. - // You may obtain a copy of the License at - // - // http://www.apache.org/licenses/LICENSE-2.0 - // - // Unless required by applicable law or agreed to in writing, software - // distributed under the License is distributed on an "AS IS" BASIS, - // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - // See the License for the specific language governing permissions and - // limitations under the License. - // Code generated by consensys/gnark-crypto DO NOT EDIT package kzg - import ( - "io" "github.com/consensys/gnark-crypto/ecc/bn254" + "io" ) // WriteTo writes binary encoding of the ProvingKey @@ -42,14 +40,14 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { } // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey]) WriteTo(w io.Writer) (int64, error) { - // encode the SRS +func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { + // encode the VerifyingKey enc := bn254.NewEncoder(w) toEncode := []interface{}{ - &srs.G2[0], - &srs.G2[1], - &srs.G1, + &vk.G2[0], + &vk.G2[1], + &vk.G1, } for _, v := range toEncode { @@ -63,7 +61,7 @@ func (vk *VerifyingKey]) WriteTo(w io.Writer) (int64, error) { // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { - // decode the SRS + // decode the ProvingKey dec := bn254.NewDecoder(r) toDecode := []interface{}{ @@ -81,7 +79,7 @@ func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // ReadFrom decodes VerifyingKey data from reader. func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { - // decode the SRS + // decode the VerifyingKey dec := bn254.NewDecoder(r) toDecode := []interface{}{ @@ -99,7 +97,6 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } - // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { enc := bn254.NewEncoder(w) diff --git a/ecc/bw6-633/fr/kzg/marshal.go b/ecc/bw6-633/fr/kzg/marshal.go index 5449bf9090..4550e8b2d4 100644 --- a/ecc/bw6-633/fr/kzg/marshal.go +++ b/ecc/bw6-633/fr/kzg/marshal.go @@ -1,26 +1,24 @@ +// Copyright 2020 ConsenSys Software Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. - // Copyright 2020 ConsenSys Software Inc. - // - // Licensed under the Apache License, Version 2.0 (the "License"); - // you may not use this file except in compliance with the License. - // You may obtain a copy of the License at - // - // http://www.apache.org/licenses/LICENSE-2.0 - // - // Unless required by applicable law or agreed to in writing, software - // distributed under the License is distributed on an "AS IS" BASIS, - // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - // See the License for the specific language governing permissions and - // limitations under the License. - // Code generated by consensys/gnark-crypto DO NOT EDIT package kzg - import ( - "io" "github.com/consensys/gnark-crypto/ecc/bw6-633" + "io" ) // WriteTo writes binary encoding of the ProvingKey @@ -42,14 +40,14 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { } // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey]) WriteTo(w io.Writer) (int64, error) { - // encode the SRS +func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { + // encode the VerifyingKey enc := bw6633.NewEncoder(w) toEncode := []interface{}{ - &srs.G2[0], - &srs.G2[1], - &srs.G1, + &vk.G2[0], + &vk.G2[1], + &vk.G1, } for _, v := range toEncode { @@ -63,7 +61,7 @@ func (vk *VerifyingKey]) WriteTo(w io.Writer) (int64, error) { // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { - // decode the SRS + // decode the ProvingKey dec := bw6633.NewDecoder(r) toDecode := []interface{}{ @@ -81,7 +79,7 @@ func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // ReadFrom decodes VerifyingKey data from reader. func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { - // decode the SRS + // decode the VerifyingKey dec := bw6633.NewDecoder(r) toDecode := []interface{}{ @@ -99,7 +97,6 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } - // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { enc := bw6633.NewEncoder(w) diff --git a/ecc/bw6-756/fr/kzg/marshal.go b/ecc/bw6-756/fr/kzg/marshal.go index 971910b8a0..afa07174c4 100644 --- a/ecc/bw6-756/fr/kzg/marshal.go +++ b/ecc/bw6-756/fr/kzg/marshal.go @@ -1,26 +1,24 @@ +// Copyright 2020 ConsenSys Software Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. - // Copyright 2020 ConsenSys Software Inc. - // - // Licensed under the Apache License, Version 2.0 (the "License"); - // you may not use this file except in compliance with the License. - // You may obtain a copy of the License at - // - // http://www.apache.org/licenses/LICENSE-2.0 - // - // Unless required by applicable law or agreed to in writing, software - // distributed under the License is distributed on an "AS IS" BASIS, - // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - // See the License for the specific language governing permissions and - // limitations under the License. - // Code generated by consensys/gnark-crypto DO NOT EDIT package kzg - import ( - "io" "github.com/consensys/gnark-crypto/ecc/bw6-756" + "io" ) // WriteTo writes binary encoding of the ProvingKey @@ -42,14 +40,14 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { } // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey]) WriteTo(w io.Writer) (int64, error) { - // encode the SRS +func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { + // encode the VerifyingKey enc := bw6756.NewEncoder(w) toEncode := []interface{}{ - &srs.G2[0], - &srs.G2[1], - &srs.G1, + &vk.G2[0], + &vk.G2[1], + &vk.G1, } for _, v := range toEncode { @@ -63,7 +61,7 @@ func (vk *VerifyingKey]) WriteTo(w io.Writer) (int64, error) { // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { - // decode the SRS + // decode the ProvingKey dec := bw6756.NewDecoder(r) toDecode := []interface{}{ @@ -81,7 +79,7 @@ func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // ReadFrom decodes VerifyingKey data from reader. func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { - // decode the SRS + // decode the VerifyingKey dec := bw6756.NewDecoder(r) toDecode := []interface{}{ @@ -99,7 +97,6 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } - // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { enc := bw6756.NewEncoder(w) diff --git a/ecc/bw6-761/fr/kzg/marshal.go b/ecc/bw6-761/fr/kzg/marshal.go index a742e52dd8..171be7969c 100644 --- a/ecc/bw6-761/fr/kzg/marshal.go +++ b/ecc/bw6-761/fr/kzg/marshal.go @@ -1,26 +1,24 @@ +// Copyright 2020 ConsenSys Software Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. - // Copyright 2020 ConsenSys Software Inc. - // - // Licensed under the Apache License, Version 2.0 (the "License"); - // you may not use this file except in compliance with the License. - // You may obtain a copy of the License at - // - // http://www.apache.org/licenses/LICENSE-2.0 - // - // Unless required by applicable law or agreed to in writing, software - // distributed under the License is distributed on an "AS IS" BASIS, - // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - // See the License for the specific language governing permissions and - // limitations under the License. - // Code generated by consensys/gnark-crypto DO NOT EDIT package kzg - import ( - "io" "github.com/consensys/gnark-crypto/ecc/bw6-761" + "io" ) // WriteTo writes binary encoding of the ProvingKey @@ -42,14 +40,14 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { } // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey]) WriteTo(w io.Writer) (int64, error) { - // encode the SRS +func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { + // encode the VerifyingKey enc := bw6761.NewEncoder(w) toEncode := []interface{}{ - &srs.G2[0], - &srs.G2[1], - &srs.G1, + &vk.G2[0], + &vk.G2[1], + &vk.G1, } for _, v := range toEncode { @@ -63,7 +61,7 @@ func (vk *VerifyingKey]) WriteTo(w io.Writer) (int64, error) { // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { - // decode the SRS + // decode the ProvingKey dec := bw6761.NewDecoder(r) toDecode := []interface{}{ @@ -81,7 +79,7 @@ func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // ReadFrom decodes VerifyingKey data from reader. func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { - // decode the SRS + // decode the VerifyingKey dec := bw6761.NewDecoder(r) toDecode := []interface{}{ @@ -99,7 +97,6 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } - // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { enc := bw6761.NewEncoder(w) diff --git a/internal/generator/kzg/template/marshal.go.tmpl b/internal/generator/kzg/template/marshal.go.tmpl index d6002dfd05..94c3026d4c 100644 --- a/internal/generator/kzg/template/marshal.go.tmpl +++ b/internal/generator/kzg/template/marshal.go.tmpl @@ -24,13 +24,13 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { // WriteTo writes binary encoding of the VerifyingKey func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { - // encode the SRS + // encode the VerifyingKey enc := {{ .CurvePackage }}.NewEncoder(w) toEncode := []interface{}{ - &srs.G2[0], - &srs.G2[1], - &srs.G1, + &vk.G2[0], + &vk.G2[1], + &vk.G1, } for _, v := range toEncode { @@ -44,7 +44,7 @@ func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { - // decode the SRS + // decode the ProvingKey dec := {{ .CurvePackage }}.NewDecoder(r) toDecode := []interface{}{ @@ -62,7 +62,7 @@ func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // ReadFrom decodes VerifyingKey data from reader. func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { - // decode the SRS + // decode the VerifyingKey dec := {{ .CurvePackage }}.NewDecoder(r) toDecode := []interface{}{ From 3ef5152844d6de65b502fcb6388d869321f70669 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Fri, 7 Apr 2023 16:08:36 -0500 Subject: [PATCH 04/21] refactor: kzg.NewSRS to return two structs --- ecc/bls12-377/fr/kzg/kzg_test.go | 64 +++++++++--------- ecc/bls12-377/fr/kzg/marshal.go | 1 - ecc/bls12-378/fr/kzg/kzg_test.go | 64 +++++++++--------- ecc/bls12-378/fr/kzg/marshal.go | 1 - ecc/bls12-381/fr/kzg/kzg_test.go | 64 +++++++++--------- ecc/bls12-381/fr/kzg/marshal.go | 1 - ecc/bls24-315/fr/kzg/kzg_test.go | 64 +++++++++--------- ecc/bls24-315/fr/kzg/marshal.go | 1 - ecc/bls24-317/fr/kzg/kzg_test.go | 64 +++++++++--------- ecc/bls24-317/fr/kzg/marshal.go | 1 - ecc/bn254/fr/kzg/kzg_test.go | 66 ++++++++++--------- ecc/bn254/fr/kzg/marshal.go | 1 - ecc/bw6-633/fr/kzg/kzg_test.go | 64 +++++++++--------- ecc/bw6-633/fr/kzg/marshal.go | 1 - ecc/bw6-756/fr/kzg/kzg_test.go | 64 +++++++++--------- ecc/bw6-756/fr/kzg/marshal.go | 1 - ecc/bw6-761/fr/kzg/kzg_test.go | 64 +++++++++--------- ecc/bw6-761/fr/kzg/marshal.go | 1 - .../generator/kzg/template/kzg.test.go.tmpl | 63 +++++++++--------- .../generator/kzg/template/marshal.go.tmpl | 1 - kzg/kzg.go | 26 ++++---- 21 files changed, 346 insertions(+), 331 deletions(-) diff --git a/ecc/bls12-377/fr/kzg/kzg_test.go b/ecc/bls12-377/fr/kzg/kzg_test.go index 8bb3b31be5..17255c2d8e 100644 --- a/ecc/bls12-377/fr/kzg/kzg_test.go +++ b/ecc/bls12-377/fr/kzg/kzg_test.go @@ -80,33 +80,35 @@ func TestDividePolyByXminusA(t *testing.T) { } } -func TestSerializationSRS(t *testing.T) { - - // create a SRS - srs, err := NewSRS(64, new(big.Int).SetInt64(42)) - if err != nil { - t.Fatal(err) - } +// TODO @Tabaie not curve dependent. move to neutral territory? +type serializable interface { + io.ReaderFrom + io.WriterTo +} - // serialize it... - var buf bytes.Buffer - _, err = srs.WriteTo(&buf) - if err != nil { - t.Fatal(err) - } +func serializationRoundtrip(o serializable) func(*testing.T) { + return func(t *testing.T) { + // serialize it... + var buf bytes.Buffer + _, err := o.WriteTo(&buf) + assert.NoError(t, err) - // reconstruct the SRS - var _srs SRS - _, err = _srs.ReadFrom(&buf) - if err != nil { - t.Fatal(err) - } + // reconstruct the object + _o := reflect.New(reflect.TypeOf(o).Elem()).Pointer() + //_, err = _o.(serializable).ReadFrom(&buf) + assert.NoError(t, err) - // compare - if !reflect.DeepEqual(srs, &_srs) { - t.Fatal("scheme serialization failed") + // compare + assert.Equal(t, o, _o) } +} +func TestSerializationSRS(t *testing.T) { + // create a SRS + pk, vk, err := NewSRS(64, new(big.Int).SetInt64(42)) + assert.NoError(t, err) + t.Run("proving key serialization roundtrip", serializationRoundtrip(&pk)) + t.Run("verifying key serialization roundtrip", serializationRoundtrip(&vk)) } func TestCommit(t *testing.T) { @@ -118,7 +120,7 @@ func TestCommit(t *testing.T) { } // commit using the method from KZG - _kzgCommit, err := Commit(f, testSRS) + _kzgCommit, err := Commit(f, pk) if err != nil { t.Fatal(err) } @@ -132,7 +134,7 @@ func TestCommit(t *testing.T) { var fxbi big.Int fx.BigInt(&fxbi) var manualCommit bls12377.G1Affine - manualCommit.Set(&testSRS.G1[0]) + manualCommit.Set(&vk.G1) manualCommit.ScalarMultiplication(&manualCommit, &fxbi) // compare both results @@ -148,7 +150,7 @@ func TestVerifySinglePoint(t *testing.T) { f := randomPolynomial(60) // commit the polynomial - digest, err := Commit(f, testSRS) + digest, err := Commit(f, pk) if err != nil { t.Fatal(err) } @@ -156,7 +158,7 @@ func TestVerifySinglePoint(t *testing.T) { // compute opening proof at a random point var point fr.Element point.SetString("4321") - proof, err := Open(f, point, testSRS) + proof, err := Open(f, point, pk) if err != nil { t.Fatal(err) } @@ -168,7 +170,7 @@ func TestVerifySinglePoint(t *testing.T) { } // verify correct proof - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err != nil { t.Fatal(err) } @@ -176,7 +178,7 @@ func TestVerifySinglePoint(t *testing.T) { { // verify wrong proof proof.ClaimedValue.Double(&proof.ClaimedValue) - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -186,7 +188,7 @@ func TestVerifySinglePoint(t *testing.T) { // see https://cryptosubtlety.medium.com/00-8d4adcf4d255 proof.H.X.SetZero() proof.H.Y.SetZero() - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -206,7 +208,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // commit the polynomials digests := make([]Digest, len(f)) for i := range f { - digests[i], _ = Commit(f[i], testSRS) + digests[i], _ = Commit(f[i], pk) } @@ -266,7 +268,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { // commit the polynomials digests := make([]Digest, 10) for i := 0; i < 10; i++ { - digests[i], _ = Commit(f[i], testSRS) + digests[i], _ = Commit(f[i], pk) } // pick a hash function diff --git a/ecc/bls12-377/fr/kzg/marshal.go b/ecc/bls12-377/fr/kzg/marshal.go index 1fd9f88292..7a29e1abf3 100644 --- a/ecc/bls12-377/fr/kzg/marshal.go +++ b/ecc/bls12-377/fr/kzg/marshal.go @@ -154,7 +154,6 @@ func (proof *BatchOpeningProof) WriteTo(w io.Writer) (int64, error) { // ReadFrom decodes BatchOpeningProof data from reader. func (proof *BatchOpeningProof) ReadFrom(r io.Reader) (int64, error) { dec := bls12377.NewDecoder(r) - toDecode := []interface{}{ &proof.H, &proof.ClaimedValues, diff --git a/ecc/bls12-378/fr/kzg/kzg_test.go b/ecc/bls12-378/fr/kzg/kzg_test.go index eb63b8e605..cdd606a746 100644 --- a/ecc/bls12-378/fr/kzg/kzg_test.go +++ b/ecc/bls12-378/fr/kzg/kzg_test.go @@ -80,33 +80,35 @@ func TestDividePolyByXminusA(t *testing.T) { } } -func TestSerializationSRS(t *testing.T) { - - // create a SRS - srs, err := NewSRS(64, new(big.Int).SetInt64(42)) - if err != nil { - t.Fatal(err) - } +// TODO @Tabaie not curve dependent. move to neutral territory? +type serializable interface { + io.ReaderFrom + io.WriterTo +} - // serialize it... - var buf bytes.Buffer - _, err = srs.WriteTo(&buf) - if err != nil { - t.Fatal(err) - } +func serializationRoundtrip(o serializable) func(*testing.T) { + return func(t *testing.T) { + // serialize it... + var buf bytes.Buffer + _, err := o.WriteTo(&buf) + assert.NoError(t, err) - // reconstruct the SRS - var _srs SRS - _, err = _srs.ReadFrom(&buf) - if err != nil { - t.Fatal(err) - } + // reconstruct the object + _o := reflect.New(reflect.TypeOf(o).Elem()).Pointer() + //_, err = _o.(serializable).ReadFrom(&buf) + assert.NoError(t, err) - // compare - if !reflect.DeepEqual(srs, &_srs) { - t.Fatal("scheme serialization failed") + // compare + assert.Equal(t, o, _o) } +} +func TestSerializationSRS(t *testing.T) { + // create a SRS + pk, vk, err := NewSRS(64, new(big.Int).SetInt64(42)) + assert.NoError(t, err) + t.Run("proving key serialization roundtrip", serializationRoundtrip(&pk)) + t.Run("verifying key serialization roundtrip", serializationRoundtrip(&vk)) } func TestCommit(t *testing.T) { @@ -118,7 +120,7 @@ func TestCommit(t *testing.T) { } // commit using the method from KZG - _kzgCommit, err := Commit(f, testSRS) + _kzgCommit, err := Commit(f, pk) if err != nil { t.Fatal(err) } @@ -132,7 +134,7 @@ func TestCommit(t *testing.T) { var fxbi big.Int fx.BigInt(&fxbi) var manualCommit bls12378.G1Affine - manualCommit.Set(&testSRS.G1[0]) + manualCommit.Set(&vk.G1) manualCommit.ScalarMultiplication(&manualCommit, &fxbi) // compare both results @@ -148,7 +150,7 @@ func TestVerifySinglePoint(t *testing.T) { f := randomPolynomial(60) // commit the polynomial - digest, err := Commit(f, testSRS) + digest, err := Commit(f, pk) if err != nil { t.Fatal(err) } @@ -156,7 +158,7 @@ func TestVerifySinglePoint(t *testing.T) { // compute opening proof at a random point var point fr.Element point.SetString("4321") - proof, err := Open(f, point, testSRS) + proof, err := Open(f, point, pk) if err != nil { t.Fatal(err) } @@ -168,7 +170,7 @@ func TestVerifySinglePoint(t *testing.T) { } // verify correct proof - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err != nil { t.Fatal(err) } @@ -176,7 +178,7 @@ func TestVerifySinglePoint(t *testing.T) { { // verify wrong proof proof.ClaimedValue.Double(&proof.ClaimedValue) - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -186,7 +188,7 @@ func TestVerifySinglePoint(t *testing.T) { // see https://cryptosubtlety.medium.com/00-8d4adcf4d255 proof.H.X.SetZero() proof.H.Y.SetZero() - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -206,7 +208,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // commit the polynomials digests := make([]Digest, len(f)) for i := range f { - digests[i], _ = Commit(f[i], testSRS) + digests[i], _ = Commit(f[i], pk) } @@ -266,7 +268,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { // commit the polynomials digests := make([]Digest, 10) for i := 0; i < 10; i++ { - digests[i], _ = Commit(f[i], testSRS) + digests[i], _ = Commit(f[i], pk) } // pick a hash function diff --git a/ecc/bls12-378/fr/kzg/marshal.go b/ecc/bls12-378/fr/kzg/marshal.go index d84cfd502c..e063e7a95e 100644 --- a/ecc/bls12-378/fr/kzg/marshal.go +++ b/ecc/bls12-378/fr/kzg/marshal.go @@ -154,7 +154,6 @@ func (proof *BatchOpeningProof) WriteTo(w io.Writer) (int64, error) { // ReadFrom decodes BatchOpeningProof data from reader. func (proof *BatchOpeningProof) ReadFrom(r io.Reader) (int64, error) { dec := bls12378.NewDecoder(r) - toDecode := []interface{}{ &proof.H, &proof.ClaimedValues, diff --git a/ecc/bls12-381/fr/kzg/kzg_test.go b/ecc/bls12-381/fr/kzg/kzg_test.go index a361630ce3..6a61a82c5d 100644 --- a/ecc/bls12-381/fr/kzg/kzg_test.go +++ b/ecc/bls12-381/fr/kzg/kzg_test.go @@ -80,33 +80,35 @@ func TestDividePolyByXminusA(t *testing.T) { } } -func TestSerializationSRS(t *testing.T) { - - // create a SRS - srs, err := NewSRS(64, new(big.Int).SetInt64(42)) - if err != nil { - t.Fatal(err) - } +// TODO @Tabaie not curve dependent. move to neutral territory? +type serializable interface { + io.ReaderFrom + io.WriterTo +} - // serialize it... - var buf bytes.Buffer - _, err = srs.WriteTo(&buf) - if err != nil { - t.Fatal(err) - } +func serializationRoundtrip(o serializable) func(*testing.T) { + return func(t *testing.T) { + // serialize it... + var buf bytes.Buffer + _, err := o.WriteTo(&buf) + assert.NoError(t, err) - // reconstruct the SRS - var _srs SRS - _, err = _srs.ReadFrom(&buf) - if err != nil { - t.Fatal(err) - } + // reconstruct the object + _o := reflect.New(reflect.TypeOf(o).Elem()).Pointer() + //_, err = _o.(serializable).ReadFrom(&buf) + assert.NoError(t, err) - // compare - if !reflect.DeepEqual(srs, &_srs) { - t.Fatal("scheme serialization failed") + // compare + assert.Equal(t, o, _o) } +} +func TestSerializationSRS(t *testing.T) { + // create a SRS + pk, vk, err := NewSRS(64, new(big.Int).SetInt64(42)) + assert.NoError(t, err) + t.Run("proving key serialization roundtrip", serializationRoundtrip(&pk)) + t.Run("verifying key serialization roundtrip", serializationRoundtrip(&vk)) } func TestCommit(t *testing.T) { @@ -118,7 +120,7 @@ func TestCommit(t *testing.T) { } // commit using the method from KZG - _kzgCommit, err := Commit(f, testSRS) + _kzgCommit, err := Commit(f, pk) if err != nil { t.Fatal(err) } @@ -132,7 +134,7 @@ func TestCommit(t *testing.T) { var fxbi big.Int fx.BigInt(&fxbi) var manualCommit bls12381.G1Affine - manualCommit.Set(&testSRS.G1[0]) + manualCommit.Set(&vk.G1) manualCommit.ScalarMultiplication(&manualCommit, &fxbi) // compare both results @@ -148,7 +150,7 @@ func TestVerifySinglePoint(t *testing.T) { f := randomPolynomial(60) // commit the polynomial - digest, err := Commit(f, testSRS) + digest, err := Commit(f, pk) if err != nil { t.Fatal(err) } @@ -156,7 +158,7 @@ func TestVerifySinglePoint(t *testing.T) { // compute opening proof at a random point var point fr.Element point.SetString("4321") - proof, err := Open(f, point, testSRS) + proof, err := Open(f, point, pk) if err != nil { t.Fatal(err) } @@ -168,7 +170,7 @@ func TestVerifySinglePoint(t *testing.T) { } // verify correct proof - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err != nil { t.Fatal(err) } @@ -176,7 +178,7 @@ func TestVerifySinglePoint(t *testing.T) { { // verify wrong proof proof.ClaimedValue.Double(&proof.ClaimedValue) - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -186,7 +188,7 @@ func TestVerifySinglePoint(t *testing.T) { // see https://cryptosubtlety.medium.com/00-8d4adcf4d255 proof.H.X.SetZero() proof.H.Y.SetZero() - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -206,7 +208,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // commit the polynomials digests := make([]Digest, len(f)) for i := range f { - digests[i], _ = Commit(f[i], testSRS) + digests[i], _ = Commit(f[i], pk) } @@ -266,7 +268,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { // commit the polynomials digests := make([]Digest, 10) for i := 0; i < 10; i++ { - digests[i], _ = Commit(f[i], testSRS) + digests[i], _ = Commit(f[i], pk) } // pick a hash function diff --git a/ecc/bls12-381/fr/kzg/marshal.go b/ecc/bls12-381/fr/kzg/marshal.go index 4e01b1e4b5..90b646b677 100644 --- a/ecc/bls12-381/fr/kzg/marshal.go +++ b/ecc/bls12-381/fr/kzg/marshal.go @@ -154,7 +154,6 @@ func (proof *BatchOpeningProof) WriteTo(w io.Writer) (int64, error) { // ReadFrom decodes BatchOpeningProof data from reader. func (proof *BatchOpeningProof) ReadFrom(r io.Reader) (int64, error) { dec := bls12381.NewDecoder(r) - toDecode := []interface{}{ &proof.H, &proof.ClaimedValues, diff --git a/ecc/bls24-315/fr/kzg/kzg_test.go b/ecc/bls24-315/fr/kzg/kzg_test.go index 3b7e026413..a96117157e 100644 --- a/ecc/bls24-315/fr/kzg/kzg_test.go +++ b/ecc/bls24-315/fr/kzg/kzg_test.go @@ -80,33 +80,35 @@ func TestDividePolyByXminusA(t *testing.T) { } } -func TestSerializationSRS(t *testing.T) { - - // create a SRS - srs, err := NewSRS(64, new(big.Int).SetInt64(42)) - if err != nil { - t.Fatal(err) - } +// TODO @Tabaie not curve dependent. move to neutral territory? +type serializable interface { + io.ReaderFrom + io.WriterTo +} - // serialize it... - var buf bytes.Buffer - _, err = srs.WriteTo(&buf) - if err != nil { - t.Fatal(err) - } +func serializationRoundtrip(o serializable) func(*testing.T) { + return func(t *testing.T) { + // serialize it... + var buf bytes.Buffer + _, err := o.WriteTo(&buf) + assert.NoError(t, err) - // reconstruct the SRS - var _srs SRS - _, err = _srs.ReadFrom(&buf) - if err != nil { - t.Fatal(err) - } + // reconstruct the object + _o := reflect.New(reflect.TypeOf(o).Elem()).Pointer() + //_, err = _o.(serializable).ReadFrom(&buf) + assert.NoError(t, err) - // compare - if !reflect.DeepEqual(srs, &_srs) { - t.Fatal("scheme serialization failed") + // compare + assert.Equal(t, o, _o) } +} +func TestSerializationSRS(t *testing.T) { + // create a SRS + pk, vk, err := NewSRS(64, new(big.Int).SetInt64(42)) + assert.NoError(t, err) + t.Run("proving key serialization roundtrip", serializationRoundtrip(&pk)) + t.Run("verifying key serialization roundtrip", serializationRoundtrip(&vk)) } func TestCommit(t *testing.T) { @@ -118,7 +120,7 @@ func TestCommit(t *testing.T) { } // commit using the method from KZG - _kzgCommit, err := Commit(f, testSRS) + _kzgCommit, err := Commit(f, pk) if err != nil { t.Fatal(err) } @@ -132,7 +134,7 @@ func TestCommit(t *testing.T) { var fxbi big.Int fx.BigInt(&fxbi) var manualCommit bls24315.G1Affine - manualCommit.Set(&testSRS.G1[0]) + manualCommit.Set(&vk.G1) manualCommit.ScalarMultiplication(&manualCommit, &fxbi) // compare both results @@ -148,7 +150,7 @@ func TestVerifySinglePoint(t *testing.T) { f := randomPolynomial(60) // commit the polynomial - digest, err := Commit(f, testSRS) + digest, err := Commit(f, pk) if err != nil { t.Fatal(err) } @@ -156,7 +158,7 @@ func TestVerifySinglePoint(t *testing.T) { // compute opening proof at a random point var point fr.Element point.SetString("4321") - proof, err := Open(f, point, testSRS) + proof, err := Open(f, point, pk) if err != nil { t.Fatal(err) } @@ -168,7 +170,7 @@ func TestVerifySinglePoint(t *testing.T) { } // verify correct proof - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err != nil { t.Fatal(err) } @@ -176,7 +178,7 @@ func TestVerifySinglePoint(t *testing.T) { { // verify wrong proof proof.ClaimedValue.Double(&proof.ClaimedValue) - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -186,7 +188,7 @@ func TestVerifySinglePoint(t *testing.T) { // see https://cryptosubtlety.medium.com/00-8d4adcf4d255 proof.H.X.SetZero() proof.H.Y.SetZero() - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -206,7 +208,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // commit the polynomials digests := make([]Digest, len(f)) for i := range f { - digests[i], _ = Commit(f[i], testSRS) + digests[i], _ = Commit(f[i], pk) } @@ -266,7 +268,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { // commit the polynomials digests := make([]Digest, 10) for i := 0; i < 10; i++ { - digests[i], _ = Commit(f[i], testSRS) + digests[i], _ = Commit(f[i], pk) } // pick a hash function diff --git a/ecc/bls24-315/fr/kzg/marshal.go b/ecc/bls24-315/fr/kzg/marshal.go index 71a47b6deb..47ff5dad8a 100644 --- a/ecc/bls24-315/fr/kzg/marshal.go +++ b/ecc/bls24-315/fr/kzg/marshal.go @@ -154,7 +154,6 @@ func (proof *BatchOpeningProof) WriteTo(w io.Writer) (int64, error) { // ReadFrom decodes BatchOpeningProof data from reader. func (proof *BatchOpeningProof) ReadFrom(r io.Reader) (int64, error) { dec := bls24315.NewDecoder(r) - toDecode := []interface{}{ &proof.H, &proof.ClaimedValues, diff --git a/ecc/bls24-317/fr/kzg/kzg_test.go b/ecc/bls24-317/fr/kzg/kzg_test.go index 7abfb35421..87fb846ca0 100644 --- a/ecc/bls24-317/fr/kzg/kzg_test.go +++ b/ecc/bls24-317/fr/kzg/kzg_test.go @@ -80,33 +80,35 @@ func TestDividePolyByXminusA(t *testing.T) { } } -func TestSerializationSRS(t *testing.T) { - - // create a SRS - srs, err := NewSRS(64, new(big.Int).SetInt64(42)) - if err != nil { - t.Fatal(err) - } +// TODO @Tabaie not curve dependent. move to neutral territory? +type serializable interface { + io.ReaderFrom + io.WriterTo +} - // serialize it... - var buf bytes.Buffer - _, err = srs.WriteTo(&buf) - if err != nil { - t.Fatal(err) - } +func serializationRoundtrip(o serializable) func(*testing.T) { + return func(t *testing.T) { + // serialize it... + var buf bytes.Buffer + _, err := o.WriteTo(&buf) + assert.NoError(t, err) - // reconstruct the SRS - var _srs SRS - _, err = _srs.ReadFrom(&buf) - if err != nil { - t.Fatal(err) - } + // reconstruct the object + _o := reflect.New(reflect.TypeOf(o).Elem()).Pointer() + //_, err = _o.(serializable).ReadFrom(&buf) + assert.NoError(t, err) - // compare - if !reflect.DeepEqual(srs, &_srs) { - t.Fatal("scheme serialization failed") + // compare + assert.Equal(t, o, _o) } +} +func TestSerializationSRS(t *testing.T) { + // create a SRS + pk, vk, err := NewSRS(64, new(big.Int).SetInt64(42)) + assert.NoError(t, err) + t.Run("proving key serialization roundtrip", serializationRoundtrip(&pk)) + t.Run("verifying key serialization roundtrip", serializationRoundtrip(&vk)) } func TestCommit(t *testing.T) { @@ -118,7 +120,7 @@ func TestCommit(t *testing.T) { } // commit using the method from KZG - _kzgCommit, err := Commit(f, testSRS) + _kzgCommit, err := Commit(f, pk) if err != nil { t.Fatal(err) } @@ -132,7 +134,7 @@ func TestCommit(t *testing.T) { var fxbi big.Int fx.BigInt(&fxbi) var manualCommit bls24317.G1Affine - manualCommit.Set(&testSRS.G1[0]) + manualCommit.Set(&vk.G1) manualCommit.ScalarMultiplication(&manualCommit, &fxbi) // compare both results @@ -148,7 +150,7 @@ func TestVerifySinglePoint(t *testing.T) { f := randomPolynomial(60) // commit the polynomial - digest, err := Commit(f, testSRS) + digest, err := Commit(f, pk) if err != nil { t.Fatal(err) } @@ -156,7 +158,7 @@ func TestVerifySinglePoint(t *testing.T) { // compute opening proof at a random point var point fr.Element point.SetString("4321") - proof, err := Open(f, point, testSRS) + proof, err := Open(f, point, pk) if err != nil { t.Fatal(err) } @@ -168,7 +170,7 @@ func TestVerifySinglePoint(t *testing.T) { } // verify correct proof - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err != nil { t.Fatal(err) } @@ -176,7 +178,7 @@ func TestVerifySinglePoint(t *testing.T) { { // verify wrong proof proof.ClaimedValue.Double(&proof.ClaimedValue) - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -186,7 +188,7 @@ func TestVerifySinglePoint(t *testing.T) { // see https://cryptosubtlety.medium.com/00-8d4adcf4d255 proof.H.X.SetZero() proof.H.Y.SetZero() - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -206,7 +208,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // commit the polynomials digests := make([]Digest, len(f)) for i := range f { - digests[i], _ = Commit(f[i], testSRS) + digests[i], _ = Commit(f[i], pk) } @@ -266,7 +268,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { // commit the polynomials digests := make([]Digest, 10) for i := 0; i < 10; i++ { - digests[i], _ = Commit(f[i], testSRS) + digests[i], _ = Commit(f[i], pk) } // pick a hash function diff --git a/ecc/bls24-317/fr/kzg/marshal.go b/ecc/bls24-317/fr/kzg/marshal.go index 76a28d5200..7714f943e4 100644 --- a/ecc/bls24-317/fr/kzg/marshal.go +++ b/ecc/bls24-317/fr/kzg/marshal.go @@ -154,7 +154,6 @@ func (proof *BatchOpeningProof) WriteTo(w io.Writer) (int64, error) { // ReadFrom decodes BatchOpeningProof data from reader. func (proof *BatchOpeningProof) ReadFrom(r io.Reader) (int64, error) { dec := bls24317.NewDecoder(r) - toDecode := []interface{}{ &proof.H, &proof.ClaimedValues, diff --git a/ecc/bn254/fr/kzg/kzg_test.go b/ecc/bn254/fr/kzg/kzg_test.go index 0fe8329195..b6ee5d9472 100644 --- a/ecc/bn254/fr/kzg/kzg_test.go +++ b/ecc/bn254/fr/kzg/kzg_test.go @@ -19,6 +19,8 @@ package kzg import ( "bytes" "crypto/sha256" + "github.com/stretchr/testify/assert" + "io" "math/big" "reflect" "testing" @@ -80,33 +82,35 @@ func TestDividePolyByXminusA(t *testing.T) { } } -func TestSerializationSRS(t *testing.T) { - - // create a SRS - srs, err := NewSRS(64, new(big.Int).SetInt64(42)) - if err != nil { - t.Fatal(err) - } +// TODO @Tabaie not curve dependent. move to neutral territory? +type serializable interface { + io.ReaderFrom + io.WriterTo +} - // serialize it... - var buf bytes.Buffer - _, err = srs.WriteTo(&buf) - if err != nil { - t.Fatal(err) - } +func serializationRoundtrip(o serializable) func(*testing.T) { + return func(t *testing.T) { + // serialize it... + var buf bytes.Buffer + _, err := o.WriteTo(&buf) + assert.NoError(t, err) - // reconstruct the SRS - var _srs SRS - _, err = _srs.ReadFrom(&buf) - if err != nil { - t.Fatal(err) - } + // reconstruct the object + _o := reflect.New(reflect.TypeOf(o).Elem()).Pointer() + //_, err = _o.(serializable).ReadFrom(&buf) + assert.NoError(t, err) - // compare - if !reflect.DeepEqual(srs, &_srs) { - t.Fatal("scheme serialization failed") + // compare + assert.Equal(t, o, _o) } +} +func TestSerializationSRS(t *testing.T) { + // create a SRS + pk, vk, err := NewSRS(64, new(big.Int).SetInt64(42)) + assert.NoError(t, err) + t.Run("proving key serialization roundtrip", serializationRoundtrip(&pk)) + t.Run("verifying key serialization roundtrip", serializationRoundtrip(&vk)) } func TestCommit(t *testing.T) { @@ -118,7 +122,7 @@ func TestCommit(t *testing.T) { } // commit using the method from KZG - _kzgCommit, err := Commit(f, testSRS) + _kzgCommit, err := Commit(f, pk) if err != nil { t.Fatal(err) } @@ -132,7 +136,7 @@ func TestCommit(t *testing.T) { var fxbi big.Int fx.BigInt(&fxbi) var manualCommit bn254.G1Affine - manualCommit.Set(&testSRS.G1[0]) + manualCommit.Set(&vk.G1) manualCommit.ScalarMultiplication(&manualCommit, &fxbi) // compare both results @@ -148,7 +152,7 @@ func TestVerifySinglePoint(t *testing.T) { f := randomPolynomial(60) // commit the polynomial - digest, err := Commit(f, testSRS) + digest, err := Commit(f, pk) if err != nil { t.Fatal(err) } @@ -156,7 +160,7 @@ func TestVerifySinglePoint(t *testing.T) { // compute opening proof at a random point var point fr.Element point.SetString("4321") - proof, err := Open(f, point, testSRS) + proof, err := Open(f, point, pk) if err != nil { t.Fatal(err) } @@ -168,7 +172,7 @@ func TestVerifySinglePoint(t *testing.T) { } // verify correct proof - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err != nil { t.Fatal(err) } @@ -176,7 +180,7 @@ func TestVerifySinglePoint(t *testing.T) { { // verify wrong proof proof.ClaimedValue.Double(&proof.ClaimedValue) - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -186,7 +190,7 @@ func TestVerifySinglePoint(t *testing.T) { // see https://cryptosubtlety.medium.com/00-8d4adcf4d255 proof.H.X.SetZero() proof.H.Y.SetZero() - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -206,7 +210,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // commit the polynomials digests := make([]Digest, len(f)) for i := range f { - digests[i], _ = Commit(f[i], testSRS) + digests[i], _ = Commit(f[i], pk) } @@ -266,7 +270,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { // commit the polynomials digests := make([]Digest, 10) for i := 0; i < 10; i++ { - digests[i], _ = Commit(f[i], testSRS) + digests[i], _ = Commit(f[i], pk) } // pick a hash function diff --git a/ecc/bn254/fr/kzg/marshal.go b/ecc/bn254/fr/kzg/marshal.go index 75c0584167..3727979c10 100644 --- a/ecc/bn254/fr/kzg/marshal.go +++ b/ecc/bn254/fr/kzg/marshal.go @@ -154,7 +154,6 @@ func (proof *BatchOpeningProof) WriteTo(w io.Writer) (int64, error) { // ReadFrom decodes BatchOpeningProof data from reader. func (proof *BatchOpeningProof) ReadFrom(r io.Reader) (int64, error) { dec := bn254.NewDecoder(r) - toDecode := []interface{}{ &proof.H, &proof.ClaimedValues, diff --git a/ecc/bw6-633/fr/kzg/kzg_test.go b/ecc/bw6-633/fr/kzg/kzg_test.go index e1a129fafc..cd6b7b1684 100644 --- a/ecc/bw6-633/fr/kzg/kzg_test.go +++ b/ecc/bw6-633/fr/kzg/kzg_test.go @@ -80,33 +80,35 @@ func TestDividePolyByXminusA(t *testing.T) { } } -func TestSerializationSRS(t *testing.T) { - - // create a SRS - srs, err := NewSRS(64, new(big.Int).SetInt64(42)) - if err != nil { - t.Fatal(err) - } +// TODO @Tabaie not curve dependent. move to neutral territory? +type serializable interface { + io.ReaderFrom + io.WriterTo +} - // serialize it... - var buf bytes.Buffer - _, err = srs.WriteTo(&buf) - if err != nil { - t.Fatal(err) - } +func serializationRoundtrip(o serializable) func(*testing.T) { + return func(t *testing.T) { + // serialize it... + var buf bytes.Buffer + _, err := o.WriteTo(&buf) + assert.NoError(t, err) - // reconstruct the SRS - var _srs SRS - _, err = _srs.ReadFrom(&buf) - if err != nil { - t.Fatal(err) - } + // reconstruct the object + _o := reflect.New(reflect.TypeOf(o).Elem()).Pointer() + //_, err = _o.(serializable).ReadFrom(&buf) + assert.NoError(t, err) - // compare - if !reflect.DeepEqual(srs, &_srs) { - t.Fatal("scheme serialization failed") + // compare + assert.Equal(t, o, _o) } +} +func TestSerializationSRS(t *testing.T) { + // create a SRS + pk, vk, err := NewSRS(64, new(big.Int).SetInt64(42)) + assert.NoError(t, err) + t.Run("proving key serialization roundtrip", serializationRoundtrip(&pk)) + t.Run("verifying key serialization roundtrip", serializationRoundtrip(&vk)) } func TestCommit(t *testing.T) { @@ -118,7 +120,7 @@ func TestCommit(t *testing.T) { } // commit using the method from KZG - _kzgCommit, err := Commit(f, testSRS) + _kzgCommit, err := Commit(f, pk) if err != nil { t.Fatal(err) } @@ -132,7 +134,7 @@ func TestCommit(t *testing.T) { var fxbi big.Int fx.BigInt(&fxbi) var manualCommit bw6633.G1Affine - manualCommit.Set(&testSRS.G1[0]) + manualCommit.Set(&vk.G1) manualCommit.ScalarMultiplication(&manualCommit, &fxbi) // compare both results @@ -148,7 +150,7 @@ func TestVerifySinglePoint(t *testing.T) { f := randomPolynomial(60) // commit the polynomial - digest, err := Commit(f, testSRS) + digest, err := Commit(f, pk) if err != nil { t.Fatal(err) } @@ -156,7 +158,7 @@ func TestVerifySinglePoint(t *testing.T) { // compute opening proof at a random point var point fr.Element point.SetString("4321") - proof, err := Open(f, point, testSRS) + proof, err := Open(f, point, pk) if err != nil { t.Fatal(err) } @@ -168,7 +170,7 @@ func TestVerifySinglePoint(t *testing.T) { } // verify correct proof - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err != nil { t.Fatal(err) } @@ -176,7 +178,7 @@ func TestVerifySinglePoint(t *testing.T) { { // verify wrong proof proof.ClaimedValue.Double(&proof.ClaimedValue) - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -186,7 +188,7 @@ func TestVerifySinglePoint(t *testing.T) { // see https://cryptosubtlety.medium.com/00-8d4adcf4d255 proof.H.X.SetZero() proof.H.Y.SetZero() - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -206,7 +208,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // commit the polynomials digests := make([]Digest, len(f)) for i := range f { - digests[i], _ = Commit(f[i], testSRS) + digests[i], _ = Commit(f[i], pk) } @@ -266,7 +268,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { // commit the polynomials digests := make([]Digest, 10) for i := 0; i < 10; i++ { - digests[i], _ = Commit(f[i], testSRS) + digests[i], _ = Commit(f[i], pk) } // pick a hash function diff --git a/ecc/bw6-633/fr/kzg/marshal.go b/ecc/bw6-633/fr/kzg/marshal.go index 4550e8b2d4..9e543527ae 100644 --- a/ecc/bw6-633/fr/kzg/marshal.go +++ b/ecc/bw6-633/fr/kzg/marshal.go @@ -154,7 +154,6 @@ func (proof *BatchOpeningProof) WriteTo(w io.Writer) (int64, error) { // ReadFrom decodes BatchOpeningProof data from reader. func (proof *BatchOpeningProof) ReadFrom(r io.Reader) (int64, error) { dec := bw6633.NewDecoder(r) - toDecode := []interface{}{ &proof.H, &proof.ClaimedValues, diff --git a/ecc/bw6-756/fr/kzg/kzg_test.go b/ecc/bw6-756/fr/kzg/kzg_test.go index 97ad42ab3c..e837cb8ec7 100644 --- a/ecc/bw6-756/fr/kzg/kzg_test.go +++ b/ecc/bw6-756/fr/kzg/kzg_test.go @@ -80,33 +80,35 @@ func TestDividePolyByXminusA(t *testing.T) { } } -func TestSerializationSRS(t *testing.T) { - - // create a SRS - srs, err := NewSRS(64, new(big.Int).SetInt64(42)) - if err != nil { - t.Fatal(err) - } +// TODO @Tabaie not curve dependent. move to neutral territory? +type serializable interface { + io.ReaderFrom + io.WriterTo +} - // serialize it... - var buf bytes.Buffer - _, err = srs.WriteTo(&buf) - if err != nil { - t.Fatal(err) - } +func serializationRoundtrip(o serializable) func(*testing.T) { + return func(t *testing.T) { + // serialize it... + var buf bytes.Buffer + _, err := o.WriteTo(&buf) + assert.NoError(t, err) - // reconstruct the SRS - var _srs SRS - _, err = _srs.ReadFrom(&buf) - if err != nil { - t.Fatal(err) - } + // reconstruct the object + _o := reflect.New(reflect.TypeOf(o).Elem()).Pointer() + //_, err = _o.(serializable).ReadFrom(&buf) + assert.NoError(t, err) - // compare - if !reflect.DeepEqual(srs, &_srs) { - t.Fatal("scheme serialization failed") + // compare + assert.Equal(t, o, _o) } +} +func TestSerializationSRS(t *testing.T) { + // create a SRS + pk, vk, err := NewSRS(64, new(big.Int).SetInt64(42)) + assert.NoError(t, err) + t.Run("proving key serialization roundtrip", serializationRoundtrip(&pk)) + t.Run("verifying key serialization roundtrip", serializationRoundtrip(&vk)) } func TestCommit(t *testing.T) { @@ -118,7 +120,7 @@ func TestCommit(t *testing.T) { } // commit using the method from KZG - _kzgCommit, err := Commit(f, testSRS) + _kzgCommit, err := Commit(f, pk) if err != nil { t.Fatal(err) } @@ -132,7 +134,7 @@ func TestCommit(t *testing.T) { var fxbi big.Int fx.BigInt(&fxbi) var manualCommit bw6756.G1Affine - manualCommit.Set(&testSRS.G1[0]) + manualCommit.Set(&vk.G1) manualCommit.ScalarMultiplication(&manualCommit, &fxbi) // compare both results @@ -148,7 +150,7 @@ func TestVerifySinglePoint(t *testing.T) { f := randomPolynomial(60) // commit the polynomial - digest, err := Commit(f, testSRS) + digest, err := Commit(f, pk) if err != nil { t.Fatal(err) } @@ -156,7 +158,7 @@ func TestVerifySinglePoint(t *testing.T) { // compute opening proof at a random point var point fr.Element point.SetString("4321") - proof, err := Open(f, point, testSRS) + proof, err := Open(f, point, pk) if err != nil { t.Fatal(err) } @@ -168,7 +170,7 @@ func TestVerifySinglePoint(t *testing.T) { } // verify correct proof - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err != nil { t.Fatal(err) } @@ -176,7 +178,7 @@ func TestVerifySinglePoint(t *testing.T) { { // verify wrong proof proof.ClaimedValue.Double(&proof.ClaimedValue) - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -186,7 +188,7 @@ func TestVerifySinglePoint(t *testing.T) { // see https://cryptosubtlety.medium.com/00-8d4adcf4d255 proof.H.X.SetZero() proof.H.Y.SetZero() - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -206,7 +208,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // commit the polynomials digests := make([]Digest, len(f)) for i := range f { - digests[i], _ = Commit(f[i], testSRS) + digests[i], _ = Commit(f[i], pk) } @@ -266,7 +268,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { // commit the polynomials digests := make([]Digest, 10) for i := 0; i < 10; i++ { - digests[i], _ = Commit(f[i], testSRS) + digests[i], _ = Commit(f[i], pk) } // pick a hash function diff --git a/ecc/bw6-756/fr/kzg/marshal.go b/ecc/bw6-756/fr/kzg/marshal.go index afa07174c4..6f5de22e99 100644 --- a/ecc/bw6-756/fr/kzg/marshal.go +++ b/ecc/bw6-756/fr/kzg/marshal.go @@ -154,7 +154,6 @@ func (proof *BatchOpeningProof) WriteTo(w io.Writer) (int64, error) { // ReadFrom decodes BatchOpeningProof data from reader. func (proof *BatchOpeningProof) ReadFrom(r io.Reader) (int64, error) { dec := bw6756.NewDecoder(r) - toDecode := []interface{}{ &proof.H, &proof.ClaimedValues, diff --git a/ecc/bw6-761/fr/kzg/kzg_test.go b/ecc/bw6-761/fr/kzg/kzg_test.go index 42cd378c15..c0d49915cb 100644 --- a/ecc/bw6-761/fr/kzg/kzg_test.go +++ b/ecc/bw6-761/fr/kzg/kzg_test.go @@ -80,33 +80,35 @@ func TestDividePolyByXminusA(t *testing.T) { } } -func TestSerializationSRS(t *testing.T) { - - // create a SRS - srs, err := NewSRS(64, new(big.Int).SetInt64(42)) - if err != nil { - t.Fatal(err) - } +// TODO @Tabaie not curve dependent. move to neutral territory? +type serializable interface { + io.ReaderFrom + io.WriterTo +} - // serialize it... - var buf bytes.Buffer - _, err = srs.WriteTo(&buf) - if err != nil { - t.Fatal(err) - } +func serializationRoundtrip(o serializable) func(*testing.T) { + return func(t *testing.T) { + // serialize it... + var buf bytes.Buffer + _, err := o.WriteTo(&buf) + assert.NoError(t, err) - // reconstruct the SRS - var _srs SRS - _, err = _srs.ReadFrom(&buf) - if err != nil { - t.Fatal(err) - } + // reconstruct the object + _o := reflect.New(reflect.TypeOf(o).Elem()).Pointer() + //_, err = _o.(serializable).ReadFrom(&buf) + assert.NoError(t, err) - // compare - if !reflect.DeepEqual(srs, &_srs) { - t.Fatal("scheme serialization failed") + // compare + assert.Equal(t, o, _o) } +} +func TestSerializationSRS(t *testing.T) { + // create a SRS + pk, vk, err := NewSRS(64, new(big.Int).SetInt64(42)) + assert.NoError(t, err) + t.Run("proving key serialization roundtrip", serializationRoundtrip(&pk)) + t.Run("verifying key serialization roundtrip", serializationRoundtrip(&vk)) } func TestCommit(t *testing.T) { @@ -118,7 +120,7 @@ func TestCommit(t *testing.T) { } // commit using the method from KZG - _kzgCommit, err := Commit(f, testSRS) + _kzgCommit, err := Commit(f, pk) if err != nil { t.Fatal(err) } @@ -132,7 +134,7 @@ func TestCommit(t *testing.T) { var fxbi big.Int fx.BigInt(&fxbi) var manualCommit bw6761.G1Affine - manualCommit.Set(&testSRS.G1[0]) + manualCommit.Set(&vk.G1) manualCommit.ScalarMultiplication(&manualCommit, &fxbi) // compare both results @@ -148,7 +150,7 @@ func TestVerifySinglePoint(t *testing.T) { f := randomPolynomial(60) // commit the polynomial - digest, err := Commit(f, testSRS) + digest, err := Commit(f, pk) if err != nil { t.Fatal(err) } @@ -156,7 +158,7 @@ func TestVerifySinglePoint(t *testing.T) { // compute opening proof at a random point var point fr.Element point.SetString("4321") - proof, err := Open(f, point, testSRS) + proof, err := Open(f, point, pk) if err != nil { t.Fatal(err) } @@ -168,7 +170,7 @@ func TestVerifySinglePoint(t *testing.T) { } // verify correct proof - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err != nil { t.Fatal(err) } @@ -176,7 +178,7 @@ func TestVerifySinglePoint(t *testing.T) { { // verify wrong proof proof.ClaimedValue.Double(&proof.ClaimedValue) - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -186,7 +188,7 @@ func TestVerifySinglePoint(t *testing.T) { // see https://cryptosubtlety.medium.com/00-8d4adcf4d255 proof.H.X.SetZero() proof.H.Y.SetZero() - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -206,7 +208,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // commit the polynomials digests := make([]Digest, len(f)) for i := range f { - digests[i], _ = Commit(f[i], testSRS) + digests[i], _ = Commit(f[i], pk) } @@ -266,7 +268,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { // commit the polynomials digests := make([]Digest, 10) for i := 0; i < 10; i++ { - digests[i], _ = Commit(f[i], testSRS) + digests[i], _ = Commit(f[i], pk) } // pick a hash function diff --git a/ecc/bw6-761/fr/kzg/marshal.go b/ecc/bw6-761/fr/kzg/marshal.go index 171be7969c..555d8210c8 100644 --- a/ecc/bw6-761/fr/kzg/marshal.go +++ b/ecc/bw6-761/fr/kzg/marshal.go @@ -154,7 +154,6 @@ func (proof *BatchOpeningProof) WriteTo(w io.Writer) (int64, error) { // ReadFrom decodes BatchOpeningProof data from reader. func (proof *BatchOpeningProof) ReadFrom(r io.Reader) (int64, error) { dec := bw6761.NewDecoder(r) - toDecode := []interface{}{ &proof.H, &proof.ClaimedValues, diff --git a/internal/generator/kzg/template/kzg.test.go.tmpl b/internal/generator/kzg/template/kzg.test.go.tmpl index 63d4332b7f..eaa2dc6df5 100644 --- a/internal/generator/kzg/template/kzg.test.go.tmpl +++ b/internal/generator/kzg/template/kzg.test.go.tmpl @@ -62,33 +62,36 @@ func TestDividePolyByXminusA(t *testing.T) { } } -func TestSerializationSRS(t *testing.T) { - // create a SRS - srs, err := NewSRS(64, new(big.Int).SetInt64(42)) - if err != nil { - t.Fatal(err) - } +// TODO @Tabaie not curve dependent. move to neutral territory? +type serializable interface { + io.ReaderFrom + io.WriterTo +} - // serialize it... - var buf bytes.Buffer - _, err = srs.WriteTo(&buf) - if err != nil { - t.Fatal(err) - } +func serializationRoundtrip(o serializable) func(*testing.T) { + return func(t *testing.T) { + // serialize it... + var buf bytes.Buffer + _, err := o.WriteTo(&buf) + assert.NoError(t, err) - // reconstruct the SRS - var _srs SRS - _, err = _srs.ReadFrom(&buf) - if err != nil { - t.Fatal(err) - } + // reconstruct the object + _o := reflect.New(reflect.TypeOf(o).Elem()).Pointer() + //_, err = _o.(serializable).ReadFrom(&buf) + assert.NoError(t, err) - // compare - if !reflect.DeepEqual(srs, &_srs) { - t.Fatal("scheme serialization failed") + // compare + assert.Equal(t, o, _o) } +} +func TestSerializationSRS(t *testing.T) { + // create a SRS + pk, vk, err := NewSRS(64, new(big.Int).SetInt64(42)) + assert.NoError(t, err) + t.Run("proving key serialization roundtrip", serializationRoundtrip(&pk)) + t.Run("verifying key serialization roundtrip", serializationRoundtrip(&vk)) } func TestCommit(t *testing.T) { @@ -100,7 +103,7 @@ func TestCommit(t *testing.T) { } // commit using the method from KZG - _kzgCommit, err := Commit(f, testSRS) + _kzgCommit, err := Commit(f, pk) if err != nil { t.Fatal(err) } @@ -114,7 +117,7 @@ func TestCommit(t *testing.T) { var fxbi big.Int fx.BigInt(&fxbi) var manualCommit {{ .CurvePackage }}.G1Affine - manualCommit.Set(&testSRS.G1[0]) + manualCommit.Set(&vk.G1) manualCommit.ScalarMultiplication(&manualCommit, &fxbi) // compare both results @@ -130,7 +133,7 @@ func TestVerifySinglePoint(t *testing.T) { f := randomPolynomial(60) // commit the polynomial - digest, err := Commit(f, testSRS) + digest, err := Commit(f, pk) if err != nil { t.Fatal(err) } @@ -138,7 +141,7 @@ func TestVerifySinglePoint(t *testing.T) { // compute opening proof at a random point var point fr.Element point.SetString("4321") - proof, err := Open(f, point, testSRS) + proof, err := Open(f, point, pk) if err != nil { t.Fatal(err) } @@ -150,7 +153,7 @@ func TestVerifySinglePoint(t *testing.T) { } // verify correct proof - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err != nil { t.Fatal(err) } @@ -158,7 +161,7 @@ func TestVerifySinglePoint(t *testing.T) { { // verify wrong proof proof.ClaimedValue.Double(&proof.ClaimedValue) - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -168,7 +171,7 @@ func TestVerifySinglePoint(t *testing.T) { // see https://cryptosubtlety.medium.com/00-8d4adcf4d255 proof.H.X.SetZero() proof.H.Y.SetZero() - err = Verify(&digest, &proof, point, testSRS) + err = Verify(&digest, &proof, point, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -188,7 +191,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // commit the polynomials digests := make([]Digest, len(f)) for i := range f { - digests[i], _ = Commit(f[i], testSRS) + digests[i], _ = Commit(f[i], pk) } @@ -248,7 +251,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { // commit the polynomials digests := make([]Digest, 10) for i := 0; i < 10; i++ { - digests[i], _ = Commit(f[i], testSRS) + digests[i], _ = Commit(f[i], pk) } // pick a hash function diff --git a/internal/generator/kzg/template/marshal.go.tmpl b/internal/generator/kzg/template/marshal.go.tmpl index 94c3026d4c..4f1ead752b 100644 --- a/internal/generator/kzg/template/marshal.go.tmpl +++ b/internal/generator/kzg/template/marshal.go.tmpl @@ -138,7 +138,6 @@ func (proof *BatchOpeningProof) WriteTo(w io.Writer) (int64, error) { // ReadFrom decodes BatchOpeningProof data from reader. func (proof *BatchOpeningProof) ReadFrom(r io.Reader) (int64, error) { dec := {{ .CurvePackage }}.NewDecoder(r) - toDecode := []interface{}{ &proof.H, &proof.ClaimedValues, diff --git a/kzg/kzg.go b/kzg/kzg.go index 8e8886953e..dda7feaf1e 100644 --- a/kzg/kzg.go +++ b/kzg/kzg.go @@ -19,34 +19,36 @@ import ( kzg_bw6761 "github.com/consensys/gnark-crypto/ecc/bw6-761/fr/kzg" ) -// SRS ... -type SRS interface { +type Serializable interface { io.ReaderFrom io.WriterTo } +type ProvingKey Serializable +type VerifyingKey Serializable + // NewSRS returns an empty curved-typed SRS object // that implements io.ReaderFrom and io.WriterTo interfaces -func NewSRS(curveID ecc.ID) SRS { +func NewSRS(curveID ecc.ID) (ProvingKey, VerifyingKey) { switch curveID { case ecc.BN254: - return &kzg_bn254.SRS{} + return &kzg_bn254.ProvingKey{}, &kzg_bn254.VerifyingKey{} case ecc.BLS12_377: - return &kzg_bls12377.SRS{} + return &kzg_bls12377.ProvingKey{}, &kzg_bls12377.VerifyingKey{} case ecc.BLS12_378: - return &kzg_bls12378.SRS{} + return &kzg_bls12378.ProvingKey{}, &kzg_bls12378.VerifyingKey{} case ecc.BLS12_381: - return &kzg_bls12381.SRS{} + return &kzg_bls12381.ProvingKey{}, &kzg_bls12381.VerifyingKey{} case ecc.BLS24_315: - return &kzg_bls24315.SRS{} + return &kzg_bls24315.ProvingKey{}, &kzg_bls24315.VerifyingKey{} case ecc.BLS24_317: - return &kzg_bls24317.SRS{} + return &kzg_bls24317.ProvingKey{}, &kzg_bls24317.VerifyingKey{} case ecc.BW6_761: - return &kzg_bw6761.SRS{} + return &kzg_bw6761.ProvingKey{}, &kzg_bw6761.VerifyingKey{} case ecc.BW6_633: - return &kzg_bw6633.SRS{} + return &kzg_bw6633.ProvingKey{}, &kzg_bw6633.VerifyingKey{} case ecc.BW6_756: - return &kzg_bw6756.SRS{} + return &kzg_bw6756.ProvingKey{}, &kzg_bw6756.VerifyingKey{} default: panic("not implemented") } From 470abeb21d4f91a5fd21905fd59aea409b6895a8 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Fri, 7 Apr 2023 16:25:15 -0500 Subject: [PATCH 05/21] refactor: kzg tests --- ecc/bls12-377/fr/kzg/kzg_test.go | 80 ++++++++--------- ecc/bls12-378/fr/kzg/kzg_test.go | 80 ++++++++--------- ecc/bls12-381/fr/kzg/kzg_test.go | 80 ++++++++--------- ecc/bls24-315/fr/kzg/kzg_test.go | 80 ++++++++--------- ecc/bls24-317/fr/kzg/kzg_test.go | 80 ++++++++--------- ecc/bn254/fr/kzg/kzg_test.go | 86 ++++++++----------- ecc/bw6-633/fr/kzg/kzg_test.go | 80 ++++++++--------- ecc/bw6-756/fr/kzg/kzg_test.go | 80 ++++++++--------- ecc/bw6-761/fr/kzg/kzg_test.go | 80 ++++++++--------- .../generator/kzg/template/kzg.test.go.tmpl | 82 ++++++++---------- 10 files changed, 353 insertions(+), 455 deletions(-) diff --git a/ecc/bls12-377/fr/kzg/kzg_test.go b/ecc/bls12-377/fr/kzg/kzg_test.go index 17255c2d8e..98eec63f9c 100644 --- a/ecc/bls12-377/fr/kzg/kzg_test.go +++ b/ecc/bls12-377/fr/kzg/kzg_test.go @@ -19,6 +19,8 @@ package kzg import ( "bytes" "crypto/sha256" + "github.com/stretchr/testify/assert" + "io" "math/big" "reflect" "testing" @@ -218,7 +220,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // compute opening proof at a random point var point fr.Element point.SetString("4321") - proof, err := BatchOpenSinglePoint(f, digests, point, hf, testSRS) + proof, err := BatchOpenSinglePoint(f, digests, point, hf, pk) if err != nil { t.Fatal(err) } @@ -232,7 +234,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { } // verify correct proof - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err != nil { t.Fatal(err) } @@ -240,7 +242,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { { // verify wrong proof proof.ClaimedValues[0].Double(&proof.ClaimedValues[0]) - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -250,7 +252,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // see https://cryptosubtlety.medium.com/00-8d4adcf4d255 proof.H.X.SetZero() proof.H.Y.SetZero() - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -278,9 +280,9 @@ func TestBatchVerifyMultiPoints(t *testing.T) { points := make([]fr.Element, 2) batchProofs := make([]BatchOpeningProof, 2) points[0].SetRandom() - batchProofs[0], _ = BatchOpenSinglePoint(f[:5], digests[:5], points[0], hf, testSRS) + batchProofs[0], _ = BatchOpenSinglePoint(f[:5], digests[:5], points[0], hf, pk) points[1].SetRandom() - batchProofs[1], _ = BatchOpenSinglePoint(f[5:], digests[5:], points[1], hf, testSRS) + batchProofs[1], _ = BatchOpenSinglePoint(f[5:], digests[5:], points[1], hf, pk) // fold the 2 batch opening proofs proofs := make([]OpeningProof, 2) @@ -288,18 +290,18 @@ func TestBatchVerifyMultiPoints(t *testing.T) { proofs[0], foldedDigests[0], _ = FoldProof(digests[:5], &batchProofs[0], points[0], hf) proofs[1], foldedDigests[1], _ = FoldProof(digests[5:], &batchProofs[1], points[1], hf) - // check the the individual batch proofs are correct - err := Verify(&foldedDigests[0], &proofs[0], points[0], testSRS) + // check that the individual batch proofs are correct + err := Verify(&foldedDigests[0], &proofs[0], points[0], vk) if err != nil { t.Fatal(err) } - err = Verify(&foldedDigests[1], &proofs[1], points[1], testSRS) + err = Verify(&foldedDigests[1], &proofs[1], points[1], vk) if err != nil { t.Fatal(err) } // batch verify correct folded proofs - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err != nil { t.Fatal(err) } @@ -308,7 +310,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { // batch verify tampered folded proofs proofs[0].ClaimedValue.Double(&proofs[0].ClaimedValue) - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err == nil { t.Fatal(err) } @@ -320,7 +322,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { proofs[0].H.Y.SetZero() proofs[1].H.X.SetZero() proofs[1].H.Y.SetZero() - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err == nil { t.Fatal(err) } @@ -331,16 +333,14 @@ func TestBatchVerifyMultiPoints(t *testing.T) { const benchSize = 1 << 16 func BenchmarkKZGCommit(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) b.ResetTimer() for i := 0; i < b.N; i++ { - _, _ = Commit(p, benchSRS) + _, _ = Commit(p, pk) } } @@ -366,10 +366,8 @@ func BenchmarkDivideByXMinusA(b *testing.B) { } func BenchmarkKZGOpen(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) @@ -378,15 +376,13 @@ func BenchmarkKZGOpen(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - _, _ = Open(p, r, benchSRS) + _, _ = Open(p, r, pk) } } func BenchmarkKZGVerify(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, vk, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) @@ -394,28 +390,22 @@ func BenchmarkKZGVerify(b *testing.B) { r.SetRandom() // commit - comm, err := Commit(p, benchSRS) - if err != nil { - b.Fatal(err) - } + comm, err := Commit(p, pk) + assert.NoError(b, err) // open - openingProof, err := Open(p, r, benchSRS) - if err != nil { - b.Fatal(err) - } + openingProof, err := Open(p, r, pk) + assert.NoError(b, err) b.ResetTimer() for i := 0; i < b.N; i++ { - Verify(&comm, &openingProof, r, benchSRS) + Verify(&comm, &openingProof, r, vk) } } func BenchmarkKZGBatchOpen10(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // 10 random polynomials var ps [10][]fr.Element @@ -426,7 +416,7 @@ func BenchmarkKZGBatchOpen10(b *testing.B) { // commitments var commitments [10]Digest for i := 0; i < 10; i++ { - commitments[i], _ = Commit(ps[i], benchSRS) + commitments[i], _ = Commit(ps[i], pk) } // pick a hash function @@ -437,12 +427,12 @@ func BenchmarkKZGBatchOpen10(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - BatchOpenSinglePoint(ps[:], commitments[:], r, hf, benchSRS) + BatchOpenSinglePoint(ps[:], commitments[:], r, hf, pk) } } func BenchmarkKZGBatchVerify10(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + pk, vk, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) if err != nil { b.Fatal(err) } @@ -456,7 +446,7 @@ func BenchmarkKZGBatchVerify10(b *testing.B) { // commitments var commitments [10]Digest for i := 0; i < 10; i++ { - commitments[i], _ = Commit(ps[i], benchSRS) + commitments[i], _ = Commit(ps[i], pk) } // pick a hash function @@ -465,14 +455,14 @@ func BenchmarkKZGBatchVerify10(b *testing.B) { var r fr.Element r.SetRandom() - proof, err := BatchOpenSinglePoint(ps[:], commitments[:], r, hf, benchSRS) + proof, err := BatchOpenSinglePoint(ps[:], commitments[:], r, hf, pk) if err != nil { b.Fatal(err) } b.ResetTimer() for i := 0; i < b.N; i++ { - BatchVerifySinglePoint(commitments[:], &proof, r, hf, benchSRS) + BatchVerifySinglePoint(commitments[:], &proof, r, hf, vk) } } diff --git a/ecc/bls12-378/fr/kzg/kzg_test.go b/ecc/bls12-378/fr/kzg/kzg_test.go index cdd606a746..8a0c68bc12 100644 --- a/ecc/bls12-378/fr/kzg/kzg_test.go +++ b/ecc/bls12-378/fr/kzg/kzg_test.go @@ -19,6 +19,8 @@ package kzg import ( "bytes" "crypto/sha256" + "github.com/stretchr/testify/assert" + "io" "math/big" "reflect" "testing" @@ -218,7 +220,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // compute opening proof at a random point var point fr.Element point.SetString("4321") - proof, err := BatchOpenSinglePoint(f, digests, point, hf, testSRS) + proof, err := BatchOpenSinglePoint(f, digests, point, hf, pk) if err != nil { t.Fatal(err) } @@ -232,7 +234,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { } // verify correct proof - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err != nil { t.Fatal(err) } @@ -240,7 +242,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { { // verify wrong proof proof.ClaimedValues[0].Double(&proof.ClaimedValues[0]) - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -250,7 +252,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // see https://cryptosubtlety.medium.com/00-8d4adcf4d255 proof.H.X.SetZero() proof.H.Y.SetZero() - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -278,9 +280,9 @@ func TestBatchVerifyMultiPoints(t *testing.T) { points := make([]fr.Element, 2) batchProofs := make([]BatchOpeningProof, 2) points[0].SetRandom() - batchProofs[0], _ = BatchOpenSinglePoint(f[:5], digests[:5], points[0], hf, testSRS) + batchProofs[0], _ = BatchOpenSinglePoint(f[:5], digests[:5], points[0], hf, pk) points[1].SetRandom() - batchProofs[1], _ = BatchOpenSinglePoint(f[5:], digests[5:], points[1], hf, testSRS) + batchProofs[1], _ = BatchOpenSinglePoint(f[5:], digests[5:], points[1], hf, pk) // fold the 2 batch opening proofs proofs := make([]OpeningProof, 2) @@ -288,18 +290,18 @@ func TestBatchVerifyMultiPoints(t *testing.T) { proofs[0], foldedDigests[0], _ = FoldProof(digests[:5], &batchProofs[0], points[0], hf) proofs[1], foldedDigests[1], _ = FoldProof(digests[5:], &batchProofs[1], points[1], hf) - // check the the individual batch proofs are correct - err := Verify(&foldedDigests[0], &proofs[0], points[0], testSRS) + // check that the individual batch proofs are correct + err := Verify(&foldedDigests[0], &proofs[0], points[0], vk) if err != nil { t.Fatal(err) } - err = Verify(&foldedDigests[1], &proofs[1], points[1], testSRS) + err = Verify(&foldedDigests[1], &proofs[1], points[1], vk) if err != nil { t.Fatal(err) } // batch verify correct folded proofs - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err != nil { t.Fatal(err) } @@ -308,7 +310,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { // batch verify tampered folded proofs proofs[0].ClaimedValue.Double(&proofs[0].ClaimedValue) - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err == nil { t.Fatal(err) } @@ -320,7 +322,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { proofs[0].H.Y.SetZero() proofs[1].H.X.SetZero() proofs[1].H.Y.SetZero() - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err == nil { t.Fatal(err) } @@ -331,16 +333,14 @@ func TestBatchVerifyMultiPoints(t *testing.T) { const benchSize = 1 << 16 func BenchmarkKZGCommit(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) b.ResetTimer() for i := 0; i < b.N; i++ { - _, _ = Commit(p, benchSRS) + _, _ = Commit(p, pk) } } @@ -366,10 +366,8 @@ func BenchmarkDivideByXMinusA(b *testing.B) { } func BenchmarkKZGOpen(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) @@ -378,15 +376,13 @@ func BenchmarkKZGOpen(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - _, _ = Open(p, r, benchSRS) + _, _ = Open(p, r, pk) } } func BenchmarkKZGVerify(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, vk, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) @@ -394,28 +390,22 @@ func BenchmarkKZGVerify(b *testing.B) { r.SetRandom() // commit - comm, err := Commit(p, benchSRS) - if err != nil { - b.Fatal(err) - } + comm, err := Commit(p, pk) + assert.NoError(b, err) // open - openingProof, err := Open(p, r, benchSRS) - if err != nil { - b.Fatal(err) - } + openingProof, err := Open(p, r, pk) + assert.NoError(b, err) b.ResetTimer() for i := 0; i < b.N; i++ { - Verify(&comm, &openingProof, r, benchSRS) + Verify(&comm, &openingProof, r, vk) } } func BenchmarkKZGBatchOpen10(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // 10 random polynomials var ps [10][]fr.Element @@ -426,7 +416,7 @@ func BenchmarkKZGBatchOpen10(b *testing.B) { // commitments var commitments [10]Digest for i := 0; i < 10; i++ { - commitments[i], _ = Commit(ps[i], benchSRS) + commitments[i], _ = Commit(ps[i], pk) } // pick a hash function @@ -437,12 +427,12 @@ func BenchmarkKZGBatchOpen10(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - BatchOpenSinglePoint(ps[:], commitments[:], r, hf, benchSRS) + BatchOpenSinglePoint(ps[:], commitments[:], r, hf, pk) } } func BenchmarkKZGBatchVerify10(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + pk, vk, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) if err != nil { b.Fatal(err) } @@ -456,7 +446,7 @@ func BenchmarkKZGBatchVerify10(b *testing.B) { // commitments var commitments [10]Digest for i := 0; i < 10; i++ { - commitments[i], _ = Commit(ps[i], benchSRS) + commitments[i], _ = Commit(ps[i], pk) } // pick a hash function @@ -465,14 +455,14 @@ func BenchmarkKZGBatchVerify10(b *testing.B) { var r fr.Element r.SetRandom() - proof, err := BatchOpenSinglePoint(ps[:], commitments[:], r, hf, benchSRS) + proof, err := BatchOpenSinglePoint(ps[:], commitments[:], r, hf, pk) if err != nil { b.Fatal(err) } b.ResetTimer() for i := 0; i < b.N; i++ { - BatchVerifySinglePoint(commitments[:], &proof, r, hf, benchSRS) + BatchVerifySinglePoint(commitments[:], &proof, r, hf, vk) } } diff --git a/ecc/bls12-381/fr/kzg/kzg_test.go b/ecc/bls12-381/fr/kzg/kzg_test.go index 6a61a82c5d..edfd00ad2a 100644 --- a/ecc/bls12-381/fr/kzg/kzg_test.go +++ b/ecc/bls12-381/fr/kzg/kzg_test.go @@ -19,6 +19,8 @@ package kzg import ( "bytes" "crypto/sha256" + "github.com/stretchr/testify/assert" + "io" "math/big" "reflect" "testing" @@ -218,7 +220,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // compute opening proof at a random point var point fr.Element point.SetString("4321") - proof, err := BatchOpenSinglePoint(f, digests, point, hf, testSRS) + proof, err := BatchOpenSinglePoint(f, digests, point, hf, pk) if err != nil { t.Fatal(err) } @@ -232,7 +234,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { } // verify correct proof - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err != nil { t.Fatal(err) } @@ -240,7 +242,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { { // verify wrong proof proof.ClaimedValues[0].Double(&proof.ClaimedValues[0]) - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -250,7 +252,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // see https://cryptosubtlety.medium.com/00-8d4adcf4d255 proof.H.X.SetZero() proof.H.Y.SetZero() - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -278,9 +280,9 @@ func TestBatchVerifyMultiPoints(t *testing.T) { points := make([]fr.Element, 2) batchProofs := make([]BatchOpeningProof, 2) points[0].SetRandom() - batchProofs[0], _ = BatchOpenSinglePoint(f[:5], digests[:5], points[0], hf, testSRS) + batchProofs[0], _ = BatchOpenSinglePoint(f[:5], digests[:5], points[0], hf, pk) points[1].SetRandom() - batchProofs[1], _ = BatchOpenSinglePoint(f[5:], digests[5:], points[1], hf, testSRS) + batchProofs[1], _ = BatchOpenSinglePoint(f[5:], digests[5:], points[1], hf, pk) // fold the 2 batch opening proofs proofs := make([]OpeningProof, 2) @@ -288,18 +290,18 @@ func TestBatchVerifyMultiPoints(t *testing.T) { proofs[0], foldedDigests[0], _ = FoldProof(digests[:5], &batchProofs[0], points[0], hf) proofs[1], foldedDigests[1], _ = FoldProof(digests[5:], &batchProofs[1], points[1], hf) - // check the the individual batch proofs are correct - err := Verify(&foldedDigests[0], &proofs[0], points[0], testSRS) + // check that the individual batch proofs are correct + err := Verify(&foldedDigests[0], &proofs[0], points[0], vk) if err != nil { t.Fatal(err) } - err = Verify(&foldedDigests[1], &proofs[1], points[1], testSRS) + err = Verify(&foldedDigests[1], &proofs[1], points[1], vk) if err != nil { t.Fatal(err) } // batch verify correct folded proofs - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err != nil { t.Fatal(err) } @@ -308,7 +310,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { // batch verify tampered folded proofs proofs[0].ClaimedValue.Double(&proofs[0].ClaimedValue) - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err == nil { t.Fatal(err) } @@ -320,7 +322,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { proofs[0].H.Y.SetZero() proofs[1].H.X.SetZero() proofs[1].H.Y.SetZero() - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err == nil { t.Fatal(err) } @@ -331,16 +333,14 @@ func TestBatchVerifyMultiPoints(t *testing.T) { const benchSize = 1 << 16 func BenchmarkKZGCommit(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) b.ResetTimer() for i := 0; i < b.N; i++ { - _, _ = Commit(p, benchSRS) + _, _ = Commit(p, pk) } } @@ -366,10 +366,8 @@ func BenchmarkDivideByXMinusA(b *testing.B) { } func BenchmarkKZGOpen(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) @@ -378,15 +376,13 @@ func BenchmarkKZGOpen(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - _, _ = Open(p, r, benchSRS) + _, _ = Open(p, r, pk) } } func BenchmarkKZGVerify(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, vk, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) @@ -394,28 +390,22 @@ func BenchmarkKZGVerify(b *testing.B) { r.SetRandom() // commit - comm, err := Commit(p, benchSRS) - if err != nil { - b.Fatal(err) - } + comm, err := Commit(p, pk) + assert.NoError(b, err) // open - openingProof, err := Open(p, r, benchSRS) - if err != nil { - b.Fatal(err) - } + openingProof, err := Open(p, r, pk) + assert.NoError(b, err) b.ResetTimer() for i := 0; i < b.N; i++ { - Verify(&comm, &openingProof, r, benchSRS) + Verify(&comm, &openingProof, r, vk) } } func BenchmarkKZGBatchOpen10(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // 10 random polynomials var ps [10][]fr.Element @@ -426,7 +416,7 @@ func BenchmarkKZGBatchOpen10(b *testing.B) { // commitments var commitments [10]Digest for i := 0; i < 10; i++ { - commitments[i], _ = Commit(ps[i], benchSRS) + commitments[i], _ = Commit(ps[i], pk) } // pick a hash function @@ -437,12 +427,12 @@ func BenchmarkKZGBatchOpen10(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - BatchOpenSinglePoint(ps[:], commitments[:], r, hf, benchSRS) + BatchOpenSinglePoint(ps[:], commitments[:], r, hf, pk) } } func BenchmarkKZGBatchVerify10(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + pk, vk, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) if err != nil { b.Fatal(err) } @@ -456,7 +446,7 @@ func BenchmarkKZGBatchVerify10(b *testing.B) { // commitments var commitments [10]Digest for i := 0; i < 10; i++ { - commitments[i], _ = Commit(ps[i], benchSRS) + commitments[i], _ = Commit(ps[i], pk) } // pick a hash function @@ -465,14 +455,14 @@ func BenchmarkKZGBatchVerify10(b *testing.B) { var r fr.Element r.SetRandom() - proof, err := BatchOpenSinglePoint(ps[:], commitments[:], r, hf, benchSRS) + proof, err := BatchOpenSinglePoint(ps[:], commitments[:], r, hf, pk) if err != nil { b.Fatal(err) } b.ResetTimer() for i := 0; i < b.N; i++ { - BatchVerifySinglePoint(commitments[:], &proof, r, hf, benchSRS) + BatchVerifySinglePoint(commitments[:], &proof, r, hf, vk) } } diff --git a/ecc/bls24-315/fr/kzg/kzg_test.go b/ecc/bls24-315/fr/kzg/kzg_test.go index a96117157e..9552466b62 100644 --- a/ecc/bls24-315/fr/kzg/kzg_test.go +++ b/ecc/bls24-315/fr/kzg/kzg_test.go @@ -19,6 +19,8 @@ package kzg import ( "bytes" "crypto/sha256" + "github.com/stretchr/testify/assert" + "io" "math/big" "reflect" "testing" @@ -218,7 +220,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // compute opening proof at a random point var point fr.Element point.SetString("4321") - proof, err := BatchOpenSinglePoint(f, digests, point, hf, testSRS) + proof, err := BatchOpenSinglePoint(f, digests, point, hf, pk) if err != nil { t.Fatal(err) } @@ -232,7 +234,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { } // verify correct proof - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err != nil { t.Fatal(err) } @@ -240,7 +242,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { { // verify wrong proof proof.ClaimedValues[0].Double(&proof.ClaimedValues[0]) - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -250,7 +252,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // see https://cryptosubtlety.medium.com/00-8d4adcf4d255 proof.H.X.SetZero() proof.H.Y.SetZero() - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -278,9 +280,9 @@ func TestBatchVerifyMultiPoints(t *testing.T) { points := make([]fr.Element, 2) batchProofs := make([]BatchOpeningProof, 2) points[0].SetRandom() - batchProofs[0], _ = BatchOpenSinglePoint(f[:5], digests[:5], points[0], hf, testSRS) + batchProofs[0], _ = BatchOpenSinglePoint(f[:5], digests[:5], points[0], hf, pk) points[1].SetRandom() - batchProofs[1], _ = BatchOpenSinglePoint(f[5:], digests[5:], points[1], hf, testSRS) + batchProofs[1], _ = BatchOpenSinglePoint(f[5:], digests[5:], points[1], hf, pk) // fold the 2 batch opening proofs proofs := make([]OpeningProof, 2) @@ -288,18 +290,18 @@ func TestBatchVerifyMultiPoints(t *testing.T) { proofs[0], foldedDigests[0], _ = FoldProof(digests[:5], &batchProofs[0], points[0], hf) proofs[1], foldedDigests[1], _ = FoldProof(digests[5:], &batchProofs[1], points[1], hf) - // check the the individual batch proofs are correct - err := Verify(&foldedDigests[0], &proofs[0], points[0], testSRS) + // check that the individual batch proofs are correct + err := Verify(&foldedDigests[0], &proofs[0], points[0], vk) if err != nil { t.Fatal(err) } - err = Verify(&foldedDigests[1], &proofs[1], points[1], testSRS) + err = Verify(&foldedDigests[1], &proofs[1], points[1], vk) if err != nil { t.Fatal(err) } // batch verify correct folded proofs - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err != nil { t.Fatal(err) } @@ -308,7 +310,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { // batch verify tampered folded proofs proofs[0].ClaimedValue.Double(&proofs[0].ClaimedValue) - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err == nil { t.Fatal(err) } @@ -320,7 +322,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { proofs[0].H.Y.SetZero() proofs[1].H.X.SetZero() proofs[1].H.Y.SetZero() - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err == nil { t.Fatal(err) } @@ -331,16 +333,14 @@ func TestBatchVerifyMultiPoints(t *testing.T) { const benchSize = 1 << 16 func BenchmarkKZGCommit(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) b.ResetTimer() for i := 0; i < b.N; i++ { - _, _ = Commit(p, benchSRS) + _, _ = Commit(p, pk) } } @@ -366,10 +366,8 @@ func BenchmarkDivideByXMinusA(b *testing.B) { } func BenchmarkKZGOpen(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) @@ -378,15 +376,13 @@ func BenchmarkKZGOpen(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - _, _ = Open(p, r, benchSRS) + _, _ = Open(p, r, pk) } } func BenchmarkKZGVerify(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, vk, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) @@ -394,28 +390,22 @@ func BenchmarkKZGVerify(b *testing.B) { r.SetRandom() // commit - comm, err := Commit(p, benchSRS) - if err != nil { - b.Fatal(err) - } + comm, err := Commit(p, pk) + assert.NoError(b, err) // open - openingProof, err := Open(p, r, benchSRS) - if err != nil { - b.Fatal(err) - } + openingProof, err := Open(p, r, pk) + assert.NoError(b, err) b.ResetTimer() for i := 0; i < b.N; i++ { - Verify(&comm, &openingProof, r, benchSRS) + Verify(&comm, &openingProof, r, vk) } } func BenchmarkKZGBatchOpen10(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // 10 random polynomials var ps [10][]fr.Element @@ -426,7 +416,7 @@ func BenchmarkKZGBatchOpen10(b *testing.B) { // commitments var commitments [10]Digest for i := 0; i < 10; i++ { - commitments[i], _ = Commit(ps[i], benchSRS) + commitments[i], _ = Commit(ps[i], pk) } // pick a hash function @@ -437,12 +427,12 @@ func BenchmarkKZGBatchOpen10(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - BatchOpenSinglePoint(ps[:], commitments[:], r, hf, benchSRS) + BatchOpenSinglePoint(ps[:], commitments[:], r, hf, pk) } } func BenchmarkKZGBatchVerify10(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + pk, vk, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) if err != nil { b.Fatal(err) } @@ -456,7 +446,7 @@ func BenchmarkKZGBatchVerify10(b *testing.B) { // commitments var commitments [10]Digest for i := 0; i < 10; i++ { - commitments[i], _ = Commit(ps[i], benchSRS) + commitments[i], _ = Commit(ps[i], pk) } // pick a hash function @@ -465,14 +455,14 @@ func BenchmarkKZGBatchVerify10(b *testing.B) { var r fr.Element r.SetRandom() - proof, err := BatchOpenSinglePoint(ps[:], commitments[:], r, hf, benchSRS) + proof, err := BatchOpenSinglePoint(ps[:], commitments[:], r, hf, pk) if err != nil { b.Fatal(err) } b.ResetTimer() for i := 0; i < b.N; i++ { - BatchVerifySinglePoint(commitments[:], &proof, r, hf, benchSRS) + BatchVerifySinglePoint(commitments[:], &proof, r, hf, vk) } } diff --git a/ecc/bls24-317/fr/kzg/kzg_test.go b/ecc/bls24-317/fr/kzg/kzg_test.go index 87fb846ca0..897dbecd23 100644 --- a/ecc/bls24-317/fr/kzg/kzg_test.go +++ b/ecc/bls24-317/fr/kzg/kzg_test.go @@ -19,6 +19,8 @@ package kzg import ( "bytes" "crypto/sha256" + "github.com/stretchr/testify/assert" + "io" "math/big" "reflect" "testing" @@ -218,7 +220,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // compute opening proof at a random point var point fr.Element point.SetString("4321") - proof, err := BatchOpenSinglePoint(f, digests, point, hf, testSRS) + proof, err := BatchOpenSinglePoint(f, digests, point, hf, pk) if err != nil { t.Fatal(err) } @@ -232,7 +234,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { } // verify correct proof - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err != nil { t.Fatal(err) } @@ -240,7 +242,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { { // verify wrong proof proof.ClaimedValues[0].Double(&proof.ClaimedValues[0]) - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -250,7 +252,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // see https://cryptosubtlety.medium.com/00-8d4adcf4d255 proof.H.X.SetZero() proof.H.Y.SetZero() - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -278,9 +280,9 @@ func TestBatchVerifyMultiPoints(t *testing.T) { points := make([]fr.Element, 2) batchProofs := make([]BatchOpeningProof, 2) points[0].SetRandom() - batchProofs[0], _ = BatchOpenSinglePoint(f[:5], digests[:5], points[0], hf, testSRS) + batchProofs[0], _ = BatchOpenSinglePoint(f[:5], digests[:5], points[0], hf, pk) points[1].SetRandom() - batchProofs[1], _ = BatchOpenSinglePoint(f[5:], digests[5:], points[1], hf, testSRS) + batchProofs[1], _ = BatchOpenSinglePoint(f[5:], digests[5:], points[1], hf, pk) // fold the 2 batch opening proofs proofs := make([]OpeningProof, 2) @@ -288,18 +290,18 @@ func TestBatchVerifyMultiPoints(t *testing.T) { proofs[0], foldedDigests[0], _ = FoldProof(digests[:5], &batchProofs[0], points[0], hf) proofs[1], foldedDigests[1], _ = FoldProof(digests[5:], &batchProofs[1], points[1], hf) - // check the the individual batch proofs are correct - err := Verify(&foldedDigests[0], &proofs[0], points[0], testSRS) + // check that the individual batch proofs are correct + err := Verify(&foldedDigests[0], &proofs[0], points[0], vk) if err != nil { t.Fatal(err) } - err = Verify(&foldedDigests[1], &proofs[1], points[1], testSRS) + err = Verify(&foldedDigests[1], &proofs[1], points[1], vk) if err != nil { t.Fatal(err) } // batch verify correct folded proofs - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err != nil { t.Fatal(err) } @@ -308,7 +310,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { // batch verify tampered folded proofs proofs[0].ClaimedValue.Double(&proofs[0].ClaimedValue) - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err == nil { t.Fatal(err) } @@ -320,7 +322,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { proofs[0].H.Y.SetZero() proofs[1].H.X.SetZero() proofs[1].H.Y.SetZero() - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err == nil { t.Fatal(err) } @@ -331,16 +333,14 @@ func TestBatchVerifyMultiPoints(t *testing.T) { const benchSize = 1 << 16 func BenchmarkKZGCommit(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) b.ResetTimer() for i := 0; i < b.N; i++ { - _, _ = Commit(p, benchSRS) + _, _ = Commit(p, pk) } } @@ -366,10 +366,8 @@ func BenchmarkDivideByXMinusA(b *testing.B) { } func BenchmarkKZGOpen(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) @@ -378,15 +376,13 @@ func BenchmarkKZGOpen(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - _, _ = Open(p, r, benchSRS) + _, _ = Open(p, r, pk) } } func BenchmarkKZGVerify(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, vk, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) @@ -394,28 +390,22 @@ func BenchmarkKZGVerify(b *testing.B) { r.SetRandom() // commit - comm, err := Commit(p, benchSRS) - if err != nil { - b.Fatal(err) - } + comm, err := Commit(p, pk) + assert.NoError(b, err) // open - openingProof, err := Open(p, r, benchSRS) - if err != nil { - b.Fatal(err) - } + openingProof, err := Open(p, r, pk) + assert.NoError(b, err) b.ResetTimer() for i := 0; i < b.N; i++ { - Verify(&comm, &openingProof, r, benchSRS) + Verify(&comm, &openingProof, r, vk) } } func BenchmarkKZGBatchOpen10(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // 10 random polynomials var ps [10][]fr.Element @@ -426,7 +416,7 @@ func BenchmarkKZGBatchOpen10(b *testing.B) { // commitments var commitments [10]Digest for i := 0; i < 10; i++ { - commitments[i], _ = Commit(ps[i], benchSRS) + commitments[i], _ = Commit(ps[i], pk) } // pick a hash function @@ -437,12 +427,12 @@ func BenchmarkKZGBatchOpen10(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - BatchOpenSinglePoint(ps[:], commitments[:], r, hf, benchSRS) + BatchOpenSinglePoint(ps[:], commitments[:], r, hf, pk) } } func BenchmarkKZGBatchVerify10(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + pk, vk, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) if err != nil { b.Fatal(err) } @@ -456,7 +446,7 @@ func BenchmarkKZGBatchVerify10(b *testing.B) { // commitments var commitments [10]Digest for i := 0; i < 10; i++ { - commitments[i], _ = Commit(ps[i], benchSRS) + commitments[i], _ = Commit(ps[i], pk) } // pick a hash function @@ -465,14 +455,14 @@ func BenchmarkKZGBatchVerify10(b *testing.B) { var r fr.Element r.SetRandom() - proof, err := BatchOpenSinglePoint(ps[:], commitments[:], r, hf, benchSRS) + proof, err := BatchOpenSinglePoint(ps[:], commitments[:], r, hf, pk) if err != nil { b.Fatal(err) } b.ResetTimer() for i := 0; i < b.N; i++ { - BatchVerifySinglePoint(commitments[:], &proof, r, hf, benchSRS) + BatchVerifySinglePoint(commitments[:], &proof, r, hf, vk) } } diff --git a/ecc/bn254/fr/kzg/kzg_test.go b/ecc/bn254/fr/kzg/kzg_test.go index b6ee5d9472..d417a40cc4 100644 --- a/ecc/bn254/fr/kzg/kzg_test.go +++ b/ecc/bn254/fr/kzg/kzg_test.go @@ -96,8 +96,8 @@ func serializationRoundtrip(o serializable) func(*testing.T) { assert.NoError(t, err) // reconstruct the object - _o := reflect.New(reflect.TypeOf(o).Elem()).Pointer() - //_, err = _o.(serializable).ReadFrom(&buf) + _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) + _, err = _o.(serializable).ReadFrom(&buf) assert.NoError(t, err) // compare @@ -109,8 +109,8 @@ func TestSerializationSRS(t *testing.T) { // create a SRS pk, vk, err := NewSRS(64, new(big.Int).SetInt64(42)) assert.NoError(t, err) - t.Run("proving key serialization roundtrip", serializationRoundtrip(&pk)) - t.Run("verifying key serialization roundtrip", serializationRoundtrip(&vk)) + t.Run("proving key round-trip", serializationRoundtrip(&pk)) + t.Run("verifying key round-trip", serializationRoundtrip(&vk)) } func TestCommit(t *testing.T) { @@ -220,7 +220,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // compute opening proof at a random point var point fr.Element point.SetString("4321") - proof, err := BatchOpenSinglePoint(f, digests, point, hf, testSRS) + proof, err := BatchOpenSinglePoint(f, digests, point, hf, pk) if err != nil { t.Fatal(err) } @@ -234,7 +234,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { } // verify correct proof - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err != nil { t.Fatal(err) } @@ -242,7 +242,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { { // verify wrong proof proof.ClaimedValues[0].Double(&proof.ClaimedValues[0]) - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -252,7 +252,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // see https://cryptosubtlety.medium.com/00-8d4adcf4d255 proof.H.X.SetZero() proof.H.Y.SetZero() - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -280,9 +280,9 @@ func TestBatchVerifyMultiPoints(t *testing.T) { points := make([]fr.Element, 2) batchProofs := make([]BatchOpeningProof, 2) points[0].SetRandom() - batchProofs[0], _ = BatchOpenSinglePoint(f[:5], digests[:5], points[0], hf, testSRS) + batchProofs[0], _ = BatchOpenSinglePoint(f[:5], digests[:5], points[0], hf, pk) points[1].SetRandom() - batchProofs[1], _ = BatchOpenSinglePoint(f[5:], digests[5:], points[1], hf, testSRS) + batchProofs[1], _ = BatchOpenSinglePoint(f[5:], digests[5:], points[1], hf, pk) // fold the 2 batch opening proofs proofs := make([]OpeningProof, 2) @@ -290,18 +290,18 @@ func TestBatchVerifyMultiPoints(t *testing.T) { proofs[0], foldedDigests[0], _ = FoldProof(digests[:5], &batchProofs[0], points[0], hf) proofs[1], foldedDigests[1], _ = FoldProof(digests[5:], &batchProofs[1], points[1], hf) - // check the the individual batch proofs are correct - err := Verify(&foldedDigests[0], &proofs[0], points[0], testSRS) + // check that the individual batch proofs are correct + err := Verify(&foldedDigests[0], &proofs[0], points[0], vk) if err != nil { t.Fatal(err) } - err = Verify(&foldedDigests[1], &proofs[1], points[1], testSRS) + err = Verify(&foldedDigests[1], &proofs[1], points[1], vk) if err != nil { t.Fatal(err) } // batch verify correct folded proofs - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err != nil { t.Fatal(err) } @@ -310,7 +310,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { // batch verify tampered folded proofs proofs[0].ClaimedValue.Double(&proofs[0].ClaimedValue) - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err == nil { t.Fatal(err) } @@ -322,7 +322,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { proofs[0].H.Y.SetZero() proofs[1].H.X.SetZero() proofs[1].H.Y.SetZero() - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err == nil { t.Fatal(err) } @@ -333,16 +333,14 @@ func TestBatchVerifyMultiPoints(t *testing.T) { const benchSize = 1 << 16 func BenchmarkKZGCommit(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) b.ResetTimer() for i := 0; i < b.N; i++ { - _, _ = Commit(p, benchSRS) + _, _ = Commit(p, pk) } } @@ -368,10 +366,8 @@ func BenchmarkDivideByXMinusA(b *testing.B) { } func BenchmarkKZGOpen(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) @@ -380,15 +376,13 @@ func BenchmarkKZGOpen(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - _, _ = Open(p, r, benchSRS) + _, _ = Open(p, r, pk) } } func BenchmarkKZGVerify(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, vk, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) @@ -396,28 +390,22 @@ func BenchmarkKZGVerify(b *testing.B) { r.SetRandom() // commit - comm, err := Commit(p, benchSRS) - if err != nil { - b.Fatal(err) - } + comm, err := Commit(p, pk) + assert.NoError(b, err) // open - openingProof, err := Open(p, r, benchSRS) - if err != nil { - b.Fatal(err) - } + openingProof, err := Open(p, r, pk) + assert.NoError(b, err) b.ResetTimer() for i := 0; i < b.N; i++ { - Verify(&comm, &openingProof, r, benchSRS) + Verify(&comm, &openingProof, r, vk) } } func BenchmarkKZGBatchOpen10(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // 10 random polynomials var ps [10][]fr.Element @@ -428,7 +416,7 @@ func BenchmarkKZGBatchOpen10(b *testing.B) { // commitments var commitments [10]Digest for i := 0; i < 10; i++ { - commitments[i], _ = Commit(ps[i], benchSRS) + commitments[i], _ = Commit(ps[i], pk) } // pick a hash function @@ -439,12 +427,12 @@ func BenchmarkKZGBatchOpen10(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - BatchOpenSinglePoint(ps[:], commitments[:], r, hf, benchSRS) + BatchOpenSinglePoint(ps[:], commitments[:], r, hf, pk) } } func BenchmarkKZGBatchVerify10(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + pk, vk, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) if err != nil { b.Fatal(err) } @@ -458,7 +446,7 @@ func BenchmarkKZGBatchVerify10(b *testing.B) { // commitments var commitments [10]Digest for i := 0; i < 10; i++ { - commitments[i], _ = Commit(ps[i], benchSRS) + commitments[i], _ = Commit(ps[i], pk) } // pick a hash function @@ -467,14 +455,14 @@ func BenchmarkKZGBatchVerify10(b *testing.B) { var r fr.Element r.SetRandom() - proof, err := BatchOpenSinglePoint(ps[:], commitments[:], r, hf, benchSRS) + proof, err := BatchOpenSinglePoint(ps[:], commitments[:], r, hf, pk) if err != nil { b.Fatal(err) } b.ResetTimer() for i := 0; i < b.N; i++ { - BatchVerifySinglePoint(commitments[:], &proof, r, hf, benchSRS) + BatchVerifySinglePoint(commitments[:], &proof, r, hf, vk) } } diff --git a/ecc/bw6-633/fr/kzg/kzg_test.go b/ecc/bw6-633/fr/kzg/kzg_test.go index cd6b7b1684..d20049253d 100644 --- a/ecc/bw6-633/fr/kzg/kzg_test.go +++ b/ecc/bw6-633/fr/kzg/kzg_test.go @@ -19,6 +19,8 @@ package kzg import ( "bytes" "crypto/sha256" + "github.com/stretchr/testify/assert" + "io" "math/big" "reflect" "testing" @@ -218,7 +220,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // compute opening proof at a random point var point fr.Element point.SetString("4321") - proof, err := BatchOpenSinglePoint(f, digests, point, hf, testSRS) + proof, err := BatchOpenSinglePoint(f, digests, point, hf, pk) if err != nil { t.Fatal(err) } @@ -232,7 +234,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { } // verify correct proof - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err != nil { t.Fatal(err) } @@ -240,7 +242,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { { // verify wrong proof proof.ClaimedValues[0].Double(&proof.ClaimedValues[0]) - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -250,7 +252,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // see https://cryptosubtlety.medium.com/00-8d4adcf4d255 proof.H.X.SetZero() proof.H.Y.SetZero() - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -278,9 +280,9 @@ func TestBatchVerifyMultiPoints(t *testing.T) { points := make([]fr.Element, 2) batchProofs := make([]BatchOpeningProof, 2) points[0].SetRandom() - batchProofs[0], _ = BatchOpenSinglePoint(f[:5], digests[:5], points[0], hf, testSRS) + batchProofs[0], _ = BatchOpenSinglePoint(f[:5], digests[:5], points[0], hf, pk) points[1].SetRandom() - batchProofs[1], _ = BatchOpenSinglePoint(f[5:], digests[5:], points[1], hf, testSRS) + batchProofs[1], _ = BatchOpenSinglePoint(f[5:], digests[5:], points[1], hf, pk) // fold the 2 batch opening proofs proofs := make([]OpeningProof, 2) @@ -288,18 +290,18 @@ func TestBatchVerifyMultiPoints(t *testing.T) { proofs[0], foldedDigests[0], _ = FoldProof(digests[:5], &batchProofs[0], points[0], hf) proofs[1], foldedDigests[1], _ = FoldProof(digests[5:], &batchProofs[1], points[1], hf) - // check the the individual batch proofs are correct - err := Verify(&foldedDigests[0], &proofs[0], points[0], testSRS) + // check that the individual batch proofs are correct + err := Verify(&foldedDigests[0], &proofs[0], points[0], vk) if err != nil { t.Fatal(err) } - err = Verify(&foldedDigests[1], &proofs[1], points[1], testSRS) + err = Verify(&foldedDigests[1], &proofs[1], points[1], vk) if err != nil { t.Fatal(err) } // batch verify correct folded proofs - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err != nil { t.Fatal(err) } @@ -308,7 +310,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { // batch verify tampered folded proofs proofs[0].ClaimedValue.Double(&proofs[0].ClaimedValue) - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err == nil { t.Fatal(err) } @@ -320,7 +322,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { proofs[0].H.Y.SetZero() proofs[1].H.X.SetZero() proofs[1].H.Y.SetZero() - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err == nil { t.Fatal(err) } @@ -331,16 +333,14 @@ func TestBatchVerifyMultiPoints(t *testing.T) { const benchSize = 1 << 16 func BenchmarkKZGCommit(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) b.ResetTimer() for i := 0; i < b.N; i++ { - _, _ = Commit(p, benchSRS) + _, _ = Commit(p, pk) } } @@ -366,10 +366,8 @@ func BenchmarkDivideByXMinusA(b *testing.B) { } func BenchmarkKZGOpen(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) @@ -378,15 +376,13 @@ func BenchmarkKZGOpen(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - _, _ = Open(p, r, benchSRS) + _, _ = Open(p, r, pk) } } func BenchmarkKZGVerify(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, vk, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) @@ -394,28 +390,22 @@ func BenchmarkKZGVerify(b *testing.B) { r.SetRandom() // commit - comm, err := Commit(p, benchSRS) - if err != nil { - b.Fatal(err) - } + comm, err := Commit(p, pk) + assert.NoError(b, err) // open - openingProof, err := Open(p, r, benchSRS) - if err != nil { - b.Fatal(err) - } + openingProof, err := Open(p, r, pk) + assert.NoError(b, err) b.ResetTimer() for i := 0; i < b.N; i++ { - Verify(&comm, &openingProof, r, benchSRS) + Verify(&comm, &openingProof, r, vk) } } func BenchmarkKZGBatchOpen10(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // 10 random polynomials var ps [10][]fr.Element @@ -426,7 +416,7 @@ func BenchmarkKZGBatchOpen10(b *testing.B) { // commitments var commitments [10]Digest for i := 0; i < 10; i++ { - commitments[i], _ = Commit(ps[i], benchSRS) + commitments[i], _ = Commit(ps[i], pk) } // pick a hash function @@ -437,12 +427,12 @@ func BenchmarkKZGBatchOpen10(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - BatchOpenSinglePoint(ps[:], commitments[:], r, hf, benchSRS) + BatchOpenSinglePoint(ps[:], commitments[:], r, hf, pk) } } func BenchmarkKZGBatchVerify10(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + pk, vk, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) if err != nil { b.Fatal(err) } @@ -456,7 +446,7 @@ func BenchmarkKZGBatchVerify10(b *testing.B) { // commitments var commitments [10]Digest for i := 0; i < 10; i++ { - commitments[i], _ = Commit(ps[i], benchSRS) + commitments[i], _ = Commit(ps[i], pk) } // pick a hash function @@ -465,14 +455,14 @@ func BenchmarkKZGBatchVerify10(b *testing.B) { var r fr.Element r.SetRandom() - proof, err := BatchOpenSinglePoint(ps[:], commitments[:], r, hf, benchSRS) + proof, err := BatchOpenSinglePoint(ps[:], commitments[:], r, hf, pk) if err != nil { b.Fatal(err) } b.ResetTimer() for i := 0; i < b.N; i++ { - BatchVerifySinglePoint(commitments[:], &proof, r, hf, benchSRS) + BatchVerifySinglePoint(commitments[:], &proof, r, hf, vk) } } diff --git a/ecc/bw6-756/fr/kzg/kzg_test.go b/ecc/bw6-756/fr/kzg/kzg_test.go index e837cb8ec7..51a2982167 100644 --- a/ecc/bw6-756/fr/kzg/kzg_test.go +++ b/ecc/bw6-756/fr/kzg/kzg_test.go @@ -19,6 +19,8 @@ package kzg import ( "bytes" "crypto/sha256" + "github.com/stretchr/testify/assert" + "io" "math/big" "reflect" "testing" @@ -218,7 +220,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // compute opening proof at a random point var point fr.Element point.SetString("4321") - proof, err := BatchOpenSinglePoint(f, digests, point, hf, testSRS) + proof, err := BatchOpenSinglePoint(f, digests, point, hf, pk) if err != nil { t.Fatal(err) } @@ -232,7 +234,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { } // verify correct proof - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err != nil { t.Fatal(err) } @@ -240,7 +242,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { { // verify wrong proof proof.ClaimedValues[0].Double(&proof.ClaimedValues[0]) - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -250,7 +252,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // see https://cryptosubtlety.medium.com/00-8d4adcf4d255 proof.H.X.SetZero() proof.H.Y.SetZero() - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -278,9 +280,9 @@ func TestBatchVerifyMultiPoints(t *testing.T) { points := make([]fr.Element, 2) batchProofs := make([]BatchOpeningProof, 2) points[0].SetRandom() - batchProofs[0], _ = BatchOpenSinglePoint(f[:5], digests[:5], points[0], hf, testSRS) + batchProofs[0], _ = BatchOpenSinglePoint(f[:5], digests[:5], points[0], hf, pk) points[1].SetRandom() - batchProofs[1], _ = BatchOpenSinglePoint(f[5:], digests[5:], points[1], hf, testSRS) + batchProofs[1], _ = BatchOpenSinglePoint(f[5:], digests[5:], points[1], hf, pk) // fold the 2 batch opening proofs proofs := make([]OpeningProof, 2) @@ -288,18 +290,18 @@ func TestBatchVerifyMultiPoints(t *testing.T) { proofs[0], foldedDigests[0], _ = FoldProof(digests[:5], &batchProofs[0], points[0], hf) proofs[1], foldedDigests[1], _ = FoldProof(digests[5:], &batchProofs[1], points[1], hf) - // check the the individual batch proofs are correct - err := Verify(&foldedDigests[0], &proofs[0], points[0], testSRS) + // check that the individual batch proofs are correct + err := Verify(&foldedDigests[0], &proofs[0], points[0], vk) if err != nil { t.Fatal(err) } - err = Verify(&foldedDigests[1], &proofs[1], points[1], testSRS) + err = Verify(&foldedDigests[1], &proofs[1], points[1], vk) if err != nil { t.Fatal(err) } // batch verify correct folded proofs - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err != nil { t.Fatal(err) } @@ -308,7 +310,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { // batch verify tampered folded proofs proofs[0].ClaimedValue.Double(&proofs[0].ClaimedValue) - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err == nil { t.Fatal(err) } @@ -320,7 +322,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { proofs[0].H.Y.SetZero() proofs[1].H.X.SetZero() proofs[1].H.Y.SetZero() - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err == nil { t.Fatal(err) } @@ -331,16 +333,14 @@ func TestBatchVerifyMultiPoints(t *testing.T) { const benchSize = 1 << 16 func BenchmarkKZGCommit(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) b.ResetTimer() for i := 0; i < b.N; i++ { - _, _ = Commit(p, benchSRS) + _, _ = Commit(p, pk) } } @@ -366,10 +366,8 @@ func BenchmarkDivideByXMinusA(b *testing.B) { } func BenchmarkKZGOpen(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) @@ -378,15 +376,13 @@ func BenchmarkKZGOpen(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - _, _ = Open(p, r, benchSRS) + _, _ = Open(p, r, pk) } } func BenchmarkKZGVerify(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, vk, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) @@ -394,28 +390,22 @@ func BenchmarkKZGVerify(b *testing.B) { r.SetRandom() // commit - comm, err := Commit(p, benchSRS) - if err != nil { - b.Fatal(err) - } + comm, err := Commit(p, pk) + assert.NoError(b, err) // open - openingProof, err := Open(p, r, benchSRS) - if err != nil { - b.Fatal(err) - } + openingProof, err := Open(p, r, pk) + assert.NoError(b, err) b.ResetTimer() for i := 0; i < b.N; i++ { - Verify(&comm, &openingProof, r, benchSRS) + Verify(&comm, &openingProof, r, vk) } } func BenchmarkKZGBatchOpen10(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // 10 random polynomials var ps [10][]fr.Element @@ -426,7 +416,7 @@ func BenchmarkKZGBatchOpen10(b *testing.B) { // commitments var commitments [10]Digest for i := 0; i < 10; i++ { - commitments[i], _ = Commit(ps[i], benchSRS) + commitments[i], _ = Commit(ps[i], pk) } // pick a hash function @@ -437,12 +427,12 @@ func BenchmarkKZGBatchOpen10(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - BatchOpenSinglePoint(ps[:], commitments[:], r, hf, benchSRS) + BatchOpenSinglePoint(ps[:], commitments[:], r, hf, pk) } } func BenchmarkKZGBatchVerify10(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + pk, vk, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) if err != nil { b.Fatal(err) } @@ -456,7 +446,7 @@ func BenchmarkKZGBatchVerify10(b *testing.B) { // commitments var commitments [10]Digest for i := 0; i < 10; i++ { - commitments[i], _ = Commit(ps[i], benchSRS) + commitments[i], _ = Commit(ps[i], pk) } // pick a hash function @@ -465,14 +455,14 @@ func BenchmarkKZGBatchVerify10(b *testing.B) { var r fr.Element r.SetRandom() - proof, err := BatchOpenSinglePoint(ps[:], commitments[:], r, hf, benchSRS) + proof, err := BatchOpenSinglePoint(ps[:], commitments[:], r, hf, pk) if err != nil { b.Fatal(err) } b.ResetTimer() for i := 0; i < b.N; i++ { - BatchVerifySinglePoint(commitments[:], &proof, r, hf, benchSRS) + BatchVerifySinglePoint(commitments[:], &proof, r, hf, vk) } } diff --git a/ecc/bw6-761/fr/kzg/kzg_test.go b/ecc/bw6-761/fr/kzg/kzg_test.go index c0d49915cb..d85c624c6a 100644 --- a/ecc/bw6-761/fr/kzg/kzg_test.go +++ b/ecc/bw6-761/fr/kzg/kzg_test.go @@ -19,6 +19,8 @@ package kzg import ( "bytes" "crypto/sha256" + "github.com/stretchr/testify/assert" + "io" "math/big" "reflect" "testing" @@ -218,7 +220,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // compute opening proof at a random point var point fr.Element point.SetString("4321") - proof, err := BatchOpenSinglePoint(f, digests, point, hf, testSRS) + proof, err := BatchOpenSinglePoint(f, digests, point, hf, pk) if err != nil { t.Fatal(err) } @@ -232,7 +234,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { } // verify correct proof - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err != nil { t.Fatal(err) } @@ -240,7 +242,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { { // verify wrong proof proof.ClaimedValues[0].Double(&proof.ClaimedValues[0]) - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -250,7 +252,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // see https://cryptosubtlety.medium.com/00-8d4adcf4d255 proof.H.X.SetZero() proof.H.Y.SetZero() - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -278,9 +280,9 @@ func TestBatchVerifyMultiPoints(t *testing.T) { points := make([]fr.Element, 2) batchProofs := make([]BatchOpeningProof, 2) points[0].SetRandom() - batchProofs[0], _ = BatchOpenSinglePoint(f[:5], digests[:5], points[0], hf, testSRS) + batchProofs[0], _ = BatchOpenSinglePoint(f[:5], digests[:5], points[0], hf, pk) points[1].SetRandom() - batchProofs[1], _ = BatchOpenSinglePoint(f[5:], digests[5:], points[1], hf, testSRS) + batchProofs[1], _ = BatchOpenSinglePoint(f[5:], digests[5:], points[1], hf, pk) // fold the 2 batch opening proofs proofs := make([]OpeningProof, 2) @@ -288,18 +290,18 @@ func TestBatchVerifyMultiPoints(t *testing.T) { proofs[0], foldedDigests[0], _ = FoldProof(digests[:5], &batchProofs[0], points[0], hf) proofs[1], foldedDigests[1], _ = FoldProof(digests[5:], &batchProofs[1], points[1], hf) - // check the the individual batch proofs are correct - err := Verify(&foldedDigests[0], &proofs[0], points[0], testSRS) + // check that the individual batch proofs are correct + err := Verify(&foldedDigests[0], &proofs[0], points[0], vk) if err != nil { t.Fatal(err) } - err = Verify(&foldedDigests[1], &proofs[1], points[1], testSRS) + err = Verify(&foldedDigests[1], &proofs[1], points[1], vk) if err != nil { t.Fatal(err) } // batch verify correct folded proofs - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err != nil { t.Fatal(err) } @@ -308,7 +310,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { // batch verify tampered folded proofs proofs[0].ClaimedValue.Double(&proofs[0].ClaimedValue) - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err == nil { t.Fatal(err) } @@ -320,7 +322,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { proofs[0].H.Y.SetZero() proofs[1].H.X.SetZero() proofs[1].H.Y.SetZero() - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err == nil { t.Fatal(err) } @@ -331,16 +333,14 @@ func TestBatchVerifyMultiPoints(t *testing.T) { const benchSize = 1 << 16 func BenchmarkKZGCommit(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) b.ResetTimer() for i := 0; i < b.N; i++ { - _, _ = Commit(p, benchSRS) + _, _ = Commit(p, pk) } } @@ -366,10 +366,8 @@ func BenchmarkDivideByXMinusA(b *testing.B) { } func BenchmarkKZGOpen(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) @@ -378,15 +376,13 @@ func BenchmarkKZGOpen(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - _, _ = Open(p, r, benchSRS) + _, _ = Open(p, r, pk) } } func BenchmarkKZGVerify(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, vk, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) @@ -394,28 +390,22 @@ func BenchmarkKZGVerify(b *testing.B) { r.SetRandom() // commit - comm, err := Commit(p, benchSRS) - if err != nil { - b.Fatal(err) - } + comm, err := Commit(p, pk) + assert.NoError(b, err) // open - openingProof, err := Open(p, r, benchSRS) - if err != nil { - b.Fatal(err) - } + openingProof, err := Open(p, r, pk) + assert.NoError(b, err) b.ResetTimer() for i := 0; i < b.N; i++ { - Verify(&comm, &openingProof, r, benchSRS) + Verify(&comm, &openingProof, r, vk) } } func BenchmarkKZGBatchOpen10(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // 10 random polynomials var ps [10][]fr.Element @@ -426,7 +416,7 @@ func BenchmarkKZGBatchOpen10(b *testing.B) { // commitments var commitments [10]Digest for i := 0; i < 10; i++ { - commitments[i], _ = Commit(ps[i], benchSRS) + commitments[i], _ = Commit(ps[i], pk) } // pick a hash function @@ -437,12 +427,12 @@ func BenchmarkKZGBatchOpen10(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - BatchOpenSinglePoint(ps[:], commitments[:], r, hf, benchSRS) + BatchOpenSinglePoint(ps[:], commitments[:], r, hf, pk) } } func BenchmarkKZGBatchVerify10(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + pk, vk, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) if err != nil { b.Fatal(err) } @@ -456,7 +446,7 @@ func BenchmarkKZGBatchVerify10(b *testing.B) { // commitments var commitments [10]Digest for i := 0; i < 10; i++ { - commitments[i], _ = Commit(ps[i], benchSRS) + commitments[i], _ = Commit(ps[i], pk) } // pick a hash function @@ -465,14 +455,14 @@ func BenchmarkKZGBatchVerify10(b *testing.B) { var r fr.Element r.SetRandom() - proof, err := BatchOpenSinglePoint(ps[:], commitments[:], r, hf, benchSRS) + proof, err := BatchOpenSinglePoint(ps[:], commitments[:], r, hf, pk) if err != nil { b.Fatal(err) } b.ResetTimer() for i := 0; i < b.N; i++ { - BatchVerifySinglePoint(commitments[:], &proof, r, hf, benchSRS) + BatchVerifySinglePoint(commitments[:], &proof, r, hf, vk) } } diff --git a/internal/generator/kzg/template/kzg.test.go.tmpl b/internal/generator/kzg/template/kzg.test.go.tmpl index eaa2dc6df5..7fd018ee3b 100644 --- a/internal/generator/kzg/template/kzg.test.go.tmpl +++ b/internal/generator/kzg/template/kzg.test.go.tmpl @@ -1,6 +1,8 @@ import ( "bytes" "crypto/sha256" + "github.com/stretchr/testify/assert" + "io" "math/big" "reflect" "testing" @@ -48,7 +50,7 @@ func TestDividePolyByXminusA(t *testing.T) { pol = nil // h reuses this memory if len(h) != 229 { - t.Fatal("inconsistant size of quotient") + t.Fatal("inconsistent size of quotient") } hRandPoint := eval(h, randPoint) @@ -201,7 +203,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // compute opening proof at a random point var point fr.Element point.SetString("4321") - proof, err := BatchOpenSinglePoint(f, digests, point, hf, testSRS) + proof, err := BatchOpenSinglePoint(f, digests, point, hf, pk) if err != nil { t.Fatal(err) } @@ -215,7 +217,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { } // verify correct proof - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err != nil { t.Fatal(err) } @@ -223,7 +225,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { { // verify wrong proof proof.ClaimedValues[0].Double(&proof.ClaimedValues[0]) - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -233,7 +235,7 @@ func TestBatchVerifySinglePoint(t *testing.T) { // see https://cryptosubtlety.medium.com/00-8d4adcf4d255 proof.H.X.SetZero() proof.H.Y.SetZero() - err = BatchVerifySinglePoint(digests, &proof, point, hf, testSRS) + err = BatchVerifySinglePoint(digests, &proof, point, hf, vk) if err == nil { t.Fatal("verifying wrong proof should have failed") } @@ -261,9 +263,9 @@ func TestBatchVerifyMultiPoints(t *testing.T) { points := make([]fr.Element, 2) batchProofs := make([]BatchOpeningProof, 2) points[0].SetRandom() - batchProofs[0], _ = BatchOpenSinglePoint(f[:5], digests[:5], points[0], hf, testSRS) + batchProofs[0], _ = BatchOpenSinglePoint(f[:5], digests[:5], points[0], hf, pk) points[1].SetRandom() - batchProofs[1], _ = BatchOpenSinglePoint(f[5:], digests[5:], points[1], hf, testSRS) + batchProofs[1], _ = BatchOpenSinglePoint(f[5:], digests[5:], points[1], hf, pk) // fold the 2 batch opening proofs proofs := make([]OpeningProof, 2) @@ -271,18 +273,18 @@ func TestBatchVerifyMultiPoints(t *testing.T) { proofs[0], foldedDigests[0], _ = FoldProof(digests[:5], &batchProofs[0], points[0], hf) proofs[1], foldedDigests[1], _ = FoldProof(digests[5:], &batchProofs[1], points[1], hf) - // check the the individual batch proofs are correct - err := Verify(&foldedDigests[0], &proofs[0], points[0], testSRS) + // check that the individual batch proofs are correct + err := Verify(&foldedDigests[0], &proofs[0], points[0], vk) if err != nil { t.Fatal(err) } - err = Verify(&foldedDigests[1], &proofs[1], points[1], testSRS) + err = Verify(&foldedDigests[1], &proofs[1], points[1], vk) if err != nil { t.Fatal(err) } // batch verify correct folded proofs - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err != nil { t.Fatal(err) } @@ -291,7 +293,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { // batch verify tampered folded proofs proofs[0].ClaimedValue.Double(&proofs[0].ClaimedValue) - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err == nil { t.Fatal(err) } @@ -303,7 +305,7 @@ func TestBatchVerifyMultiPoints(t *testing.T) { proofs[0].H.Y.SetZero() proofs[1].H.X.SetZero() proofs[1].H.Y.SetZero() - err = BatchVerifyMultiPoints(foldedDigests, proofs, points, testSRS) + err = BatchVerifyMultiPoints(foldedDigests, proofs, points, vk) if err == nil { t.Fatal(err) } @@ -314,16 +316,14 @@ func TestBatchVerifyMultiPoints(t *testing.T) { const benchSize = 1 << 16 func BenchmarkKZGCommit(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) b.ResetTimer() for i := 0; i < b.N; i++ { - _, _ = Commit(p, benchSRS) + _, _ = Commit(p, pk) } } @@ -349,10 +349,8 @@ func BenchmarkDivideByXMinusA(b *testing.B) { } func BenchmarkKZGOpen(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) @@ -361,15 +359,13 @@ func BenchmarkKZGOpen(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - _, _ = Open(p, r, benchSRS) + _, _ = Open(p, r, pk) } } func BenchmarkKZGVerify(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, vk, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // random polynomial p := randomPolynomial(benchSize / 2) @@ -377,28 +373,22 @@ func BenchmarkKZGVerify(b *testing.B) { r.SetRandom() // commit - comm, err := Commit(p, benchSRS) - if err != nil { - b.Fatal(err) - } + comm, err := Commit(p, pk) + assert.NoError(b, err) // open - openingProof, err := Open(p, r, benchSRS) - if err != nil { - b.Fatal(err) - } + openingProof, err := Open(p, r, pk) + assert.NoError(b, err) b.ResetTimer() for i := 0; i < b.N; i++ { - Verify(&comm, &openingProof, r, benchSRS) + Verify(&comm, &openingProof, r, vk) } } func BenchmarkKZGBatchOpen10(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) - if err != nil { - b.Fatal(err) - } + pk, _, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + assert.NoError(b, err) // 10 random polynomials var ps [10][]fr.Element @@ -409,7 +399,7 @@ func BenchmarkKZGBatchOpen10(b *testing.B) { // commitments var commitments [10]Digest for i := 0; i < 10; i++ { - commitments[i], _ = Commit(ps[i], benchSRS) + commitments[i], _ = Commit(ps[i], pk) } // pick a hash function @@ -420,12 +410,12 @@ func BenchmarkKZGBatchOpen10(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - BatchOpenSinglePoint(ps[:], commitments[:], r, hf, benchSRS) + BatchOpenSinglePoint(ps[:], commitments[:], r, hf, pk) } } func BenchmarkKZGBatchVerify10(b *testing.B) { - benchSRS, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) + pk, vk, err := NewSRS(ecc.NextPowerOfTwo(benchSize), new(big.Int).SetInt64(42)) if err != nil { b.Fatal(err) } @@ -439,7 +429,7 @@ func BenchmarkKZGBatchVerify10(b *testing.B) { // commitments var commitments [10]Digest for i := 0; i < 10; i++ { - commitments[i], _ = Commit(ps[i], benchSRS) + commitments[i], _ = Commit(ps[i], pk) } // pick a hash function @@ -448,14 +438,14 @@ func BenchmarkKZGBatchVerify10(b *testing.B) { var r fr.Element r.SetRandom() - proof, err := BatchOpenSinglePoint(ps[:], commitments[:], r, hf, benchSRS) + proof, err := BatchOpenSinglePoint(ps[:], commitments[:], r, hf, pk) if err != nil { b.Fatal(err) } b.ResetTimer() for i := 0; i < b.N; i++ { - BatchVerifySinglePoint(commitments[:], &proof, r, hf, benchSRS) + BatchVerifySinglePoint(commitments[:], &proof, r, hf, vk) } } From 23ad550f69a06eadbae468b9d09772cd4d868d0f Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Fri, 7 Apr 2023 16:30:01 -0500 Subject: [PATCH 06/21] build: generify bn254 kzg changes --- ecc/bls12-377/fr/kzg/kzg_test.go | 10 +++++----- ecc/bls12-378/fr/kzg/kzg_test.go | 10 +++++----- ecc/bls12-381/fr/kzg/kzg_test.go | 10 +++++----- ecc/bls24-315/fr/kzg/kzg_test.go | 10 +++++----- ecc/bls24-317/fr/kzg/kzg_test.go | 10 +++++----- ecc/bn254/fr/kzg/kzg_test.go | 2 +- ecc/bw6-633/fr/kzg/kzg_test.go | 10 +++++----- ecc/bw6-756/fr/kzg/kzg_test.go | 10 +++++----- ecc/bw6-761/fr/kzg/kzg_test.go | 10 +++++----- internal/generator/kzg/template/kzg.test.go.tmpl | 8 ++++---- 10 files changed, 45 insertions(+), 45 deletions(-) diff --git a/ecc/bls12-377/fr/kzg/kzg_test.go b/ecc/bls12-377/fr/kzg/kzg_test.go index 98eec63f9c..fbde4e60a7 100644 --- a/ecc/bls12-377/fr/kzg/kzg_test.go +++ b/ecc/bls12-377/fr/kzg/kzg_test.go @@ -68,7 +68,7 @@ func TestDividePolyByXminusA(t *testing.T) { pol = nil // h reuses this memory if len(h) != 229 { - t.Fatal("inconsistant size of quotient") + t.Fatal("inconsistent size of quotient") } hRandPoint := eval(h, randPoint) @@ -96,8 +96,8 @@ func serializationRoundtrip(o serializable) func(*testing.T) { assert.NoError(t, err) // reconstruct the object - _o := reflect.New(reflect.TypeOf(o).Elem()).Pointer() - //_, err = _o.(serializable).ReadFrom(&buf) + _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) + _, err = _o.(serializable).ReadFrom(&buf) assert.NoError(t, err) // compare @@ -109,8 +109,8 @@ func TestSerializationSRS(t *testing.T) { // create a SRS pk, vk, err := NewSRS(64, new(big.Int).SetInt64(42)) assert.NoError(t, err) - t.Run("proving key serialization roundtrip", serializationRoundtrip(&pk)) - t.Run("verifying key serialization roundtrip", serializationRoundtrip(&vk)) + t.Run("proving key round-trip", serializationRoundtrip(&pk)) + t.Run("verifying key round-trip", serializationRoundtrip(&vk)) } func TestCommit(t *testing.T) { diff --git a/ecc/bls12-378/fr/kzg/kzg_test.go b/ecc/bls12-378/fr/kzg/kzg_test.go index 8a0c68bc12..7aee46985a 100644 --- a/ecc/bls12-378/fr/kzg/kzg_test.go +++ b/ecc/bls12-378/fr/kzg/kzg_test.go @@ -68,7 +68,7 @@ func TestDividePolyByXminusA(t *testing.T) { pol = nil // h reuses this memory if len(h) != 229 { - t.Fatal("inconsistant size of quotient") + t.Fatal("inconsistent size of quotient") } hRandPoint := eval(h, randPoint) @@ -96,8 +96,8 @@ func serializationRoundtrip(o serializable) func(*testing.T) { assert.NoError(t, err) // reconstruct the object - _o := reflect.New(reflect.TypeOf(o).Elem()).Pointer() - //_, err = _o.(serializable).ReadFrom(&buf) + _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) + _, err = _o.(serializable).ReadFrom(&buf) assert.NoError(t, err) // compare @@ -109,8 +109,8 @@ func TestSerializationSRS(t *testing.T) { // create a SRS pk, vk, err := NewSRS(64, new(big.Int).SetInt64(42)) assert.NoError(t, err) - t.Run("proving key serialization roundtrip", serializationRoundtrip(&pk)) - t.Run("verifying key serialization roundtrip", serializationRoundtrip(&vk)) + t.Run("proving key round-trip", serializationRoundtrip(&pk)) + t.Run("verifying key round-trip", serializationRoundtrip(&vk)) } func TestCommit(t *testing.T) { diff --git a/ecc/bls12-381/fr/kzg/kzg_test.go b/ecc/bls12-381/fr/kzg/kzg_test.go index edfd00ad2a..842f89a593 100644 --- a/ecc/bls12-381/fr/kzg/kzg_test.go +++ b/ecc/bls12-381/fr/kzg/kzg_test.go @@ -68,7 +68,7 @@ func TestDividePolyByXminusA(t *testing.T) { pol = nil // h reuses this memory if len(h) != 229 { - t.Fatal("inconsistant size of quotient") + t.Fatal("inconsistent size of quotient") } hRandPoint := eval(h, randPoint) @@ -96,8 +96,8 @@ func serializationRoundtrip(o serializable) func(*testing.T) { assert.NoError(t, err) // reconstruct the object - _o := reflect.New(reflect.TypeOf(o).Elem()).Pointer() - //_, err = _o.(serializable).ReadFrom(&buf) + _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) + _, err = _o.(serializable).ReadFrom(&buf) assert.NoError(t, err) // compare @@ -109,8 +109,8 @@ func TestSerializationSRS(t *testing.T) { // create a SRS pk, vk, err := NewSRS(64, new(big.Int).SetInt64(42)) assert.NoError(t, err) - t.Run("proving key serialization roundtrip", serializationRoundtrip(&pk)) - t.Run("verifying key serialization roundtrip", serializationRoundtrip(&vk)) + t.Run("proving key round-trip", serializationRoundtrip(&pk)) + t.Run("verifying key round-trip", serializationRoundtrip(&vk)) } func TestCommit(t *testing.T) { diff --git a/ecc/bls24-315/fr/kzg/kzg_test.go b/ecc/bls24-315/fr/kzg/kzg_test.go index 9552466b62..92bdb459d5 100644 --- a/ecc/bls24-315/fr/kzg/kzg_test.go +++ b/ecc/bls24-315/fr/kzg/kzg_test.go @@ -68,7 +68,7 @@ func TestDividePolyByXminusA(t *testing.T) { pol = nil // h reuses this memory if len(h) != 229 { - t.Fatal("inconsistant size of quotient") + t.Fatal("inconsistent size of quotient") } hRandPoint := eval(h, randPoint) @@ -96,8 +96,8 @@ func serializationRoundtrip(o serializable) func(*testing.T) { assert.NoError(t, err) // reconstruct the object - _o := reflect.New(reflect.TypeOf(o).Elem()).Pointer() - //_, err = _o.(serializable).ReadFrom(&buf) + _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) + _, err = _o.(serializable).ReadFrom(&buf) assert.NoError(t, err) // compare @@ -109,8 +109,8 @@ func TestSerializationSRS(t *testing.T) { // create a SRS pk, vk, err := NewSRS(64, new(big.Int).SetInt64(42)) assert.NoError(t, err) - t.Run("proving key serialization roundtrip", serializationRoundtrip(&pk)) - t.Run("verifying key serialization roundtrip", serializationRoundtrip(&vk)) + t.Run("proving key round-trip", serializationRoundtrip(&pk)) + t.Run("verifying key round-trip", serializationRoundtrip(&vk)) } func TestCommit(t *testing.T) { diff --git a/ecc/bls24-317/fr/kzg/kzg_test.go b/ecc/bls24-317/fr/kzg/kzg_test.go index 897dbecd23..4b953f68e3 100644 --- a/ecc/bls24-317/fr/kzg/kzg_test.go +++ b/ecc/bls24-317/fr/kzg/kzg_test.go @@ -68,7 +68,7 @@ func TestDividePolyByXminusA(t *testing.T) { pol = nil // h reuses this memory if len(h) != 229 { - t.Fatal("inconsistant size of quotient") + t.Fatal("inconsistent size of quotient") } hRandPoint := eval(h, randPoint) @@ -96,8 +96,8 @@ func serializationRoundtrip(o serializable) func(*testing.T) { assert.NoError(t, err) // reconstruct the object - _o := reflect.New(reflect.TypeOf(o).Elem()).Pointer() - //_, err = _o.(serializable).ReadFrom(&buf) + _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) + _, err = _o.(serializable).ReadFrom(&buf) assert.NoError(t, err) // compare @@ -109,8 +109,8 @@ func TestSerializationSRS(t *testing.T) { // create a SRS pk, vk, err := NewSRS(64, new(big.Int).SetInt64(42)) assert.NoError(t, err) - t.Run("proving key serialization roundtrip", serializationRoundtrip(&pk)) - t.Run("verifying key serialization roundtrip", serializationRoundtrip(&vk)) + t.Run("proving key round-trip", serializationRoundtrip(&pk)) + t.Run("verifying key round-trip", serializationRoundtrip(&vk)) } func TestCommit(t *testing.T) { diff --git a/ecc/bn254/fr/kzg/kzg_test.go b/ecc/bn254/fr/kzg/kzg_test.go index d417a40cc4..5f2d917daa 100644 --- a/ecc/bn254/fr/kzg/kzg_test.go +++ b/ecc/bn254/fr/kzg/kzg_test.go @@ -68,7 +68,7 @@ func TestDividePolyByXminusA(t *testing.T) { pol = nil // h reuses this memory if len(h) != 229 { - t.Fatal("inconsistant size of quotient") + t.Fatal("inconsistent size of quotient") } hRandPoint := eval(h, randPoint) diff --git a/ecc/bw6-633/fr/kzg/kzg_test.go b/ecc/bw6-633/fr/kzg/kzg_test.go index d20049253d..1f4addb703 100644 --- a/ecc/bw6-633/fr/kzg/kzg_test.go +++ b/ecc/bw6-633/fr/kzg/kzg_test.go @@ -68,7 +68,7 @@ func TestDividePolyByXminusA(t *testing.T) { pol = nil // h reuses this memory if len(h) != 229 { - t.Fatal("inconsistant size of quotient") + t.Fatal("inconsistent size of quotient") } hRandPoint := eval(h, randPoint) @@ -96,8 +96,8 @@ func serializationRoundtrip(o serializable) func(*testing.T) { assert.NoError(t, err) // reconstruct the object - _o := reflect.New(reflect.TypeOf(o).Elem()).Pointer() - //_, err = _o.(serializable).ReadFrom(&buf) + _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) + _, err = _o.(serializable).ReadFrom(&buf) assert.NoError(t, err) // compare @@ -109,8 +109,8 @@ func TestSerializationSRS(t *testing.T) { // create a SRS pk, vk, err := NewSRS(64, new(big.Int).SetInt64(42)) assert.NoError(t, err) - t.Run("proving key serialization roundtrip", serializationRoundtrip(&pk)) - t.Run("verifying key serialization roundtrip", serializationRoundtrip(&vk)) + t.Run("proving key round-trip", serializationRoundtrip(&pk)) + t.Run("verifying key round-trip", serializationRoundtrip(&vk)) } func TestCommit(t *testing.T) { diff --git a/ecc/bw6-756/fr/kzg/kzg_test.go b/ecc/bw6-756/fr/kzg/kzg_test.go index 51a2982167..804929326a 100644 --- a/ecc/bw6-756/fr/kzg/kzg_test.go +++ b/ecc/bw6-756/fr/kzg/kzg_test.go @@ -68,7 +68,7 @@ func TestDividePolyByXminusA(t *testing.T) { pol = nil // h reuses this memory if len(h) != 229 { - t.Fatal("inconsistant size of quotient") + t.Fatal("inconsistent size of quotient") } hRandPoint := eval(h, randPoint) @@ -96,8 +96,8 @@ func serializationRoundtrip(o serializable) func(*testing.T) { assert.NoError(t, err) // reconstruct the object - _o := reflect.New(reflect.TypeOf(o).Elem()).Pointer() - //_, err = _o.(serializable).ReadFrom(&buf) + _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) + _, err = _o.(serializable).ReadFrom(&buf) assert.NoError(t, err) // compare @@ -109,8 +109,8 @@ func TestSerializationSRS(t *testing.T) { // create a SRS pk, vk, err := NewSRS(64, new(big.Int).SetInt64(42)) assert.NoError(t, err) - t.Run("proving key serialization roundtrip", serializationRoundtrip(&pk)) - t.Run("verifying key serialization roundtrip", serializationRoundtrip(&vk)) + t.Run("proving key round-trip", serializationRoundtrip(&pk)) + t.Run("verifying key round-trip", serializationRoundtrip(&vk)) } func TestCommit(t *testing.T) { diff --git a/ecc/bw6-761/fr/kzg/kzg_test.go b/ecc/bw6-761/fr/kzg/kzg_test.go index d85c624c6a..b995ff2ef6 100644 --- a/ecc/bw6-761/fr/kzg/kzg_test.go +++ b/ecc/bw6-761/fr/kzg/kzg_test.go @@ -68,7 +68,7 @@ func TestDividePolyByXminusA(t *testing.T) { pol = nil // h reuses this memory if len(h) != 229 { - t.Fatal("inconsistant size of quotient") + t.Fatal("inconsistent size of quotient") } hRandPoint := eval(h, randPoint) @@ -96,8 +96,8 @@ func serializationRoundtrip(o serializable) func(*testing.T) { assert.NoError(t, err) // reconstruct the object - _o := reflect.New(reflect.TypeOf(o).Elem()).Pointer() - //_, err = _o.(serializable).ReadFrom(&buf) + _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) + _, err = _o.(serializable).ReadFrom(&buf) assert.NoError(t, err) // compare @@ -109,8 +109,8 @@ func TestSerializationSRS(t *testing.T) { // create a SRS pk, vk, err := NewSRS(64, new(big.Int).SetInt64(42)) assert.NoError(t, err) - t.Run("proving key serialization roundtrip", serializationRoundtrip(&pk)) - t.Run("verifying key serialization roundtrip", serializationRoundtrip(&vk)) + t.Run("proving key round-trip", serializationRoundtrip(&pk)) + t.Run("verifying key round-trip", serializationRoundtrip(&vk)) } func TestCommit(t *testing.T) { diff --git a/internal/generator/kzg/template/kzg.test.go.tmpl b/internal/generator/kzg/template/kzg.test.go.tmpl index 7fd018ee3b..caacbf76d7 100644 --- a/internal/generator/kzg/template/kzg.test.go.tmpl +++ b/internal/generator/kzg/template/kzg.test.go.tmpl @@ -79,8 +79,8 @@ func serializationRoundtrip(o serializable) func(*testing.T) { assert.NoError(t, err) // reconstruct the object - _o := reflect.New(reflect.TypeOf(o).Elem()).Pointer() - //_, err = _o.(serializable).ReadFrom(&buf) + _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) + _, err = _o.(serializable).ReadFrom(&buf) assert.NoError(t, err) // compare @@ -92,8 +92,8 @@ func TestSerializationSRS(t *testing.T) { // create a SRS pk, vk, err := NewSRS(64, new(big.Int).SetInt64(42)) assert.NoError(t, err) - t.Run("proving key serialization roundtrip", serializationRoundtrip(&pk)) - t.Run("verifying key serialization roundtrip", serializationRoundtrip(&vk)) + t.Run("proving key round-trip", serializationRoundtrip(&pk)) + t.Run("verifying key round-trip", serializationRoundtrip(&vk)) } func TestCommit(t *testing.T) { From 568162a82692e6fdb9fe62966056e29e9a618a62 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Fri, 7 Apr 2023 16:33:26 -0500 Subject: [PATCH 07/21] fix: generation mistake --- ecc/bls12-377/fr/kzg/kzg.go | 2 +- ecc/bls12-378/fr/kzg/kzg.go | 2 +- ecc/bls12-381/fr/kzg/kzg.go | 2 +- ecc/bls24-315/fr/kzg/kzg.go | 2 +- ecc/bls24-317/fr/kzg/kzg.go | 2 +- ecc/bw6-633/fr/kzg/kzg.go | 2 +- ecc/bw6-756/fr/kzg/kzg.go | 2 +- ecc/bw6-761/fr/kzg/kzg.go | 2 +- internal/generator/kzg/template/kzg.go.tmpl | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/ecc/bls12-377/fr/kzg/kzg.go b/ecc/bls12-377/fr/kzg/kzg.go index fe2c874474..a3a5eb0865 100644 --- a/ecc/bls12-377/fr/kzg/kzg.go +++ b/ecc/bls12-377/fr/kzg/kzg.go @@ -48,7 +48,7 @@ type ProvingKey struct { type VerifyingKey struct { G2 [2]bls12377.G2Affine // [G₂, [α]G₂ ] - G1 bn254.G1Affine + G1 bls12377.G1Affine } // eval returns p(point) where p is interpreted as a polynomial diff --git a/ecc/bls12-378/fr/kzg/kzg.go b/ecc/bls12-378/fr/kzg/kzg.go index 7752310c50..d2ad65b0e5 100644 --- a/ecc/bls12-378/fr/kzg/kzg.go +++ b/ecc/bls12-378/fr/kzg/kzg.go @@ -48,7 +48,7 @@ type ProvingKey struct { type VerifyingKey struct { G2 [2]bls12378.G2Affine // [G₂, [α]G₂ ] - G1 bn254.G1Affine + G1 bls12378.G1Affine } // eval returns p(point) where p is interpreted as a polynomial diff --git a/ecc/bls12-381/fr/kzg/kzg.go b/ecc/bls12-381/fr/kzg/kzg.go index 0ec8453135..56b8cea54d 100644 --- a/ecc/bls12-381/fr/kzg/kzg.go +++ b/ecc/bls12-381/fr/kzg/kzg.go @@ -48,7 +48,7 @@ type ProvingKey struct { type VerifyingKey struct { G2 [2]bls12381.G2Affine // [G₂, [α]G₂ ] - G1 bn254.G1Affine + G1 bls12381.G1Affine } // eval returns p(point) where p is interpreted as a polynomial diff --git a/ecc/bls24-315/fr/kzg/kzg.go b/ecc/bls24-315/fr/kzg/kzg.go index 0aac37afed..c434342a11 100644 --- a/ecc/bls24-315/fr/kzg/kzg.go +++ b/ecc/bls24-315/fr/kzg/kzg.go @@ -48,7 +48,7 @@ type ProvingKey struct { type VerifyingKey struct { G2 [2]bls24315.G2Affine // [G₂, [α]G₂ ] - G1 bn254.G1Affine + G1 bls24315.G1Affine } // eval returns p(point) where p is interpreted as a polynomial diff --git a/ecc/bls24-317/fr/kzg/kzg.go b/ecc/bls24-317/fr/kzg/kzg.go index 299ce0ccda..e9636ea929 100644 --- a/ecc/bls24-317/fr/kzg/kzg.go +++ b/ecc/bls24-317/fr/kzg/kzg.go @@ -48,7 +48,7 @@ type ProvingKey struct { type VerifyingKey struct { G2 [2]bls24317.G2Affine // [G₂, [α]G₂ ] - G1 bn254.G1Affine + G1 bls24317.G1Affine } // eval returns p(point) where p is interpreted as a polynomial diff --git a/ecc/bw6-633/fr/kzg/kzg.go b/ecc/bw6-633/fr/kzg/kzg.go index b0740b53ec..01b998b08d 100644 --- a/ecc/bw6-633/fr/kzg/kzg.go +++ b/ecc/bw6-633/fr/kzg/kzg.go @@ -48,7 +48,7 @@ type ProvingKey struct { type VerifyingKey struct { G2 [2]bw6633.G2Affine // [G₂, [α]G₂ ] - G1 bn254.G1Affine + G1 bw6633.G1Affine } // eval returns p(point) where p is interpreted as a polynomial diff --git a/ecc/bw6-756/fr/kzg/kzg.go b/ecc/bw6-756/fr/kzg/kzg.go index 72bfaa3a47..9c1a4273a1 100644 --- a/ecc/bw6-756/fr/kzg/kzg.go +++ b/ecc/bw6-756/fr/kzg/kzg.go @@ -48,7 +48,7 @@ type ProvingKey struct { type VerifyingKey struct { G2 [2]bw6756.G2Affine // [G₂, [α]G₂ ] - G1 bn254.G1Affine + G1 bw6756.G1Affine } // eval returns p(point) where p is interpreted as a polynomial diff --git a/ecc/bw6-761/fr/kzg/kzg.go b/ecc/bw6-761/fr/kzg/kzg.go index c63361686c..58c75a8392 100644 --- a/ecc/bw6-761/fr/kzg/kzg.go +++ b/ecc/bw6-761/fr/kzg/kzg.go @@ -48,7 +48,7 @@ type ProvingKey struct { type VerifyingKey struct { G2 [2]bw6761.G2Affine // [G₂, [α]G₂ ] - G1 bn254.G1Affine + G1 bw6761.G1Affine } // eval returns p(point) where p is interpreted as a polynomial diff --git a/internal/generator/kzg/template/kzg.go.tmpl b/internal/generator/kzg/template/kzg.go.tmpl index f4d6d69c3f..37b647999d 100644 --- a/internal/generator/kzg/template/kzg.go.tmpl +++ b/internal/generator/kzg/template/kzg.go.tmpl @@ -30,7 +30,7 @@ type ProvingKey struct { type VerifyingKey struct { G2 [2]{{ .CurvePackage }}.G2Affine // [G₂, [α]G₂ ] - G1 bn254.G1Affine + G1 {{ .CurvePackage }}.G1Affine } // eval returns p(point) where p is interpreted as a polynomial From 85d04b382141f4fef1182ccd4772543c5a4139a1 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Fri, 7 Apr 2023 16:40:41 -0500 Subject: [PATCH 08/21] refactor: reflect kzg changes in permutation --- ecc/bls12-377/fr/kzg/kzg_test.go | 2 +- ecc/bls12-377/fr/permutation/permutation.go | 20 +++++++++---------- .../fr/permutation/permutation_test.go | 20 +++++++++---------- ecc/bls12-378/fr/kzg/kzg_test.go | 2 +- ecc/bls12-378/fr/permutation/permutation.go | 20 +++++++++---------- .../fr/permutation/permutation_test.go | 20 +++++++++---------- ecc/bls12-381/fr/kzg/kzg_test.go | 2 +- ecc/bls12-381/fr/permutation/permutation.go | 20 +++++++++---------- .../fr/permutation/permutation_test.go | 20 +++++++++---------- ecc/bls24-315/fr/kzg/kzg_test.go | 2 +- ecc/bls24-315/fr/permutation/permutation.go | 20 +++++++++---------- .../fr/permutation/permutation_test.go | 20 +++++++++---------- ecc/bls24-317/fr/kzg/kzg_test.go | 2 +- ecc/bls24-317/fr/permutation/permutation.go | 20 +++++++++---------- .../fr/permutation/permutation_test.go | 20 +++++++++---------- ecc/bn254/fr/kzg/kzg_test.go | 2 +- ecc/bn254/fr/permutation/permutation.go | 20 +++++++++---------- ecc/bn254/fr/permutation/permutation_test.go | 20 +++++++++---------- ecc/bw6-633/fr/kzg/kzg_test.go | 2 +- ecc/bw6-633/fr/permutation/permutation.go | 20 +++++++++---------- .../fr/permutation/permutation_test.go | 20 +++++++++---------- ecc/bw6-756/fr/kzg/kzg_test.go | 2 +- ecc/bw6-756/fr/permutation/permutation.go | 20 +++++++++---------- .../fr/permutation/permutation_test.go | 20 +++++++++---------- ecc/bw6-761/fr/kzg/kzg_test.go | 2 +- ecc/bw6-761/fr/permutation/permutation.go | 20 +++++++++---------- .../fr/permutation/permutation_test.go | 20 +++++++++---------- .../generator/kzg/template/kzg.test.go.tmpl | 2 +- .../permutation/template/permutation.go.tmpl | 20 +++++++++---------- .../template/permutation.test.go.tmpl | 20 +++++++++---------- 30 files changed, 210 insertions(+), 210 deletions(-) diff --git a/ecc/bls12-377/fr/kzg/kzg_test.go b/ecc/bls12-377/fr/kzg/kzg_test.go index fbde4e60a7..c13da2a3ea 100644 --- a/ecc/bls12-377/fr/kzg/kzg_test.go +++ b/ecc/bls12-377/fr/kzg/kzg_test.go @@ -97,7 +97,7 @@ func serializationRoundtrip(o serializable) func(*testing.T) { // reconstruct the object _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) - _, err = _o.(serializable).ReadFrom(&buf) + _, err = _o.ReadFrom(&buf) assert.NoError(t, err) // compare diff --git a/ecc/bls12-377/fr/permutation/permutation.go b/ecc/bls12-377/fr/permutation/permutation.go index 7031fd3b50..b2168ce470 100644 --- a/ecc/bls12-377/fr/permutation/permutation.go +++ b/ecc/bls12-377/fr/permutation/permutation.go @@ -132,7 +132,7 @@ func evaluateSecondPartNumReverse(lz []fr.Element, d *fft.Domain) []fr.Element { // Prove generates a proof that t1 and t2 are the same but permuted. // The size of t1 and t2 should be the same and a power of 2. -func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { +func Prove(pk kzg.ProvingKey, t1, t2 []fr.Element) (Proof, error) { // res var proof Proof @@ -167,11 +167,11 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { d.FFTInverse(ct2, fft.DIF) fft.BitReverse(ct1) fft.BitReverse(ct2) - proof.t1, err = kzg.Commit(ct1, srs) + proof.t1, err = kzg.Commit(ct1, pk) if err != nil { return proof, err } - proof.t2, err = kzg.Commit(ct2, srs) + proof.t2, err = kzg.Commit(ct2, pk) if err != nil { return proof, err } @@ -185,7 +185,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { // compute Z and commit it cz := evaluateAccumulationPolynomialBitReversed(t1, t2, epsilon) d.FFTInverse(cz, fft.DIT) - proof.z, err = kzg.Commit(cz, srs) + proof.z, err = kzg.Commit(cz, pk) if err != nil { return proof, err } @@ -223,7 +223,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { // get the quotient and commit it d.FFTInverse(lsNum, fft.DIT, fft.OnCoset()) - proof.q, err = kzg.Commit(lsNum, srs) + proof.q, err = kzg.Commit(lsNum, pk) if err != nil { return proof, err } @@ -250,7 +250,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { }, eta, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -261,7 +261,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { proof.shiftedProof, err = kzg.Open( cz, shiftedEta, - srs, + pk, ) if err != nil { return proof, err @@ -273,7 +273,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { } // Verify verifies a permutation proof. -func Verify(srs *kzg.SRS, proof Proof) error { +func Verify(vk kzg.VerifyingKey, proof Proof) error { // hash function that is used for Fiat Shamir hFunc := sha256.New() @@ -330,7 +330,7 @@ func Verify(srs *kzg.SRS, proof Proof) error { &proof.batchedProof, eta, hFunc, - srs, + vk, ) if err != nil { return err @@ -338,7 +338,7 @@ func Verify(srs *kzg.SRS, proof Proof) error { var shiftedEta fr.Element shiftedEta.Mul(&eta, &proof.g) - err = kzg.Verify(&proof.z, &proof.shiftedProof, shiftedEta, srs) + err = kzg.Verify(&proof.z, &proof.shiftedProof, shiftedEta, vk) if err != nil { return err } diff --git a/ecc/bls12-377/fr/permutation/permutation_test.go b/ecc/bls12-377/fr/permutation/permutation_test.go index 01d0934450..2254ab0ecd 100644 --- a/ecc/bls12-377/fr/permutation/permutation_test.go +++ b/ecc/bls12-377/fr/permutation/permutation_test.go @@ -20,16 +20,16 @@ import ( "math/big" "testing" + "github.com/stretchr/testify/assert" + "github.com/consensys/gnark-crypto/ecc/bls12-377/fr" "github.com/consensys/gnark-crypto/ecc/bls12-377/fr/kzg" ) func TestProof(t *testing.T) { - srs, err := kzg.NewSRS(64, big.NewInt(13)) - if err != nil { - t.Fatal(err) - } + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + assert.NoError(t, err) a := make([]fr.Element, 8) b := make([]fr.Element, 8) @@ -43,12 +43,12 @@ func TestProof(t *testing.T) { // correct proof { - proof, err := Prove(srs, a, b) + proof, err := Prove(pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(srs, proof) + err = Verify(vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestProof(t *testing.T) { // wrong proof { a[0].SetRandom() - proof, err := Prove(srs, a, b) + proof, err := Prove(pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(srs, proof) + err = Verify(vk, proof) if err == nil { t.Fatal(err) } @@ -75,7 +75,7 @@ func BenchmarkProver(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - srs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make([]fr.Element, polySize) c := make([]fr.Element, polySize) @@ -88,7 +88,7 @@ func BenchmarkProver(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - Prove(srs, a, c) + Prove(pk, a, c) } } diff --git a/ecc/bls12-378/fr/kzg/kzg_test.go b/ecc/bls12-378/fr/kzg/kzg_test.go index 7aee46985a..42bcdf0e92 100644 --- a/ecc/bls12-378/fr/kzg/kzg_test.go +++ b/ecc/bls12-378/fr/kzg/kzg_test.go @@ -97,7 +97,7 @@ func serializationRoundtrip(o serializable) func(*testing.T) { // reconstruct the object _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) - _, err = _o.(serializable).ReadFrom(&buf) + _, err = _o.ReadFrom(&buf) assert.NoError(t, err) // compare diff --git a/ecc/bls12-378/fr/permutation/permutation.go b/ecc/bls12-378/fr/permutation/permutation.go index 59eab17b37..e10836ec0d 100644 --- a/ecc/bls12-378/fr/permutation/permutation.go +++ b/ecc/bls12-378/fr/permutation/permutation.go @@ -132,7 +132,7 @@ func evaluateSecondPartNumReverse(lz []fr.Element, d *fft.Domain) []fr.Element { // Prove generates a proof that t1 and t2 are the same but permuted. // The size of t1 and t2 should be the same and a power of 2. -func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { +func Prove(pk kzg.ProvingKey, t1, t2 []fr.Element) (Proof, error) { // res var proof Proof @@ -167,11 +167,11 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { d.FFTInverse(ct2, fft.DIF) fft.BitReverse(ct1) fft.BitReverse(ct2) - proof.t1, err = kzg.Commit(ct1, srs) + proof.t1, err = kzg.Commit(ct1, pk) if err != nil { return proof, err } - proof.t2, err = kzg.Commit(ct2, srs) + proof.t2, err = kzg.Commit(ct2, pk) if err != nil { return proof, err } @@ -185,7 +185,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { // compute Z and commit it cz := evaluateAccumulationPolynomialBitReversed(t1, t2, epsilon) d.FFTInverse(cz, fft.DIT) - proof.z, err = kzg.Commit(cz, srs) + proof.z, err = kzg.Commit(cz, pk) if err != nil { return proof, err } @@ -223,7 +223,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { // get the quotient and commit it d.FFTInverse(lsNum, fft.DIT, fft.OnCoset()) - proof.q, err = kzg.Commit(lsNum, srs) + proof.q, err = kzg.Commit(lsNum, pk) if err != nil { return proof, err } @@ -250,7 +250,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { }, eta, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -261,7 +261,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { proof.shiftedProof, err = kzg.Open( cz, shiftedEta, - srs, + pk, ) if err != nil { return proof, err @@ -273,7 +273,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { } // Verify verifies a permutation proof. -func Verify(srs *kzg.SRS, proof Proof) error { +func Verify(vk kzg.VerifyingKey, proof Proof) error { // hash function that is used for Fiat Shamir hFunc := sha256.New() @@ -330,7 +330,7 @@ func Verify(srs *kzg.SRS, proof Proof) error { &proof.batchedProof, eta, hFunc, - srs, + vk, ) if err != nil { return err @@ -338,7 +338,7 @@ func Verify(srs *kzg.SRS, proof Proof) error { var shiftedEta fr.Element shiftedEta.Mul(&eta, &proof.g) - err = kzg.Verify(&proof.z, &proof.shiftedProof, shiftedEta, srs) + err = kzg.Verify(&proof.z, &proof.shiftedProof, shiftedEta, vk) if err != nil { return err } diff --git a/ecc/bls12-378/fr/permutation/permutation_test.go b/ecc/bls12-378/fr/permutation/permutation_test.go index 9519e05b87..87e762b708 100644 --- a/ecc/bls12-378/fr/permutation/permutation_test.go +++ b/ecc/bls12-378/fr/permutation/permutation_test.go @@ -20,16 +20,16 @@ import ( "math/big" "testing" + "github.com/stretchr/testify/assert" + "github.com/consensys/gnark-crypto/ecc/bls12-378/fr" "github.com/consensys/gnark-crypto/ecc/bls12-378/fr/kzg" ) func TestProof(t *testing.T) { - srs, err := kzg.NewSRS(64, big.NewInt(13)) - if err != nil { - t.Fatal(err) - } + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + assert.NoError(t, err) a := make([]fr.Element, 8) b := make([]fr.Element, 8) @@ -43,12 +43,12 @@ func TestProof(t *testing.T) { // correct proof { - proof, err := Prove(srs, a, b) + proof, err := Prove(pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(srs, proof) + err = Verify(vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestProof(t *testing.T) { // wrong proof { a[0].SetRandom() - proof, err := Prove(srs, a, b) + proof, err := Prove(pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(srs, proof) + err = Verify(vk, proof) if err == nil { t.Fatal(err) } @@ -75,7 +75,7 @@ func BenchmarkProver(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - srs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make([]fr.Element, polySize) c := make([]fr.Element, polySize) @@ -88,7 +88,7 @@ func BenchmarkProver(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - Prove(srs, a, c) + Prove(pk, a, c) } } diff --git a/ecc/bls12-381/fr/kzg/kzg_test.go b/ecc/bls12-381/fr/kzg/kzg_test.go index 842f89a593..cca94df87e 100644 --- a/ecc/bls12-381/fr/kzg/kzg_test.go +++ b/ecc/bls12-381/fr/kzg/kzg_test.go @@ -97,7 +97,7 @@ func serializationRoundtrip(o serializable) func(*testing.T) { // reconstruct the object _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) - _, err = _o.(serializable).ReadFrom(&buf) + _, err = _o.ReadFrom(&buf) assert.NoError(t, err) // compare diff --git a/ecc/bls12-381/fr/permutation/permutation.go b/ecc/bls12-381/fr/permutation/permutation.go index 996b48d040..79ac12e44b 100644 --- a/ecc/bls12-381/fr/permutation/permutation.go +++ b/ecc/bls12-381/fr/permutation/permutation.go @@ -132,7 +132,7 @@ func evaluateSecondPartNumReverse(lz []fr.Element, d *fft.Domain) []fr.Element { // Prove generates a proof that t1 and t2 are the same but permuted. // The size of t1 and t2 should be the same and a power of 2. -func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { +func Prove(pk kzg.ProvingKey, t1, t2 []fr.Element) (Proof, error) { // res var proof Proof @@ -167,11 +167,11 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { d.FFTInverse(ct2, fft.DIF) fft.BitReverse(ct1) fft.BitReverse(ct2) - proof.t1, err = kzg.Commit(ct1, srs) + proof.t1, err = kzg.Commit(ct1, pk) if err != nil { return proof, err } - proof.t2, err = kzg.Commit(ct2, srs) + proof.t2, err = kzg.Commit(ct2, pk) if err != nil { return proof, err } @@ -185,7 +185,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { // compute Z and commit it cz := evaluateAccumulationPolynomialBitReversed(t1, t2, epsilon) d.FFTInverse(cz, fft.DIT) - proof.z, err = kzg.Commit(cz, srs) + proof.z, err = kzg.Commit(cz, pk) if err != nil { return proof, err } @@ -223,7 +223,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { // get the quotient and commit it d.FFTInverse(lsNum, fft.DIT, fft.OnCoset()) - proof.q, err = kzg.Commit(lsNum, srs) + proof.q, err = kzg.Commit(lsNum, pk) if err != nil { return proof, err } @@ -250,7 +250,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { }, eta, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -261,7 +261,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { proof.shiftedProof, err = kzg.Open( cz, shiftedEta, - srs, + pk, ) if err != nil { return proof, err @@ -273,7 +273,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { } // Verify verifies a permutation proof. -func Verify(srs *kzg.SRS, proof Proof) error { +func Verify(vk kzg.VerifyingKey, proof Proof) error { // hash function that is used for Fiat Shamir hFunc := sha256.New() @@ -330,7 +330,7 @@ func Verify(srs *kzg.SRS, proof Proof) error { &proof.batchedProof, eta, hFunc, - srs, + vk, ) if err != nil { return err @@ -338,7 +338,7 @@ func Verify(srs *kzg.SRS, proof Proof) error { var shiftedEta fr.Element shiftedEta.Mul(&eta, &proof.g) - err = kzg.Verify(&proof.z, &proof.shiftedProof, shiftedEta, srs) + err = kzg.Verify(&proof.z, &proof.shiftedProof, shiftedEta, vk) if err != nil { return err } diff --git a/ecc/bls12-381/fr/permutation/permutation_test.go b/ecc/bls12-381/fr/permutation/permutation_test.go index e706653d4d..2796368bc6 100644 --- a/ecc/bls12-381/fr/permutation/permutation_test.go +++ b/ecc/bls12-381/fr/permutation/permutation_test.go @@ -20,16 +20,16 @@ import ( "math/big" "testing" + "github.com/stretchr/testify/assert" + "github.com/consensys/gnark-crypto/ecc/bls12-381/fr" "github.com/consensys/gnark-crypto/ecc/bls12-381/fr/kzg" ) func TestProof(t *testing.T) { - srs, err := kzg.NewSRS(64, big.NewInt(13)) - if err != nil { - t.Fatal(err) - } + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + assert.NoError(t, err) a := make([]fr.Element, 8) b := make([]fr.Element, 8) @@ -43,12 +43,12 @@ func TestProof(t *testing.T) { // correct proof { - proof, err := Prove(srs, a, b) + proof, err := Prove(pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(srs, proof) + err = Verify(vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestProof(t *testing.T) { // wrong proof { a[0].SetRandom() - proof, err := Prove(srs, a, b) + proof, err := Prove(pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(srs, proof) + err = Verify(vk, proof) if err == nil { t.Fatal(err) } @@ -75,7 +75,7 @@ func BenchmarkProver(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - srs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make([]fr.Element, polySize) c := make([]fr.Element, polySize) @@ -88,7 +88,7 @@ func BenchmarkProver(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - Prove(srs, a, c) + Prove(pk, a, c) } } diff --git a/ecc/bls24-315/fr/kzg/kzg_test.go b/ecc/bls24-315/fr/kzg/kzg_test.go index 92bdb459d5..1bed082ba6 100644 --- a/ecc/bls24-315/fr/kzg/kzg_test.go +++ b/ecc/bls24-315/fr/kzg/kzg_test.go @@ -97,7 +97,7 @@ func serializationRoundtrip(o serializable) func(*testing.T) { // reconstruct the object _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) - _, err = _o.(serializable).ReadFrom(&buf) + _, err = _o.ReadFrom(&buf) assert.NoError(t, err) // compare diff --git a/ecc/bls24-315/fr/permutation/permutation.go b/ecc/bls24-315/fr/permutation/permutation.go index e7612e717d..15ba2ecc36 100644 --- a/ecc/bls24-315/fr/permutation/permutation.go +++ b/ecc/bls24-315/fr/permutation/permutation.go @@ -132,7 +132,7 @@ func evaluateSecondPartNumReverse(lz []fr.Element, d *fft.Domain) []fr.Element { // Prove generates a proof that t1 and t2 are the same but permuted. // The size of t1 and t2 should be the same and a power of 2. -func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { +func Prove(pk kzg.ProvingKey, t1, t2 []fr.Element) (Proof, error) { // res var proof Proof @@ -167,11 +167,11 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { d.FFTInverse(ct2, fft.DIF) fft.BitReverse(ct1) fft.BitReverse(ct2) - proof.t1, err = kzg.Commit(ct1, srs) + proof.t1, err = kzg.Commit(ct1, pk) if err != nil { return proof, err } - proof.t2, err = kzg.Commit(ct2, srs) + proof.t2, err = kzg.Commit(ct2, pk) if err != nil { return proof, err } @@ -185,7 +185,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { // compute Z and commit it cz := evaluateAccumulationPolynomialBitReversed(t1, t2, epsilon) d.FFTInverse(cz, fft.DIT) - proof.z, err = kzg.Commit(cz, srs) + proof.z, err = kzg.Commit(cz, pk) if err != nil { return proof, err } @@ -223,7 +223,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { // get the quotient and commit it d.FFTInverse(lsNum, fft.DIT, fft.OnCoset()) - proof.q, err = kzg.Commit(lsNum, srs) + proof.q, err = kzg.Commit(lsNum, pk) if err != nil { return proof, err } @@ -250,7 +250,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { }, eta, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -261,7 +261,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { proof.shiftedProof, err = kzg.Open( cz, shiftedEta, - srs, + pk, ) if err != nil { return proof, err @@ -273,7 +273,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { } // Verify verifies a permutation proof. -func Verify(srs *kzg.SRS, proof Proof) error { +func Verify(vk kzg.VerifyingKey, proof Proof) error { // hash function that is used for Fiat Shamir hFunc := sha256.New() @@ -330,7 +330,7 @@ func Verify(srs *kzg.SRS, proof Proof) error { &proof.batchedProof, eta, hFunc, - srs, + vk, ) if err != nil { return err @@ -338,7 +338,7 @@ func Verify(srs *kzg.SRS, proof Proof) error { var shiftedEta fr.Element shiftedEta.Mul(&eta, &proof.g) - err = kzg.Verify(&proof.z, &proof.shiftedProof, shiftedEta, srs) + err = kzg.Verify(&proof.z, &proof.shiftedProof, shiftedEta, vk) if err != nil { return err } diff --git a/ecc/bls24-315/fr/permutation/permutation_test.go b/ecc/bls24-315/fr/permutation/permutation_test.go index 5997348fac..31ea4b98c7 100644 --- a/ecc/bls24-315/fr/permutation/permutation_test.go +++ b/ecc/bls24-315/fr/permutation/permutation_test.go @@ -20,16 +20,16 @@ import ( "math/big" "testing" + "github.com/stretchr/testify/assert" + "github.com/consensys/gnark-crypto/ecc/bls24-315/fr" "github.com/consensys/gnark-crypto/ecc/bls24-315/fr/kzg" ) func TestProof(t *testing.T) { - srs, err := kzg.NewSRS(64, big.NewInt(13)) - if err != nil { - t.Fatal(err) - } + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + assert.NoError(t, err) a := make([]fr.Element, 8) b := make([]fr.Element, 8) @@ -43,12 +43,12 @@ func TestProof(t *testing.T) { // correct proof { - proof, err := Prove(srs, a, b) + proof, err := Prove(pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(srs, proof) + err = Verify(vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestProof(t *testing.T) { // wrong proof { a[0].SetRandom() - proof, err := Prove(srs, a, b) + proof, err := Prove(pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(srs, proof) + err = Verify(vk, proof) if err == nil { t.Fatal(err) } @@ -75,7 +75,7 @@ func BenchmarkProver(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - srs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make([]fr.Element, polySize) c := make([]fr.Element, polySize) @@ -88,7 +88,7 @@ func BenchmarkProver(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - Prove(srs, a, c) + Prove(pk, a, c) } } diff --git a/ecc/bls24-317/fr/kzg/kzg_test.go b/ecc/bls24-317/fr/kzg/kzg_test.go index 4b953f68e3..f498e7a4cd 100644 --- a/ecc/bls24-317/fr/kzg/kzg_test.go +++ b/ecc/bls24-317/fr/kzg/kzg_test.go @@ -97,7 +97,7 @@ func serializationRoundtrip(o serializable) func(*testing.T) { // reconstruct the object _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) - _, err = _o.(serializable).ReadFrom(&buf) + _, err = _o.ReadFrom(&buf) assert.NoError(t, err) // compare diff --git a/ecc/bls24-317/fr/permutation/permutation.go b/ecc/bls24-317/fr/permutation/permutation.go index 7dab3039f7..bf5254c911 100644 --- a/ecc/bls24-317/fr/permutation/permutation.go +++ b/ecc/bls24-317/fr/permutation/permutation.go @@ -132,7 +132,7 @@ func evaluateSecondPartNumReverse(lz []fr.Element, d *fft.Domain) []fr.Element { // Prove generates a proof that t1 and t2 are the same but permuted. // The size of t1 and t2 should be the same and a power of 2. -func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { +func Prove(pk kzg.ProvingKey, t1, t2 []fr.Element) (Proof, error) { // res var proof Proof @@ -167,11 +167,11 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { d.FFTInverse(ct2, fft.DIF) fft.BitReverse(ct1) fft.BitReverse(ct2) - proof.t1, err = kzg.Commit(ct1, srs) + proof.t1, err = kzg.Commit(ct1, pk) if err != nil { return proof, err } - proof.t2, err = kzg.Commit(ct2, srs) + proof.t2, err = kzg.Commit(ct2, pk) if err != nil { return proof, err } @@ -185,7 +185,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { // compute Z and commit it cz := evaluateAccumulationPolynomialBitReversed(t1, t2, epsilon) d.FFTInverse(cz, fft.DIT) - proof.z, err = kzg.Commit(cz, srs) + proof.z, err = kzg.Commit(cz, pk) if err != nil { return proof, err } @@ -223,7 +223,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { // get the quotient and commit it d.FFTInverse(lsNum, fft.DIT, fft.OnCoset()) - proof.q, err = kzg.Commit(lsNum, srs) + proof.q, err = kzg.Commit(lsNum, pk) if err != nil { return proof, err } @@ -250,7 +250,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { }, eta, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -261,7 +261,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { proof.shiftedProof, err = kzg.Open( cz, shiftedEta, - srs, + pk, ) if err != nil { return proof, err @@ -273,7 +273,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { } // Verify verifies a permutation proof. -func Verify(srs *kzg.SRS, proof Proof) error { +func Verify(vk kzg.VerifyingKey, proof Proof) error { // hash function that is used for Fiat Shamir hFunc := sha256.New() @@ -330,7 +330,7 @@ func Verify(srs *kzg.SRS, proof Proof) error { &proof.batchedProof, eta, hFunc, - srs, + vk, ) if err != nil { return err @@ -338,7 +338,7 @@ func Verify(srs *kzg.SRS, proof Proof) error { var shiftedEta fr.Element shiftedEta.Mul(&eta, &proof.g) - err = kzg.Verify(&proof.z, &proof.shiftedProof, shiftedEta, srs) + err = kzg.Verify(&proof.z, &proof.shiftedProof, shiftedEta, vk) if err != nil { return err } diff --git a/ecc/bls24-317/fr/permutation/permutation_test.go b/ecc/bls24-317/fr/permutation/permutation_test.go index 31311c3f95..6b688c4d1f 100644 --- a/ecc/bls24-317/fr/permutation/permutation_test.go +++ b/ecc/bls24-317/fr/permutation/permutation_test.go @@ -20,16 +20,16 @@ import ( "math/big" "testing" + "github.com/stretchr/testify/assert" + "github.com/consensys/gnark-crypto/ecc/bls24-317/fr" "github.com/consensys/gnark-crypto/ecc/bls24-317/fr/kzg" ) func TestProof(t *testing.T) { - srs, err := kzg.NewSRS(64, big.NewInt(13)) - if err != nil { - t.Fatal(err) - } + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + assert.NoError(t, err) a := make([]fr.Element, 8) b := make([]fr.Element, 8) @@ -43,12 +43,12 @@ func TestProof(t *testing.T) { // correct proof { - proof, err := Prove(srs, a, b) + proof, err := Prove(pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(srs, proof) + err = Verify(vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestProof(t *testing.T) { // wrong proof { a[0].SetRandom() - proof, err := Prove(srs, a, b) + proof, err := Prove(pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(srs, proof) + err = Verify(vk, proof) if err == nil { t.Fatal(err) } @@ -75,7 +75,7 @@ func BenchmarkProver(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - srs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make([]fr.Element, polySize) c := make([]fr.Element, polySize) @@ -88,7 +88,7 @@ func BenchmarkProver(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - Prove(srs, a, c) + Prove(pk, a, c) } } diff --git a/ecc/bn254/fr/kzg/kzg_test.go b/ecc/bn254/fr/kzg/kzg_test.go index 5f2d917daa..f19a9eb9a4 100644 --- a/ecc/bn254/fr/kzg/kzg_test.go +++ b/ecc/bn254/fr/kzg/kzg_test.go @@ -97,7 +97,7 @@ func serializationRoundtrip(o serializable) func(*testing.T) { // reconstruct the object _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) - _, err = _o.(serializable).ReadFrom(&buf) + _, err = _o.ReadFrom(&buf) assert.NoError(t, err) // compare diff --git a/ecc/bn254/fr/permutation/permutation.go b/ecc/bn254/fr/permutation/permutation.go index c5f96ea8e5..37a42f524a 100644 --- a/ecc/bn254/fr/permutation/permutation.go +++ b/ecc/bn254/fr/permutation/permutation.go @@ -132,7 +132,7 @@ func evaluateSecondPartNumReverse(lz []fr.Element, d *fft.Domain) []fr.Element { // Prove generates a proof that t1 and t2 are the same but permuted. // The size of t1 and t2 should be the same and a power of 2. -func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { +func Prove(pk kzg.ProvingKey, t1, t2 []fr.Element) (Proof, error) { // res var proof Proof @@ -167,11 +167,11 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { d.FFTInverse(ct2, fft.DIF) fft.BitReverse(ct1) fft.BitReverse(ct2) - proof.t1, err = kzg.Commit(ct1, srs) + proof.t1, err = kzg.Commit(ct1, pk) if err != nil { return proof, err } - proof.t2, err = kzg.Commit(ct2, srs) + proof.t2, err = kzg.Commit(ct2, pk) if err != nil { return proof, err } @@ -185,7 +185,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { // compute Z and commit it cz := evaluateAccumulationPolynomialBitReversed(t1, t2, epsilon) d.FFTInverse(cz, fft.DIT) - proof.z, err = kzg.Commit(cz, srs) + proof.z, err = kzg.Commit(cz, pk) if err != nil { return proof, err } @@ -223,7 +223,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { // get the quotient and commit it d.FFTInverse(lsNum, fft.DIT, fft.OnCoset()) - proof.q, err = kzg.Commit(lsNum, srs) + proof.q, err = kzg.Commit(lsNum, pk) if err != nil { return proof, err } @@ -250,7 +250,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { }, eta, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -261,7 +261,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { proof.shiftedProof, err = kzg.Open( cz, shiftedEta, - srs, + pk, ) if err != nil { return proof, err @@ -273,7 +273,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { } // Verify verifies a permutation proof. -func Verify(srs *kzg.SRS, proof Proof) error { +func Verify(vk kzg.VerifyingKey, proof Proof) error { // hash function that is used for Fiat Shamir hFunc := sha256.New() @@ -330,7 +330,7 @@ func Verify(srs *kzg.SRS, proof Proof) error { &proof.batchedProof, eta, hFunc, - srs, + vk, ) if err != nil { return err @@ -338,7 +338,7 @@ func Verify(srs *kzg.SRS, proof Proof) error { var shiftedEta fr.Element shiftedEta.Mul(&eta, &proof.g) - err = kzg.Verify(&proof.z, &proof.shiftedProof, shiftedEta, srs) + err = kzg.Verify(&proof.z, &proof.shiftedProof, shiftedEta, vk) if err != nil { return err } diff --git a/ecc/bn254/fr/permutation/permutation_test.go b/ecc/bn254/fr/permutation/permutation_test.go index 00699fa6c9..4c773f97fc 100644 --- a/ecc/bn254/fr/permutation/permutation_test.go +++ b/ecc/bn254/fr/permutation/permutation_test.go @@ -20,16 +20,16 @@ import ( "math/big" "testing" + "github.com/stretchr/testify/assert" + "github.com/consensys/gnark-crypto/ecc/bn254/fr" "github.com/consensys/gnark-crypto/ecc/bn254/fr/kzg" ) func TestProof(t *testing.T) { - srs, err := kzg.NewSRS(64, big.NewInt(13)) - if err != nil { - t.Fatal(err) - } + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + assert.NoError(t, err) a := make([]fr.Element, 8) b := make([]fr.Element, 8) @@ -43,12 +43,12 @@ func TestProof(t *testing.T) { // correct proof { - proof, err := Prove(srs, a, b) + proof, err := Prove(pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(srs, proof) + err = Verify(vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestProof(t *testing.T) { // wrong proof { a[0].SetRandom() - proof, err := Prove(srs, a, b) + proof, err := Prove(pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(srs, proof) + err = Verify(vk, proof) if err == nil { t.Fatal(err) } @@ -75,7 +75,7 @@ func BenchmarkProver(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - srs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make([]fr.Element, polySize) c := make([]fr.Element, polySize) @@ -88,7 +88,7 @@ func BenchmarkProver(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - Prove(srs, a, c) + Prove(pk, a, c) } } diff --git a/ecc/bw6-633/fr/kzg/kzg_test.go b/ecc/bw6-633/fr/kzg/kzg_test.go index 1f4addb703..8e3a0a9fc9 100644 --- a/ecc/bw6-633/fr/kzg/kzg_test.go +++ b/ecc/bw6-633/fr/kzg/kzg_test.go @@ -97,7 +97,7 @@ func serializationRoundtrip(o serializable) func(*testing.T) { // reconstruct the object _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) - _, err = _o.(serializable).ReadFrom(&buf) + _, err = _o.ReadFrom(&buf) assert.NoError(t, err) // compare diff --git a/ecc/bw6-633/fr/permutation/permutation.go b/ecc/bw6-633/fr/permutation/permutation.go index 98f772f083..5dcde62503 100644 --- a/ecc/bw6-633/fr/permutation/permutation.go +++ b/ecc/bw6-633/fr/permutation/permutation.go @@ -132,7 +132,7 @@ func evaluateSecondPartNumReverse(lz []fr.Element, d *fft.Domain) []fr.Element { // Prove generates a proof that t1 and t2 are the same but permuted. // The size of t1 and t2 should be the same and a power of 2. -func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { +func Prove(pk kzg.ProvingKey, t1, t2 []fr.Element) (Proof, error) { // res var proof Proof @@ -167,11 +167,11 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { d.FFTInverse(ct2, fft.DIF) fft.BitReverse(ct1) fft.BitReverse(ct2) - proof.t1, err = kzg.Commit(ct1, srs) + proof.t1, err = kzg.Commit(ct1, pk) if err != nil { return proof, err } - proof.t2, err = kzg.Commit(ct2, srs) + proof.t2, err = kzg.Commit(ct2, pk) if err != nil { return proof, err } @@ -185,7 +185,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { // compute Z and commit it cz := evaluateAccumulationPolynomialBitReversed(t1, t2, epsilon) d.FFTInverse(cz, fft.DIT) - proof.z, err = kzg.Commit(cz, srs) + proof.z, err = kzg.Commit(cz, pk) if err != nil { return proof, err } @@ -223,7 +223,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { // get the quotient and commit it d.FFTInverse(lsNum, fft.DIT, fft.OnCoset()) - proof.q, err = kzg.Commit(lsNum, srs) + proof.q, err = kzg.Commit(lsNum, pk) if err != nil { return proof, err } @@ -250,7 +250,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { }, eta, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -261,7 +261,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { proof.shiftedProof, err = kzg.Open( cz, shiftedEta, - srs, + pk, ) if err != nil { return proof, err @@ -273,7 +273,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { } // Verify verifies a permutation proof. -func Verify(srs *kzg.SRS, proof Proof) error { +func Verify(vk kzg.VerifyingKey, proof Proof) error { // hash function that is used for Fiat Shamir hFunc := sha256.New() @@ -330,7 +330,7 @@ func Verify(srs *kzg.SRS, proof Proof) error { &proof.batchedProof, eta, hFunc, - srs, + vk, ) if err != nil { return err @@ -338,7 +338,7 @@ func Verify(srs *kzg.SRS, proof Proof) error { var shiftedEta fr.Element shiftedEta.Mul(&eta, &proof.g) - err = kzg.Verify(&proof.z, &proof.shiftedProof, shiftedEta, srs) + err = kzg.Verify(&proof.z, &proof.shiftedProof, shiftedEta, vk) if err != nil { return err } diff --git a/ecc/bw6-633/fr/permutation/permutation_test.go b/ecc/bw6-633/fr/permutation/permutation_test.go index 54232fc401..e9cf5e9ee1 100644 --- a/ecc/bw6-633/fr/permutation/permutation_test.go +++ b/ecc/bw6-633/fr/permutation/permutation_test.go @@ -20,16 +20,16 @@ import ( "math/big" "testing" + "github.com/stretchr/testify/assert" + "github.com/consensys/gnark-crypto/ecc/bw6-633/fr" "github.com/consensys/gnark-crypto/ecc/bw6-633/fr/kzg" ) func TestProof(t *testing.T) { - srs, err := kzg.NewSRS(64, big.NewInt(13)) - if err != nil { - t.Fatal(err) - } + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + assert.NoError(t, err) a := make([]fr.Element, 8) b := make([]fr.Element, 8) @@ -43,12 +43,12 @@ func TestProof(t *testing.T) { // correct proof { - proof, err := Prove(srs, a, b) + proof, err := Prove(pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(srs, proof) + err = Verify(vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestProof(t *testing.T) { // wrong proof { a[0].SetRandom() - proof, err := Prove(srs, a, b) + proof, err := Prove(pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(srs, proof) + err = Verify(vk, proof) if err == nil { t.Fatal(err) } @@ -75,7 +75,7 @@ func BenchmarkProver(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - srs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make([]fr.Element, polySize) c := make([]fr.Element, polySize) @@ -88,7 +88,7 @@ func BenchmarkProver(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - Prove(srs, a, c) + Prove(pk, a, c) } } diff --git a/ecc/bw6-756/fr/kzg/kzg_test.go b/ecc/bw6-756/fr/kzg/kzg_test.go index 804929326a..5bd6dad25d 100644 --- a/ecc/bw6-756/fr/kzg/kzg_test.go +++ b/ecc/bw6-756/fr/kzg/kzg_test.go @@ -97,7 +97,7 @@ func serializationRoundtrip(o serializable) func(*testing.T) { // reconstruct the object _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) - _, err = _o.(serializable).ReadFrom(&buf) + _, err = _o.ReadFrom(&buf) assert.NoError(t, err) // compare diff --git a/ecc/bw6-756/fr/permutation/permutation.go b/ecc/bw6-756/fr/permutation/permutation.go index 5cfe45c87d..c30462fc94 100644 --- a/ecc/bw6-756/fr/permutation/permutation.go +++ b/ecc/bw6-756/fr/permutation/permutation.go @@ -132,7 +132,7 @@ func evaluateSecondPartNumReverse(lz []fr.Element, d *fft.Domain) []fr.Element { // Prove generates a proof that t1 and t2 are the same but permuted. // The size of t1 and t2 should be the same and a power of 2. -func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { +func Prove(pk kzg.ProvingKey, t1, t2 []fr.Element) (Proof, error) { // res var proof Proof @@ -167,11 +167,11 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { d.FFTInverse(ct2, fft.DIF) fft.BitReverse(ct1) fft.BitReverse(ct2) - proof.t1, err = kzg.Commit(ct1, srs) + proof.t1, err = kzg.Commit(ct1, pk) if err != nil { return proof, err } - proof.t2, err = kzg.Commit(ct2, srs) + proof.t2, err = kzg.Commit(ct2, pk) if err != nil { return proof, err } @@ -185,7 +185,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { // compute Z and commit it cz := evaluateAccumulationPolynomialBitReversed(t1, t2, epsilon) d.FFTInverse(cz, fft.DIT) - proof.z, err = kzg.Commit(cz, srs) + proof.z, err = kzg.Commit(cz, pk) if err != nil { return proof, err } @@ -223,7 +223,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { // get the quotient and commit it d.FFTInverse(lsNum, fft.DIT, fft.OnCoset()) - proof.q, err = kzg.Commit(lsNum, srs) + proof.q, err = kzg.Commit(lsNum, pk) if err != nil { return proof, err } @@ -250,7 +250,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { }, eta, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -261,7 +261,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { proof.shiftedProof, err = kzg.Open( cz, shiftedEta, - srs, + pk, ) if err != nil { return proof, err @@ -273,7 +273,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { } // Verify verifies a permutation proof. -func Verify(srs *kzg.SRS, proof Proof) error { +func Verify(vk kzg.VerifyingKey, proof Proof) error { // hash function that is used for Fiat Shamir hFunc := sha256.New() @@ -330,7 +330,7 @@ func Verify(srs *kzg.SRS, proof Proof) error { &proof.batchedProof, eta, hFunc, - srs, + vk, ) if err != nil { return err @@ -338,7 +338,7 @@ func Verify(srs *kzg.SRS, proof Proof) error { var shiftedEta fr.Element shiftedEta.Mul(&eta, &proof.g) - err = kzg.Verify(&proof.z, &proof.shiftedProof, shiftedEta, srs) + err = kzg.Verify(&proof.z, &proof.shiftedProof, shiftedEta, vk) if err != nil { return err } diff --git a/ecc/bw6-756/fr/permutation/permutation_test.go b/ecc/bw6-756/fr/permutation/permutation_test.go index 9f56b94c65..f6af25ce45 100644 --- a/ecc/bw6-756/fr/permutation/permutation_test.go +++ b/ecc/bw6-756/fr/permutation/permutation_test.go @@ -20,16 +20,16 @@ import ( "math/big" "testing" + "github.com/stretchr/testify/assert" + "github.com/consensys/gnark-crypto/ecc/bw6-756/fr" "github.com/consensys/gnark-crypto/ecc/bw6-756/fr/kzg" ) func TestProof(t *testing.T) { - srs, err := kzg.NewSRS(64, big.NewInt(13)) - if err != nil { - t.Fatal(err) - } + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + assert.NoError(t, err) a := make([]fr.Element, 8) b := make([]fr.Element, 8) @@ -43,12 +43,12 @@ func TestProof(t *testing.T) { // correct proof { - proof, err := Prove(srs, a, b) + proof, err := Prove(pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(srs, proof) + err = Verify(vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestProof(t *testing.T) { // wrong proof { a[0].SetRandom() - proof, err := Prove(srs, a, b) + proof, err := Prove(pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(srs, proof) + err = Verify(vk, proof) if err == nil { t.Fatal(err) } @@ -75,7 +75,7 @@ func BenchmarkProver(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - srs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make([]fr.Element, polySize) c := make([]fr.Element, polySize) @@ -88,7 +88,7 @@ func BenchmarkProver(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - Prove(srs, a, c) + Prove(pk, a, c) } } diff --git a/ecc/bw6-761/fr/kzg/kzg_test.go b/ecc/bw6-761/fr/kzg/kzg_test.go index b995ff2ef6..2dcc957836 100644 --- a/ecc/bw6-761/fr/kzg/kzg_test.go +++ b/ecc/bw6-761/fr/kzg/kzg_test.go @@ -97,7 +97,7 @@ func serializationRoundtrip(o serializable) func(*testing.T) { // reconstruct the object _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) - _, err = _o.(serializable).ReadFrom(&buf) + _, err = _o.ReadFrom(&buf) assert.NoError(t, err) // compare diff --git a/ecc/bw6-761/fr/permutation/permutation.go b/ecc/bw6-761/fr/permutation/permutation.go index d56d9a6d27..31e8516560 100644 --- a/ecc/bw6-761/fr/permutation/permutation.go +++ b/ecc/bw6-761/fr/permutation/permutation.go @@ -132,7 +132,7 @@ func evaluateSecondPartNumReverse(lz []fr.Element, d *fft.Domain) []fr.Element { // Prove generates a proof that t1 and t2 are the same but permuted. // The size of t1 and t2 should be the same and a power of 2. -func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { +func Prove(pk kzg.ProvingKey, t1, t2 []fr.Element) (Proof, error) { // res var proof Proof @@ -167,11 +167,11 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { d.FFTInverse(ct2, fft.DIF) fft.BitReverse(ct1) fft.BitReverse(ct2) - proof.t1, err = kzg.Commit(ct1, srs) + proof.t1, err = kzg.Commit(ct1, pk) if err != nil { return proof, err } - proof.t2, err = kzg.Commit(ct2, srs) + proof.t2, err = kzg.Commit(ct2, pk) if err != nil { return proof, err } @@ -185,7 +185,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { // compute Z and commit it cz := evaluateAccumulationPolynomialBitReversed(t1, t2, epsilon) d.FFTInverse(cz, fft.DIT) - proof.z, err = kzg.Commit(cz, srs) + proof.z, err = kzg.Commit(cz, pk) if err != nil { return proof, err } @@ -223,7 +223,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { // get the quotient and commit it d.FFTInverse(lsNum, fft.DIT, fft.OnCoset()) - proof.q, err = kzg.Commit(lsNum, srs) + proof.q, err = kzg.Commit(lsNum, pk) if err != nil { return proof, err } @@ -250,7 +250,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { }, eta, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -261,7 +261,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { proof.shiftedProof, err = kzg.Open( cz, shiftedEta, - srs, + pk, ) if err != nil { return proof, err @@ -273,7 +273,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { } // Verify verifies a permutation proof. -func Verify(srs *kzg.SRS, proof Proof) error { +func Verify(vk kzg.VerifyingKey, proof Proof) error { // hash function that is used for Fiat Shamir hFunc := sha256.New() @@ -330,7 +330,7 @@ func Verify(srs *kzg.SRS, proof Proof) error { &proof.batchedProof, eta, hFunc, - srs, + vk, ) if err != nil { return err @@ -338,7 +338,7 @@ func Verify(srs *kzg.SRS, proof Proof) error { var shiftedEta fr.Element shiftedEta.Mul(&eta, &proof.g) - err = kzg.Verify(&proof.z, &proof.shiftedProof, shiftedEta, srs) + err = kzg.Verify(&proof.z, &proof.shiftedProof, shiftedEta, vk) if err != nil { return err } diff --git a/ecc/bw6-761/fr/permutation/permutation_test.go b/ecc/bw6-761/fr/permutation/permutation_test.go index 04cfd736e9..491c624ca6 100644 --- a/ecc/bw6-761/fr/permutation/permutation_test.go +++ b/ecc/bw6-761/fr/permutation/permutation_test.go @@ -20,16 +20,16 @@ import ( "math/big" "testing" + "github.com/stretchr/testify/assert" + "github.com/consensys/gnark-crypto/ecc/bw6-761/fr" "github.com/consensys/gnark-crypto/ecc/bw6-761/fr/kzg" ) func TestProof(t *testing.T) { - srs, err := kzg.NewSRS(64, big.NewInt(13)) - if err != nil { - t.Fatal(err) - } + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + assert.NoError(t, err) a := make([]fr.Element, 8) b := make([]fr.Element, 8) @@ -43,12 +43,12 @@ func TestProof(t *testing.T) { // correct proof { - proof, err := Prove(srs, a, b) + proof, err := Prove(pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(srs, proof) + err = Verify(vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestProof(t *testing.T) { // wrong proof { a[0].SetRandom() - proof, err := Prove(srs, a, b) + proof, err := Prove(pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(srs, proof) + err = Verify(vk, proof) if err == nil { t.Fatal(err) } @@ -75,7 +75,7 @@ func BenchmarkProver(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - srs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make([]fr.Element, polySize) c := make([]fr.Element, polySize) @@ -88,7 +88,7 @@ func BenchmarkProver(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - Prove(srs, a, c) + Prove(pk, a, c) } } diff --git a/internal/generator/kzg/template/kzg.test.go.tmpl b/internal/generator/kzg/template/kzg.test.go.tmpl index caacbf76d7..540d676807 100644 --- a/internal/generator/kzg/template/kzg.test.go.tmpl +++ b/internal/generator/kzg/template/kzg.test.go.tmpl @@ -80,7 +80,7 @@ func serializationRoundtrip(o serializable) func(*testing.T) { // reconstruct the object _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) - _, err = _o.(serializable).ReadFrom(&buf) + _, err = _o.ReadFrom(&buf) assert.NoError(t, err) // compare diff --git a/internal/generator/permutation/template/permutation.go.tmpl b/internal/generator/permutation/template/permutation.go.tmpl index 3bc6815b25..3498c99b1f 100644 --- a/internal/generator/permutation/template/permutation.go.tmpl +++ b/internal/generator/permutation/template/permutation.go.tmpl @@ -114,7 +114,7 @@ func evaluateSecondPartNumReverse(lz []fr.Element, d *fft.Domain) []fr.Element { // Prove generates a proof that t1 and t2 are the same but permuted. // The size of t1 and t2 should be the same and a power of 2. -func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { +func Prove(pk kzg.ProvingKey, t1, t2 []fr.Element) (Proof, error) { // res var proof Proof @@ -149,11 +149,11 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { d.FFTInverse(ct2, fft.DIF) fft.BitReverse(ct1) fft.BitReverse(ct2) - proof.t1, err = kzg.Commit(ct1, srs) + proof.t1, err = kzg.Commit(ct1, pk) if err != nil { return proof, err } - proof.t2, err = kzg.Commit(ct2, srs) + proof.t2, err = kzg.Commit(ct2, pk) if err != nil { return proof, err } @@ -167,7 +167,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { // compute Z and commit it cz := evaluateAccumulationPolynomialBitReversed(t1, t2, epsilon) d.FFTInverse(cz, fft.DIT) - proof.z, err = kzg.Commit(cz, srs) + proof.z, err = kzg.Commit(cz, pk) if err != nil { return proof, err } @@ -205,7 +205,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { // get the quotient and commit it d.FFTInverse(lsNum, fft.DIT, fft.OnCoset()) - proof.q, err = kzg.Commit(lsNum, srs) + proof.q, err = kzg.Commit(lsNum, pk) if err != nil { return proof, err } @@ -232,7 +232,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { }, eta, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -243,7 +243,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { proof.shiftedProof, err = kzg.Open( cz, shiftedEta, - srs, + pk, ) if err != nil { return proof, err @@ -255,7 +255,7 @@ func Prove(srs *kzg.SRS, t1, t2 []fr.Element) (Proof, error) { } // Verify verifies a permutation proof. -func Verify(srs *kzg.SRS, proof Proof) error { +func Verify(vk kzg.VerifyingKey, proof Proof) error { // hash function that is used for Fiat Shamir hFunc := sha256.New() @@ -312,7 +312,7 @@ func Verify(srs *kzg.SRS, proof Proof) error { &proof.batchedProof, eta, hFunc, - srs, + vk, ) if err != nil { return err @@ -320,7 +320,7 @@ func Verify(srs *kzg.SRS, proof Proof) error { var shiftedEta fr.Element shiftedEta.Mul(&eta, &proof.g) - err = kzg.Verify(&proof.z, &proof.shiftedProof, shiftedEta, srs) + err = kzg.Verify(&proof.z, &proof.shiftedProof, shiftedEta, vk) if err != nil { return err } diff --git a/internal/generator/permutation/template/permutation.test.go.tmpl b/internal/generator/permutation/template/permutation.test.go.tmpl index b7e98134a7..2f864a22fa 100644 --- a/internal/generator/permutation/template/permutation.test.go.tmpl +++ b/internal/generator/permutation/template/permutation.test.go.tmpl @@ -2,16 +2,16 @@ import ( "math/big" "testing" + "github.com/stretchr/testify/assert" + "github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr" "github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr/kzg" ) func TestProof(t *testing.T) { - srs, err := kzg.NewSRS(64, big.NewInt(13)) - if err != nil { - t.Fatal(err) - } + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + assert.NoError(t, err) a := make([]fr.Element, 8) b := make([]fr.Element, 8) @@ -25,12 +25,12 @@ func TestProof(t *testing.T) { // correct proof { - proof, err := Prove(srs, a, b) + proof, err := Prove(pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(srs, proof) + err = Verify(vk, proof) if err != nil { t.Fatal(err) } @@ -39,12 +39,12 @@ func TestProof(t *testing.T) { // wrong proof { a[0].SetRandom() - proof, err := Prove(srs, a, b) + proof, err := Prove(pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(srs, proof) + err = Verify(vk, proof) if err == nil { t.Fatal(err) } @@ -57,7 +57,7 @@ func BenchmarkProver(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - srs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make([]fr.Element, polySize) c := make([]fr.Element, polySize) @@ -70,7 +70,7 @@ func BenchmarkProver(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - Prove(srs, a, c) + Prove(pk, a, c) } } From fa6decfb295e90da38f88a040f8448dbdb4d2b54 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Fri, 7 Apr 2023 16:48:14 -0500 Subject: [PATCH 09/21] refactor: reflect kzg changes in plookup --- ecc/bls12-377/fr/plookup/plookup_test.go | 24 +++++++++---------- ecc/bls12-377/fr/plookup/table.go | 16 ++++++------- ecc/bls12-377/fr/plookup/vector.go | 24 +++++++++---------- ecc/bls12-378/fr/plookup/plookup_test.go | 24 +++++++++---------- ecc/bls12-378/fr/plookup/table.go | 16 ++++++------- ecc/bls12-378/fr/plookup/vector.go | 24 +++++++++---------- ecc/bls12-381/fr/plookup/plookup_test.go | 24 +++++++++---------- ecc/bls12-381/fr/plookup/table.go | 16 ++++++------- ecc/bls12-381/fr/plookup/vector.go | 24 +++++++++---------- ecc/bls24-315/fr/plookup/plookup_test.go | 24 +++++++++---------- ecc/bls24-315/fr/plookup/table.go | 16 ++++++------- ecc/bls24-315/fr/plookup/vector.go | 24 +++++++++---------- ecc/bls24-317/fr/plookup/plookup_test.go | 24 +++++++++---------- ecc/bls24-317/fr/plookup/table.go | 16 ++++++------- ecc/bls24-317/fr/plookup/vector.go | 24 +++++++++---------- ecc/bn254/fr/plookup/plookup_test.go | 24 +++++++++---------- ecc/bn254/fr/plookup/table.go | 16 ++++++------- ecc/bn254/fr/plookup/vector.go | 24 +++++++++---------- ecc/bw6-633/fr/plookup/plookup_test.go | 24 +++++++++---------- ecc/bw6-633/fr/plookup/table.go | 16 ++++++------- ecc/bw6-633/fr/plookup/vector.go | 24 +++++++++---------- ecc/bw6-756/fr/plookup/plookup_test.go | 24 +++++++++---------- ecc/bw6-756/fr/plookup/table.go | 16 ++++++------- ecc/bw6-756/fr/plookup/vector.go | 24 +++++++++---------- ecc/bw6-761/fr/plookup/plookup_test.go | 24 +++++++++---------- ecc/bw6-761/fr/plookup/table.go | 16 ++++++------- ecc/bw6-761/fr/plookup/vector.go | 24 +++++++++---------- .../plookup/template/plookup.test.go.tmpl | 24 +++++++++---------- .../generator/plookup/template/table.go.tmpl | 16 ++++++------- .../generator/plookup/template/vector.go.tmpl | 24 +++++++++---------- 30 files changed, 320 insertions(+), 320 deletions(-) diff --git a/ecc/bls12-377/fr/plookup/plookup_test.go b/ecc/bls12-377/fr/plookup/plookup_test.go index 6a32ff6fe8..d8f2ed1e00 100644 --- a/ecc/bls12-377/fr/plookup/plookup_test.go +++ b/ecc/bls12-377/fr/plookup/plookup_test.go @@ -35,19 +35,19 @@ func TestLookupVector(t *testing.T) { fvector[i].Set(&lookupVector[(4*i+1)%8]) } - srs, err := kzg.NewSRS(64, big.NewInt(13)) + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } // correct proof vector { - proof, err := ProveLookupVector(srs, fvector, lookupVector) + proof, err := ProveLookupVector(pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(srs, proof) + err = VerifyLookupVector(vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestLookupVector(t *testing.T) { { fvector[0].SetRandom() - proof, err := ProveLookupVector(srs, fvector, lookupVector) + proof, err := ProveLookupVector(pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(srs, proof) + err = VerifyLookupVector(vk, proof) if err == nil { t.Fatal(err) } @@ -72,7 +72,7 @@ func TestLookupVector(t *testing.T) { func TestLookupTable(t *testing.T) { - srs, err := kzg.NewSRS(64, big.NewInt(13)) + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } @@ -92,12 +92,12 @@ func TestLookupTable(t *testing.T) { // correct proof { - proof, err := ProveLookupTables(srs, fTable, lookupTable) + proof, err := ProveLookupTables(pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(srs, proof) + err = VerifyLookupTables(vk, proof) if err != nil { t.Fatal(err) } @@ -106,12 +106,12 @@ func TestLookupTable(t *testing.T) { // wrong proof { fTable[0][0].SetRandom() - proof, err := ProveLookupTables(srs, fTable, lookupTable) + proof, err := ProveLookupTables(pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(srs, proof) + err = VerifyLookupTables(vk, proof) if err == nil { t.Fatal(err) } @@ -124,7 +124,7 @@ func BenchmarkPlookup(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - srs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make(fr.Vector, polySize) c := make(fr.Vector, polySize) @@ -135,6 +135,6 @@ func BenchmarkPlookup(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - ProveLookupVector(srs, a, c) + ProveLookupVector(pk, a, c) } } diff --git a/ecc/bls12-377/fr/plookup/table.go b/ecc/bls12-377/fr/plookup/table.go index 65844d3451..b8bbbd6fc2 100644 --- a/ecc/bls12-377/fr/plookup/table.go +++ b/ecc/bls12-377/fr/plookup/table.go @@ -60,7 +60,7 @@ type ProofLookupTables struct { // that t[:][i] contains the i-th entry of the truth table, so t[0][i] XOR t[1][i] = t[2][i]. // // The fr.Vector in f and t are supposed to be of the same size constant size. -func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error) { +func ProveLookupTables(pk kzg.ProvingKey, f, t []fr.Vector) (ProofLookupTables, error) { // res proof := ProofLookupTables{} @@ -116,7 +116,7 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error } d.FFTInverse(cfs[i], fft.DIF) fft.BitReverse(cfs[i]) - proof.fs[i], err = kzg.Commit(cfs[i], srs) + proof.fs[i], err = kzg.Commit(cfs[i], pk) if err != nil { return proof, err } @@ -131,7 +131,7 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error } d.FFTInverse(cts[i], fft.DIF) fft.BitReverse(cts[i]) - proof.ts[i], err = kzg.Commit(cts[i], srs) + proof.ts[i], err = kzg.Commit(cts[i], pk) if err != nil { return proof, err } @@ -164,20 +164,20 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error foldedtSorted := make(fr.Vector, nbColumns) copy(foldedtSorted, foldedt) sort.Sort(foldedtSorted) - proof.permutationProof, err = permutation.Prove(srs, foldedt, foldedtSorted) + proof.permutationProof, err = permutation.Prove(pk, foldedt, foldedtSorted) if err != nil { return proof, err } // call plookupVector, on foldedf[:len(foldedf)-1] to ensure that the domain size // in ProveLookupVector is the same as d's - proof.foldedProof, err = ProveLookupVector(srs, foldedf[:len(foldedf)-1], foldedt) + proof.foldedProof, err = ProveLookupVector(pk, foldedf[:len(foldedf)-1], foldedt) return proof, err } // VerifyLookupTables verifies that a ProofLookupTables proof is correct. -func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { +func VerifyLookupTables(vk kzg.VerifyingKey, proof ProofLookupTables) error { // hash function used for Fiat Shamir hFunc := sha256.New() @@ -221,13 +221,13 @@ func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { } // check that the folded commitment of the ts is a permutation of proof.FoldedProof.t - err = permutation.Verify(srs, proof.permutationProof) + err = permutation.Verify(vk, proof.permutationProof) if err != nil { return err } // verify the inner proof - return VerifyLookupVector(srs, proof.foldedProof) + return VerifyLookupVector(vk, proof.foldedProof) } // TODO put that in fiat-shamir package diff --git a/ecc/bls12-377/fr/plookup/vector.go b/ecc/bls12-377/fr/plookup/vector.go index 36c4ad7767..9633f589b8 100644 --- a/ecc/bls12-377/fr/plookup/vector.go +++ b/ecc/bls12-377/fr/plookup/vector.go @@ -353,7 +353,7 @@ func computeQuotientCanonical(alpha fr.Element, lh, lh0, lhn, lh1h2 []fr.Element // before generating a lookup proof), the commitment needs to be done on the // table sorted. Otherwise the commitment in proof.t will not be the same as // the public commitment: it will contain the same values, but permuted. -func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) { +func ProveLookupVector(pk kzg.ProvingKey, f, t fr.Vector) (ProofLookupVector, error) { // res var proof ProofLookupVector @@ -401,11 +401,11 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) domainSmall.FFTInverse(cf, fft.DIF) fft.BitReverse(ct) fft.BitReverse(cf) - proof.t, err = kzg.Commit(ct, srs) + proof.t, err = kzg.Commit(ct, pk) if err != nil { return proof, err } - proof.f, err = kzg.Commit(cf, srs) + proof.f, err = kzg.Commit(cf, pk) if err != nil { return proof, err } @@ -431,11 +431,11 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) fft.BitReverse(ch1) fft.BitReverse(ch2) - proof.h1, err = kzg.Commit(ch1, srs) + proof.h1, err = kzg.Commit(ch1, pk) if err != nil { return proof, err } - proof.h2, err = kzg.Commit(ch2, srs) + proof.h2, err = kzg.Commit(ch2, pk) if err != nil { return proof, err } @@ -456,7 +456,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) copy(cz, lz) domainSmall.FFTInverse(cz, fft.DIF) fft.BitReverse(cz) - proof.z, err = kzg.Commit(cz, srs) + proof.z, err = kzg.Commit(cz, pk) if err != nil { return proof, err } @@ -500,7 +500,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) return proof, err } ch := computeQuotientCanonical(alpha, lh, lh0, lhn, lh1h2, domainBig) - proof.h, err = kzg.Commit(ch, srs) + proof.h, err = kzg.Commit(ch, pk) if err != nil { return proof, err } @@ -529,7 +529,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) }, nu, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -551,7 +551,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) }, nu, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -561,7 +561,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) } // VerifyLookupVector verifies that a ProofLookupVector proof is correct -func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { +func VerifyLookupVector(vk kzg.VerifyingKey, proof ProofLookupVector) error { // hash function that is used for Fiat Shamir hFunc := sha256.New() @@ -603,7 +603,7 @@ func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { &proof.BatchedProof, nu, hFunc, - srs, + vk, ) if err != nil { return err @@ -622,7 +622,7 @@ func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { &proof.BatchedProofShifted, shiftedNu, hFunc, - srs, + vk, ) if err != nil { return err diff --git a/ecc/bls12-378/fr/plookup/plookup_test.go b/ecc/bls12-378/fr/plookup/plookup_test.go index 5695819ea9..52644f3a3c 100644 --- a/ecc/bls12-378/fr/plookup/plookup_test.go +++ b/ecc/bls12-378/fr/plookup/plookup_test.go @@ -35,19 +35,19 @@ func TestLookupVector(t *testing.T) { fvector[i].Set(&lookupVector[(4*i+1)%8]) } - srs, err := kzg.NewSRS(64, big.NewInt(13)) + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } // correct proof vector { - proof, err := ProveLookupVector(srs, fvector, lookupVector) + proof, err := ProveLookupVector(pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(srs, proof) + err = VerifyLookupVector(vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestLookupVector(t *testing.T) { { fvector[0].SetRandom() - proof, err := ProveLookupVector(srs, fvector, lookupVector) + proof, err := ProveLookupVector(pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(srs, proof) + err = VerifyLookupVector(vk, proof) if err == nil { t.Fatal(err) } @@ -72,7 +72,7 @@ func TestLookupVector(t *testing.T) { func TestLookupTable(t *testing.T) { - srs, err := kzg.NewSRS(64, big.NewInt(13)) + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } @@ -92,12 +92,12 @@ func TestLookupTable(t *testing.T) { // correct proof { - proof, err := ProveLookupTables(srs, fTable, lookupTable) + proof, err := ProveLookupTables(pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(srs, proof) + err = VerifyLookupTables(vk, proof) if err != nil { t.Fatal(err) } @@ -106,12 +106,12 @@ func TestLookupTable(t *testing.T) { // wrong proof { fTable[0][0].SetRandom() - proof, err := ProveLookupTables(srs, fTable, lookupTable) + proof, err := ProveLookupTables(pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(srs, proof) + err = VerifyLookupTables(vk, proof) if err == nil { t.Fatal(err) } @@ -124,7 +124,7 @@ func BenchmarkPlookup(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - srs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make(fr.Vector, polySize) c := make(fr.Vector, polySize) @@ -135,6 +135,6 @@ func BenchmarkPlookup(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - ProveLookupVector(srs, a, c) + ProveLookupVector(pk, a, c) } } diff --git a/ecc/bls12-378/fr/plookup/table.go b/ecc/bls12-378/fr/plookup/table.go index 11881a885e..7e1d67413c 100644 --- a/ecc/bls12-378/fr/plookup/table.go +++ b/ecc/bls12-378/fr/plookup/table.go @@ -60,7 +60,7 @@ type ProofLookupTables struct { // that t[:][i] contains the i-th entry of the truth table, so t[0][i] XOR t[1][i] = t[2][i]. // // The fr.Vector in f and t are supposed to be of the same size constant size. -func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error) { +func ProveLookupTables(pk kzg.ProvingKey, f, t []fr.Vector) (ProofLookupTables, error) { // res proof := ProofLookupTables{} @@ -116,7 +116,7 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error } d.FFTInverse(cfs[i], fft.DIF) fft.BitReverse(cfs[i]) - proof.fs[i], err = kzg.Commit(cfs[i], srs) + proof.fs[i], err = kzg.Commit(cfs[i], pk) if err != nil { return proof, err } @@ -131,7 +131,7 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error } d.FFTInverse(cts[i], fft.DIF) fft.BitReverse(cts[i]) - proof.ts[i], err = kzg.Commit(cts[i], srs) + proof.ts[i], err = kzg.Commit(cts[i], pk) if err != nil { return proof, err } @@ -164,20 +164,20 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error foldedtSorted := make(fr.Vector, nbColumns) copy(foldedtSorted, foldedt) sort.Sort(foldedtSorted) - proof.permutationProof, err = permutation.Prove(srs, foldedt, foldedtSorted) + proof.permutationProof, err = permutation.Prove(pk, foldedt, foldedtSorted) if err != nil { return proof, err } // call plookupVector, on foldedf[:len(foldedf)-1] to ensure that the domain size // in ProveLookupVector is the same as d's - proof.foldedProof, err = ProveLookupVector(srs, foldedf[:len(foldedf)-1], foldedt) + proof.foldedProof, err = ProveLookupVector(pk, foldedf[:len(foldedf)-1], foldedt) return proof, err } // VerifyLookupTables verifies that a ProofLookupTables proof is correct. -func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { +func VerifyLookupTables(vk kzg.VerifyingKey, proof ProofLookupTables) error { // hash function used for Fiat Shamir hFunc := sha256.New() @@ -221,13 +221,13 @@ func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { } // check that the folded commitment of the ts is a permutation of proof.FoldedProof.t - err = permutation.Verify(srs, proof.permutationProof) + err = permutation.Verify(vk, proof.permutationProof) if err != nil { return err } // verify the inner proof - return VerifyLookupVector(srs, proof.foldedProof) + return VerifyLookupVector(vk, proof.foldedProof) } // TODO put that in fiat-shamir package diff --git a/ecc/bls12-378/fr/plookup/vector.go b/ecc/bls12-378/fr/plookup/vector.go index c8759cba47..67384cf7be 100644 --- a/ecc/bls12-378/fr/plookup/vector.go +++ b/ecc/bls12-378/fr/plookup/vector.go @@ -353,7 +353,7 @@ func computeQuotientCanonical(alpha fr.Element, lh, lh0, lhn, lh1h2 []fr.Element // before generating a lookup proof), the commitment needs to be done on the // table sorted. Otherwise the commitment in proof.t will not be the same as // the public commitment: it will contain the same values, but permuted. -func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) { +func ProveLookupVector(pk kzg.ProvingKey, f, t fr.Vector) (ProofLookupVector, error) { // res var proof ProofLookupVector @@ -401,11 +401,11 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) domainSmall.FFTInverse(cf, fft.DIF) fft.BitReverse(ct) fft.BitReverse(cf) - proof.t, err = kzg.Commit(ct, srs) + proof.t, err = kzg.Commit(ct, pk) if err != nil { return proof, err } - proof.f, err = kzg.Commit(cf, srs) + proof.f, err = kzg.Commit(cf, pk) if err != nil { return proof, err } @@ -431,11 +431,11 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) fft.BitReverse(ch1) fft.BitReverse(ch2) - proof.h1, err = kzg.Commit(ch1, srs) + proof.h1, err = kzg.Commit(ch1, pk) if err != nil { return proof, err } - proof.h2, err = kzg.Commit(ch2, srs) + proof.h2, err = kzg.Commit(ch2, pk) if err != nil { return proof, err } @@ -456,7 +456,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) copy(cz, lz) domainSmall.FFTInverse(cz, fft.DIF) fft.BitReverse(cz) - proof.z, err = kzg.Commit(cz, srs) + proof.z, err = kzg.Commit(cz, pk) if err != nil { return proof, err } @@ -500,7 +500,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) return proof, err } ch := computeQuotientCanonical(alpha, lh, lh0, lhn, lh1h2, domainBig) - proof.h, err = kzg.Commit(ch, srs) + proof.h, err = kzg.Commit(ch, pk) if err != nil { return proof, err } @@ -529,7 +529,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) }, nu, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -551,7 +551,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) }, nu, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -561,7 +561,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) } // VerifyLookupVector verifies that a ProofLookupVector proof is correct -func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { +func VerifyLookupVector(vk kzg.VerifyingKey, proof ProofLookupVector) error { // hash function that is used for Fiat Shamir hFunc := sha256.New() @@ -603,7 +603,7 @@ func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { &proof.BatchedProof, nu, hFunc, - srs, + vk, ) if err != nil { return err @@ -622,7 +622,7 @@ func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { &proof.BatchedProofShifted, shiftedNu, hFunc, - srs, + vk, ) if err != nil { return err diff --git a/ecc/bls12-381/fr/plookup/plookup_test.go b/ecc/bls12-381/fr/plookup/plookup_test.go index 8ad930532a..cb031f5682 100644 --- a/ecc/bls12-381/fr/plookup/plookup_test.go +++ b/ecc/bls12-381/fr/plookup/plookup_test.go @@ -35,19 +35,19 @@ func TestLookupVector(t *testing.T) { fvector[i].Set(&lookupVector[(4*i+1)%8]) } - srs, err := kzg.NewSRS(64, big.NewInt(13)) + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } // correct proof vector { - proof, err := ProveLookupVector(srs, fvector, lookupVector) + proof, err := ProveLookupVector(pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(srs, proof) + err = VerifyLookupVector(vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestLookupVector(t *testing.T) { { fvector[0].SetRandom() - proof, err := ProveLookupVector(srs, fvector, lookupVector) + proof, err := ProveLookupVector(pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(srs, proof) + err = VerifyLookupVector(vk, proof) if err == nil { t.Fatal(err) } @@ -72,7 +72,7 @@ func TestLookupVector(t *testing.T) { func TestLookupTable(t *testing.T) { - srs, err := kzg.NewSRS(64, big.NewInt(13)) + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } @@ -92,12 +92,12 @@ func TestLookupTable(t *testing.T) { // correct proof { - proof, err := ProveLookupTables(srs, fTable, lookupTable) + proof, err := ProveLookupTables(pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(srs, proof) + err = VerifyLookupTables(vk, proof) if err != nil { t.Fatal(err) } @@ -106,12 +106,12 @@ func TestLookupTable(t *testing.T) { // wrong proof { fTable[0][0].SetRandom() - proof, err := ProveLookupTables(srs, fTable, lookupTable) + proof, err := ProveLookupTables(pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(srs, proof) + err = VerifyLookupTables(vk, proof) if err == nil { t.Fatal(err) } @@ -124,7 +124,7 @@ func BenchmarkPlookup(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - srs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make(fr.Vector, polySize) c := make(fr.Vector, polySize) @@ -135,6 +135,6 @@ func BenchmarkPlookup(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - ProveLookupVector(srs, a, c) + ProveLookupVector(pk, a, c) } } diff --git a/ecc/bls12-381/fr/plookup/table.go b/ecc/bls12-381/fr/plookup/table.go index 209a65d2ba..3b1190776a 100644 --- a/ecc/bls12-381/fr/plookup/table.go +++ b/ecc/bls12-381/fr/plookup/table.go @@ -60,7 +60,7 @@ type ProofLookupTables struct { // that t[:][i] contains the i-th entry of the truth table, so t[0][i] XOR t[1][i] = t[2][i]. // // The fr.Vector in f and t are supposed to be of the same size constant size. -func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error) { +func ProveLookupTables(pk kzg.ProvingKey, f, t []fr.Vector) (ProofLookupTables, error) { // res proof := ProofLookupTables{} @@ -116,7 +116,7 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error } d.FFTInverse(cfs[i], fft.DIF) fft.BitReverse(cfs[i]) - proof.fs[i], err = kzg.Commit(cfs[i], srs) + proof.fs[i], err = kzg.Commit(cfs[i], pk) if err != nil { return proof, err } @@ -131,7 +131,7 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error } d.FFTInverse(cts[i], fft.DIF) fft.BitReverse(cts[i]) - proof.ts[i], err = kzg.Commit(cts[i], srs) + proof.ts[i], err = kzg.Commit(cts[i], pk) if err != nil { return proof, err } @@ -164,20 +164,20 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error foldedtSorted := make(fr.Vector, nbColumns) copy(foldedtSorted, foldedt) sort.Sort(foldedtSorted) - proof.permutationProof, err = permutation.Prove(srs, foldedt, foldedtSorted) + proof.permutationProof, err = permutation.Prove(pk, foldedt, foldedtSorted) if err != nil { return proof, err } // call plookupVector, on foldedf[:len(foldedf)-1] to ensure that the domain size // in ProveLookupVector is the same as d's - proof.foldedProof, err = ProveLookupVector(srs, foldedf[:len(foldedf)-1], foldedt) + proof.foldedProof, err = ProveLookupVector(pk, foldedf[:len(foldedf)-1], foldedt) return proof, err } // VerifyLookupTables verifies that a ProofLookupTables proof is correct. -func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { +func VerifyLookupTables(vk kzg.VerifyingKey, proof ProofLookupTables) error { // hash function used for Fiat Shamir hFunc := sha256.New() @@ -221,13 +221,13 @@ func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { } // check that the folded commitment of the ts is a permutation of proof.FoldedProof.t - err = permutation.Verify(srs, proof.permutationProof) + err = permutation.Verify(vk, proof.permutationProof) if err != nil { return err } // verify the inner proof - return VerifyLookupVector(srs, proof.foldedProof) + return VerifyLookupVector(vk, proof.foldedProof) } // TODO put that in fiat-shamir package diff --git a/ecc/bls12-381/fr/plookup/vector.go b/ecc/bls12-381/fr/plookup/vector.go index 9f23921aee..0bcc487692 100644 --- a/ecc/bls12-381/fr/plookup/vector.go +++ b/ecc/bls12-381/fr/plookup/vector.go @@ -353,7 +353,7 @@ func computeQuotientCanonical(alpha fr.Element, lh, lh0, lhn, lh1h2 []fr.Element // before generating a lookup proof), the commitment needs to be done on the // table sorted. Otherwise the commitment in proof.t will not be the same as // the public commitment: it will contain the same values, but permuted. -func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) { +func ProveLookupVector(pk kzg.ProvingKey, f, t fr.Vector) (ProofLookupVector, error) { // res var proof ProofLookupVector @@ -401,11 +401,11 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) domainSmall.FFTInverse(cf, fft.DIF) fft.BitReverse(ct) fft.BitReverse(cf) - proof.t, err = kzg.Commit(ct, srs) + proof.t, err = kzg.Commit(ct, pk) if err != nil { return proof, err } - proof.f, err = kzg.Commit(cf, srs) + proof.f, err = kzg.Commit(cf, pk) if err != nil { return proof, err } @@ -431,11 +431,11 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) fft.BitReverse(ch1) fft.BitReverse(ch2) - proof.h1, err = kzg.Commit(ch1, srs) + proof.h1, err = kzg.Commit(ch1, pk) if err != nil { return proof, err } - proof.h2, err = kzg.Commit(ch2, srs) + proof.h2, err = kzg.Commit(ch2, pk) if err != nil { return proof, err } @@ -456,7 +456,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) copy(cz, lz) domainSmall.FFTInverse(cz, fft.DIF) fft.BitReverse(cz) - proof.z, err = kzg.Commit(cz, srs) + proof.z, err = kzg.Commit(cz, pk) if err != nil { return proof, err } @@ -500,7 +500,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) return proof, err } ch := computeQuotientCanonical(alpha, lh, lh0, lhn, lh1h2, domainBig) - proof.h, err = kzg.Commit(ch, srs) + proof.h, err = kzg.Commit(ch, pk) if err != nil { return proof, err } @@ -529,7 +529,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) }, nu, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -551,7 +551,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) }, nu, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -561,7 +561,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) } // VerifyLookupVector verifies that a ProofLookupVector proof is correct -func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { +func VerifyLookupVector(vk kzg.VerifyingKey, proof ProofLookupVector) error { // hash function that is used for Fiat Shamir hFunc := sha256.New() @@ -603,7 +603,7 @@ func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { &proof.BatchedProof, nu, hFunc, - srs, + vk, ) if err != nil { return err @@ -622,7 +622,7 @@ func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { &proof.BatchedProofShifted, shiftedNu, hFunc, - srs, + vk, ) if err != nil { return err diff --git a/ecc/bls24-315/fr/plookup/plookup_test.go b/ecc/bls24-315/fr/plookup/plookup_test.go index 321354b727..b6623d399f 100644 --- a/ecc/bls24-315/fr/plookup/plookup_test.go +++ b/ecc/bls24-315/fr/plookup/plookup_test.go @@ -35,19 +35,19 @@ func TestLookupVector(t *testing.T) { fvector[i].Set(&lookupVector[(4*i+1)%8]) } - srs, err := kzg.NewSRS(64, big.NewInt(13)) + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } // correct proof vector { - proof, err := ProveLookupVector(srs, fvector, lookupVector) + proof, err := ProveLookupVector(pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(srs, proof) + err = VerifyLookupVector(vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestLookupVector(t *testing.T) { { fvector[0].SetRandom() - proof, err := ProveLookupVector(srs, fvector, lookupVector) + proof, err := ProveLookupVector(pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(srs, proof) + err = VerifyLookupVector(vk, proof) if err == nil { t.Fatal(err) } @@ -72,7 +72,7 @@ func TestLookupVector(t *testing.T) { func TestLookupTable(t *testing.T) { - srs, err := kzg.NewSRS(64, big.NewInt(13)) + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } @@ -92,12 +92,12 @@ func TestLookupTable(t *testing.T) { // correct proof { - proof, err := ProveLookupTables(srs, fTable, lookupTable) + proof, err := ProveLookupTables(pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(srs, proof) + err = VerifyLookupTables(vk, proof) if err != nil { t.Fatal(err) } @@ -106,12 +106,12 @@ func TestLookupTable(t *testing.T) { // wrong proof { fTable[0][0].SetRandom() - proof, err := ProveLookupTables(srs, fTable, lookupTable) + proof, err := ProveLookupTables(pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(srs, proof) + err = VerifyLookupTables(vk, proof) if err == nil { t.Fatal(err) } @@ -124,7 +124,7 @@ func BenchmarkPlookup(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - srs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make(fr.Vector, polySize) c := make(fr.Vector, polySize) @@ -135,6 +135,6 @@ func BenchmarkPlookup(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - ProveLookupVector(srs, a, c) + ProveLookupVector(pk, a, c) } } diff --git a/ecc/bls24-315/fr/plookup/table.go b/ecc/bls24-315/fr/plookup/table.go index d9d9f8f319..cf2cced57e 100644 --- a/ecc/bls24-315/fr/plookup/table.go +++ b/ecc/bls24-315/fr/plookup/table.go @@ -60,7 +60,7 @@ type ProofLookupTables struct { // that t[:][i] contains the i-th entry of the truth table, so t[0][i] XOR t[1][i] = t[2][i]. // // The fr.Vector in f and t are supposed to be of the same size constant size. -func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error) { +func ProveLookupTables(pk kzg.ProvingKey, f, t []fr.Vector) (ProofLookupTables, error) { // res proof := ProofLookupTables{} @@ -116,7 +116,7 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error } d.FFTInverse(cfs[i], fft.DIF) fft.BitReverse(cfs[i]) - proof.fs[i], err = kzg.Commit(cfs[i], srs) + proof.fs[i], err = kzg.Commit(cfs[i], pk) if err != nil { return proof, err } @@ -131,7 +131,7 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error } d.FFTInverse(cts[i], fft.DIF) fft.BitReverse(cts[i]) - proof.ts[i], err = kzg.Commit(cts[i], srs) + proof.ts[i], err = kzg.Commit(cts[i], pk) if err != nil { return proof, err } @@ -164,20 +164,20 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error foldedtSorted := make(fr.Vector, nbColumns) copy(foldedtSorted, foldedt) sort.Sort(foldedtSorted) - proof.permutationProof, err = permutation.Prove(srs, foldedt, foldedtSorted) + proof.permutationProof, err = permutation.Prove(pk, foldedt, foldedtSorted) if err != nil { return proof, err } // call plookupVector, on foldedf[:len(foldedf)-1] to ensure that the domain size // in ProveLookupVector is the same as d's - proof.foldedProof, err = ProveLookupVector(srs, foldedf[:len(foldedf)-1], foldedt) + proof.foldedProof, err = ProveLookupVector(pk, foldedf[:len(foldedf)-1], foldedt) return proof, err } // VerifyLookupTables verifies that a ProofLookupTables proof is correct. -func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { +func VerifyLookupTables(vk kzg.VerifyingKey, proof ProofLookupTables) error { // hash function used for Fiat Shamir hFunc := sha256.New() @@ -221,13 +221,13 @@ func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { } // check that the folded commitment of the ts is a permutation of proof.FoldedProof.t - err = permutation.Verify(srs, proof.permutationProof) + err = permutation.Verify(vk, proof.permutationProof) if err != nil { return err } // verify the inner proof - return VerifyLookupVector(srs, proof.foldedProof) + return VerifyLookupVector(vk, proof.foldedProof) } // TODO put that in fiat-shamir package diff --git a/ecc/bls24-315/fr/plookup/vector.go b/ecc/bls24-315/fr/plookup/vector.go index c24632ae02..b88c6d5a60 100644 --- a/ecc/bls24-315/fr/plookup/vector.go +++ b/ecc/bls24-315/fr/plookup/vector.go @@ -353,7 +353,7 @@ func computeQuotientCanonical(alpha fr.Element, lh, lh0, lhn, lh1h2 []fr.Element // before generating a lookup proof), the commitment needs to be done on the // table sorted. Otherwise the commitment in proof.t will not be the same as // the public commitment: it will contain the same values, but permuted. -func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) { +func ProveLookupVector(pk kzg.ProvingKey, f, t fr.Vector) (ProofLookupVector, error) { // res var proof ProofLookupVector @@ -401,11 +401,11 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) domainSmall.FFTInverse(cf, fft.DIF) fft.BitReverse(ct) fft.BitReverse(cf) - proof.t, err = kzg.Commit(ct, srs) + proof.t, err = kzg.Commit(ct, pk) if err != nil { return proof, err } - proof.f, err = kzg.Commit(cf, srs) + proof.f, err = kzg.Commit(cf, pk) if err != nil { return proof, err } @@ -431,11 +431,11 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) fft.BitReverse(ch1) fft.BitReverse(ch2) - proof.h1, err = kzg.Commit(ch1, srs) + proof.h1, err = kzg.Commit(ch1, pk) if err != nil { return proof, err } - proof.h2, err = kzg.Commit(ch2, srs) + proof.h2, err = kzg.Commit(ch2, pk) if err != nil { return proof, err } @@ -456,7 +456,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) copy(cz, lz) domainSmall.FFTInverse(cz, fft.DIF) fft.BitReverse(cz) - proof.z, err = kzg.Commit(cz, srs) + proof.z, err = kzg.Commit(cz, pk) if err != nil { return proof, err } @@ -500,7 +500,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) return proof, err } ch := computeQuotientCanonical(alpha, lh, lh0, lhn, lh1h2, domainBig) - proof.h, err = kzg.Commit(ch, srs) + proof.h, err = kzg.Commit(ch, pk) if err != nil { return proof, err } @@ -529,7 +529,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) }, nu, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -551,7 +551,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) }, nu, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -561,7 +561,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) } // VerifyLookupVector verifies that a ProofLookupVector proof is correct -func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { +func VerifyLookupVector(vk kzg.VerifyingKey, proof ProofLookupVector) error { // hash function that is used for Fiat Shamir hFunc := sha256.New() @@ -603,7 +603,7 @@ func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { &proof.BatchedProof, nu, hFunc, - srs, + vk, ) if err != nil { return err @@ -622,7 +622,7 @@ func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { &proof.BatchedProofShifted, shiftedNu, hFunc, - srs, + vk, ) if err != nil { return err diff --git a/ecc/bls24-317/fr/plookup/plookup_test.go b/ecc/bls24-317/fr/plookup/plookup_test.go index 3bf93489ba..088eab5290 100644 --- a/ecc/bls24-317/fr/plookup/plookup_test.go +++ b/ecc/bls24-317/fr/plookup/plookup_test.go @@ -35,19 +35,19 @@ func TestLookupVector(t *testing.T) { fvector[i].Set(&lookupVector[(4*i+1)%8]) } - srs, err := kzg.NewSRS(64, big.NewInt(13)) + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } // correct proof vector { - proof, err := ProveLookupVector(srs, fvector, lookupVector) + proof, err := ProveLookupVector(pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(srs, proof) + err = VerifyLookupVector(vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestLookupVector(t *testing.T) { { fvector[0].SetRandom() - proof, err := ProveLookupVector(srs, fvector, lookupVector) + proof, err := ProveLookupVector(pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(srs, proof) + err = VerifyLookupVector(vk, proof) if err == nil { t.Fatal(err) } @@ -72,7 +72,7 @@ func TestLookupVector(t *testing.T) { func TestLookupTable(t *testing.T) { - srs, err := kzg.NewSRS(64, big.NewInt(13)) + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } @@ -92,12 +92,12 @@ func TestLookupTable(t *testing.T) { // correct proof { - proof, err := ProveLookupTables(srs, fTable, lookupTable) + proof, err := ProveLookupTables(pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(srs, proof) + err = VerifyLookupTables(vk, proof) if err != nil { t.Fatal(err) } @@ -106,12 +106,12 @@ func TestLookupTable(t *testing.T) { // wrong proof { fTable[0][0].SetRandom() - proof, err := ProveLookupTables(srs, fTable, lookupTable) + proof, err := ProveLookupTables(pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(srs, proof) + err = VerifyLookupTables(vk, proof) if err == nil { t.Fatal(err) } @@ -124,7 +124,7 @@ func BenchmarkPlookup(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - srs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make(fr.Vector, polySize) c := make(fr.Vector, polySize) @@ -135,6 +135,6 @@ func BenchmarkPlookup(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - ProveLookupVector(srs, a, c) + ProveLookupVector(pk, a, c) } } diff --git a/ecc/bls24-317/fr/plookup/table.go b/ecc/bls24-317/fr/plookup/table.go index 63a00ed470..4db32c5ef7 100644 --- a/ecc/bls24-317/fr/plookup/table.go +++ b/ecc/bls24-317/fr/plookup/table.go @@ -60,7 +60,7 @@ type ProofLookupTables struct { // that t[:][i] contains the i-th entry of the truth table, so t[0][i] XOR t[1][i] = t[2][i]. // // The fr.Vector in f and t are supposed to be of the same size constant size. -func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error) { +func ProveLookupTables(pk kzg.ProvingKey, f, t []fr.Vector) (ProofLookupTables, error) { // res proof := ProofLookupTables{} @@ -116,7 +116,7 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error } d.FFTInverse(cfs[i], fft.DIF) fft.BitReverse(cfs[i]) - proof.fs[i], err = kzg.Commit(cfs[i], srs) + proof.fs[i], err = kzg.Commit(cfs[i], pk) if err != nil { return proof, err } @@ -131,7 +131,7 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error } d.FFTInverse(cts[i], fft.DIF) fft.BitReverse(cts[i]) - proof.ts[i], err = kzg.Commit(cts[i], srs) + proof.ts[i], err = kzg.Commit(cts[i], pk) if err != nil { return proof, err } @@ -164,20 +164,20 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error foldedtSorted := make(fr.Vector, nbColumns) copy(foldedtSorted, foldedt) sort.Sort(foldedtSorted) - proof.permutationProof, err = permutation.Prove(srs, foldedt, foldedtSorted) + proof.permutationProof, err = permutation.Prove(pk, foldedt, foldedtSorted) if err != nil { return proof, err } // call plookupVector, on foldedf[:len(foldedf)-1] to ensure that the domain size // in ProveLookupVector is the same as d's - proof.foldedProof, err = ProveLookupVector(srs, foldedf[:len(foldedf)-1], foldedt) + proof.foldedProof, err = ProveLookupVector(pk, foldedf[:len(foldedf)-1], foldedt) return proof, err } // VerifyLookupTables verifies that a ProofLookupTables proof is correct. -func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { +func VerifyLookupTables(vk kzg.VerifyingKey, proof ProofLookupTables) error { // hash function used for Fiat Shamir hFunc := sha256.New() @@ -221,13 +221,13 @@ func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { } // check that the folded commitment of the ts is a permutation of proof.FoldedProof.t - err = permutation.Verify(srs, proof.permutationProof) + err = permutation.Verify(vk, proof.permutationProof) if err != nil { return err } // verify the inner proof - return VerifyLookupVector(srs, proof.foldedProof) + return VerifyLookupVector(vk, proof.foldedProof) } // TODO put that in fiat-shamir package diff --git a/ecc/bls24-317/fr/plookup/vector.go b/ecc/bls24-317/fr/plookup/vector.go index 38ae005997..b3ef82389a 100644 --- a/ecc/bls24-317/fr/plookup/vector.go +++ b/ecc/bls24-317/fr/plookup/vector.go @@ -353,7 +353,7 @@ func computeQuotientCanonical(alpha fr.Element, lh, lh0, lhn, lh1h2 []fr.Element // before generating a lookup proof), the commitment needs to be done on the // table sorted. Otherwise the commitment in proof.t will not be the same as // the public commitment: it will contain the same values, but permuted. -func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) { +func ProveLookupVector(pk kzg.ProvingKey, f, t fr.Vector) (ProofLookupVector, error) { // res var proof ProofLookupVector @@ -401,11 +401,11 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) domainSmall.FFTInverse(cf, fft.DIF) fft.BitReverse(ct) fft.BitReverse(cf) - proof.t, err = kzg.Commit(ct, srs) + proof.t, err = kzg.Commit(ct, pk) if err != nil { return proof, err } - proof.f, err = kzg.Commit(cf, srs) + proof.f, err = kzg.Commit(cf, pk) if err != nil { return proof, err } @@ -431,11 +431,11 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) fft.BitReverse(ch1) fft.BitReverse(ch2) - proof.h1, err = kzg.Commit(ch1, srs) + proof.h1, err = kzg.Commit(ch1, pk) if err != nil { return proof, err } - proof.h2, err = kzg.Commit(ch2, srs) + proof.h2, err = kzg.Commit(ch2, pk) if err != nil { return proof, err } @@ -456,7 +456,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) copy(cz, lz) domainSmall.FFTInverse(cz, fft.DIF) fft.BitReverse(cz) - proof.z, err = kzg.Commit(cz, srs) + proof.z, err = kzg.Commit(cz, pk) if err != nil { return proof, err } @@ -500,7 +500,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) return proof, err } ch := computeQuotientCanonical(alpha, lh, lh0, lhn, lh1h2, domainBig) - proof.h, err = kzg.Commit(ch, srs) + proof.h, err = kzg.Commit(ch, pk) if err != nil { return proof, err } @@ -529,7 +529,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) }, nu, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -551,7 +551,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) }, nu, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -561,7 +561,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) } // VerifyLookupVector verifies that a ProofLookupVector proof is correct -func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { +func VerifyLookupVector(vk kzg.VerifyingKey, proof ProofLookupVector) error { // hash function that is used for Fiat Shamir hFunc := sha256.New() @@ -603,7 +603,7 @@ func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { &proof.BatchedProof, nu, hFunc, - srs, + vk, ) if err != nil { return err @@ -622,7 +622,7 @@ func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { &proof.BatchedProofShifted, shiftedNu, hFunc, - srs, + vk, ) if err != nil { return err diff --git a/ecc/bn254/fr/plookup/plookup_test.go b/ecc/bn254/fr/plookup/plookup_test.go index cea61ec3b9..5c6e355eae 100644 --- a/ecc/bn254/fr/plookup/plookup_test.go +++ b/ecc/bn254/fr/plookup/plookup_test.go @@ -35,19 +35,19 @@ func TestLookupVector(t *testing.T) { fvector[i].Set(&lookupVector[(4*i+1)%8]) } - srs, err := kzg.NewSRS(64, big.NewInt(13)) + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } // correct proof vector { - proof, err := ProveLookupVector(srs, fvector, lookupVector) + proof, err := ProveLookupVector(pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(srs, proof) + err = VerifyLookupVector(vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestLookupVector(t *testing.T) { { fvector[0].SetRandom() - proof, err := ProveLookupVector(srs, fvector, lookupVector) + proof, err := ProveLookupVector(pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(srs, proof) + err = VerifyLookupVector(vk, proof) if err == nil { t.Fatal(err) } @@ -72,7 +72,7 @@ func TestLookupVector(t *testing.T) { func TestLookupTable(t *testing.T) { - srs, err := kzg.NewSRS(64, big.NewInt(13)) + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } @@ -92,12 +92,12 @@ func TestLookupTable(t *testing.T) { // correct proof { - proof, err := ProveLookupTables(srs, fTable, lookupTable) + proof, err := ProveLookupTables(pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(srs, proof) + err = VerifyLookupTables(vk, proof) if err != nil { t.Fatal(err) } @@ -106,12 +106,12 @@ func TestLookupTable(t *testing.T) { // wrong proof { fTable[0][0].SetRandom() - proof, err := ProveLookupTables(srs, fTable, lookupTable) + proof, err := ProveLookupTables(pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(srs, proof) + err = VerifyLookupTables(vk, proof) if err == nil { t.Fatal(err) } @@ -124,7 +124,7 @@ func BenchmarkPlookup(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - srs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make(fr.Vector, polySize) c := make(fr.Vector, polySize) @@ -135,6 +135,6 @@ func BenchmarkPlookup(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - ProveLookupVector(srs, a, c) + ProveLookupVector(pk, a, c) } } diff --git a/ecc/bn254/fr/plookup/table.go b/ecc/bn254/fr/plookup/table.go index 2e2bc5b2cd..4f110699af 100644 --- a/ecc/bn254/fr/plookup/table.go +++ b/ecc/bn254/fr/plookup/table.go @@ -60,7 +60,7 @@ type ProofLookupTables struct { // that t[:][i] contains the i-th entry of the truth table, so t[0][i] XOR t[1][i] = t[2][i]. // // The fr.Vector in f and t are supposed to be of the same size constant size. -func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error) { +func ProveLookupTables(pk kzg.ProvingKey, f, t []fr.Vector) (ProofLookupTables, error) { // res proof := ProofLookupTables{} @@ -116,7 +116,7 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error } d.FFTInverse(cfs[i], fft.DIF) fft.BitReverse(cfs[i]) - proof.fs[i], err = kzg.Commit(cfs[i], srs) + proof.fs[i], err = kzg.Commit(cfs[i], pk) if err != nil { return proof, err } @@ -131,7 +131,7 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error } d.FFTInverse(cts[i], fft.DIF) fft.BitReverse(cts[i]) - proof.ts[i], err = kzg.Commit(cts[i], srs) + proof.ts[i], err = kzg.Commit(cts[i], pk) if err != nil { return proof, err } @@ -164,20 +164,20 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error foldedtSorted := make(fr.Vector, nbColumns) copy(foldedtSorted, foldedt) sort.Sort(foldedtSorted) - proof.permutationProof, err = permutation.Prove(srs, foldedt, foldedtSorted) + proof.permutationProof, err = permutation.Prove(pk, foldedt, foldedtSorted) if err != nil { return proof, err } // call plookupVector, on foldedf[:len(foldedf)-1] to ensure that the domain size // in ProveLookupVector is the same as d's - proof.foldedProof, err = ProveLookupVector(srs, foldedf[:len(foldedf)-1], foldedt) + proof.foldedProof, err = ProveLookupVector(pk, foldedf[:len(foldedf)-1], foldedt) return proof, err } // VerifyLookupTables verifies that a ProofLookupTables proof is correct. -func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { +func VerifyLookupTables(vk kzg.VerifyingKey, proof ProofLookupTables) error { // hash function used for Fiat Shamir hFunc := sha256.New() @@ -221,13 +221,13 @@ func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { } // check that the folded commitment of the ts is a permutation of proof.FoldedProof.t - err = permutation.Verify(srs, proof.permutationProof) + err = permutation.Verify(vk, proof.permutationProof) if err != nil { return err } // verify the inner proof - return VerifyLookupVector(srs, proof.foldedProof) + return VerifyLookupVector(vk, proof.foldedProof) } // TODO put that in fiat-shamir package diff --git a/ecc/bn254/fr/plookup/vector.go b/ecc/bn254/fr/plookup/vector.go index 0971c04707..30179a31de 100644 --- a/ecc/bn254/fr/plookup/vector.go +++ b/ecc/bn254/fr/plookup/vector.go @@ -353,7 +353,7 @@ func computeQuotientCanonical(alpha fr.Element, lh, lh0, lhn, lh1h2 []fr.Element // before generating a lookup proof), the commitment needs to be done on the // table sorted. Otherwise the commitment in proof.t will not be the same as // the public commitment: it will contain the same values, but permuted. -func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) { +func ProveLookupVector(pk kzg.ProvingKey, f, t fr.Vector) (ProofLookupVector, error) { // res var proof ProofLookupVector @@ -401,11 +401,11 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) domainSmall.FFTInverse(cf, fft.DIF) fft.BitReverse(ct) fft.BitReverse(cf) - proof.t, err = kzg.Commit(ct, srs) + proof.t, err = kzg.Commit(ct, pk) if err != nil { return proof, err } - proof.f, err = kzg.Commit(cf, srs) + proof.f, err = kzg.Commit(cf, pk) if err != nil { return proof, err } @@ -431,11 +431,11 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) fft.BitReverse(ch1) fft.BitReverse(ch2) - proof.h1, err = kzg.Commit(ch1, srs) + proof.h1, err = kzg.Commit(ch1, pk) if err != nil { return proof, err } - proof.h2, err = kzg.Commit(ch2, srs) + proof.h2, err = kzg.Commit(ch2, pk) if err != nil { return proof, err } @@ -456,7 +456,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) copy(cz, lz) domainSmall.FFTInverse(cz, fft.DIF) fft.BitReverse(cz) - proof.z, err = kzg.Commit(cz, srs) + proof.z, err = kzg.Commit(cz, pk) if err != nil { return proof, err } @@ -500,7 +500,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) return proof, err } ch := computeQuotientCanonical(alpha, lh, lh0, lhn, lh1h2, domainBig) - proof.h, err = kzg.Commit(ch, srs) + proof.h, err = kzg.Commit(ch, pk) if err != nil { return proof, err } @@ -529,7 +529,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) }, nu, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -551,7 +551,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) }, nu, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -561,7 +561,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) } // VerifyLookupVector verifies that a ProofLookupVector proof is correct -func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { +func VerifyLookupVector(vk kzg.VerifyingKey, proof ProofLookupVector) error { // hash function that is used for Fiat Shamir hFunc := sha256.New() @@ -603,7 +603,7 @@ func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { &proof.BatchedProof, nu, hFunc, - srs, + vk, ) if err != nil { return err @@ -622,7 +622,7 @@ func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { &proof.BatchedProofShifted, shiftedNu, hFunc, - srs, + vk, ) if err != nil { return err diff --git a/ecc/bw6-633/fr/plookup/plookup_test.go b/ecc/bw6-633/fr/plookup/plookup_test.go index f143f21a83..97c2375ff1 100644 --- a/ecc/bw6-633/fr/plookup/plookup_test.go +++ b/ecc/bw6-633/fr/plookup/plookup_test.go @@ -35,19 +35,19 @@ func TestLookupVector(t *testing.T) { fvector[i].Set(&lookupVector[(4*i+1)%8]) } - srs, err := kzg.NewSRS(64, big.NewInt(13)) + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } // correct proof vector { - proof, err := ProveLookupVector(srs, fvector, lookupVector) + proof, err := ProveLookupVector(pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(srs, proof) + err = VerifyLookupVector(vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestLookupVector(t *testing.T) { { fvector[0].SetRandom() - proof, err := ProveLookupVector(srs, fvector, lookupVector) + proof, err := ProveLookupVector(pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(srs, proof) + err = VerifyLookupVector(vk, proof) if err == nil { t.Fatal(err) } @@ -72,7 +72,7 @@ func TestLookupVector(t *testing.T) { func TestLookupTable(t *testing.T) { - srs, err := kzg.NewSRS(64, big.NewInt(13)) + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } @@ -92,12 +92,12 @@ func TestLookupTable(t *testing.T) { // correct proof { - proof, err := ProveLookupTables(srs, fTable, lookupTable) + proof, err := ProveLookupTables(pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(srs, proof) + err = VerifyLookupTables(vk, proof) if err != nil { t.Fatal(err) } @@ -106,12 +106,12 @@ func TestLookupTable(t *testing.T) { // wrong proof { fTable[0][0].SetRandom() - proof, err := ProveLookupTables(srs, fTable, lookupTable) + proof, err := ProveLookupTables(pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(srs, proof) + err = VerifyLookupTables(vk, proof) if err == nil { t.Fatal(err) } @@ -124,7 +124,7 @@ func BenchmarkPlookup(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - srs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make(fr.Vector, polySize) c := make(fr.Vector, polySize) @@ -135,6 +135,6 @@ func BenchmarkPlookup(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - ProveLookupVector(srs, a, c) + ProveLookupVector(pk, a, c) } } diff --git a/ecc/bw6-633/fr/plookup/table.go b/ecc/bw6-633/fr/plookup/table.go index 517afaf3ac..737cf3d442 100644 --- a/ecc/bw6-633/fr/plookup/table.go +++ b/ecc/bw6-633/fr/plookup/table.go @@ -60,7 +60,7 @@ type ProofLookupTables struct { // that t[:][i] contains the i-th entry of the truth table, so t[0][i] XOR t[1][i] = t[2][i]. // // The fr.Vector in f and t are supposed to be of the same size constant size. -func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error) { +func ProveLookupTables(pk kzg.ProvingKey, f, t []fr.Vector) (ProofLookupTables, error) { // res proof := ProofLookupTables{} @@ -116,7 +116,7 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error } d.FFTInverse(cfs[i], fft.DIF) fft.BitReverse(cfs[i]) - proof.fs[i], err = kzg.Commit(cfs[i], srs) + proof.fs[i], err = kzg.Commit(cfs[i], pk) if err != nil { return proof, err } @@ -131,7 +131,7 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error } d.FFTInverse(cts[i], fft.DIF) fft.BitReverse(cts[i]) - proof.ts[i], err = kzg.Commit(cts[i], srs) + proof.ts[i], err = kzg.Commit(cts[i], pk) if err != nil { return proof, err } @@ -164,20 +164,20 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error foldedtSorted := make(fr.Vector, nbColumns) copy(foldedtSorted, foldedt) sort.Sort(foldedtSorted) - proof.permutationProof, err = permutation.Prove(srs, foldedt, foldedtSorted) + proof.permutationProof, err = permutation.Prove(pk, foldedt, foldedtSorted) if err != nil { return proof, err } // call plookupVector, on foldedf[:len(foldedf)-1] to ensure that the domain size // in ProveLookupVector is the same as d's - proof.foldedProof, err = ProveLookupVector(srs, foldedf[:len(foldedf)-1], foldedt) + proof.foldedProof, err = ProveLookupVector(pk, foldedf[:len(foldedf)-1], foldedt) return proof, err } // VerifyLookupTables verifies that a ProofLookupTables proof is correct. -func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { +func VerifyLookupTables(vk kzg.VerifyingKey, proof ProofLookupTables) error { // hash function used for Fiat Shamir hFunc := sha256.New() @@ -221,13 +221,13 @@ func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { } // check that the folded commitment of the ts is a permutation of proof.FoldedProof.t - err = permutation.Verify(srs, proof.permutationProof) + err = permutation.Verify(vk, proof.permutationProof) if err != nil { return err } // verify the inner proof - return VerifyLookupVector(srs, proof.foldedProof) + return VerifyLookupVector(vk, proof.foldedProof) } // TODO put that in fiat-shamir package diff --git a/ecc/bw6-633/fr/plookup/vector.go b/ecc/bw6-633/fr/plookup/vector.go index 1495b4e456..06b5561919 100644 --- a/ecc/bw6-633/fr/plookup/vector.go +++ b/ecc/bw6-633/fr/plookup/vector.go @@ -353,7 +353,7 @@ func computeQuotientCanonical(alpha fr.Element, lh, lh0, lhn, lh1h2 []fr.Element // before generating a lookup proof), the commitment needs to be done on the // table sorted. Otherwise the commitment in proof.t will not be the same as // the public commitment: it will contain the same values, but permuted. -func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) { +func ProveLookupVector(pk kzg.ProvingKey, f, t fr.Vector) (ProofLookupVector, error) { // res var proof ProofLookupVector @@ -401,11 +401,11 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) domainSmall.FFTInverse(cf, fft.DIF) fft.BitReverse(ct) fft.BitReverse(cf) - proof.t, err = kzg.Commit(ct, srs) + proof.t, err = kzg.Commit(ct, pk) if err != nil { return proof, err } - proof.f, err = kzg.Commit(cf, srs) + proof.f, err = kzg.Commit(cf, pk) if err != nil { return proof, err } @@ -431,11 +431,11 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) fft.BitReverse(ch1) fft.BitReverse(ch2) - proof.h1, err = kzg.Commit(ch1, srs) + proof.h1, err = kzg.Commit(ch1, pk) if err != nil { return proof, err } - proof.h2, err = kzg.Commit(ch2, srs) + proof.h2, err = kzg.Commit(ch2, pk) if err != nil { return proof, err } @@ -456,7 +456,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) copy(cz, lz) domainSmall.FFTInverse(cz, fft.DIF) fft.BitReverse(cz) - proof.z, err = kzg.Commit(cz, srs) + proof.z, err = kzg.Commit(cz, pk) if err != nil { return proof, err } @@ -500,7 +500,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) return proof, err } ch := computeQuotientCanonical(alpha, lh, lh0, lhn, lh1h2, domainBig) - proof.h, err = kzg.Commit(ch, srs) + proof.h, err = kzg.Commit(ch, pk) if err != nil { return proof, err } @@ -529,7 +529,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) }, nu, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -551,7 +551,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) }, nu, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -561,7 +561,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) } // VerifyLookupVector verifies that a ProofLookupVector proof is correct -func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { +func VerifyLookupVector(vk kzg.VerifyingKey, proof ProofLookupVector) error { // hash function that is used for Fiat Shamir hFunc := sha256.New() @@ -603,7 +603,7 @@ func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { &proof.BatchedProof, nu, hFunc, - srs, + vk, ) if err != nil { return err @@ -622,7 +622,7 @@ func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { &proof.BatchedProofShifted, shiftedNu, hFunc, - srs, + vk, ) if err != nil { return err diff --git a/ecc/bw6-756/fr/plookup/plookup_test.go b/ecc/bw6-756/fr/plookup/plookup_test.go index c33c0d1cb1..e91ecc4aa3 100644 --- a/ecc/bw6-756/fr/plookup/plookup_test.go +++ b/ecc/bw6-756/fr/plookup/plookup_test.go @@ -35,19 +35,19 @@ func TestLookupVector(t *testing.T) { fvector[i].Set(&lookupVector[(4*i+1)%8]) } - srs, err := kzg.NewSRS(64, big.NewInt(13)) + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } // correct proof vector { - proof, err := ProveLookupVector(srs, fvector, lookupVector) + proof, err := ProveLookupVector(pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(srs, proof) + err = VerifyLookupVector(vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestLookupVector(t *testing.T) { { fvector[0].SetRandom() - proof, err := ProveLookupVector(srs, fvector, lookupVector) + proof, err := ProveLookupVector(pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(srs, proof) + err = VerifyLookupVector(vk, proof) if err == nil { t.Fatal(err) } @@ -72,7 +72,7 @@ func TestLookupVector(t *testing.T) { func TestLookupTable(t *testing.T) { - srs, err := kzg.NewSRS(64, big.NewInt(13)) + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } @@ -92,12 +92,12 @@ func TestLookupTable(t *testing.T) { // correct proof { - proof, err := ProveLookupTables(srs, fTable, lookupTable) + proof, err := ProveLookupTables(pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(srs, proof) + err = VerifyLookupTables(vk, proof) if err != nil { t.Fatal(err) } @@ -106,12 +106,12 @@ func TestLookupTable(t *testing.T) { // wrong proof { fTable[0][0].SetRandom() - proof, err := ProveLookupTables(srs, fTable, lookupTable) + proof, err := ProveLookupTables(pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(srs, proof) + err = VerifyLookupTables(vk, proof) if err == nil { t.Fatal(err) } @@ -124,7 +124,7 @@ func BenchmarkPlookup(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - srs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make(fr.Vector, polySize) c := make(fr.Vector, polySize) @@ -135,6 +135,6 @@ func BenchmarkPlookup(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - ProveLookupVector(srs, a, c) + ProveLookupVector(pk, a, c) } } diff --git a/ecc/bw6-756/fr/plookup/table.go b/ecc/bw6-756/fr/plookup/table.go index 0caeceef66..68abe9104c 100644 --- a/ecc/bw6-756/fr/plookup/table.go +++ b/ecc/bw6-756/fr/plookup/table.go @@ -60,7 +60,7 @@ type ProofLookupTables struct { // that t[:][i] contains the i-th entry of the truth table, so t[0][i] XOR t[1][i] = t[2][i]. // // The fr.Vector in f and t are supposed to be of the same size constant size. -func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error) { +func ProveLookupTables(pk kzg.ProvingKey, f, t []fr.Vector) (ProofLookupTables, error) { // res proof := ProofLookupTables{} @@ -116,7 +116,7 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error } d.FFTInverse(cfs[i], fft.DIF) fft.BitReverse(cfs[i]) - proof.fs[i], err = kzg.Commit(cfs[i], srs) + proof.fs[i], err = kzg.Commit(cfs[i], pk) if err != nil { return proof, err } @@ -131,7 +131,7 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error } d.FFTInverse(cts[i], fft.DIF) fft.BitReverse(cts[i]) - proof.ts[i], err = kzg.Commit(cts[i], srs) + proof.ts[i], err = kzg.Commit(cts[i], pk) if err != nil { return proof, err } @@ -164,20 +164,20 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error foldedtSorted := make(fr.Vector, nbColumns) copy(foldedtSorted, foldedt) sort.Sort(foldedtSorted) - proof.permutationProof, err = permutation.Prove(srs, foldedt, foldedtSorted) + proof.permutationProof, err = permutation.Prove(pk, foldedt, foldedtSorted) if err != nil { return proof, err } // call plookupVector, on foldedf[:len(foldedf)-1] to ensure that the domain size // in ProveLookupVector is the same as d's - proof.foldedProof, err = ProveLookupVector(srs, foldedf[:len(foldedf)-1], foldedt) + proof.foldedProof, err = ProveLookupVector(pk, foldedf[:len(foldedf)-1], foldedt) return proof, err } // VerifyLookupTables verifies that a ProofLookupTables proof is correct. -func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { +func VerifyLookupTables(vk kzg.VerifyingKey, proof ProofLookupTables) error { // hash function used for Fiat Shamir hFunc := sha256.New() @@ -221,13 +221,13 @@ func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { } // check that the folded commitment of the ts is a permutation of proof.FoldedProof.t - err = permutation.Verify(srs, proof.permutationProof) + err = permutation.Verify(vk, proof.permutationProof) if err != nil { return err } // verify the inner proof - return VerifyLookupVector(srs, proof.foldedProof) + return VerifyLookupVector(vk, proof.foldedProof) } // TODO put that in fiat-shamir package diff --git a/ecc/bw6-756/fr/plookup/vector.go b/ecc/bw6-756/fr/plookup/vector.go index 3096ba9b15..3a034baefd 100644 --- a/ecc/bw6-756/fr/plookup/vector.go +++ b/ecc/bw6-756/fr/plookup/vector.go @@ -353,7 +353,7 @@ func computeQuotientCanonical(alpha fr.Element, lh, lh0, lhn, lh1h2 []fr.Element // before generating a lookup proof), the commitment needs to be done on the // table sorted. Otherwise the commitment in proof.t will not be the same as // the public commitment: it will contain the same values, but permuted. -func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) { +func ProveLookupVector(pk kzg.ProvingKey, f, t fr.Vector) (ProofLookupVector, error) { // res var proof ProofLookupVector @@ -401,11 +401,11 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) domainSmall.FFTInverse(cf, fft.DIF) fft.BitReverse(ct) fft.BitReverse(cf) - proof.t, err = kzg.Commit(ct, srs) + proof.t, err = kzg.Commit(ct, pk) if err != nil { return proof, err } - proof.f, err = kzg.Commit(cf, srs) + proof.f, err = kzg.Commit(cf, pk) if err != nil { return proof, err } @@ -431,11 +431,11 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) fft.BitReverse(ch1) fft.BitReverse(ch2) - proof.h1, err = kzg.Commit(ch1, srs) + proof.h1, err = kzg.Commit(ch1, pk) if err != nil { return proof, err } - proof.h2, err = kzg.Commit(ch2, srs) + proof.h2, err = kzg.Commit(ch2, pk) if err != nil { return proof, err } @@ -456,7 +456,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) copy(cz, lz) domainSmall.FFTInverse(cz, fft.DIF) fft.BitReverse(cz) - proof.z, err = kzg.Commit(cz, srs) + proof.z, err = kzg.Commit(cz, pk) if err != nil { return proof, err } @@ -500,7 +500,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) return proof, err } ch := computeQuotientCanonical(alpha, lh, lh0, lhn, lh1h2, domainBig) - proof.h, err = kzg.Commit(ch, srs) + proof.h, err = kzg.Commit(ch, pk) if err != nil { return proof, err } @@ -529,7 +529,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) }, nu, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -551,7 +551,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) }, nu, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -561,7 +561,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) } // VerifyLookupVector verifies that a ProofLookupVector proof is correct -func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { +func VerifyLookupVector(vk kzg.VerifyingKey, proof ProofLookupVector) error { // hash function that is used for Fiat Shamir hFunc := sha256.New() @@ -603,7 +603,7 @@ func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { &proof.BatchedProof, nu, hFunc, - srs, + vk, ) if err != nil { return err @@ -622,7 +622,7 @@ func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { &proof.BatchedProofShifted, shiftedNu, hFunc, - srs, + vk, ) if err != nil { return err diff --git a/ecc/bw6-761/fr/plookup/plookup_test.go b/ecc/bw6-761/fr/plookup/plookup_test.go index dce85a34fa..39940fa9ac 100644 --- a/ecc/bw6-761/fr/plookup/plookup_test.go +++ b/ecc/bw6-761/fr/plookup/plookup_test.go @@ -35,19 +35,19 @@ func TestLookupVector(t *testing.T) { fvector[i].Set(&lookupVector[(4*i+1)%8]) } - srs, err := kzg.NewSRS(64, big.NewInt(13)) + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } // correct proof vector { - proof, err := ProveLookupVector(srs, fvector, lookupVector) + proof, err := ProveLookupVector(pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(srs, proof) + err = VerifyLookupVector(vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestLookupVector(t *testing.T) { { fvector[0].SetRandom() - proof, err := ProveLookupVector(srs, fvector, lookupVector) + proof, err := ProveLookupVector(pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(srs, proof) + err = VerifyLookupVector(vk, proof) if err == nil { t.Fatal(err) } @@ -72,7 +72,7 @@ func TestLookupVector(t *testing.T) { func TestLookupTable(t *testing.T) { - srs, err := kzg.NewSRS(64, big.NewInt(13)) + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } @@ -92,12 +92,12 @@ func TestLookupTable(t *testing.T) { // correct proof { - proof, err := ProveLookupTables(srs, fTable, lookupTable) + proof, err := ProveLookupTables(pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(srs, proof) + err = VerifyLookupTables(vk, proof) if err != nil { t.Fatal(err) } @@ -106,12 +106,12 @@ func TestLookupTable(t *testing.T) { // wrong proof { fTable[0][0].SetRandom() - proof, err := ProveLookupTables(srs, fTable, lookupTable) + proof, err := ProveLookupTables(pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(srs, proof) + err = VerifyLookupTables(vk, proof) if err == nil { t.Fatal(err) } @@ -124,7 +124,7 @@ func BenchmarkPlookup(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - srs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make(fr.Vector, polySize) c := make(fr.Vector, polySize) @@ -135,6 +135,6 @@ func BenchmarkPlookup(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - ProveLookupVector(srs, a, c) + ProveLookupVector(pk, a, c) } } diff --git a/ecc/bw6-761/fr/plookup/table.go b/ecc/bw6-761/fr/plookup/table.go index 7036fac089..203e3eb3b6 100644 --- a/ecc/bw6-761/fr/plookup/table.go +++ b/ecc/bw6-761/fr/plookup/table.go @@ -60,7 +60,7 @@ type ProofLookupTables struct { // that t[:][i] contains the i-th entry of the truth table, so t[0][i] XOR t[1][i] = t[2][i]. // // The fr.Vector in f and t are supposed to be of the same size constant size. -func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error) { +func ProveLookupTables(pk kzg.ProvingKey, f, t []fr.Vector) (ProofLookupTables, error) { // res proof := ProofLookupTables{} @@ -116,7 +116,7 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error } d.FFTInverse(cfs[i], fft.DIF) fft.BitReverse(cfs[i]) - proof.fs[i], err = kzg.Commit(cfs[i], srs) + proof.fs[i], err = kzg.Commit(cfs[i], pk) if err != nil { return proof, err } @@ -131,7 +131,7 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error } d.FFTInverse(cts[i], fft.DIF) fft.BitReverse(cts[i]) - proof.ts[i], err = kzg.Commit(cts[i], srs) + proof.ts[i], err = kzg.Commit(cts[i], pk) if err != nil { return proof, err } @@ -164,20 +164,20 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error foldedtSorted := make(fr.Vector, nbColumns) copy(foldedtSorted, foldedt) sort.Sort(foldedtSorted) - proof.permutationProof, err = permutation.Prove(srs, foldedt, foldedtSorted) + proof.permutationProof, err = permutation.Prove(pk, foldedt, foldedtSorted) if err != nil { return proof, err } // call plookupVector, on foldedf[:len(foldedf)-1] to ensure that the domain size // in ProveLookupVector is the same as d's - proof.foldedProof, err = ProveLookupVector(srs, foldedf[:len(foldedf)-1], foldedt) + proof.foldedProof, err = ProveLookupVector(pk, foldedf[:len(foldedf)-1], foldedt) return proof, err } // VerifyLookupTables verifies that a ProofLookupTables proof is correct. -func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { +func VerifyLookupTables(vk kzg.VerifyingKey, proof ProofLookupTables) error { // hash function used for Fiat Shamir hFunc := sha256.New() @@ -221,13 +221,13 @@ func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { } // check that the folded commitment of the ts is a permutation of proof.FoldedProof.t - err = permutation.Verify(srs, proof.permutationProof) + err = permutation.Verify(vk, proof.permutationProof) if err != nil { return err } // verify the inner proof - return VerifyLookupVector(srs, proof.foldedProof) + return VerifyLookupVector(vk, proof.foldedProof) } // TODO put that in fiat-shamir package diff --git a/ecc/bw6-761/fr/plookup/vector.go b/ecc/bw6-761/fr/plookup/vector.go index 34da3f3733..25be7af31b 100644 --- a/ecc/bw6-761/fr/plookup/vector.go +++ b/ecc/bw6-761/fr/plookup/vector.go @@ -353,7 +353,7 @@ func computeQuotientCanonical(alpha fr.Element, lh, lh0, lhn, lh1h2 []fr.Element // before generating a lookup proof), the commitment needs to be done on the // table sorted. Otherwise the commitment in proof.t will not be the same as // the public commitment: it will contain the same values, but permuted. -func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) { +func ProveLookupVector(pk kzg.ProvingKey, f, t fr.Vector) (ProofLookupVector, error) { // res var proof ProofLookupVector @@ -401,11 +401,11 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) domainSmall.FFTInverse(cf, fft.DIF) fft.BitReverse(ct) fft.BitReverse(cf) - proof.t, err = kzg.Commit(ct, srs) + proof.t, err = kzg.Commit(ct, pk) if err != nil { return proof, err } - proof.f, err = kzg.Commit(cf, srs) + proof.f, err = kzg.Commit(cf, pk) if err != nil { return proof, err } @@ -431,11 +431,11 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) fft.BitReverse(ch1) fft.BitReverse(ch2) - proof.h1, err = kzg.Commit(ch1, srs) + proof.h1, err = kzg.Commit(ch1, pk) if err != nil { return proof, err } - proof.h2, err = kzg.Commit(ch2, srs) + proof.h2, err = kzg.Commit(ch2, pk) if err != nil { return proof, err } @@ -456,7 +456,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) copy(cz, lz) domainSmall.FFTInverse(cz, fft.DIF) fft.BitReverse(cz) - proof.z, err = kzg.Commit(cz, srs) + proof.z, err = kzg.Commit(cz, pk) if err != nil { return proof, err } @@ -500,7 +500,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) return proof, err } ch := computeQuotientCanonical(alpha, lh, lh0, lhn, lh1h2, domainBig) - proof.h, err = kzg.Commit(ch, srs) + proof.h, err = kzg.Commit(ch, pk) if err != nil { return proof, err } @@ -529,7 +529,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) }, nu, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -551,7 +551,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) }, nu, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -561,7 +561,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) } // VerifyLookupVector verifies that a ProofLookupVector proof is correct -func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { +func VerifyLookupVector(vk kzg.VerifyingKey, proof ProofLookupVector) error { // hash function that is used for Fiat Shamir hFunc := sha256.New() @@ -603,7 +603,7 @@ func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { &proof.BatchedProof, nu, hFunc, - srs, + vk, ) if err != nil { return err @@ -622,7 +622,7 @@ func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { &proof.BatchedProofShifted, shiftedNu, hFunc, - srs, + vk, ) if err != nil { return err diff --git a/internal/generator/plookup/template/plookup.test.go.tmpl b/internal/generator/plookup/template/plookup.test.go.tmpl index 725db2f54c..f68e68e898 100644 --- a/internal/generator/plookup/template/plookup.test.go.tmpl +++ b/internal/generator/plookup/template/plookup.test.go.tmpl @@ -17,19 +17,19 @@ func TestLookupVector(t *testing.T) { fvector[i].Set(&lookupVector[(4*i+1)%8]) } - srs, err := kzg.NewSRS(64, big.NewInt(13)) + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } // correct proof vector { - proof, err := ProveLookupVector(srs, fvector, lookupVector) + proof, err := ProveLookupVector(pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(srs, proof) + err = VerifyLookupVector(vk, proof) if err != nil { t.Fatal(err) } @@ -39,12 +39,12 @@ func TestLookupVector(t *testing.T) { { fvector[0].SetRandom() - proof, err := ProveLookupVector(srs, fvector, lookupVector) + proof, err := ProveLookupVector(pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(srs, proof) + err = VerifyLookupVector(vk, proof) if err == nil { t.Fatal(err) } @@ -54,7 +54,7 @@ func TestLookupVector(t *testing.T) { func TestLookupTable(t *testing.T) { - srs, err := kzg.NewSRS(64, big.NewInt(13)) + pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } @@ -74,12 +74,12 @@ func TestLookupTable(t *testing.T) { // correct proof { - proof, err := ProveLookupTables(srs, fTable, lookupTable) + proof, err := ProveLookupTables(pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(srs, proof) + err = VerifyLookupTables(vk, proof) if err != nil { t.Fatal(err) } @@ -88,12 +88,12 @@ func TestLookupTable(t *testing.T) { // wrong proof { fTable[0][0].SetRandom() - proof, err := ProveLookupTables(srs, fTable, lookupTable) + proof, err := ProveLookupTables(pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(srs, proof) + err = VerifyLookupTables(vk, proof) if err == nil { t.Fatal(err) } @@ -106,7 +106,7 @@ func BenchmarkPlookup(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - srs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make(fr.Vector, polySize) c := make(fr.Vector, polySize) @@ -117,6 +117,6 @@ func BenchmarkPlookup(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - ProveLookupVector(srs, a, c) + ProveLookupVector(pk, a, c) } } diff --git a/internal/generator/plookup/template/table.go.tmpl b/internal/generator/plookup/template/table.go.tmpl index bdef72ad41..46dbe3a292 100644 --- a/internal/generator/plookup/template/table.go.tmpl +++ b/internal/generator/plookup/template/table.go.tmpl @@ -42,7 +42,7 @@ type ProofLookupTables struct { // that t[:][i] contains the i-th entry of the truth table, so t[0][i] XOR t[1][i] = t[2][i]. // // The fr.Vector in f and t are supposed to be of the same size constant size. -func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error) { +func ProveLookupTables(pk kzg.ProvingKey, f, t []fr.Vector) (ProofLookupTables, error) { // res proof := ProofLookupTables{} @@ -98,7 +98,7 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error } d.FFTInverse(cfs[i], fft.DIF) fft.BitReverse(cfs[i]) - proof.fs[i], err = kzg.Commit(cfs[i], srs) + proof.fs[i], err = kzg.Commit(cfs[i], pk) if err != nil { return proof, err } @@ -113,7 +113,7 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error } d.FFTInverse(cts[i], fft.DIF) fft.BitReverse(cts[i]) - proof.ts[i], err = kzg.Commit(cts[i], srs) + proof.ts[i], err = kzg.Commit(cts[i], pk) if err != nil { return proof, err } @@ -146,20 +146,20 @@ func ProveLookupTables(srs *kzg.SRS, f, t []fr.Vector) (ProofLookupTables, error foldedtSorted := make(fr.Vector, nbColumns) copy(foldedtSorted, foldedt) sort.Sort(foldedtSorted) - proof.permutationProof, err = permutation.Prove(srs, foldedt, foldedtSorted) + proof.permutationProof, err = permutation.Prove(pk, foldedt, foldedtSorted) if err != nil { return proof, err } // call plookupVector, on foldedf[:len(foldedf)-1] to ensure that the domain size // in ProveLookupVector is the same as d's - proof.foldedProof, err = ProveLookupVector(srs, foldedf[:len(foldedf)-1], foldedt) + proof.foldedProof, err = ProveLookupVector(pk, foldedf[:len(foldedf)-1], foldedt) return proof, err } // VerifyLookupTables verifies that a ProofLookupTables proof is correct. -func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { +func VerifyLookupTables(vk kzg.VerifyingKey, proof ProofLookupTables) error { // hash function used for Fiat Shamir hFunc := sha256.New() @@ -203,13 +203,13 @@ func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { } // check that the folded commitment of the ts is a permutation of proof.FoldedProof.t - err = permutation.Verify(srs, proof.permutationProof) + err = permutation.Verify(vk, proof.permutationProof) if err != nil { return err } // verify the inner proof - return VerifyLookupVector(srs, proof.foldedProof) + return VerifyLookupVector(vk, proof.foldedProof) } // TODO put that in fiat-shamir package diff --git a/internal/generator/plookup/template/vector.go.tmpl b/internal/generator/plookup/template/vector.go.tmpl index 55478d7e01..a506523b4b 100644 --- a/internal/generator/plookup/template/vector.go.tmpl +++ b/internal/generator/plookup/template/vector.go.tmpl @@ -336,7 +336,7 @@ func computeQuotientCanonical(alpha fr.Element, lh, lh0, lhn, lh1h2 []fr.Element // table sorted. Otherwise the commitment in proof.t will not be the same as // the public commitment: it will contain the same values, but permuted. // -func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) { +func ProveLookupVector(pk kzg.ProvingKey, f, t fr.Vector) (ProofLookupVector, error) { // res var proof ProofLookupVector @@ -384,11 +384,11 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) domainSmall.FFTInverse(cf, fft.DIF) fft.BitReverse(ct) fft.BitReverse(cf) - proof.t, err = kzg.Commit(ct, srs) + proof.t, err = kzg.Commit(ct, pk) if err != nil { return proof, err } - proof.f, err = kzg.Commit(cf, srs) + proof.f, err = kzg.Commit(cf, pk) if err != nil { return proof, err } @@ -414,11 +414,11 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) fft.BitReverse(ch1) fft.BitReverse(ch2) - proof.h1, err = kzg.Commit(ch1, srs) + proof.h1, err = kzg.Commit(ch1, pk) if err != nil { return proof, err } - proof.h2, err = kzg.Commit(ch2, srs) + proof.h2, err = kzg.Commit(ch2, pk) if err != nil { return proof, err } @@ -439,7 +439,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) copy(cz, lz) domainSmall.FFTInverse(cz, fft.DIF) fft.BitReverse(cz) - proof.z, err = kzg.Commit(cz, srs) + proof.z, err = kzg.Commit(cz, pk) if err != nil { return proof, err } @@ -483,7 +483,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) return proof, err } ch := computeQuotientCanonical(alpha, lh, lh0, lhn, lh1h2, domainBig) - proof.h, err = kzg.Commit(ch, srs) + proof.h, err = kzg.Commit(ch, pk) if err != nil { return proof, err } @@ -512,7 +512,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) }, nu, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -534,7 +534,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) }, nu, hFunc, - srs, + pk, ) if err != nil { return proof, err @@ -544,7 +544,7 @@ func ProveLookupVector(srs *kzg.SRS, f, t fr.Vector) (ProofLookupVector, error) } // VerifyLookupVector verifies that a ProofLookupVector proof is correct -func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { +func VerifyLookupVector(vk kzg.VerifyingKey, proof ProofLookupVector) error { // hash function that is used for Fiat Shamir hFunc := sha256.New() @@ -586,7 +586,7 @@ func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { &proof.BatchedProof, nu, hFunc, - srs, + vk, ) if err != nil { return err @@ -605,7 +605,7 @@ func VerifyLookupVector(srs *kzg.SRS, proof ProofLookupVector) error { &proof.BatchedProofShifted, shiftedNu, hFunc, - srs, + vk, ) if err != nil { return err From 527b79b951219d0aead52824d30996af5b87523d Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Sat, 8 Apr 2023 17:49:16 -0500 Subject: [PATCH 10/21] revert: limited revival of kzg.Srs --- ecc/bls12-377/fr/kzg/kzg.go | 20 +++-- ecc/bls12-377/fr/kzg/kzg_test.go | 83 +++++++++---------- ecc/bls12-378/fr/kzg/kzg.go | 20 +++-- ecc/bls12-378/fr/kzg/kzg_test.go | 83 +++++++++---------- ecc/bls12-381/fr/kzg/kzg.go | 20 +++-- ecc/bls12-381/fr/kzg/kzg_test.go | 83 +++++++++---------- ecc/bls24-315/fr/kzg/kzg.go | 20 +++-- ecc/bls24-315/fr/kzg/kzg_test.go | 83 +++++++++---------- ecc/bls24-317/fr/kzg/kzg.go | 20 +++-- ecc/bls24-317/fr/kzg/kzg_test.go | 83 +++++++++---------- ecc/bn254/fr/kzg/kzg.go | 20 +++-- ecc/bn254/fr/kzg/kzg_test.go | 83 +++++++++---------- ecc/bw6-633/fr/kzg/kzg.go | 20 +++-- ecc/bw6-633/fr/kzg/kzg_test.go | 83 +++++++++---------- ecc/bw6-756/fr/kzg/kzg.go | 20 +++-- ecc/bw6-756/fr/kzg/kzg_test.go | 83 +++++++++---------- ecc/bw6-761/fr/kzg/kzg.go | 20 +++-- ecc/bw6-761/fr/kzg/kzg_test.go | 83 +++++++++---------- internal/generator/kzg/template/kzg.go.tmpl | 20 +++-- .../generator/kzg/template/kzg.test.go.tmpl | 83 +++++++++---------- 20 files changed, 530 insertions(+), 500 deletions(-) diff --git a/ecc/bls12-377/fr/kzg/kzg.go b/ecc/bls12-377/fr/kzg/kzg.go index a3a5eb0865..5389813cdf 100644 --- a/ecc/bls12-377/fr/kzg/kzg.go +++ b/ecc/bls12-377/fr/kzg/kzg.go @@ -51,6 +51,12 @@ type VerifyingKey struct { G1 bls12377.G1Affine } +type SRS struct { + Pk ProvingKey + Vk VerifyingKey +} + +// TODO @Tabaie get rid of this and use the polynomial package // eval returns p(point) where p is interpreted as a polynomial // ∑_{i Date: Sat, 8 Apr 2023 18:11:08 -0500 Subject: [PATCH 11/21] revert: reflect kzg.srs revival in other packages --- .../fr/permutation/permutation_test.go | 14 +++++------ ecc/bls12-377/fr/plookup/plookup_test.go | 24 +++++++++---------- .../fr/permutation/permutation_test.go | 14 +++++------ ecc/bls12-378/fr/plookup/plookup_test.go | 24 +++++++++---------- .../fr/permutation/permutation_test.go | 14 +++++------ ecc/bls12-381/fr/plookup/plookup_test.go | 24 +++++++++---------- .../fr/permutation/permutation_test.go | 14 +++++------ ecc/bls24-315/fr/plookup/plookup_test.go | 24 +++++++++---------- .../fr/permutation/permutation_test.go | 14 +++++------ ecc/bls24-317/fr/plookup/plookup_test.go | 24 +++++++++---------- ecc/bn254/fr/permutation/permutation_test.go | 14 +++++------ ecc/bn254/fr/plookup/plookup_test.go | 24 +++++++++---------- .../fr/permutation/permutation_test.go | 14 +++++------ ecc/bw6-633/fr/plookup/plookup_test.go | 24 +++++++++---------- .../fr/permutation/permutation_test.go | 14 +++++------ ecc/bw6-756/fr/plookup/plookup_test.go | 24 +++++++++---------- .../fr/permutation/permutation_test.go | 14 +++++------ ecc/bw6-761/fr/plookup/plookup_test.go | 24 +++++++++---------- .../template/permutation.test.go.tmpl | 14 +++++------ .../plookup/template/plookup.test.go.tmpl | 24 +++++++++---------- 20 files changed, 190 insertions(+), 190 deletions(-) diff --git a/ecc/bls12-377/fr/permutation/permutation_test.go b/ecc/bls12-377/fr/permutation/permutation_test.go index 2254ab0ecd..8d527af95d 100644 --- a/ecc/bls12-377/fr/permutation/permutation_test.go +++ b/ecc/bls12-377/fr/permutation/permutation_test.go @@ -28,7 +28,7 @@ import ( func TestProof(t *testing.T) { - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) assert.NoError(t, err) a := make([]fr.Element, 8) @@ -43,12 +43,12 @@ func TestProof(t *testing.T) { // correct proof { - proof, err := Prove(pk, a, b) + proof, err := Prove(kzgSrs.Pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(vk, proof) + err = Verify(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestProof(t *testing.T) { // wrong proof { a[0].SetRandom() - proof, err := Prove(pk, a, b) + proof, err := Prove(kzgSrs.Pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(vk, proof) + err = Verify(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -75,7 +75,7 @@ func BenchmarkProver(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + kzgSrs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make([]fr.Element, polySize) c := make([]fr.Element, polySize) @@ -88,7 +88,7 @@ func BenchmarkProver(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - Prove(pk, a, c) + Prove(kzgSrs.Pk, a, c) } } diff --git a/ecc/bls12-377/fr/plookup/plookup_test.go b/ecc/bls12-377/fr/plookup/plookup_test.go index d8f2ed1e00..90e44b7e17 100644 --- a/ecc/bls12-377/fr/plookup/plookup_test.go +++ b/ecc/bls12-377/fr/plookup/plookup_test.go @@ -35,19 +35,19 @@ func TestLookupVector(t *testing.T) { fvector[i].Set(&lookupVector[(4*i+1)%8]) } - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } // correct proof vector { - proof, err := ProveLookupVector(pk, fvector, lookupVector) + proof, err := ProveLookupVector(kzgSrs.Pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(vk, proof) + err = VerifyLookupVector(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestLookupVector(t *testing.T) { { fvector[0].SetRandom() - proof, err := ProveLookupVector(pk, fvector, lookupVector) + proof, err := ProveLookupVector(kzgSrs.Pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(vk, proof) + err = VerifyLookupVector(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -72,7 +72,7 @@ func TestLookupVector(t *testing.T) { func TestLookupTable(t *testing.T) { - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } @@ -92,12 +92,12 @@ func TestLookupTable(t *testing.T) { // correct proof { - proof, err := ProveLookupTables(pk, fTable, lookupTable) + proof, err := ProveLookupTables(kzgSrs.Pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(vk, proof) + err = VerifyLookupTables(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -106,12 +106,12 @@ func TestLookupTable(t *testing.T) { // wrong proof { fTable[0][0].SetRandom() - proof, err := ProveLookupTables(pk, fTable, lookupTable) + proof, err := ProveLookupTables(kzgSrs.Pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(vk, proof) + err = VerifyLookupTables(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -124,7 +124,7 @@ func BenchmarkPlookup(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + kzgSrs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make(fr.Vector, polySize) c := make(fr.Vector, polySize) @@ -135,6 +135,6 @@ func BenchmarkPlookup(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - ProveLookupVector(pk, a, c) + ProveLookupVector(kzgSrs.Pk, a, c) } } diff --git a/ecc/bls12-378/fr/permutation/permutation_test.go b/ecc/bls12-378/fr/permutation/permutation_test.go index 87e762b708..8e67b68509 100644 --- a/ecc/bls12-378/fr/permutation/permutation_test.go +++ b/ecc/bls12-378/fr/permutation/permutation_test.go @@ -28,7 +28,7 @@ import ( func TestProof(t *testing.T) { - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) assert.NoError(t, err) a := make([]fr.Element, 8) @@ -43,12 +43,12 @@ func TestProof(t *testing.T) { // correct proof { - proof, err := Prove(pk, a, b) + proof, err := Prove(kzgSrs.Pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(vk, proof) + err = Verify(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestProof(t *testing.T) { // wrong proof { a[0].SetRandom() - proof, err := Prove(pk, a, b) + proof, err := Prove(kzgSrs.Pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(vk, proof) + err = Verify(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -75,7 +75,7 @@ func BenchmarkProver(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + kzgSrs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make([]fr.Element, polySize) c := make([]fr.Element, polySize) @@ -88,7 +88,7 @@ func BenchmarkProver(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - Prove(pk, a, c) + Prove(kzgSrs.Pk, a, c) } } diff --git a/ecc/bls12-378/fr/plookup/plookup_test.go b/ecc/bls12-378/fr/plookup/plookup_test.go index 52644f3a3c..e9cb4eee44 100644 --- a/ecc/bls12-378/fr/plookup/plookup_test.go +++ b/ecc/bls12-378/fr/plookup/plookup_test.go @@ -35,19 +35,19 @@ func TestLookupVector(t *testing.T) { fvector[i].Set(&lookupVector[(4*i+1)%8]) } - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } // correct proof vector { - proof, err := ProveLookupVector(pk, fvector, lookupVector) + proof, err := ProveLookupVector(kzgSrs.Pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(vk, proof) + err = VerifyLookupVector(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestLookupVector(t *testing.T) { { fvector[0].SetRandom() - proof, err := ProveLookupVector(pk, fvector, lookupVector) + proof, err := ProveLookupVector(kzgSrs.Pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(vk, proof) + err = VerifyLookupVector(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -72,7 +72,7 @@ func TestLookupVector(t *testing.T) { func TestLookupTable(t *testing.T) { - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } @@ -92,12 +92,12 @@ func TestLookupTable(t *testing.T) { // correct proof { - proof, err := ProveLookupTables(pk, fTable, lookupTable) + proof, err := ProveLookupTables(kzgSrs.Pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(vk, proof) + err = VerifyLookupTables(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -106,12 +106,12 @@ func TestLookupTable(t *testing.T) { // wrong proof { fTable[0][0].SetRandom() - proof, err := ProveLookupTables(pk, fTable, lookupTable) + proof, err := ProveLookupTables(kzgSrs.Pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(vk, proof) + err = VerifyLookupTables(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -124,7 +124,7 @@ func BenchmarkPlookup(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + kzgSrs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make(fr.Vector, polySize) c := make(fr.Vector, polySize) @@ -135,6 +135,6 @@ func BenchmarkPlookup(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - ProveLookupVector(pk, a, c) + ProveLookupVector(kzgSrs.Pk, a, c) } } diff --git a/ecc/bls12-381/fr/permutation/permutation_test.go b/ecc/bls12-381/fr/permutation/permutation_test.go index 2796368bc6..968772c83f 100644 --- a/ecc/bls12-381/fr/permutation/permutation_test.go +++ b/ecc/bls12-381/fr/permutation/permutation_test.go @@ -28,7 +28,7 @@ import ( func TestProof(t *testing.T) { - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) assert.NoError(t, err) a := make([]fr.Element, 8) @@ -43,12 +43,12 @@ func TestProof(t *testing.T) { // correct proof { - proof, err := Prove(pk, a, b) + proof, err := Prove(kzgSrs.Pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(vk, proof) + err = Verify(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestProof(t *testing.T) { // wrong proof { a[0].SetRandom() - proof, err := Prove(pk, a, b) + proof, err := Prove(kzgSrs.Pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(vk, proof) + err = Verify(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -75,7 +75,7 @@ func BenchmarkProver(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + kzgSrs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make([]fr.Element, polySize) c := make([]fr.Element, polySize) @@ -88,7 +88,7 @@ func BenchmarkProver(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - Prove(pk, a, c) + Prove(kzgSrs.Pk, a, c) } } diff --git a/ecc/bls12-381/fr/plookup/plookup_test.go b/ecc/bls12-381/fr/plookup/plookup_test.go index cb031f5682..27627c623e 100644 --- a/ecc/bls12-381/fr/plookup/plookup_test.go +++ b/ecc/bls12-381/fr/plookup/plookup_test.go @@ -35,19 +35,19 @@ func TestLookupVector(t *testing.T) { fvector[i].Set(&lookupVector[(4*i+1)%8]) } - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } // correct proof vector { - proof, err := ProveLookupVector(pk, fvector, lookupVector) + proof, err := ProveLookupVector(kzgSrs.Pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(vk, proof) + err = VerifyLookupVector(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestLookupVector(t *testing.T) { { fvector[0].SetRandom() - proof, err := ProveLookupVector(pk, fvector, lookupVector) + proof, err := ProveLookupVector(kzgSrs.Pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(vk, proof) + err = VerifyLookupVector(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -72,7 +72,7 @@ func TestLookupVector(t *testing.T) { func TestLookupTable(t *testing.T) { - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } @@ -92,12 +92,12 @@ func TestLookupTable(t *testing.T) { // correct proof { - proof, err := ProveLookupTables(pk, fTable, lookupTable) + proof, err := ProveLookupTables(kzgSrs.Pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(vk, proof) + err = VerifyLookupTables(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -106,12 +106,12 @@ func TestLookupTable(t *testing.T) { // wrong proof { fTable[0][0].SetRandom() - proof, err := ProveLookupTables(pk, fTable, lookupTable) + proof, err := ProveLookupTables(kzgSrs.Pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(vk, proof) + err = VerifyLookupTables(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -124,7 +124,7 @@ func BenchmarkPlookup(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + kzgSrs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make(fr.Vector, polySize) c := make(fr.Vector, polySize) @@ -135,6 +135,6 @@ func BenchmarkPlookup(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - ProveLookupVector(pk, a, c) + ProveLookupVector(kzgSrs.Pk, a, c) } } diff --git a/ecc/bls24-315/fr/permutation/permutation_test.go b/ecc/bls24-315/fr/permutation/permutation_test.go index 31ea4b98c7..73de6a0c5d 100644 --- a/ecc/bls24-315/fr/permutation/permutation_test.go +++ b/ecc/bls24-315/fr/permutation/permutation_test.go @@ -28,7 +28,7 @@ import ( func TestProof(t *testing.T) { - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) assert.NoError(t, err) a := make([]fr.Element, 8) @@ -43,12 +43,12 @@ func TestProof(t *testing.T) { // correct proof { - proof, err := Prove(pk, a, b) + proof, err := Prove(kzgSrs.Pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(vk, proof) + err = Verify(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestProof(t *testing.T) { // wrong proof { a[0].SetRandom() - proof, err := Prove(pk, a, b) + proof, err := Prove(kzgSrs.Pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(vk, proof) + err = Verify(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -75,7 +75,7 @@ func BenchmarkProver(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + kzgSrs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make([]fr.Element, polySize) c := make([]fr.Element, polySize) @@ -88,7 +88,7 @@ func BenchmarkProver(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - Prove(pk, a, c) + Prove(kzgSrs.Pk, a, c) } } diff --git a/ecc/bls24-315/fr/plookup/plookup_test.go b/ecc/bls24-315/fr/plookup/plookup_test.go index b6623d399f..d7b70587ca 100644 --- a/ecc/bls24-315/fr/plookup/plookup_test.go +++ b/ecc/bls24-315/fr/plookup/plookup_test.go @@ -35,19 +35,19 @@ func TestLookupVector(t *testing.T) { fvector[i].Set(&lookupVector[(4*i+1)%8]) } - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } // correct proof vector { - proof, err := ProveLookupVector(pk, fvector, lookupVector) + proof, err := ProveLookupVector(kzgSrs.Pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(vk, proof) + err = VerifyLookupVector(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestLookupVector(t *testing.T) { { fvector[0].SetRandom() - proof, err := ProveLookupVector(pk, fvector, lookupVector) + proof, err := ProveLookupVector(kzgSrs.Pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(vk, proof) + err = VerifyLookupVector(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -72,7 +72,7 @@ func TestLookupVector(t *testing.T) { func TestLookupTable(t *testing.T) { - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } @@ -92,12 +92,12 @@ func TestLookupTable(t *testing.T) { // correct proof { - proof, err := ProveLookupTables(pk, fTable, lookupTable) + proof, err := ProveLookupTables(kzgSrs.Pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(vk, proof) + err = VerifyLookupTables(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -106,12 +106,12 @@ func TestLookupTable(t *testing.T) { // wrong proof { fTable[0][0].SetRandom() - proof, err := ProveLookupTables(pk, fTable, lookupTable) + proof, err := ProveLookupTables(kzgSrs.Pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(vk, proof) + err = VerifyLookupTables(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -124,7 +124,7 @@ func BenchmarkPlookup(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + kzgSrs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make(fr.Vector, polySize) c := make(fr.Vector, polySize) @@ -135,6 +135,6 @@ func BenchmarkPlookup(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - ProveLookupVector(pk, a, c) + ProveLookupVector(kzgSrs.Pk, a, c) } } diff --git a/ecc/bls24-317/fr/permutation/permutation_test.go b/ecc/bls24-317/fr/permutation/permutation_test.go index 6b688c4d1f..575d5215a2 100644 --- a/ecc/bls24-317/fr/permutation/permutation_test.go +++ b/ecc/bls24-317/fr/permutation/permutation_test.go @@ -28,7 +28,7 @@ import ( func TestProof(t *testing.T) { - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) assert.NoError(t, err) a := make([]fr.Element, 8) @@ -43,12 +43,12 @@ func TestProof(t *testing.T) { // correct proof { - proof, err := Prove(pk, a, b) + proof, err := Prove(kzgSrs.Pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(vk, proof) + err = Verify(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestProof(t *testing.T) { // wrong proof { a[0].SetRandom() - proof, err := Prove(pk, a, b) + proof, err := Prove(kzgSrs.Pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(vk, proof) + err = Verify(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -75,7 +75,7 @@ func BenchmarkProver(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + kzgSrs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make([]fr.Element, polySize) c := make([]fr.Element, polySize) @@ -88,7 +88,7 @@ func BenchmarkProver(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - Prove(pk, a, c) + Prove(kzgSrs.Pk, a, c) } } diff --git a/ecc/bls24-317/fr/plookup/plookup_test.go b/ecc/bls24-317/fr/plookup/plookup_test.go index 088eab5290..9a98faf8bc 100644 --- a/ecc/bls24-317/fr/plookup/plookup_test.go +++ b/ecc/bls24-317/fr/plookup/plookup_test.go @@ -35,19 +35,19 @@ func TestLookupVector(t *testing.T) { fvector[i].Set(&lookupVector[(4*i+1)%8]) } - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } // correct proof vector { - proof, err := ProveLookupVector(pk, fvector, lookupVector) + proof, err := ProveLookupVector(kzgSrs.Pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(vk, proof) + err = VerifyLookupVector(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestLookupVector(t *testing.T) { { fvector[0].SetRandom() - proof, err := ProveLookupVector(pk, fvector, lookupVector) + proof, err := ProveLookupVector(kzgSrs.Pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(vk, proof) + err = VerifyLookupVector(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -72,7 +72,7 @@ func TestLookupVector(t *testing.T) { func TestLookupTable(t *testing.T) { - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } @@ -92,12 +92,12 @@ func TestLookupTable(t *testing.T) { // correct proof { - proof, err := ProveLookupTables(pk, fTable, lookupTable) + proof, err := ProveLookupTables(kzgSrs.Pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(vk, proof) + err = VerifyLookupTables(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -106,12 +106,12 @@ func TestLookupTable(t *testing.T) { // wrong proof { fTable[0][0].SetRandom() - proof, err := ProveLookupTables(pk, fTable, lookupTable) + proof, err := ProveLookupTables(kzgSrs.Pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(vk, proof) + err = VerifyLookupTables(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -124,7 +124,7 @@ func BenchmarkPlookup(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + kzgSrs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make(fr.Vector, polySize) c := make(fr.Vector, polySize) @@ -135,6 +135,6 @@ func BenchmarkPlookup(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - ProveLookupVector(pk, a, c) + ProveLookupVector(kzgSrs.Pk, a, c) } } diff --git a/ecc/bn254/fr/permutation/permutation_test.go b/ecc/bn254/fr/permutation/permutation_test.go index 4c773f97fc..d8615cd513 100644 --- a/ecc/bn254/fr/permutation/permutation_test.go +++ b/ecc/bn254/fr/permutation/permutation_test.go @@ -28,7 +28,7 @@ import ( func TestProof(t *testing.T) { - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) assert.NoError(t, err) a := make([]fr.Element, 8) @@ -43,12 +43,12 @@ func TestProof(t *testing.T) { // correct proof { - proof, err := Prove(pk, a, b) + proof, err := Prove(kzgSrs.Pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(vk, proof) + err = Verify(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestProof(t *testing.T) { // wrong proof { a[0].SetRandom() - proof, err := Prove(pk, a, b) + proof, err := Prove(kzgSrs.Pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(vk, proof) + err = Verify(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -75,7 +75,7 @@ func BenchmarkProver(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + kzgSrs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make([]fr.Element, polySize) c := make([]fr.Element, polySize) @@ -88,7 +88,7 @@ func BenchmarkProver(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - Prove(pk, a, c) + Prove(kzgSrs.Pk, a, c) } } diff --git a/ecc/bn254/fr/plookup/plookup_test.go b/ecc/bn254/fr/plookup/plookup_test.go index 5c6e355eae..918a0d8b2f 100644 --- a/ecc/bn254/fr/plookup/plookup_test.go +++ b/ecc/bn254/fr/plookup/plookup_test.go @@ -35,19 +35,19 @@ func TestLookupVector(t *testing.T) { fvector[i].Set(&lookupVector[(4*i+1)%8]) } - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } // correct proof vector { - proof, err := ProveLookupVector(pk, fvector, lookupVector) + proof, err := ProveLookupVector(kzgSrs.Pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(vk, proof) + err = VerifyLookupVector(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestLookupVector(t *testing.T) { { fvector[0].SetRandom() - proof, err := ProveLookupVector(pk, fvector, lookupVector) + proof, err := ProveLookupVector(kzgSrs.Pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(vk, proof) + err = VerifyLookupVector(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -72,7 +72,7 @@ func TestLookupVector(t *testing.T) { func TestLookupTable(t *testing.T) { - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } @@ -92,12 +92,12 @@ func TestLookupTable(t *testing.T) { // correct proof { - proof, err := ProveLookupTables(pk, fTable, lookupTable) + proof, err := ProveLookupTables(kzgSrs.Pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(vk, proof) + err = VerifyLookupTables(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -106,12 +106,12 @@ func TestLookupTable(t *testing.T) { // wrong proof { fTable[0][0].SetRandom() - proof, err := ProveLookupTables(pk, fTable, lookupTable) + proof, err := ProveLookupTables(kzgSrs.Pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(vk, proof) + err = VerifyLookupTables(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -124,7 +124,7 @@ func BenchmarkPlookup(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + kzgSrs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make(fr.Vector, polySize) c := make(fr.Vector, polySize) @@ -135,6 +135,6 @@ func BenchmarkPlookup(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - ProveLookupVector(pk, a, c) + ProveLookupVector(kzgSrs.Pk, a, c) } } diff --git a/ecc/bw6-633/fr/permutation/permutation_test.go b/ecc/bw6-633/fr/permutation/permutation_test.go index e9cf5e9ee1..80b4ddd5f0 100644 --- a/ecc/bw6-633/fr/permutation/permutation_test.go +++ b/ecc/bw6-633/fr/permutation/permutation_test.go @@ -28,7 +28,7 @@ import ( func TestProof(t *testing.T) { - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) assert.NoError(t, err) a := make([]fr.Element, 8) @@ -43,12 +43,12 @@ func TestProof(t *testing.T) { // correct proof { - proof, err := Prove(pk, a, b) + proof, err := Prove(kzgSrs.Pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(vk, proof) + err = Verify(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestProof(t *testing.T) { // wrong proof { a[0].SetRandom() - proof, err := Prove(pk, a, b) + proof, err := Prove(kzgSrs.Pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(vk, proof) + err = Verify(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -75,7 +75,7 @@ func BenchmarkProver(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + kzgSrs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make([]fr.Element, polySize) c := make([]fr.Element, polySize) @@ -88,7 +88,7 @@ func BenchmarkProver(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - Prove(pk, a, c) + Prove(kzgSrs.Pk, a, c) } } diff --git a/ecc/bw6-633/fr/plookup/plookup_test.go b/ecc/bw6-633/fr/plookup/plookup_test.go index 97c2375ff1..a1672a2d46 100644 --- a/ecc/bw6-633/fr/plookup/plookup_test.go +++ b/ecc/bw6-633/fr/plookup/plookup_test.go @@ -35,19 +35,19 @@ func TestLookupVector(t *testing.T) { fvector[i].Set(&lookupVector[(4*i+1)%8]) } - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } // correct proof vector { - proof, err := ProveLookupVector(pk, fvector, lookupVector) + proof, err := ProveLookupVector(kzgSrs.Pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(vk, proof) + err = VerifyLookupVector(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestLookupVector(t *testing.T) { { fvector[0].SetRandom() - proof, err := ProveLookupVector(pk, fvector, lookupVector) + proof, err := ProveLookupVector(kzgSrs.Pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(vk, proof) + err = VerifyLookupVector(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -72,7 +72,7 @@ func TestLookupVector(t *testing.T) { func TestLookupTable(t *testing.T) { - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } @@ -92,12 +92,12 @@ func TestLookupTable(t *testing.T) { // correct proof { - proof, err := ProveLookupTables(pk, fTable, lookupTable) + proof, err := ProveLookupTables(kzgSrs.Pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(vk, proof) + err = VerifyLookupTables(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -106,12 +106,12 @@ func TestLookupTable(t *testing.T) { // wrong proof { fTable[0][0].SetRandom() - proof, err := ProveLookupTables(pk, fTable, lookupTable) + proof, err := ProveLookupTables(kzgSrs.Pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(vk, proof) + err = VerifyLookupTables(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -124,7 +124,7 @@ func BenchmarkPlookup(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + kzgSrs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make(fr.Vector, polySize) c := make(fr.Vector, polySize) @@ -135,6 +135,6 @@ func BenchmarkPlookup(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - ProveLookupVector(pk, a, c) + ProveLookupVector(kzgSrs.Pk, a, c) } } diff --git a/ecc/bw6-756/fr/permutation/permutation_test.go b/ecc/bw6-756/fr/permutation/permutation_test.go index f6af25ce45..9dbf17890c 100644 --- a/ecc/bw6-756/fr/permutation/permutation_test.go +++ b/ecc/bw6-756/fr/permutation/permutation_test.go @@ -28,7 +28,7 @@ import ( func TestProof(t *testing.T) { - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) assert.NoError(t, err) a := make([]fr.Element, 8) @@ -43,12 +43,12 @@ func TestProof(t *testing.T) { // correct proof { - proof, err := Prove(pk, a, b) + proof, err := Prove(kzgSrs.Pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(vk, proof) + err = Verify(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestProof(t *testing.T) { // wrong proof { a[0].SetRandom() - proof, err := Prove(pk, a, b) + proof, err := Prove(kzgSrs.Pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(vk, proof) + err = Verify(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -75,7 +75,7 @@ func BenchmarkProver(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + kzgSrs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make([]fr.Element, polySize) c := make([]fr.Element, polySize) @@ -88,7 +88,7 @@ func BenchmarkProver(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - Prove(pk, a, c) + Prove(kzgSrs.Pk, a, c) } } diff --git a/ecc/bw6-756/fr/plookup/plookup_test.go b/ecc/bw6-756/fr/plookup/plookup_test.go index e91ecc4aa3..8c4acdb07d 100644 --- a/ecc/bw6-756/fr/plookup/plookup_test.go +++ b/ecc/bw6-756/fr/plookup/plookup_test.go @@ -35,19 +35,19 @@ func TestLookupVector(t *testing.T) { fvector[i].Set(&lookupVector[(4*i+1)%8]) } - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } // correct proof vector { - proof, err := ProveLookupVector(pk, fvector, lookupVector) + proof, err := ProveLookupVector(kzgSrs.Pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(vk, proof) + err = VerifyLookupVector(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestLookupVector(t *testing.T) { { fvector[0].SetRandom() - proof, err := ProveLookupVector(pk, fvector, lookupVector) + proof, err := ProveLookupVector(kzgSrs.Pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(vk, proof) + err = VerifyLookupVector(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -72,7 +72,7 @@ func TestLookupVector(t *testing.T) { func TestLookupTable(t *testing.T) { - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } @@ -92,12 +92,12 @@ func TestLookupTable(t *testing.T) { // correct proof { - proof, err := ProveLookupTables(pk, fTable, lookupTable) + proof, err := ProveLookupTables(kzgSrs.Pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(vk, proof) + err = VerifyLookupTables(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -106,12 +106,12 @@ func TestLookupTable(t *testing.T) { // wrong proof { fTable[0][0].SetRandom() - proof, err := ProveLookupTables(pk, fTable, lookupTable) + proof, err := ProveLookupTables(kzgSrs.Pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(vk, proof) + err = VerifyLookupTables(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -124,7 +124,7 @@ func BenchmarkPlookup(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + kzgSrs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make(fr.Vector, polySize) c := make(fr.Vector, polySize) @@ -135,6 +135,6 @@ func BenchmarkPlookup(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - ProveLookupVector(pk, a, c) + ProveLookupVector(kzgSrs.Pk, a, c) } } diff --git a/ecc/bw6-761/fr/permutation/permutation_test.go b/ecc/bw6-761/fr/permutation/permutation_test.go index 491c624ca6..4cdb905ce2 100644 --- a/ecc/bw6-761/fr/permutation/permutation_test.go +++ b/ecc/bw6-761/fr/permutation/permutation_test.go @@ -28,7 +28,7 @@ import ( func TestProof(t *testing.T) { - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) assert.NoError(t, err) a := make([]fr.Element, 8) @@ -43,12 +43,12 @@ func TestProof(t *testing.T) { // correct proof { - proof, err := Prove(pk, a, b) + proof, err := Prove(kzgSrs.Pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(vk, proof) + err = Verify(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestProof(t *testing.T) { // wrong proof { a[0].SetRandom() - proof, err := Prove(pk, a, b) + proof, err := Prove(kzgSrs.Pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(vk, proof) + err = Verify(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -75,7 +75,7 @@ func BenchmarkProver(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + kzgSrs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make([]fr.Element, polySize) c := make([]fr.Element, polySize) @@ -88,7 +88,7 @@ func BenchmarkProver(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - Prove(pk, a, c) + Prove(kzgSrs.Pk, a, c) } } diff --git a/ecc/bw6-761/fr/plookup/plookup_test.go b/ecc/bw6-761/fr/plookup/plookup_test.go index 39940fa9ac..a9224f6a4a 100644 --- a/ecc/bw6-761/fr/plookup/plookup_test.go +++ b/ecc/bw6-761/fr/plookup/plookup_test.go @@ -35,19 +35,19 @@ func TestLookupVector(t *testing.T) { fvector[i].Set(&lookupVector[(4*i+1)%8]) } - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } // correct proof vector { - proof, err := ProveLookupVector(pk, fvector, lookupVector) + proof, err := ProveLookupVector(kzgSrs.Pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(vk, proof) + err = VerifyLookupVector(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -57,12 +57,12 @@ func TestLookupVector(t *testing.T) { { fvector[0].SetRandom() - proof, err := ProveLookupVector(pk, fvector, lookupVector) + proof, err := ProveLookupVector(kzgSrs.Pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(vk, proof) + err = VerifyLookupVector(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -72,7 +72,7 @@ func TestLookupVector(t *testing.T) { func TestLookupTable(t *testing.T) { - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } @@ -92,12 +92,12 @@ func TestLookupTable(t *testing.T) { // correct proof { - proof, err := ProveLookupTables(pk, fTable, lookupTable) + proof, err := ProveLookupTables(kzgSrs.Pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(vk, proof) + err = VerifyLookupTables(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -106,12 +106,12 @@ func TestLookupTable(t *testing.T) { // wrong proof { fTable[0][0].SetRandom() - proof, err := ProveLookupTables(pk, fTable, lookupTable) + proof, err := ProveLookupTables(kzgSrs.Pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(vk, proof) + err = VerifyLookupTables(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -124,7 +124,7 @@ func BenchmarkPlookup(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + kzgSrs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make(fr.Vector, polySize) c := make(fr.Vector, polySize) @@ -135,6 +135,6 @@ func BenchmarkPlookup(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - ProveLookupVector(pk, a, c) + ProveLookupVector(kzgSrs.Pk, a, c) } } diff --git a/internal/generator/permutation/template/permutation.test.go.tmpl b/internal/generator/permutation/template/permutation.test.go.tmpl index 2f864a22fa..e78a9459da 100644 --- a/internal/generator/permutation/template/permutation.test.go.tmpl +++ b/internal/generator/permutation/template/permutation.test.go.tmpl @@ -10,7 +10,7 @@ import ( func TestProof(t *testing.T) { - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) assert.NoError(t, err) a := make([]fr.Element, 8) @@ -25,12 +25,12 @@ func TestProof(t *testing.T) { // correct proof { - proof, err := Prove(pk, a, b) + proof, err := Prove(kzgSrs.Pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(vk, proof) + err = Verify(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -39,12 +39,12 @@ func TestProof(t *testing.T) { // wrong proof { a[0].SetRandom() - proof, err := Prove(pk, a, b) + proof, err := Prove(kzgSrs.Pk, a, b) if err != nil { t.Fatal(err) } - err = Verify(vk, proof) + err = Verify(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -57,7 +57,7 @@ func BenchmarkProver(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + kzgSrs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make([]fr.Element, polySize) c := make([]fr.Element, polySize) @@ -70,7 +70,7 @@ func BenchmarkProver(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - Prove(pk, a, c) + Prove(kzgSrs.Pk, a, c) } } diff --git a/internal/generator/plookup/template/plookup.test.go.tmpl b/internal/generator/plookup/template/plookup.test.go.tmpl index f68e68e898..3b9fa918d2 100644 --- a/internal/generator/plookup/template/plookup.test.go.tmpl +++ b/internal/generator/plookup/template/plookup.test.go.tmpl @@ -17,19 +17,19 @@ func TestLookupVector(t *testing.T) { fvector[i].Set(&lookupVector[(4*i+1)%8]) } - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } // correct proof vector { - proof, err := ProveLookupVector(pk, fvector, lookupVector) + proof, err := ProveLookupVector(kzgSrs.Pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(vk, proof) + err = VerifyLookupVector(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -39,12 +39,12 @@ func TestLookupVector(t *testing.T) { { fvector[0].SetRandom() - proof, err := ProveLookupVector(pk, fvector, lookupVector) + proof, err := ProveLookupVector(kzgSrs.Pk, fvector, lookupVector) if err != nil { t.Fatal(err) } - err = VerifyLookupVector(vk, proof) + err = VerifyLookupVector(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -54,7 +54,7 @@ func TestLookupVector(t *testing.T) { func TestLookupTable(t *testing.T) { - pk, vk, err := kzg.NewSRS(64, big.NewInt(13)) + kzgSrs, err := kzg.NewSRS(64, big.NewInt(13)) if err != nil { t.Fatal(err) } @@ -74,12 +74,12 @@ func TestLookupTable(t *testing.T) { // correct proof { - proof, err := ProveLookupTables(pk, fTable, lookupTable) + proof, err := ProveLookupTables(kzgSrs.Pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(vk, proof) + err = VerifyLookupTables(kzgSrs.Vk, proof) if err != nil { t.Fatal(err) } @@ -88,12 +88,12 @@ func TestLookupTable(t *testing.T) { // wrong proof { fTable[0][0].SetRandom() - proof, err := ProveLookupTables(pk, fTable, lookupTable) + proof, err := ProveLookupTables(kzgSrs.Pk, fTable, lookupTable) if err != nil { t.Fatal(err) } - err = VerifyLookupTables(vk, proof) + err = VerifyLookupTables(kzgSrs.Vk, proof) if err == nil { t.Fatal(err) } @@ -106,7 +106,7 @@ func BenchmarkPlookup(b *testing.B) { srsSize := 1 << 15 polySize := 1 << 14 - pk, _, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) + kzgSrs, _ := kzg.NewSRS(uint64(srsSize), big.NewInt(13)) a := make(fr.Vector, polySize) c := make(fr.Vector, polySize) @@ -117,6 +117,6 @@ func BenchmarkPlookup(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - ProveLookupVector(pk, a, c) + ProveLookupVector(kzgSrs.Pk, a, c) } } From c6122acd69e8a0f4ef1f31b1078b0492f7cad2d3 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Sat, 8 Apr 2023 18:18:06 -0500 Subject: [PATCH 12/21] revert: revive whole SRS serialization --- ecc/bls12-377/fr/kzg/kzg_test.go | 1 + ecc/bls12-377/fr/kzg/marshal.go | 42 +++++++++++++++++++ ecc/bls12-378/fr/kzg/kzg_test.go | 1 + ecc/bls12-378/fr/kzg/marshal.go | 42 +++++++++++++++++++ ecc/bls12-381/fr/kzg/kzg_test.go | 1 + ecc/bls12-381/fr/kzg/marshal.go | 42 +++++++++++++++++++ ecc/bls24-315/fr/kzg/kzg_test.go | 1 + ecc/bls24-315/fr/kzg/marshal.go | 42 +++++++++++++++++++ ecc/bls24-317/fr/kzg/kzg_test.go | 1 + ecc/bls24-317/fr/kzg/marshal.go | 42 +++++++++++++++++++ ecc/bn254/fr/kzg/kzg_test.go | 1 + ecc/bn254/fr/kzg/marshal.go | 42 +++++++++++++++++++ ecc/bw6-633/fr/kzg/kzg_test.go | 1 + ecc/bw6-633/fr/kzg/marshal.go | 42 +++++++++++++++++++ ecc/bw6-756/fr/kzg/kzg_test.go | 1 + ecc/bw6-756/fr/kzg/marshal.go | 42 +++++++++++++++++++ ecc/bw6-761/fr/kzg/kzg_test.go | 1 + ecc/bw6-761/fr/kzg/marshal.go | 42 +++++++++++++++++++ .../generator/kzg/template/kzg.test.go.tmpl | 1 + .../generator/kzg/template/marshal.go.tmpl | 42 +++++++++++++++++++ kzg/kzg.go | 23 +++++----- 21 files changed, 441 insertions(+), 12 deletions(-) diff --git a/ecc/bls12-377/fr/kzg/kzg_test.go b/ecc/bls12-377/fr/kzg/kzg_test.go index 36a04674c2..aaa1f7babc 100644 --- a/ecc/bls12-377/fr/kzg/kzg_test.go +++ b/ecc/bls12-377/fr/kzg/kzg_test.go @@ -108,6 +108,7 @@ func TestSerializationSRS(t *testing.T) { assert.NoError(t, err) t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) + t.Run("whole SRS round-trip", serializationRoundtrip(&srs)) } func TestCommit(t *testing.T) { diff --git a/ecc/bls12-377/fr/kzg/marshal.go b/ecc/bls12-377/fr/kzg/marshal.go index 7a29e1abf3..3b605f3fd6 100644 --- a/ecc/bls12-377/fr/kzg/marshal.go +++ b/ecc/bls12-377/fr/kzg/marshal.go @@ -59,6 +59,26 @@ func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } +// WriteTo writes binary encoding of the entire SRS +func (srs *SRS) WriteTo(w io.Writer) (int64, error) { + // encode the VerifyingKey + enc := bls12377.NewEncoder(w) + + toEncode := []interface{}{ + &srs.Vk.G2[0], + &srs.Vk.G2[1], + srs.Pk.G1, + } + + for _, v := range toEncode { + if err := enc.Encode(v); err != nil { + return enc.BytesWritten(), err + } + } + + return enc.BytesWritten(), nil +} + // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the ProvingKey @@ -97,6 +117,28 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } +// ReadFrom decodes SRS data from reader. +func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { + // decode the VerifyingKey + dec := bls12377.NewDecoder(r) + + toDecode := []interface{}{ + &srs.Vk.G2[0], + &srs.Vk.G2[1], + &srs.Pk.G1, + } + + for _, v := range toDecode { + if err := dec.Decode(v); err != nil { + return dec.BytesRead(), err + } + } + + srs.Vk.G1 = srs.Pk.G1[0] + + return dec.BytesRead(), nil +} + // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { enc := bls12377.NewEncoder(w) diff --git a/ecc/bls12-378/fr/kzg/kzg_test.go b/ecc/bls12-378/fr/kzg/kzg_test.go index 27e87c4e67..24f095d971 100644 --- a/ecc/bls12-378/fr/kzg/kzg_test.go +++ b/ecc/bls12-378/fr/kzg/kzg_test.go @@ -108,6 +108,7 @@ func TestSerializationSRS(t *testing.T) { assert.NoError(t, err) t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) + t.Run("whole SRS round-trip", serializationRoundtrip(&srs)) } func TestCommit(t *testing.T) { diff --git a/ecc/bls12-378/fr/kzg/marshal.go b/ecc/bls12-378/fr/kzg/marshal.go index e063e7a95e..ea7f196ea5 100644 --- a/ecc/bls12-378/fr/kzg/marshal.go +++ b/ecc/bls12-378/fr/kzg/marshal.go @@ -59,6 +59,26 @@ func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } +// WriteTo writes binary encoding of the entire SRS +func (srs *SRS) WriteTo(w io.Writer) (int64, error) { + // encode the VerifyingKey + enc := bls12378.NewEncoder(w) + + toEncode := []interface{}{ + &srs.Vk.G2[0], + &srs.Vk.G2[1], + srs.Pk.G1, + } + + for _, v := range toEncode { + if err := enc.Encode(v); err != nil { + return enc.BytesWritten(), err + } + } + + return enc.BytesWritten(), nil +} + // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the ProvingKey @@ -97,6 +117,28 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } +// ReadFrom decodes SRS data from reader. +func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { + // decode the VerifyingKey + dec := bls12378.NewDecoder(r) + + toDecode := []interface{}{ + &srs.Vk.G2[0], + &srs.Vk.G2[1], + &srs.Pk.G1, + } + + for _, v := range toDecode { + if err := dec.Decode(v); err != nil { + return dec.BytesRead(), err + } + } + + srs.Vk.G1 = srs.Pk.G1[0] + + return dec.BytesRead(), nil +} + // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { enc := bls12378.NewEncoder(w) diff --git a/ecc/bls12-381/fr/kzg/kzg_test.go b/ecc/bls12-381/fr/kzg/kzg_test.go index 9e349da51e..d2cff619fb 100644 --- a/ecc/bls12-381/fr/kzg/kzg_test.go +++ b/ecc/bls12-381/fr/kzg/kzg_test.go @@ -108,6 +108,7 @@ func TestSerializationSRS(t *testing.T) { assert.NoError(t, err) t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) + t.Run("whole SRS round-trip", serializationRoundtrip(&srs)) } func TestCommit(t *testing.T) { diff --git a/ecc/bls12-381/fr/kzg/marshal.go b/ecc/bls12-381/fr/kzg/marshal.go index 90b646b677..24f94473c1 100644 --- a/ecc/bls12-381/fr/kzg/marshal.go +++ b/ecc/bls12-381/fr/kzg/marshal.go @@ -59,6 +59,26 @@ func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } +// WriteTo writes binary encoding of the entire SRS +func (srs *SRS) WriteTo(w io.Writer) (int64, error) { + // encode the VerifyingKey + enc := bls12381.NewEncoder(w) + + toEncode := []interface{}{ + &srs.Vk.G2[0], + &srs.Vk.G2[1], + srs.Pk.G1, + } + + for _, v := range toEncode { + if err := enc.Encode(v); err != nil { + return enc.BytesWritten(), err + } + } + + return enc.BytesWritten(), nil +} + // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the ProvingKey @@ -97,6 +117,28 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } +// ReadFrom decodes SRS data from reader. +func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { + // decode the VerifyingKey + dec := bls12381.NewDecoder(r) + + toDecode := []interface{}{ + &srs.Vk.G2[0], + &srs.Vk.G2[1], + &srs.Pk.G1, + } + + for _, v := range toDecode { + if err := dec.Decode(v); err != nil { + return dec.BytesRead(), err + } + } + + srs.Vk.G1 = srs.Pk.G1[0] + + return dec.BytesRead(), nil +} + // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { enc := bls12381.NewEncoder(w) diff --git a/ecc/bls24-315/fr/kzg/kzg_test.go b/ecc/bls24-315/fr/kzg/kzg_test.go index 476baaa991..0e2b8824c9 100644 --- a/ecc/bls24-315/fr/kzg/kzg_test.go +++ b/ecc/bls24-315/fr/kzg/kzg_test.go @@ -108,6 +108,7 @@ func TestSerializationSRS(t *testing.T) { assert.NoError(t, err) t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) + t.Run("whole SRS round-trip", serializationRoundtrip(&srs)) } func TestCommit(t *testing.T) { diff --git a/ecc/bls24-315/fr/kzg/marshal.go b/ecc/bls24-315/fr/kzg/marshal.go index 47ff5dad8a..3f0f83eae2 100644 --- a/ecc/bls24-315/fr/kzg/marshal.go +++ b/ecc/bls24-315/fr/kzg/marshal.go @@ -59,6 +59,26 @@ func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } +// WriteTo writes binary encoding of the entire SRS +func (srs *SRS) WriteTo(w io.Writer) (int64, error) { + // encode the VerifyingKey + enc := bls24315.NewEncoder(w) + + toEncode := []interface{}{ + &srs.Vk.G2[0], + &srs.Vk.G2[1], + srs.Pk.G1, + } + + for _, v := range toEncode { + if err := enc.Encode(v); err != nil { + return enc.BytesWritten(), err + } + } + + return enc.BytesWritten(), nil +} + // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the ProvingKey @@ -97,6 +117,28 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } +// ReadFrom decodes SRS data from reader. +func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { + // decode the VerifyingKey + dec := bls24315.NewDecoder(r) + + toDecode := []interface{}{ + &srs.Vk.G2[0], + &srs.Vk.G2[1], + &srs.Pk.G1, + } + + for _, v := range toDecode { + if err := dec.Decode(v); err != nil { + return dec.BytesRead(), err + } + } + + srs.Vk.G1 = srs.Pk.G1[0] + + return dec.BytesRead(), nil +} + // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { enc := bls24315.NewEncoder(w) diff --git a/ecc/bls24-317/fr/kzg/kzg_test.go b/ecc/bls24-317/fr/kzg/kzg_test.go index 89c1f669c7..7ff8168597 100644 --- a/ecc/bls24-317/fr/kzg/kzg_test.go +++ b/ecc/bls24-317/fr/kzg/kzg_test.go @@ -108,6 +108,7 @@ func TestSerializationSRS(t *testing.T) { assert.NoError(t, err) t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) + t.Run("whole SRS round-trip", serializationRoundtrip(&srs)) } func TestCommit(t *testing.T) { diff --git a/ecc/bls24-317/fr/kzg/marshal.go b/ecc/bls24-317/fr/kzg/marshal.go index 7714f943e4..74b38fd55b 100644 --- a/ecc/bls24-317/fr/kzg/marshal.go +++ b/ecc/bls24-317/fr/kzg/marshal.go @@ -59,6 +59,26 @@ func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } +// WriteTo writes binary encoding of the entire SRS +func (srs *SRS) WriteTo(w io.Writer) (int64, error) { + // encode the VerifyingKey + enc := bls24317.NewEncoder(w) + + toEncode := []interface{}{ + &srs.Vk.G2[0], + &srs.Vk.G2[1], + srs.Pk.G1, + } + + for _, v := range toEncode { + if err := enc.Encode(v); err != nil { + return enc.BytesWritten(), err + } + } + + return enc.BytesWritten(), nil +} + // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the ProvingKey @@ -97,6 +117,28 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } +// ReadFrom decodes SRS data from reader. +func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { + // decode the VerifyingKey + dec := bls24317.NewDecoder(r) + + toDecode := []interface{}{ + &srs.Vk.G2[0], + &srs.Vk.G2[1], + &srs.Pk.G1, + } + + for _, v := range toDecode { + if err := dec.Decode(v); err != nil { + return dec.BytesRead(), err + } + } + + srs.Vk.G1 = srs.Pk.G1[0] + + return dec.BytesRead(), nil +} + // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { enc := bls24317.NewEncoder(w) diff --git a/ecc/bn254/fr/kzg/kzg_test.go b/ecc/bn254/fr/kzg/kzg_test.go index 86a6abde54..3bb84011b6 100644 --- a/ecc/bn254/fr/kzg/kzg_test.go +++ b/ecc/bn254/fr/kzg/kzg_test.go @@ -108,6 +108,7 @@ func TestSerializationSRS(t *testing.T) { assert.NoError(t, err) t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) + t.Run("whole SRS round-trip", serializationRoundtrip(&srs)) } func TestCommit(t *testing.T) { diff --git a/ecc/bn254/fr/kzg/marshal.go b/ecc/bn254/fr/kzg/marshal.go index 3727979c10..a5edd04e0a 100644 --- a/ecc/bn254/fr/kzg/marshal.go +++ b/ecc/bn254/fr/kzg/marshal.go @@ -59,6 +59,26 @@ func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } +// WriteTo writes binary encoding of the entire SRS +func (srs *SRS) WriteTo(w io.Writer) (int64, error) { + // encode the VerifyingKey + enc := bn254.NewEncoder(w) + + toEncode := []interface{}{ + &srs.Vk.G2[0], + &srs.Vk.G2[1], + srs.Pk.G1, + } + + for _, v := range toEncode { + if err := enc.Encode(v); err != nil { + return enc.BytesWritten(), err + } + } + + return enc.BytesWritten(), nil +} + // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the ProvingKey @@ -97,6 +117,28 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } +// ReadFrom decodes SRS data from reader. +func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { + // decode the VerifyingKey + dec := bn254.NewDecoder(r) + + toDecode := []interface{}{ + &srs.Vk.G2[0], + &srs.Vk.G2[1], + &srs.Pk.G1, + } + + for _, v := range toDecode { + if err := dec.Decode(v); err != nil { + return dec.BytesRead(), err + } + } + + srs.Vk.G1 = srs.Pk.G1[0] + + return dec.BytesRead(), nil +} + // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { enc := bn254.NewEncoder(w) diff --git a/ecc/bw6-633/fr/kzg/kzg_test.go b/ecc/bw6-633/fr/kzg/kzg_test.go index b75bae323a..d1b2cd2e17 100644 --- a/ecc/bw6-633/fr/kzg/kzg_test.go +++ b/ecc/bw6-633/fr/kzg/kzg_test.go @@ -108,6 +108,7 @@ func TestSerializationSRS(t *testing.T) { assert.NoError(t, err) t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) + t.Run("whole SRS round-trip", serializationRoundtrip(&srs)) } func TestCommit(t *testing.T) { diff --git a/ecc/bw6-633/fr/kzg/marshal.go b/ecc/bw6-633/fr/kzg/marshal.go index 9e543527ae..30b87377ec 100644 --- a/ecc/bw6-633/fr/kzg/marshal.go +++ b/ecc/bw6-633/fr/kzg/marshal.go @@ -59,6 +59,26 @@ func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } +// WriteTo writes binary encoding of the entire SRS +func (srs *SRS) WriteTo(w io.Writer) (int64, error) { + // encode the VerifyingKey + enc := bw6633.NewEncoder(w) + + toEncode := []interface{}{ + &srs.Vk.G2[0], + &srs.Vk.G2[1], + srs.Pk.G1, + } + + for _, v := range toEncode { + if err := enc.Encode(v); err != nil { + return enc.BytesWritten(), err + } + } + + return enc.BytesWritten(), nil +} + // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the ProvingKey @@ -97,6 +117,28 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } +// ReadFrom decodes SRS data from reader. +func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { + // decode the VerifyingKey + dec := bw6633.NewDecoder(r) + + toDecode := []interface{}{ + &srs.Vk.G2[0], + &srs.Vk.G2[1], + &srs.Pk.G1, + } + + for _, v := range toDecode { + if err := dec.Decode(v); err != nil { + return dec.BytesRead(), err + } + } + + srs.Vk.G1 = srs.Pk.G1[0] + + return dec.BytesRead(), nil +} + // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { enc := bw6633.NewEncoder(w) diff --git a/ecc/bw6-756/fr/kzg/kzg_test.go b/ecc/bw6-756/fr/kzg/kzg_test.go index 1a6c21b666..f80a6a2e82 100644 --- a/ecc/bw6-756/fr/kzg/kzg_test.go +++ b/ecc/bw6-756/fr/kzg/kzg_test.go @@ -108,6 +108,7 @@ func TestSerializationSRS(t *testing.T) { assert.NoError(t, err) t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) + t.Run("whole SRS round-trip", serializationRoundtrip(&srs)) } func TestCommit(t *testing.T) { diff --git a/ecc/bw6-756/fr/kzg/marshal.go b/ecc/bw6-756/fr/kzg/marshal.go index 6f5de22e99..022f002768 100644 --- a/ecc/bw6-756/fr/kzg/marshal.go +++ b/ecc/bw6-756/fr/kzg/marshal.go @@ -59,6 +59,26 @@ func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } +// WriteTo writes binary encoding of the entire SRS +func (srs *SRS) WriteTo(w io.Writer) (int64, error) { + // encode the VerifyingKey + enc := bw6756.NewEncoder(w) + + toEncode := []interface{}{ + &srs.Vk.G2[0], + &srs.Vk.G2[1], + srs.Pk.G1, + } + + for _, v := range toEncode { + if err := enc.Encode(v); err != nil { + return enc.BytesWritten(), err + } + } + + return enc.BytesWritten(), nil +} + // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the ProvingKey @@ -97,6 +117,28 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } +// ReadFrom decodes SRS data from reader. +func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { + // decode the VerifyingKey + dec := bw6756.NewDecoder(r) + + toDecode := []interface{}{ + &srs.Vk.G2[0], + &srs.Vk.G2[1], + &srs.Pk.G1, + } + + for _, v := range toDecode { + if err := dec.Decode(v); err != nil { + return dec.BytesRead(), err + } + } + + srs.Vk.G1 = srs.Pk.G1[0] + + return dec.BytesRead(), nil +} + // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { enc := bw6756.NewEncoder(w) diff --git a/ecc/bw6-761/fr/kzg/kzg_test.go b/ecc/bw6-761/fr/kzg/kzg_test.go index 93a147af08..e5a4fa10f3 100644 --- a/ecc/bw6-761/fr/kzg/kzg_test.go +++ b/ecc/bw6-761/fr/kzg/kzg_test.go @@ -108,6 +108,7 @@ func TestSerializationSRS(t *testing.T) { assert.NoError(t, err) t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) + t.Run("whole SRS round-trip", serializationRoundtrip(&srs)) } func TestCommit(t *testing.T) { diff --git a/ecc/bw6-761/fr/kzg/marshal.go b/ecc/bw6-761/fr/kzg/marshal.go index 555d8210c8..a007366209 100644 --- a/ecc/bw6-761/fr/kzg/marshal.go +++ b/ecc/bw6-761/fr/kzg/marshal.go @@ -59,6 +59,26 @@ func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } +// WriteTo writes binary encoding of the entire SRS +func (srs *SRS) WriteTo(w io.Writer) (int64, error) { + // encode the VerifyingKey + enc := bw6761.NewEncoder(w) + + toEncode := []interface{}{ + &srs.Vk.G2[0], + &srs.Vk.G2[1], + srs.Pk.G1, + } + + for _, v := range toEncode { + if err := enc.Encode(v); err != nil { + return enc.BytesWritten(), err + } + } + + return enc.BytesWritten(), nil +} + // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the ProvingKey @@ -97,6 +117,28 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } +// ReadFrom decodes SRS data from reader. +func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { + // decode the VerifyingKey + dec := bw6761.NewDecoder(r) + + toDecode := []interface{}{ + &srs.Vk.G2[0], + &srs.Vk.G2[1], + &srs.Pk.G1, + } + + for _, v := range toDecode { + if err := dec.Decode(v); err != nil { + return dec.BytesRead(), err + } + } + + srs.Vk.G1 = srs.Pk.G1[0] + + return dec.BytesRead(), nil +} + // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { enc := bw6761.NewEncoder(w) diff --git a/internal/generator/kzg/template/kzg.test.go.tmpl b/internal/generator/kzg/template/kzg.test.go.tmpl index 08b872fc01..c93725664c 100644 --- a/internal/generator/kzg/template/kzg.test.go.tmpl +++ b/internal/generator/kzg/template/kzg.test.go.tmpl @@ -91,6 +91,7 @@ func TestSerializationSRS(t *testing.T) { assert.NoError(t, err) t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) + t.Run("whole SRS round-trip", serializationRoundtrip(&srs)) } func TestCommit(t *testing.T) { diff --git a/internal/generator/kzg/template/marshal.go.tmpl b/internal/generator/kzg/template/marshal.go.tmpl index 4f1ead752b..38d3c9579e 100644 --- a/internal/generator/kzg/template/marshal.go.tmpl +++ b/internal/generator/kzg/template/marshal.go.tmpl @@ -42,6 +42,26 @@ func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } +// WriteTo writes binary encoding of the entire SRS +func (srs *SRS) WriteTo(w io.Writer) (int64, error) { + // encode the VerifyingKey + enc := {{ .CurvePackage }}.NewEncoder(w) + + toEncode := []interface{}{ + &srs.Vk.G2[0], + &srs.Vk.G2[1], + srs.Pk.G1, + } + + for _, v := range toEncode { + if err := enc.Encode(v); err != nil { + return enc.BytesWritten(), err + } + } + + return enc.BytesWritten(), nil +} + // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the ProvingKey @@ -80,6 +100,28 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { return dec.BytesRead(), nil } +// ReadFrom decodes SRS data from reader. +func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { + // decode the VerifyingKey + dec := {{ .CurvePackage }}.NewDecoder(r) + + toDecode := []interface{}{ + &srs.Vk.G2[0], + &srs.Vk.G2[1], + &srs.Pk.G1, + } + + for _, v := range toDecode { + if err := dec.Decode(v); err != nil { + return dec.BytesRead(), err + } + } + + srs.Vk.G1 = srs.Pk.G1[0] + + return dec.BytesRead(), nil +} + // WriteTo writes binary encoding of a OpeningProof func (proof *OpeningProof) WriteTo(w io.Writer) (int64, error) { diff --git a/kzg/kzg.go b/kzg/kzg.go index dda7feaf1e..fa35382bda 100644 --- a/kzg/kzg.go +++ b/kzg/kzg.go @@ -24,31 +24,30 @@ type Serializable interface { io.WriterTo } -type ProvingKey Serializable -type VerifyingKey Serializable +type SRS Serializable // NewSRS returns an empty curved-typed SRS object // that implements io.ReaderFrom and io.WriterTo interfaces -func NewSRS(curveID ecc.ID) (ProvingKey, VerifyingKey) { +func NewSRS(curveID ecc.ID) SRS { switch curveID { case ecc.BN254: - return &kzg_bn254.ProvingKey{}, &kzg_bn254.VerifyingKey{} + return &kzg_bn254.SRS{} case ecc.BLS12_377: - return &kzg_bls12377.ProvingKey{}, &kzg_bls12377.VerifyingKey{} + return &kzg_bls12377.SRS{} case ecc.BLS12_378: - return &kzg_bls12378.ProvingKey{}, &kzg_bls12378.VerifyingKey{} + return &kzg_bls12378.SRS{} case ecc.BLS12_381: - return &kzg_bls12381.ProvingKey{}, &kzg_bls12381.VerifyingKey{} + return &kzg_bls12381.SRS{} case ecc.BLS24_315: - return &kzg_bls24315.ProvingKey{}, &kzg_bls24315.VerifyingKey{} + return &kzg_bls24315.SRS{} case ecc.BLS24_317: - return &kzg_bls24317.ProvingKey{}, &kzg_bls24317.VerifyingKey{} + return &kzg_bls24317.SRS{} case ecc.BW6_761: - return &kzg_bw6761.ProvingKey{}, &kzg_bw6761.VerifyingKey{} + return &kzg_bw6761.SRS{} case ecc.BW6_633: - return &kzg_bw6633.ProvingKey{}, &kzg_bw6633.VerifyingKey{} + return &kzg_bw6633.SRS{} case ecc.BW6_756: - return &kzg_bw6756.ProvingKey{}, &kzg_bw6756.VerifyingKey{} + return &kzg_bw6756.SRS{} default: panic("not implemented") } From 7fda2542de4d0ddd19d1132e748cee9b04c10dae Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Sat, 8 Apr 2023 18:26:50 -0500 Subject: [PATCH 13/21] revert: NewSRS to return a pointer again --- ecc/bls12-377/fr/kzg/kzg.go | 9 ++++----- ecc/bls12-377/fr/kzg/kzg_test.go | 4 ++-- ecc/bls12-378/fr/kzg/kzg.go | 9 ++++----- ecc/bls12-378/fr/kzg/kzg_test.go | 4 ++-- ecc/bls12-381/fr/kzg/kzg.go | 9 ++++----- ecc/bls12-381/fr/kzg/kzg_test.go | 4 ++-- ecc/bls24-315/fr/kzg/kzg.go | 9 ++++----- ecc/bls24-315/fr/kzg/kzg_test.go | 4 ++-- ecc/bls24-317/fr/kzg/kzg.go | 9 ++++----- ecc/bls24-317/fr/kzg/kzg_test.go | 4 ++-- ecc/bn254/fr/kzg/kzg.go | 9 ++++----- ecc/bn254/fr/kzg/kzg_test.go | 4 ++-- ecc/bw6-633/fr/kzg/kzg.go | 9 ++++----- ecc/bw6-633/fr/kzg/kzg_test.go | 4 ++-- ecc/bw6-756/fr/kzg/kzg.go | 9 ++++----- ecc/bw6-756/fr/kzg/kzg_test.go | 4 ++-- ecc/bw6-761/fr/kzg/kzg.go | 9 ++++----- ecc/bw6-761/fr/kzg/kzg_test.go | 4 ++-- internal/generator/kzg/template/kzg.go.tmpl | 9 ++++----- internal/generator/kzg/template/kzg.test.go.tmpl | 4 ++-- 20 files changed, 60 insertions(+), 70 deletions(-) diff --git a/ecc/bls12-377/fr/kzg/kzg.go b/ecc/bls12-377/fr/kzg/kzg.go index 5389813cdf..9f9397c9a9 100644 --- a/ecc/bls12-377/fr/kzg/kzg.go +++ b/ecc/bls12-377/fr/kzg/kzg.go @@ -74,13 +74,12 @@ func eval(p []fr.Element, point fr.Element) fr.Element { // In production, a SRS generated through MPC should be used. // // implements io.ReaderFrom and io.WriterTo -func NewSRS(size uint64, bAlpha *big.Int) (srs SRS, err error) { +func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { if size < 2 { - err = ErrMinSRSSize - return + return nil, ErrMinSRSSize } - + var srs SRS srs.Pk.G1 = make([]bls12377.G1Affine, size) var alpha fr.Element @@ -100,7 +99,7 @@ func NewSRS(size uint64, bAlpha *big.Int) (srs SRS, err error) { g1s := bls12377.BatchScalarMultiplicationG1(&gen1Aff, alphas) copy(srs.Pk.G1[1:], g1s) - return + return &srs, nil } // OpeningProof KZG proof for opening at a single point. diff --git a/ecc/bls12-377/fr/kzg/kzg_test.go b/ecc/bls12-377/fr/kzg/kzg_test.go index aaa1f7babc..7993a1078c 100644 --- a/ecc/bls12-377/fr/kzg/kzg_test.go +++ b/ecc/bls12-377/fr/kzg/kzg_test.go @@ -31,7 +31,7 @@ import ( ) // Test SRS re-used across tests of the KZG scheme -var testSrs SRS +var testSrs *SRS func init() { const srsSize = 230 @@ -108,7 +108,7 @@ func TestSerializationSRS(t *testing.T) { assert.NoError(t, err) t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) - t.Run("whole SRS round-trip", serializationRoundtrip(&srs)) + t.Run("whole SRS round-trip", serializationRoundtrip(srs)) } func TestCommit(t *testing.T) { diff --git a/ecc/bls12-378/fr/kzg/kzg.go b/ecc/bls12-378/fr/kzg/kzg.go index c6a47e09c2..20473b021d 100644 --- a/ecc/bls12-378/fr/kzg/kzg.go +++ b/ecc/bls12-378/fr/kzg/kzg.go @@ -74,13 +74,12 @@ func eval(p []fr.Element, point fr.Element) fr.Element { // In production, a SRS generated through MPC should be used. // // implements io.ReaderFrom and io.WriterTo -func NewSRS(size uint64, bAlpha *big.Int) (srs SRS, err error) { +func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { if size < 2 { - err = ErrMinSRSSize - return + return nil, ErrMinSRSSize } - + var srs SRS srs.Pk.G1 = make([]bls12378.G1Affine, size) var alpha fr.Element @@ -100,7 +99,7 @@ func NewSRS(size uint64, bAlpha *big.Int) (srs SRS, err error) { g1s := bls12378.BatchScalarMultiplicationG1(&gen1Aff, alphas) copy(srs.Pk.G1[1:], g1s) - return + return &srs, nil } // OpeningProof KZG proof for opening at a single point. diff --git a/ecc/bls12-378/fr/kzg/kzg_test.go b/ecc/bls12-378/fr/kzg/kzg_test.go index 24f095d971..fb67cba3b7 100644 --- a/ecc/bls12-378/fr/kzg/kzg_test.go +++ b/ecc/bls12-378/fr/kzg/kzg_test.go @@ -31,7 +31,7 @@ import ( ) // Test SRS re-used across tests of the KZG scheme -var testSrs SRS +var testSrs *SRS func init() { const srsSize = 230 @@ -108,7 +108,7 @@ func TestSerializationSRS(t *testing.T) { assert.NoError(t, err) t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) - t.Run("whole SRS round-trip", serializationRoundtrip(&srs)) + t.Run("whole SRS round-trip", serializationRoundtrip(srs)) } func TestCommit(t *testing.T) { diff --git a/ecc/bls12-381/fr/kzg/kzg.go b/ecc/bls12-381/fr/kzg/kzg.go index 41256dd9ee..6f5d35b86c 100644 --- a/ecc/bls12-381/fr/kzg/kzg.go +++ b/ecc/bls12-381/fr/kzg/kzg.go @@ -74,13 +74,12 @@ func eval(p []fr.Element, point fr.Element) fr.Element { // In production, a SRS generated through MPC should be used. // // implements io.ReaderFrom and io.WriterTo -func NewSRS(size uint64, bAlpha *big.Int) (srs SRS, err error) { +func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { if size < 2 { - err = ErrMinSRSSize - return + return nil, ErrMinSRSSize } - + var srs SRS srs.Pk.G1 = make([]bls12381.G1Affine, size) var alpha fr.Element @@ -100,7 +99,7 @@ func NewSRS(size uint64, bAlpha *big.Int) (srs SRS, err error) { g1s := bls12381.BatchScalarMultiplicationG1(&gen1Aff, alphas) copy(srs.Pk.G1[1:], g1s) - return + return &srs, nil } // OpeningProof KZG proof for opening at a single point. diff --git a/ecc/bls12-381/fr/kzg/kzg_test.go b/ecc/bls12-381/fr/kzg/kzg_test.go index d2cff619fb..dfd1f9d1ce 100644 --- a/ecc/bls12-381/fr/kzg/kzg_test.go +++ b/ecc/bls12-381/fr/kzg/kzg_test.go @@ -31,7 +31,7 @@ import ( ) // Test SRS re-used across tests of the KZG scheme -var testSrs SRS +var testSrs *SRS func init() { const srsSize = 230 @@ -108,7 +108,7 @@ func TestSerializationSRS(t *testing.T) { assert.NoError(t, err) t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) - t.Run("whole SRS round-trip", serializationRoundtrip(&srs)) + t.Run("whole SRS round-trip", serializationRoundtrip(srs)) } func TestCommit(t *testing.T) { diff --git a/ecc/bls24-315/fr/kzg/kzg.go b/ecc/bls24-315/fr/kzg/kzg.go index f676b01977..cc3069676e 100644 --- a/ecc/bls24-315/fr/kzg/kzg.go +++ b/ecc/bls24-315/fr/kzg/kzg.go @@ -74,13 +74,12 @@ func eval(p []fr.Element, point fr.Element) fr.Element { // In production, a SRS generated through MPC should be used. // // implements io.ReaderFrom and io.WriterTo -func NewSRS(size uint64, bAlpha *big.Int) (srs SRS, err error) { +func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { if size < 2 { - err = ErrMinSRSSize - return + return nil, ErrMinSRSSize } - + var srs SRS srs.Pk.G1 = make([]bls24315.G1Affine, size) var alpha fr.Element @@ -100,7 +99,7 @@ func NewSRS(size uint64, bAlpha *big.Int) (srs SRS, err error) { g1s := bls24315.BatchScalarMultiplicationG1(&gen1Aff, alphas) copy(srs.Pk.G1[1:], g1s) - return + return &srs, nil } // OpeningProof KZG proof for opening at a single point. diff --git a/ecc/bls24-315/fr/kzg/kzg_test.go b/ecc/bls24-315/fr/kzg/kzg_test.go index 0e2b8824c9..520a4c0af4 100644 --- a/ecc/bls24-315/fr/kzg/kzg_test.go +++ b/ecc/bls24-315/fr/kzg/kzg_test.go @@ -31,7 +31,7 @@ import ( ) // Test SRS re-used across tests of the KZG scheme -var testSrs SRS +var testSrs *SRS func init() { const srsSize = 230 @@ -108,7 +108,7 @@ func TestSerializationSRS(t *testing.T) { assert.NoError(t, err) t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) - t.Run("whole SRS round-trip", serializationRoundtrip(&srs)) + t.Run("whole SRS round-trip", serializationRoundtrip(srs)) } func TestCommit(t *testing.T) { diff --git a/ecc/bls24-317/fr/kzg/kzg.go b/ecc/bls24-317/fr/kzg/kzg.go index a630979869..2c8ff3e67f 100644 --- a/ecc/bls24-317/fr/kzg/kzg.go +++ b/ecc/bls24-317/fr/kzg/kzg.go @@ -74,13 +74,12 @@ func eval(p []fr.Element, point fr.Element) fr.Element { // In production, a SRS generated through MPC should be used. // // implements io.ReaderFrom and io.WriterTo -func NewSRS(size uint64, bAlpha *big.Int) (srs SRS, err error) { +func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { if size < 2 { - err = ErrMinSRSSize - return + return nil, ErrMinSRSSize } - + var srs SRS srs.Pk.G1 = make([]bls24317.G1Affine, size) var alpha fr.Element @@ -100,7 +99,7 @@ func NewSRS(size uint64, bAlpha *big.Int) (srs SRS, err error) { g1s := bls24317.BatchScalarMultiplicationG1(&gen1Aff, alphas) copy(srs.Pk.G1[1:], g1s) - return + return &srs, nil } // OpeningProof KZG proof for opening at a single point. diff --git a/ecc/bls24-317/fr/kzg/kzg_test.go b/ecc/bls24-317/fr/kzg/kzg_test.go index 7ff8168597..5cbce17c45 100644 --- a/ecc/bls24-317/fr/kzg/kzg_test.go +++ b/ecc/bls24-317/fr/kzg/kzg_test.go @@ -31,7 +31,7 @@ import ( ) // Test SRS re-used across tests of the KZG scheme -var testSrs SRS +var testSrs *SRS func init() { const srsSize = 230 @@ -108,7 +108,7 @@ func TestSerializationSRS(t *testing.T) { assert.NoError(t, err) t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) - t.Run("whole SRS round-trip", serializationRoundtrip(&srs)) + t.Run("whole SRS round-trip", serializationRoundtrip(srs)) } func TestCommit(t *testing.T) { diff --git a/ecc/bn254/fr/kzg/kzg.go b/ecc/bn254/fr/kzg/kzg.go index 3f57e5f2b1..d3d60b9291 100644 --- a/ecc/bn254/fr/kzg/kzg.go +++ b/ecc/bn254/fr/kzg/kzg.go @@ -74,13 +74,12 @@ func eval(p []fr.Element, point fr.Element) fr.Element { // In production, a SRS generated through MPC should be used. // // implements io.ReaderFrom and io.WriterTo -func NewSRS(size uint64, bAlpha *big.Int) (srs SRS, err error) { +func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { if size < 2 { - err = ErrMinSRSSize - return + return nil, ErrMinSRSSize } - + var srs SRS srs.Pk.G1 = make([]bn254.G1Affine, size) var alpha fr.Element @@ -100,7 +99,7 @@ func NewSRS(size uint64, bAlpha *big.Int) (srs SRS, err error) { g1s := bn254.BatchScalarMultiplicationG1(&gen1Aff, alphas) copy(srs.Pk.G1[1:], g1s) - return + return &srs, nil } // OpeningProof KZG proof for opening at a single point. diff --git a/ecc/bn254/fr/kzg/kzg_test.go b/ecc/bn254/fr/kzg/kzg_test.go index 3bb84011b6..9050792b58 100644 --- a/ecc/bn254/fr/kzg/kzg_test.go +++ b/ecc/bn254/fr/kzg/kzg_test.go @@ -31,7 +31,7 @@ import ( ) // Test SRS re-used across tests of the KZG scheme -var testSrs SRS +var testSrs *SRS func init() { const srsSize = 230 @@ -108,7 +108,7 @@ func TestSerializationSRS(t *testing.T) { assert.NoError(t, err) t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) - t.Run("whole SRS round-trip", serializationRoundtrip(&srs)) + t.Run("whole SRS round-trip", serializationRoundtrip(srs)) } func TestCommit(t *testing.T) { diff --git a/ecc/bw6-633/fr/kzg/kzg.go b/ecc/bw6-633/fr/kzg/kzg.go index 7f5a29022c..342d795c6b 100644 --- a/ecc/bw6-633/fr/kzg/kzg.go +++ b/ecc/bw6-633/fr/kzg/kzg.go @@ -74,13 +74,12 @@ func eval(p []fr.Element, point fr.Element) fr.Element { // In production, a SRS generated through MPC should be used. // // implements io.ReaderFrom and io.WriterTo -func NewSRS(size uint64, bAlpha *big.Int) (srs SRS, err error) { +func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { if size < 2 { - err = ErrMinSRSSize - return + return nil, ErrMinSRSSize } - + var srs SRS srs.Pk.G1 = make([]bw6633.G1Affine, size) var alpha fr.Element @@ -100,7 +99,7 @@ func NewSRS(size uint64, bAlpha *big.Int) (srs SRS, err error) { g1s := bw6633.BatchScalarMultiplicationG1(&gen1Aff, alphas) copy(srs.Pk.G1[1:], g1s) - return + return &srs, nil } // OpeningProof KZG proof for opening at a single point. diff --git a/ecc/bw6-633/fr/kzg/kzg_test.go b/ecc/bw6-633/fr/kzg/kzg_test.go index d1b2cd2e17..15a346691e 100644 --- a/ecc/bw6-633/fr/kzg/kzg_test.go +++ b/ecc/bw6-633/fr/kzg/kzg_test.go @@ -31,7 +31,7 @@ import ( ) // Test SRS re-used across tests of the KZG scheme -var testSrs SRS +var testSrs *SRS func init() { const srsSize = 230 @@ -108,7 +108,7 @@ func TestSerializationSRS(t *testing.T) { assert.NoError(t, err) t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) - t.Run("whole SRS round-trip", serializationRoundtrip(&srs)) + t.Run("whole SRS round-trip", serializationRoundtrip(srs)) } func TestCommit(t *testing.T) { diff --git a/ecc/bw6-756/fr/kzg/kzg.go b/ecc/bw6-756/fr/kzg/kzg.go index 3bbab0a646..a47f3e83ec 100644 --- a/ecc/bw6-756/fr/kzg/kzg.go +++ b/ecc/bw6-756/fr/kzg/kzg.go @@ -74,13 +74,12 @@ func eval(p []fr.Element, point fr.Element) fr.Element { // In production, a SRS generated through MPC should be used. // // implements io.ReaderFrom and io.WriterTo -func NewSRS(size uint64, bAlpha *big.Int) (srs SRS, err error) { +func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { if size < 2 { - err = ErrMinSRSSize - return + return nil, ErrMinSRSSize } - + var srs SRS srs.Pk.G1 = make([]bw6756.G1Affine, size) var alpha fr.Element @@ -100,7 +99,7 @@ func NewSRS(size uint64, bAlpha *big.Int) (srs SRS, err error) { g1s := bw6756.BatchScalarMultiplicationG1(&gen1Aff, alphas) copy(srs.Pk.G1[1:], g1s) - return + return &srs, nil } // OpeningProof KZG proof for opening at a single point. diff --git a/ecc/bw6-756/fr/kzg/kzg_test.go b/ecc/bw6-756/fr/kzg/kzg_test.go index f80a6a2e82..432debae27 100644 --- a/ecc/bw6-756/fr/kzg/kzg_test.go +++ b/ecc/bw6-756/fr/kzg/kzg_test.go @@ -31,7 +31,7 @@ import ( ) // Test SRS re-used across tests of the KZG scheme -var testSrs SRS +var testSrs *SRS func init() { const srsSize = 230 @@ -108,7 +108,7 @@ func TestSerializationSRS(t *testing.T) { assert.NoError(t, err) t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) - t.Run("whole SRS round-trip", serializationRoundtrip(&srs)) + t.Run("whole SRS round-trip", serializationRoundtrip(srs)) } func TestCommit(t *testing.T) { diff --git a/ecc/bw6-761/fr/kzg/kzg.go b/ecc/bw6-761/fr/kzg/kzg.go index def006eef0..ebd5444a24 100644 --- a/ecc/bw6-761/fr/kzg/kzg.go +++ b/ecc/bw6-761/fr/kzg/kzg.go @@ -74,13 +74,12 @@ func eval(p []fr.Element, point fr.Element) fr.Element { // In production, a SRS generated through MPC should be used. // // implements io.ReaderFrom and io.WriterTo -func NewSRS(size uint64, bAlpha *big.Int) (srs SRS, err error) { +func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { if size < 2 { - err = ErrMinSRSSize - return + return nil, ErrMinSRSSize } - + var srs SRS srs.Pk.G1 = make([]bw6761.G1Affine, size) var alpha fr.Element @@ -100,7 +99,7 @@ func NewSRS(size uint64, bAlpha *big.Int) (srs SRS, err error) { g1s := bw6761.BatchScalarMultiplicationG1(&gen1Aff, alphas) copy(srs.Pk.G1[1:], g1s) - return + return &srs, nil } // OpeningProof KZG proof for opening at a single point. diff --git a/ecc/bw6-761/fr/kzg/kzg_test.go b/ecc/bw6-761/fr/kzg/kzg_test.go index e5a4fa10f3..c2ccef64f6 100644 --- a/ecc/bw6-761/fr/kzg/kzg_test.go +++ b/ecc/bw6-761/fr/kzg/kzg_test.go @@ -31,7 +31,7 @@ import ( ) // Test SRS re-used across tests of the KZG scheme -var testSrs SRS +var testSrs *SRS func init() { const srsSize = 230 @@ -108,7 +108,7 @@ func TestSerializationSRS(t *testing.T) { assert.NoError(t, err) t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) - t.Run("whole SRS round-trip", serializationRoundtrip(&srs)) + t.Run("whole SRS round-trip", serializationRoundtrip(srs)) } func TestCommit(t *testing.T) { diff --git a/internal/generator/kzg/template/kzg.go.tmpl b/internal/generator/kzg/template/kzg.go.tmpl index cdba5df613..723d165a7e 100644 --- a/internal/generator/kzg/template/kzg.go.tmpl +++ b/internal/generator/kzg/template/kzg.go.tmpl @@ -56,13 +56,12 @@ func eval(p []fr.Element, point fr.Element) fr.Element { // In production, a SRS generated through MPC should be used. // // implements io.ReaderFrom and io.WriterTo -func NewSRS(size uint64, bAlpha *big.Int) (srs SRS, err error) { +func NewSRS(size uint64, bAlpha *big.Int) (*SRS, error) { if size < 2 { - err = ErrMinSRSSize - return + return nil, ErrMinSRSSize } - + var srs SRS srs.Pk.G1 = make([]{{ .CurvePackage }}.G1Affine, size) var alpha fr.Element @@ -82,7 +81,7 @@ func NewSRS(size uint64, bAlpha *big.Int) (srs SRS, err error) { g1s := {{ .CurvePackage }}.BatchScalarMultiplicationG1(&gen1Aff, alphas) copy(srs.Pk.G1[1:], g1s) - return + return &srs, nil } // OpeningProof KZG proof for opening at a single point. diff --git a/internal/generator/kzg/template/kzg.test.go.tmpl b/internal/generator/kzg/template/kzg.test.go.tmpl index c93725664c..24db10cfdf 100644 --- a/internal/generator/kzg/template/kzg.test.go.tmpl +++ b/internal/generator/kzg/template/kzg.test.go.tmpl @@ -13,7 +13,7 @@ import ( ) // Test SRS re-used across tests of the KZG scheme -var testSrs SRS +var testSrs *SRS func init() { const srsSize = 230 @@ -91,7 +91,7 @@ func TestSerializationSRS(t *testing.T) { assert.NoError(t, err) t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) - t.Run("whole SRS round-trip", serializationRoundtrip(&srs)) + t.Run("whole SRS round-trip", serializationRoundtrip(srs)) } func TestCommit(t *testing.T) { From ab1a13b49ec934dd9f8a0be224368d3d5f61c115 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Sun, 9 Apr 2023 18:43:07 -0500 Subject: [PATCH 14/21] feat: kzg.Vk.WriteRawTo --- ecc/bls12-377/fr/kzg/marshal.go | 9 +++++++-- ecc/bls12-378/fr/kzg/marshal.go | 9 +++++++-- ecc/bls12-381/fr/kzg/marshal.go | 9 +++++++-- ecc/bls24-315/fr/kzg/marshal.go | 9 +++++++-- ecc/bls24-317/fr/kzg/marshal.go | 9 +++++++-- ecc/bn254/fr/kzg/marshal.go | 9 +++++++-- ecc/bw6-633/fr/kzg/marshal.go | 9 +++++++-- ecc/bw6-756/fr/kzg/marshal.go | 9 +++++++-- ecc/bw6-761/fr/kzg/marshal.go | 9 +++++++-- internal/generator/kzg/template/marshal.go.tmpl | 9 +++++++-- 10 files changed, 70 insertions(+), 20 deletions(-) diff --git a/ecc/bls12-377/fr/kzg/marshal.go b/ecc/bls12-377/fr/kzg/marshal.go index 3b605f3fd6..0814ea9f3b 100644 --- a/ecc/bls12-377/fr/kzg/marshal.go +++ b/ecc/bls12-377/fr/kzg/marshal.go @@ -39,10 +39,15 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } +// WriteRawTo writes binary encoding of Proof to w without point compression +func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { + return vk.writeTo(w, curve.RawEncoding()) +} + // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { +func (vk *VerifyingKey) WriteTo(w io.Writer, options ...func(*bls12377.Encoder)) (int64, error) { // encode the VerifyingKey - enc := bls12377.NewEncoder(w) + enc := bls12377.NewEncoder(w, options...) toEncode := []interface{}{ &vk.G2[0], diff --git a/ecc/bls12-378/fr/kzg/marshal.go b/ecc/bls12-378/fr/kzg/marshal.go index ea7f196ea5..9c2fa910bd 100644 --- a/ecc/bls12-378/fr/kzg/marshal.go +++ b/ecc/bls12-378/fr/kzg/marshal.go @@ -39,10 +39,15 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } +// WriteRawTo writes binary encoding of Proof to w without point compression +func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { + return vk.writeTo(w, curve.RawEncoding()) +} + // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { +func (vk *VerifyingKey) WriteTo(w io.Writer, options ...func(*bls12378.Encoder)) (int64, error) { // encode the VerifyingKey - enc := bls12378.NewEncoder(w) + enc := bls12378.NewEncoder(w, options...) toEncode := []interface{}{ &vk.G2[0], diff --git a/ecc/bls12-381/fr/kzg/marshal.go b/ecc/bls12-381/fr/kzg/marshal.go index 24f94473c1..55d5a7ef93 100644 --- a/ecc/bls12-381/fr/kzg/marshal.go +++ b/ecc/bls12-381/fr/kzg/marshal.go @@ -39,10 +39,15 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } +// WriteRawTo writes binary encoding of Proof to w without point compression +func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { + return vk.writeTo(w, curve.RawEncoding()) +} + // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { +func (vk *VerifyingKey) WriteTo(w io.Writer, options ...func(*bls12381.Encoder)) (int64, error) { // encode the VerifyingKey - enc := bls12381.NewEncoder(w) + enc := bls12381.NewEncoder(w, options...) toEncode := []interface{}{ &vk.G2[0], diff --git a/ecc/bls24-315/fr/kzg/marshal.go b/ecc/bls24-315/fr/kzg/marshal.go index 3f0f83eae2..a2fb1df9e0 100644 --- a/ecc/bls24-315/fr/kzg/marshal.go +++ b/ecc/bls24-315/fr/kzg/marshal.go @@ -39,10 +39,15 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } +// WriteRawTo writes binary encoding of Proof to w without point compression +func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { + return vk.writeTo(w, curve.RawEncoding()) +} + // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { +func (vk *VerifyingKey) WriteTo(w io.Writer, options ...func(*bls24315.Encoder)) (int64, error) { // encode the VerifyingKey - enc := bls24315.NewEncoder(w) + enc := bls24315.NewEncoder(w, options...) toEncode := []interface{}{ &vk.G2[0], diff --git a/ecc/bls24-317/fr/kzg/marshal.go b/ecc/bls24-317/fr/kzg/marshal.go index 74b38fd55b..c240131e4f 100644 --- a/ecc/bls24-317/fr/kzg/marshal.go +++ b/ecc/bls24-317/fr/kzg/marshal.go @@ -39,10 +39,15 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } +// WriteRawTo writes binary encoding of Proof to w without point compression +func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { + return vk.writeTo(w, curve.RawEncoding()) +} + // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { +func (vk *VerifyingKey) WriteTo(w io.Writer, options ...func(*bls24317.Encoder)) (int64, error) { // encode the VerifyingKey - enc := bls24317.NewEncoder(w) + enc := bls24317.NewEncoder(w, options...) toEncode := []interface{}{ &vk.G2[0], diff --git a/ecc/bn254/fr/kzg/marshal.go b/ecc/bn254/fr/kzg/marshal.go index a5edd04e0a..88b7fc1c31 100644 --- a/ecc/bn254/fr/kzg/marshal.go +++ b/ecc/bn254/fr/kzg/marshal.go @@ -39,10 +39,15 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } +// WriteRawTo writes binary encoding of Proof to w without point compression +func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { + return vk.writeTo(w, curve.RawEncoding()) +} + // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { +func (vk *VerifyingKey) WriteTo(w io.Writer, options ...func(*bn254.Encoder)) (int64, error) { // encode the VerifyingKey - enc := bn254.NewEncoder(w) + enc := bn254.NewEncoder(w, options...) toEncode := []interface{}{ &vk.G2[0], diff --git a/ecc/bw6-633/fr/kzg/marshal.go b/ecc/bw6-633/fr/kzg/marshal.go index 30b87377ec..04e952460d 100644 --- a/ecc/bw6-633/fr/kzg/marshal.go +++ b/ecc/bw6-633/fr/kzg/marshal.go @@ -39,10 +39,15 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } +// WriteRawTo writes binary encoding of Proof to w without point compression +func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { + return vk.writeTo(w, curve.RawEncoding()) +} + // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { +func (vk *VerifyingKey) WriteTo(w io.Writer, options ...func(*bw6633.Encoder)) (int64, error) { // encode the VerifyingKey - enc := bw6633.NewEncoder(w) + enc := bw6633.NewEncoder(w, options...) toEncode := []interface{}{ &vk.G2[0], diff --git a/ecc/bw6-756/fr/kzg/marshal.go b/ecc/bw6-756/fr/kzg/marshal.go index 022f002768..7c6a2e6268 100644 --- a/ecc/bw6-756/fr/kzg/marshal.go +++ b/ecc/bw6-756/fr/kzg/marshal.go @@ -39,10 +39,15 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } +// WriteRawTo writes binary encoding of Proof to w without point compression +func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { + return vk.writeTo(w, curve.RawEncoding()) +} + // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { +func (vk *VerifyingKey) WriteTo(w io.Writer, options ...func(*bw6756.Encoder)) (int64, error) { // encode the VerifyingKey - enc := bw6756.NewEncoder(w) + enc := bw6756.NewEncoder(w, options...) toEncode := []interface{}{ &vk.G2[0], diff --git a/ecc/bw6-761/fr/kzg/marshal.go b/ecc/bw6-761/fr/kzg/marshal.go index a007366209..ab6a42e2f3 100644 --- a/ecc/bw6-761/fr/kzg/marshal.go +++ b/ecc/bw6-761/fr/kzg/marshal.go @@ -39,10 +39,15 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } +// WriteRawTo writes binary encoding of Proof to w without point compression +func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { + return vk.writeTo(w, curve.RawEncoding()) +} + // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { +func (vk *VerifyingKey) WriteTo(w io.Writer, options ...func(*bw6761.Encoder)) (int64, error) { // encode the VerifyingKey - enc := bw6761.NewEncoder(w) + enc := bw6761.NewEncoder(w, options...) toEncode := []interface{}{ &vk.G2[0], diff --git a/internal/generator/kzg/template/marshal.go.tmpl b/internal/generator/kzg/template/marshal.go.tmpl index 38d3c9579e..13ba80b282 100644 --- a/internal/generator/kzg/template/marshal.go.tmpl +++ b/internal/generator/kzg/template/marshal.go.tmpl @@ -22,10 +22,15 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } +// WriteRawTo writes binary encoding of Proof to w without point compression +func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { + return vk.writeTo(w, curve.RawEncoding()) +} + // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { +func (vk *VerifyingKey) WriteTo(w io.Writer, options ...func(*{{.CurvePackage}}.Encoder)) (int64, error) { // encode the VerifyingKey - enc := {{ .CurvePackage }}.NewEncoder(w) + enc := {{ .CurvePackage }}.NewEncoder(w, options...) toEncode := []interface{}{ &vk.G2[0], From d5f15115c4bb2684ac1896fb3375036e9918d48e Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Sun, 9 Apr 2023 19:05:06 -0500 Subject: [PATCH 15/21] fix: minor errors --- ecc/bls12-377/fr/kzg/marshal.go | 8 ++++++-- ecc/bls12-378/fr/kzg/marshal.go | 8 ++++++-- ecc/bls12-381/fr/kzg/marshal.go | 8 ++++++-- ecc/bls24-315/fr/kzg/marshal.go | 8 ++++++-- ecc/bls24-317/fr/kzg/marshal.go | 8 ++++++-- ecc/bn254/fr/kzg/marshal.go | 8 ++++++-- ecc/bw6-633/fr/kzg/marshal.go | 8 ++++++-- ecc/bw6-756/fr/kzg/marshal.go | 8 ++++++-- ecc/bw6-761/fr/kzg/marshal.go | 8 ++++++-- internal/generator/kzg/template/marshal.go.tmpl | 8 ++++++-- 10 files changed, 60 insertions(+), 20 deletions(-) diff --git a/ecc/bls12-377/fr/kzg/marshal.go b/ecc/bls12-377/fr/kzg/marshal.go index 0814ea9f3b..6618613e38 100644 --- a/ecc/bls12-377/fr/kzg/marshal.go +++ b/ecc/bls12-377/fr/kzg/marshal.go @@ -41,11 +41,15 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { // WriteRawTo writes binary encoding of Proof to w without point compression func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { - return vk.writeTo(w, curve.RawEncoding()) + return vk.writeTo(w, bls12377.RawEncoding()) } // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey) WriteTo(w io.Writer, options ...func(*bls12377.Encoder)) (int64, error) { +func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { + return vk.writeTo(w) +} + +func (vk *VerifyingKey) writeTo(w io.Writer, options ...func(*bls12377.Encoder)) (int64, error) { // encode the VerifyingKey enc := bls12377.NewEncoder(w, options...) diff --git a/ecc/bls12-378/fr/kzg/marshal.go b/ecc/bls12-378/fr/kzg/marshal.go index 9c2fa910bd..aece869ea1 100644 --- a/ecc/bls12-378/fr/kzg/marshal.go +++ b/ecc/bls12-378/fr/kzg/marshal.go @@ -41,11 +41,15 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { // WriteRawTo writes binary encoding of Proof to w without point compression func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { - return vk.writeTo(w, curve.RawEncoding()) + return vk.writeTo(w, bls12378.RawEncoding()) } // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey) WriteTo(w io.Writer, options ...func(*bls12378.Encoder)) (int64, error) { +func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { + return vk.writeTo(w) +} + +func (vk *VerifyingKey) writeTo(w io.Writer, options ...func(*bls12378.Encoder)) (int64, error) { // encode the VerifyingKey enc := bls12378.NewEncoder(w, options...) diff --git a/ecc/bls12-381/fr/kzg/marshal.go b/ecc/bls12-381/fr/kzg/marshal.go index 55d5a7ef93..08e2cbf784 100644 --- a/ecc/bls12-381/fr/kzg/marshal.go +++ b/ecc/bls12-381/fr/kzg/marshal.go @@ -41,11 +41,15 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { // WriteRawTo writes binary encoding of Proof to w without point compression func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { - return vk.writeTo(w, curve.RawEncoding()) + return vk.writeTo(w, bls12381.RawEncoding()) } // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey) WriteTo(w io.Writer, options ...func(*bls12381.Encoder)) (int64, error) { +func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { + return vk.writeTo(w) +} + +func (vk *VerifyingKey) writeTo(w io.Writer, options ...func(*bls12381.Encoder)) (int64, error) { // encode the VerifyingKey enc := bls12381.NewEncoder(w, options...) diff --git a/ecc/bls24-315/fr/kzg/marshal.go b/ecc/bls24-315/fr/kzg/marshal.go index a2fb1df9e0..ba54375032 100644 --- a/ecc/bls24-315/fr/kzg/marshal.go +++ b/ecc/bls24-315/fr/kzg/marshal.go @@ -41,11 +41,15 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { // WriteRawTo writes binary encoding of Proof to w without point compression func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { - return vk.writeTo(w, curve.RawEncoding()) + return vk.writeTo(w, bls24315.RawEncoding()) } // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey) WriteTo(w io.Writer, options ...func(*bls24315.Encoder)) (int64, error) { +func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { + return vk.writeTo(w) +} + +func (vk *VerifyingKey) writeTo(w io.Writer, options ...func(*bls24315.Encoder)) (int64, error) { // encode the VerifyingKey enc := bls24315.NewEncoder(w, options...) diff --git a/ecc/bls24-317/fr/kzg/marshal.go b/ecc/bls24-317/fr/kzg/marshal.go index c240131e4f..58470ab6ef 100644 --- a/ecc/bls24-317/fr/kzg/marshal.go +++ b/ecc/bls24-317/fr/kzg/marshal.go @@ -41,11 +41,15 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { // WriteRawTo writes binary encoding of Proof to w without point compression func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { - return vk.writeTo(w, curve.RawEncoding()) + return vk.writeTo(w, bls24317.RawEncoding()) } // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey) WriteTo(w io.Writer, options ...func(*bls24317.Encoder)) (int64, error) { +func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { + return vk.writeTo(w) +} + +func (vk *VerifyingKey) writeTo(w io.Writer, options ...func(*bls24317.Encoder)) (int64, error) { // encode the VerifyingKey enc := bls24317.NewEncoder(w, options...) diff --git a/ecc/bn254/fr/kzg/marshal.go b/ecc/bn254/fr/kzg/marshal.go index 88b7fc1c31..415cbe2c84 100644 --- a/ecc/bn254/fr/kzg/marshal.go +++ b/ecc/bn254/fr/kzg/marshal.go @@ -41,11 +41,15 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { // WriteRawTo writes binary encoding of Proof to w without point compression func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { - return vk.writeTo(w, curve.RawEncoding()) + return vk.writeTo(w, bn254.RawEncoding()) } // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey) WriteTo(w io.Writer, options ...func(*bn254.Encoder)) (int64, error) { +func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { + return vk.writeTo(w) +} + +func (vk *VerifyingKey) writeTo(w io.Writer, options ...func(*bn254.Encoder)) (int64, error) { // encode the VerifyingKey enc := bn254.NewEncoder(w, options...) diff --git a/ecc/bw6-633/fr/kzg/marshal.go b/ecc/bw6-633/fr/kzg/marshal.go index 04e952460d..fdcd9b9992 100644 --- a/ecc/bw6-633/fr/kzg/marshal.go +++ b/ecc/bw6-633/fr/kzg/marshal.go @@ -41,11 +41,15 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { // WriteRawTo writes binary encoding of Proof to w without point compression func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { - return vk.writeTo(w, curve.RawEncoding()) + return vk.writeTo(w, bw6633.RawEncoding()) } // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey) WriteTo(w io.Writer, options ...func(*bw6633.Encoder)) (int64, error) { +func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { + return vk.writeTo(w) +} + +func (vk *VerifyingKey) writeTo(w io.Writer, options ...func(*bw6633.Encoder)) (int64, error) { // encode the VerifyingKey enc := bw6633.NewEncoder(w, options...) diff --git a/ecc/bw6-756/fr/kzg/marshal.go b/ecc/bw6-756/fr/kzg/marshal.go index 7c6a2e6268..a4bf1aad8a 100644 --- a/ecc/bw6-756/fr/kzg/marshal.go +++ b/ecc/bw6-756/fr/kzg/marshal.go @@ -41,11 +41,15 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { // WriteRawTo writes binary encoding of Proof to w without point compression func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { - return vk.writeTo(w, curve.RawEncoding()) + return vk.writeTo(w, bw6756.RawEncoding()) } // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey) WriteTo(w io.Writer, options ...func(*bw6756.Encoder)) (int64, error) { +func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { + return vk.writeTo(w) +} + +func (vk *VerifyingKey) writeTo(w io.Writer, options ...func(*bw6756.Encoder)) (int64, error) { // encode the VerifyingKey enc := bw6756.NewEncoder(w, options...) diff --git a/ecc/bw6-761/fr/kzg/marshal.go b/ecc/bw6-761/fr/kzg/marshal.go index ab6a42e2f3..202b30dc36 100644 --- a/ecc/bw6-761/fr/kzg/marshal.go +++ b/ecc/bw6-761/fr/kzg/marshal.go @@ -41,11 +41,15 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { // WriteRawTo writes binary encoding of Proof to w without point compression func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { - return vk.writeTo(w, curve.RawEncoding()) + return vk.writeTo(w, bw6761.RawEncoding()) } // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey) WriteTo(w io.Writer, options ...func(*bw6761.Encoder)) (int64, error) { +func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { + return vk.writeTo(w) +} + +func (vk *VerifyingKey) writeTo(w io.Writer, options ...func(*bw6761.Encoder)) (int64, error) { // encode the VerifyingKey enc := bw6761.NewEncoder(w, options...) diff --git a/internal/generator/kzg/template/marshal.go.tmpl b/internal/generator/kzg/template/marshal.go.tmpl index 13ba80b282..aee622c264 100644 --- a/internal/generator/kzg/template/marshal.go.tmpl +++ b/internal/generator/kzg/template/marshal.go.tmpl @@ -24,11 +24,15 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { // WriteRawTo writes binary encoding of Proof to w without point compression func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { - return vk.writeTo(w, curve.RawEncoding()) + return vk.writeTo(w, {{.CurvePackage}}.RawEncoding()) } // WriteTo writes binary encoding of the VerifyingKey -func (vk *VerifyingKey) WriteTo(w io.Writer, options ...func(*{{.CurvePackage}}.Encoder)) (int64, error) { +func (vk *VerifyingKey) WriteTo(w io.Writer) (int64, error) { + return vk.writeTo(w) +} + +func (vk *VerifyingKey) writeTo(w io.Writer, options ...func(*{{.CurvePackage}}.Encoder)) (int64, error) { // encode the VerifyingKey enc := {{ .CurvePackage }}.NewEncoder(w, options...) From 238509e413b10d199b12e3388dd37ffd6c53b4c5 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Tue, 11 Apr 2023 15:56:47 -0500 Subject: [PATCH 16/21] style: no loop when serializing one object only --- ecc/bls12-377/fr/kzg/marshal.go | 12 ++---------- ecc/bls12-378/fr/kzg/marshal.go | 12 ++---------- ecc/bls12-381/fr/kzg/marshal.go | 12 ++---------- ecc/bls24-315/fr/kzg/marshal.go | 12 ++---------- ecc/bls24-317/fr/kzg/marshal.go | 12 ++---------- ecc/bn254/fr/kzg/marshal.go | 12 ++---------- ecc/bw6-633/fr/kzg/marshal.go | 12 ++---------- ecc/bw6-756/fr/kzg/marshal.go | 12 ++---------- ecc/bw6-761/fr/kzg/marshal.go | 12 ++---------- internal/generator/kzg/template/marshal.go.tmpl | 12 ++---------- 10 files changed, 20 insertions(+), 100 deletions(-) diff --git a/ecc/bls12-377/fr/kzg/marshal.go b/ecc/bls12-377/fr/kzg/marshal.go index 6618613e38..bb98169e4a 100644 --- a/ecc/bls12-377/fr/kzg/marshal.go +++ b/ecc/bls12-377/fr/kzg/marshal.go @@ -25,17 +25,9 @@ import ( func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { // encode the ProvingKey enc := bls12377.NewEncoder(w) - - toEncode := []interface{}{ - pk.G1, + if err := enc.Encode(pk.G1); err != nil { + return enc.BytesWritten(), err } - - for _, v := range toEncode { - if err := enc.Encode(v); err != nil { - return enc.BytesWritten(), err - } - } - return enc.BytesWritten(), nil } diff --git a/ecc/bls12-378/fr/kzg/marshal.go b/ecc/bls12-378/fr/kzg/marshal.go index aece869ea1..64e5f816da 100644 --- a/ecc/bls12-378/fr/kzg/marshal.go +++ b/ecc/bls12-378/fr/kzg/marshal.go @@ -25,17 +25,9 @@ import ( func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { // encode the ProvingKey enc := bls12378.NewEncoder(w) - - toEncode := []interface{}{ - pk.G1, + if err := enc.Encode(pk.G1); err != nil { + return enc.BytesWritten(), err } - - for _, v := range toEncode { - if err := enc.Encode(v); err != nil { - return enc.BytesWritten(), err - } - } - return enc.BytesWritten(), nil } diff --git a/ecc/bls12-381/fr/kzg/marshal.go b/ecc/bls12-381/fr/kzg/marshal.go index 08e2cbf784..f15e0834b7 100644 --- a/ecc/bls12-381/fr/kzg/marshal.go +++ b/ecc/bls12-381/fr/kzg/marshal.go @@ -25,17 +25,9 @@ import ( func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { // encode the ProvingKey enc := bls12381.NewEncoder(w) - - toEncode := []interface{}{ - pk.G1, + if err := enc.Encode(pk.G1); err != nil { + return enc.BytesWritten(), err } - - for _, v := range toEncode { - if err := enc.Encode(v); err != nil { - return enc.BytesWritten(), err - } - } - return enc.BytesWritten(), nil } diff --git a/ecc/bls24-315/fr/kzg/marshal.go b/ecc/bls24-315/fr/kzg/marshal.go index ba54375032..e36d7b2655 100644 --- a/ecc/bls24-315/fr/kzg/marshal.go +++ b/ecc/bls24-315/fr/kzg/marshal.go @@ -25,17 +25,9 @@ import ( func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { // encode the ProvingKey enc := bls24315.NewEncoder(w) - - toEncode := []interface{}{ - pk.G1, + if err := enc.Encode(pk.G1); err != nil { + return enc.BytesWritten(), err } - - for _, v := range toEncode { - if err := enc.Encode(v); err != nil { - return enc.BytesWritten(), err - } - } - return enc.BytesWritten(), nil } diff --git a/ecc/bls24-317/fr/kzg/marshal.go b/ecc/bls24-317/fr/kzg/marshal.go index 58470ab6ef..620d4f3d52 100644 --- a/ecc/bls24-317/fr/kzg/marshal.go +++ b/ecc/bls24-317/fr/kzg/marshal.go @@ -25,17 +25,9 @@ import ( func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { // encode the ProvingKey enc := bls24317.NewEncoder(w) - - toEncode := []interface{}{ - pk.G1, + if err := enc.Encode(pk.G1); err != nil { + return enc.BytesWritten(), err } - - for _, v := range toEncode { - if err := enc.Encode(v); err != nil { - return enc.BytesWritten(), err - } - } - return enc.BytesWritten(), nil } diff --git a/ecc/bn254/fr/kzg/marshal.go b/ecc/bn254/fr/kzg/marshal.go index 415cbe2c84..93c0af9f68 100644 --- a/ecc/bn254/fr/kzg/marshal.go +++ b/ecc/bn254/fr/kzg/marshal.go @@ -25,17 +25,9 @@ import ( func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { // encode the ProvingKey enc := bn254.NewEncoder(w) - - toEncode := []interface{}{ - pk.G1, + if err := enc.Encode(pk.G1); err != nil { + return enc.BytesWritten(), err } - - for _, v := range toEncode { - if err := enc.Encode(v); err != nil { - return enc.BytesWritten(), err - } - } - return enc.BytesWritten(), nil } diff --git a/ecc/bw6-633/fr/kzg/marshal.go b/ecc/bw6-633/fr/kzg/marshal.go index fdcd9b9992..258e84c900 100644 --- a/ecc/bw6-633/fr/kzg/marshal.go +++ b/ecc/bw6-633/fr/kzg/marshal.go @@ -25,17 +25,9 @@ import ( func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { // encode the ProvingKey enc := bw6633.NewEncoder(w) - - toEncode := []interface{}{ - pk.G1, + if err := enc.Encode(pk.G1); err != nil { + return enc.BytesWritten(), err } - - for _, v := range toEncode { - if err := enc.Encode(v); err != nil { - return enc.BytesWritten(), err - } - } - return enc.BytesWritten(), nil } diff --git a/ecc/bw6-756/fr/kzg/marshal.go b/ecc/bw6-756/fr/kzg/marshal.go index a4bf1aad8a..9edb1358eb 100644 --- a/ecc/bw6-756/fr/kzg/marshal.go +++ b/ecc/bw6-756/fr/kzg/marshal.go @@ -25,17 +25,9 @@ import ( func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { // encode the ProvingKey enc := bw6756.NewEncoder(w) - - toEncode := []interface{}{ - pk.G1, + if err := enc.Encode(pk.G1); err != nil { + return enc.BytesWritten(), err } - - for _, v := range toEncode { - if err := enc.Encode(v); err != nil { - return enc.BytesWritten(), err - } - } - return enc.BytesWritten(), nil } diff --git a/ecc/bw6-761/fr/kzg/marshal.go b/ecc/bw6-761/fr/kzg/marshal.go index 202b30dc36..b2e35aebd9 100644 --- a/ecc/bw6-761/fr/kzg/marshal.go +++ b/ecc/bw6-761/fr/kzg/marshal.go @@ -25,17 +25,9 @@ import ( func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { // encode the ProvingKey enc := bw6761.NewEncoder(w) - - toEncode := []interface{}{ - pk.G1, + if err := enc.Encode(pk.G1); err != nil { + return enc.BytesWritten(), err } - - for _, v := range toEncode { - if err := enc.Encode(v); err != nil { - return enc.BytesWritten(), err - } - } - return enc.BytesWritten(), nil } diff --git a/internal/generator/kzg/template/marshal.go.tmpl b/internal/generator/kzg/template/marshal.go.tmpl index aee622c264..0bed3a23a1 100644 --- a/internal/generator/kzg/template/marshal.go.tmpl +++ b/internal/generator/kzg/template/marshal.go.tmpl @@ -8,17 +8,9 @@ import ( func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { // encode the ProvingKey enc := {{ .CurvePackage }}.NewEncoder(w) - - toEncode := []interface{}{ - pk.G1, + if err := enc.Encode(pk.G1); err != nil { + return enc.BytesWritten(), err } - - for _, v := range toEncode { - if err := enc.Encode(v); err != nil { - return enc.BytesWritten(), err - } - } - return enc.BytesWritten(), nil } From f6dc4361e279dacb7690da137aed98eed4f37a08 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Tue, 11 Apr 2023 16:06:49 -0500 Subject: [PATCH 17/21] chore: PR feedback --- ecc/bls12-377/fr/kzg/marshal.go | 60 ++++++------------- ecc/bls12-378/fr/kzg/marshal.go | 60 ++++++------------- ecc/bls12-381/fr/kzg/marshal.go | 60 ++++++------------- ecc/bls24-315/fr/kzg/marshal.go | 60 ++++++------------- ecc/bls24-317/fr/kzg/marshal.go | 60 ++++++------------- ecc/bn254/fr/kzg/marshal.go | 60 ++++++------------- ecc/bw6-633/fr/kzg/marshal.go | 60 ++++++------------- ecc/bw6-756/fr/kzg/marshal.go | 60 ++++++------------- ecc/bw6-761/fr/kzg/marshal.go | 60 ++++++------------- .../generator/kzg/template/marshal.go.tmpl | 60 ++++++------------- 10 files changed, 170 insertions(+), 430 deletions(-) diff --git a/ecc/bls12-377/fr/kzg/marshal.go b/ecc/bls12-377/fr/kzg/marshal.go index bb98169e4a..4041916859 100644 --- a/ecc/bls12-377/fr/kzg/marshal.go +++ b/ecc/bls12-377/fr/kzg/marshal.go @@ -31,7 +31,7 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } -// WriteRawTo writes binary encoding of Proof to w without point compression +// WriteRawTo writes binary encoding of VerifyingKey to w without point compression func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { return vk.writeTo(w, bls12377.RawEncoding()) } @@ -62,39 +62,23 @@ func (vk *VerifyingKey) writeTo(w io.Writer, options ...func(*bls12377.Encoder)) // WriteTo writes binary encoding of the entire SRS func (srs *SRS) WriteTo(w io.Writer) (int64, error) { - // encode the VerifyingKey - enc := bls12377.NewEncoder(w) - - toEncode := []interface{}{ - &srs.Vk.G2[0], - &srs.Vk.G2[1], - srs.Pk.G1, - } - - for _, v := range toEncode { - if err := enc.Encode(v); err != nil { - return enc.BytesWritten(), err - } - } - - return enc.BytesWritten(), nil + // encode the SRS + var pn, vn int64 + var err error + if pn, err = srs.Pk.WriteTo(w); err != nil { + return pn, err + } + vn, err = srs.Vk.WriteTo(w) + return pn + vn, err } // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the ProvingKey dec := bls12377.NewDecoder(r) - - toDecode := []interface{}{ - &pk.G1, - } - - for _, v := range toDecode { - if err := dec.Decode(v); err != nil { - return dec.BytesRead(), err - } + if err := dec.Decode(&pk.G1); err != nil { + return dec.BytesRead(), err } - return dec.BytesRead(), nil } @@ -121,23 +105,13 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { // ReadFrom decodes SRS data from reader. func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { // decode the VerifyingKey - dec := bls12377.NewDecoder(r) - - toDecode := []interface{}{ - &srs.Vk.G2[0], - &srs.Vk.G2[1], - &srs.Pk.G1, + var pn, vn int64 + var err error + if pn, err = srs.Pk.ReadFrom(r); err != nil { + return pn, err } - - for _, v := range toDecode { - if err := dec.Decode(v); err != nil { - return dec.BytesRead(), err - } - } - - srs.Vk.G1 = srs.Pk.G1[0] - - return dec.BytesRead(), nil + vn, err = srs.Vk.ReadFrom(r) + return pn + vn, err } // WriteTo writes binary encoding of a OpeningProof diff --git a/ecc/bls12-378/fr/kzg/marshal.go b/ecc/bls12-378/fr/kzg/marshal.go index 64e5f816da..ff56c7b9ea 100644 --- a/ecc/bls12-378/fr/kzg/marshal.go +++ b/ecc/bls12-378/fr/kzg/marshal.go @@ -31,7 +31,7 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } -// WriteRawTo writes binary encoding of Proof to w without point compression +// WriteRawTo writes binary encoding of VerifyingKey to w without point compression func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { return vk.writeTo(w, bls12378.RawEncoding()) } @@ -62,39 +62,23 @@ func (vk *VerifyingKey) writeTo(w io.Writer, options ...func(*bls12378.Encoder)) // WriteTo writes binary encoding of the entire SRS func (srs *SRS) WriteTo(w io.Writer) (int64, error) { - // encode the VerifyingKey - enc := bls12378.NewEncoder(w) - - toEncode := []interface{}{ - &srs.Vk.G2[0], - &srs.Vk.G2[1], - srs.Pk.G1, - } - - for _, v := range toEncode { - if err := enc.Encode(v); err != nil { - return enc.BytesWritten(), err - } - } - - return enc.BytesWritten(), nil + // encode the SRS + var pn, vn int64 + var err error + if pn, err = srs.Pk.WriteTo(w); err != nil { + return pn, err + } + vn, err = srs.Vk.WriteTo(w) + return pn + vn, err } // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the ProvingKey dec := bls12378.NewDecoder(r) - - toDecode := []interface{}{ - &pk.G1, - } - - for _, v := range toDecode { - if err := dec.Decode(v); err != nil { - return dec.BytesRead(), err - } + if err := dec.Decode(&pk.G1); err != nil { + return dec.BytesRead(), err } - return dec.BytesRead(), nil } @@ -121,23 +105,13 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { // ReadFrom decodes SRS data from reader. func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { // decode the VerifyingKey - dec := bls12378.NewDecoder(r) - - toDecode := []interface{}{ - &srs.Vk.G2[0], - &srs.Vk.G2[1], - &srs.Pk.G1, + var pn, vn int64 + var err error + if pn, err = srs.Pk.ReadFrom(r); err != nil { + return pn, err } - - for _, v := range toDecode { - if err := dec.Decode(v); err != nil { - return dec.BytesRead(), err - } - } - - srs.Vk.G1 = srs.Pk.G1[0] - - return dec.BytesRead(), nil + vn, err = srs.Vk.ReadFrom(r) + return pn + vn, err } // WriteTo writes binary encoding of a OpeningProof diff --git a/ecc/bls12-381/fr/kzg/marshal.go b/ecc/bls12-381/fr/kzg/marshal.go index f15e0834b7..52a2e7102b 100644 --- a/ecc/bls12-381/fr/kzg/marshal.go +++ b/ecc/bls12-381/fr/kzg/marshal.go @@ -31,7 +31,7 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } -// WriteRawTo writes binary encoding of Proof to w without point compression +// WriteRawTo writes binary encoding of VerifyingKey to w without point compression func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { return vk.writeTo(w, bls12381.RawEncoding()) } @@ -62,39 +62,23 @@ func (vk *VerifyingKey) writeTo(w io.Writer, options ...func(*bls12381.Encoder)) // WriteTo writes binary encoding of the entire SRS func (srs *SRS) WriteTo(w io.Writer) (int64, error) { - // encode the VerifyingKey - enc := bls12381.NewEncoder(w) - - toEncode := []interface{}{ - &srs.Vk.G2[0], - &srs.Vk.G2[1], - srs.Pk.G1, - } - - for _, v := range toEncode { - if err := enc.Encode(v); err != nil { - return enc.BytesWritten(), err - } - } - - return enc.BytesWritten(), nil + // encode the SRS + var pn, vn int64 + var err error + if pn, err = srs.Pk.WriteTo(w); err != nil { + return pn, err + } + vn, err = srs.Vk.WriteTo(w) + return pn + vn, err } // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the ProvingKey dec := bls12381.NewDecoder(r) - - toDecode := []interface{}{ - &pk.G1, - } - - for _, v := range toDecode { - if err := dec.Decode(v); err != nil { - return dec.BytesRead(), err - } + if err := dec.Decode(&pk.G1); err != nil { + return dec.BytesRead(), err } - return dec.BytesRead(), nil } @@ -121,23 +105,13 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { // ReadFrom decodes SRS data from reader. func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { // decode the VerifyingKey - dec := bls12381.NewDecoder(r) - - toDecode := []interface{}{ - &srs.Vk.G2[0], - &srs.Vk.G2[1], - &srs.Pk.G1, + var pn, vn int64 + var err error + if pn, err = srs.Pk.ReadFrom(r); err != nil { + return pn, err } - - for _, v := range toDecode { - if err := dec.Decode(v); err != nil { - return dec.BytesRead(), err - } - } - - srs.Vk.G1 = srs.Pk.G1[0] - - return dec.BytesRead(), nil + vn, err = srs.Vk.ReadFrom(r) + return pn + vn, err } // WriteTo writes binary encoding of a OpeningProof diff --git a/ecc/bls24-315/fr/kzg/marshal.go b/ecc/bls24-315/fr/kzg/marshal.go index e36d7b2655..d6785b1d78 100644 --- a/ecc/bls24-315/fr/kzg/marshal.go +++ b/ecc/bls24-315/fr/kzg/marshal.go @@ -31,7 +31,7 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } -// WriteRawTo writes binary encoding of Proof to w without point compression +// WriteRawTo writes binary encoding of VerifyingKey to w without point compression func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { return vk.writeTo(w, bls24315.RawEncoding()) } @@ -62,39 +62,23 @@ func (vk *VerifyingKey) writeTo(w io.Writer, options ...func(*bls24315.Encoder)) // WriteTo writes binary encoding of the entire SRS func (srs *SRS) WriteTo(w io.Writer) (int64, error) { - // encode the VerifyingKey - enc := bls24315.NewEncoder(w) - - toEncode := []interface{}{ - &srs.Vk.G2[0], - &srs.Vk.G2[1], - srs.Pk.G1, - } - - for _, v := range toEncode { - if err := enc.Encode(v); err != nil { - return enc.BytesWritten(), err - } - } - - return enc.BytesWritten(), nil + // encode the SRS + var pn, vn int64 + var err error + if pn, err = srs.Pk.WriteTo(w); err != nil { + return pn, err + } + vn, err = srs.Vk.WriteTo(w) + return pn + vn, err } // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the ProvingKey dec := bls24315.NewDecoder(r) - - toDecode := []interface{}{ - &pk.G1, - } - - for _, v := range toDecode { - if err := dec.Decode(v); err != nil { - return dec.BytesRead(), err - } + if err := dec.Decode(&pk.G1); err != nil { + return dec.BytesRead(), err } - return dec.BytesRead(), nil } @@ -121,23 +105,13 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { // ReadFrom decodes SRS data from reader. func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { // decode the VerifyingKey - dec := bls24315.NewDecoder(r) - - toDecode := []interface{}{ - &srs.Vk.G2[0], - &srs.Vk.G2[1], - &srs.Pk.G1, + var pn, vn int64 + var err error + if pn, err = srs.Pk.ReadFrom(r); err != nil { + return pn, err } - - for _, v := range toDecode { - if err := dec.Decode(v); err != nil { - return dec.BytesRead(), err - } - } - - srs.Vk.G1 = srs.Pk.G1[0] - - return dec.BytesRead(), nil + vn, err = srs.Vk.ReadFrom(r) + return pn + vn, err } // WriteTo writes binary encoding of a OpeningProof diff --git a/ecc/bls24-317/fr/kzg/marshal.go b/ecc/bls24-317/fr/kzg/marshal.go index 620d4f3d52..54b6954dec 100644 --- a/ecc/bls24-317/fr/kzg/marshal.go +++ b/ecc/bls24-317/fr/kzg/marshal.go @@ -31,7 +31,7 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } -// WriteRawTo writes binary encoding of Proof to w without point compression +// WriteRawTo writes binary encoding of VerifyingKey to w without point compression func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { return vk.writeTo(w, bls24317.RawEncoding()) } @@ -62,39 +62,23 @@ func (vk *VerifyingKey) writeTo(w io.Writer, options ...func(*bls24317.Encoder)) // WriteTo writes binary encoding of the entire SRS func (srs *SRS) WriteTo(w io.Writer) (int64, error) { - // encode the VerifyingKey - enc := bls24317.NewEncoder(w) - - toEncode := []interface{}{ - &srs.Vk.G2[0], - &srs.Vk.G2[1], - srs.Pk.G1, - } - - for _, v := range toEncode { - if err := enc.Encode(v); err != nil { - return enc.BytesWritten(), err - } - } - - return enc.BytesWritten(), nil + // encode the SRS + var pn, vn int64 + var err error + if pn, err = srs.Pk.WriteTo(w); err != nil { + return pn, err + } + vn, err = srs.Vk.WriteTo(w) + return pn + vn, err } // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the ProvingKey dec := bls24317.NewDecoder(r) - - toDecode := []interface{}{ - &pk.G1, - } - - for _, v := range toDecode { - if err := dec.Decode(v); err != nil { - return dec.BytesRead(), err - } + if err := dec.Decode(&pk.G1); err != nil { + return dec.BytesRead(), err } - return dec.BytesRead(), nil } @@ -121,23 +105,13 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { // ReadFrom decodes SRS data from reader. func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { // decode the VerifyingKey - dec := bls24317.NewDecoder(r) - - toDecode := []interface{}{ - &srs.Vk.G2[0], - &srs.Vk.G2[1], - &srs.Pk.G1, + var pn, vn int64 + var err error + if pn, err = srs.Pk.ReadFrom(r); err != nil { + return pn, err } - - for _, v := range toDecode { - if err := dec.Decode(v); err != nil { - return dec.BytesRead(), err - } - } - - srs.Vk.G1 = srs.Pk.G1[0] - - return dec.BytesRead(), nil + vn, err = srs.Vk.ReadFrom(r) + return pn + vn, err } // WriteTo writes binary encoding of a OpeningProof diff --git a/ecc/bn254/fr/kzg/marshal.go b/ecc/bn254/fr/kzg/marshal.go index 93c0af9f68..5dc2f317be 100644 --- a/ecc/bn254/fr/kzg/marshal.go +++ b/ecc/bn254/fr/kzg/marshal.go @@ -31,7 +31,7 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } -// WriteRawTo writes binary encoding of Proof to w without point compression +// WriteRawTo writes binary encoding of VerifyingKey to w without point compression func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { return vk.writeTo(w, bn254.RawEncoding()) } @@ -62,39 +62,23 @@ func (vk *VerifyingKey) writeTo(w io.Writer, options ...func(*bn254.Encoder)) (i // WriteTo writes binary encoding of the entire SRS func (srs *SRS) WriteTo(w io.Writer) (int64, error) { - // encode the VerifyingKey - enc := bn254.NewEncoder(w) - - toEncode := []interface{}{ - &srs.Vk.G2[0], - &srs.Vk.G2[1], - srs.Pk.G1, - } - - for _, v := range toEncode { - if err := enc.Encode(v); err != nil { - return enc.BytesWritten(), err - } - } - - return enc.BytesWritten(), nil + // encode the SRS + var pn, vn int64 + var err error + if pn, err = srs.Pk.WriteTo(w); err != nil { + return pn, err + } + vn, err = srs.Vk.WriteTo(w) + return pn + vn, err } // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the ProvingKey dec := bn254.NewDecoder(r) - - toDecode := []interface{}{ - &pk.G1, - } - - for _, v := range toDecode { - if err := dec.Decode(v); err != nil { - return dec.BytesRead(), err - } + if err := dec.Decode(&pk.G1); err != nil { + return dec.BytesRead(), err } - return dec.BytesRead(), nil } @@ -121,23 +105,13 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { // ReadFrom decodes SRS data from reader. func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { // decode the VerifyingKey - dec := bn254.NewDecoder(r) - - toDecode := []interface{}{ - &srs.Vk.G2[0], - &srs.Vk.G2[1], - &srs.Pk.G1, + var pn, vn int64 + var err error + if pn, err = srs.Pk.ReadFrom(r); err != nil { + return pn, err } - - for _, v := range toDecode { - if err := dec.Decode(v); err != nil { - return dec.BytesRead(), err - } - } - - srs.Vk.G1 = srs.Pk.G1[0] - - return dec.BytesRead(), nil + vn, err = srs.Vk.ReadFrom(r) + return pn + vn, err } // WriteTo writes binary encoding of a OpeningProof diff --git a/ecc/bw6-633/fr/kzg/marshal.go b/ecc/bw6-633/fr/kzg/marshal.go index 258e84c900..4ef19b91a0 100644 --- a/ecc/bw6-633/fr/kzg/marshal.go +++ b/ecc/bw6-633/fr/kzg/marshal.go @@ -31,7 +31,7 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } -// WriteRawTo writes binary encoding of Proof to w without point compression +// WriteRawTo writes binary encoding of VerifyingKey to w without point compression func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { return vk.writeTo(w, bw6633.RawEncoding()) } @@ -62,39 +62,23 @@ func (vk *VerifyingKey) writeTo(w io.Writer, options ...func(*bw6633.Encoder)) ( // WriteTo writes binary encoding of the entire SRS func (srs *SRS) WriteTo(w io.Writer) (int64, error) { - // encode the VerifyingKey - enc := bw6633.NewEncoder(w) - - toEncode := []interface{}{ - &srs.Vk.G2[0], - &srs.Vk.G2[1], - srs.Pk.G1, - } - - for _, v := range toEncode { - if err := enc.Encode(v); err != nil { - return enc.BytesWritten(), err - } - } - - return enc.BytesWritten(), nil + // encode the SRS + var pn, vn int64 + var err error + if pn, err = srs.Pk.WriteTo(w); err != nil { + return pn, err + } + vn, err = srs.Vk.WriteTo(w) + return pn + vn, err } // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the ProvingKey dec := bw6633.NewDecoder(r) - - toDecode := []interface{}{ - &pk.G1, - } - - for _, v := range toDecode { - if err := dec.Decode(v); err != nil { - return dec.BytesRead(), err - } + if err := dec.Decode(&pk.G1); err != nil { + return dec.BytesRead(), err } - return dec.BytesRead(), nil } @@ -121,23 +105,13 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { // ReadFrom decodes SRS data from reader. func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { // decode the VerifyingKey - dec := bw6633.NewDecoder(r) - - toDecode := []interface{}{ - &srs.Vk.G2[0], - &srs.Vk.G2[1], - &srs.Pk.G1, + var pn, vn int64 + var err error + if pn, err = srs.Pk.ReadFrom(r); err != nil { + return pn, err } - - for _, v := range toDecode { - if err := dec.Decode(v); err != nil { - return dec.BytesRead(), err - } - } - - srs.Vk.G1 = srs.Pk.G1[0] - - return dec.BytesRead(), nil + vn, err = srs.Vk.ReadFrom(r) + return pn + vn, err } // WriteTo writes binary encoding of a OpeningProof diff --git a/ecc/bw6-756/fr/kzg/marshal.go b/ecc/bw6-756/fr/kzg/marshal.go index 9edb1358eb..2c91e15e28 100644 --- a/ecc/bw6-756/fr/kzg/marshal.go +++ b/ecc/bw6-756/fr/kzg/marshal.go @@ -31,7 +31,7 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } -// WriteRawTo writes binary encoding of Proof to w without point compression +// WriteRawTo writes binary encoding of VerifyingKey to w without point compression func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { return vk.writeTo(w, bw6756.RawEncoding()) } @@ -62,39 +62,23 @@ func (vk *VerifyingKey) writeTo(w io.Writer, options ...func(*bw6756.Encoder)) ( // WriteTo writes binary encoding of the entire SRS func (srs *SRS) WriteTo(w io.Writer) (int64, error) { - // encode the VerifyingKey - enc := bw6756.NewEncoder(w) - - toEncode := []interface{}{ - &srs.Vk.G2[0], - &srs.Vk.G2[1], - srs.Pk.G1, - } - - for _, v := range toEncode { - if err := enc.Encode(v); err != nil { - return enc.BytesWritten(), err - } - } - - return enc.BytesWritten(), nil + // encode the SRS + var pn, vn int64 + var err error + if pn, err = srs.Pk.WriteTo(w); err != nil { + return pn, err + } + vn, err = srs.Vk.WriteTo(w) + return pn + vn, err } // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the ProvingKey dec := bw6756.NewDecoder(r) - - toDecode := []interface{}{ - &pk.G1, - } - - for _, v := range toDecode { - if err := dec.Decode(v); err != nil { - return dec.BytesRead(), err - } + if err := dec.Decode(&pk.G1); err != nil { + return dec.BytesRead(), err } - return dec.BytesRead(), nil } @@ -121,23 +105,13 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { // ReadFrom decodes SRS data from reader. func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { // decode the VerifyingKey - dec := bw6756.NewDecoder(r) - - toDecode := []interface{}{ - &srs.Vk.G2[0], - &srs.Vk.G2[1], - &srs.Pk.G1, + var pn, vn int64 + var err error + if pn, err = srs.Pk.ReadFrom(r); err != nil { + return pn, err } - - for _, v := range toDecode { - if err := dec.Decode(v); err != nil { - return dec.BytesRead(), err - } - } - - srs.Vk.G1 = srs.Pk.G1[0] - - return dec.BytesRead(), nil + vn, err = srs.Vk.ReadFrom(r) + return pn + vn, err } // WriteTo writes binary encoding of a OpeningProof diff --git a/ecc/bw6-761/fr/kzg/marshal.go b/ecc/bw6-761/fr/kzg/marshal.go index b2e35aebd9..2215fc6c5a 100644 --- a/ecc/bw6-761/fr/kzg/marshal.go +++ b/ecc/bw6-761/fr/kzg/marshal.go @@ -31,7 +31,7 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } -// WriteRawTo writes binary encoding of Proof to w without point compression +// WriteRawTo writes binary encoding of VerifyingKey to w without point compression func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { return vk.writeTo(w, bw6761.RawEncoding()) } @@ -62,39 +62,23 @@ func (vk *VerifyingKey) writeTo(w io.Writer, options ...func(*bw6761.Encoder)) ( // WriteTo writes binary encoding of the entire SRS func (srs *SRS) WriteTo(w io.Writer) (int64, error) { - // encode the VerifyingKey - enc := bw6761.NewEncoder(w) - - toEncode := []interface{}{ - &srs.Vk.G2[0], - &srs.Vk.G2[1], - srs.Pk.G1, - } - - for _, v := range toEncode { - if err := enc.Encode(v); err != nil { - return enc.BytesWritten(), err - } - } - - return enc.BytesWritten(), nil + // encode the SRS + var pn, vn int64 + var err error + if pn, err = srs.Pk.WriteTo(w); err != nil { + return pn, err + } + vn, err = srs.Vk.WriteTo(w) + return pn + vn, err } // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the ProvingKey dec := bw6761.NewDecoder(r) - - toDecode := []interface{}{ - &pk.G1, - } - - for _, v := range toDecode { - if err := dec.Decode(v); err != nil { - return dec.BytesRead(), err - } + if err := dec.Decode(&pk.G1); err != nil { + return dec.BytesRead(), err } - return dec.BytesRead(), nil } @@ -121,23 +105,13 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { // ReadFrom decodes SRS data from reader. func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { // decode the VerifyingKey - dec := bw6761.NewDecoder(r) - - toDecode := []interface{}{ - &srs.Vk.G2[0], - &srs.Vk.G2[1], - &srs.Pk.G1, + var pn, vn int64 + var err error + if pn, err = srs.Pk.ReadFrom(r); err != nil { + return pn, err } - - for _, v := range toDecode { - if err := dec.Decode(v); err != nil { - return dec.BytesRead(), err - } - } - - srs.Vk.G1 = srs.Pk.G1[0] - - return dec.BytesRead(), nil + vn, err = srs.Vk.ReadFrom(r) + return pn + vn, err } // WriteTo writes binary encoding of a OpeningProof diff --git a/internal/generator/kzg/template/marshal.go.tmpl b/internal/generator/kzg/template/marshal.go.tmpl index 0bed3a23a1..435f178c8c 100644 --- a/internal/generator/kzg/template/marshal.go.tmpl +++ b/internal/generator/kzg/template/marshal.go.tmpl @@ -14,7 +14,7 @@ func (pk *ProvingKey) WriteTo(w io.Writer) (int64, error) { return enc.BytesWritten(), nil } -// WriteRawTo writes binary encoding of Proof to w without point compression +// WriteRawTo writes binary encoding of VerifyingKey to w without point compression func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { return vk.writeTo(w, {{.CurvePackage}}.RawEncoding()) } @@ -45,39 +45,23 @@ func (vk *VerifyingKey) writeTo(w io.Writer, options ...func(*{{.CurvePackage}}. // WriteTo writes binary encoding of the entire SRS func (srs *SRS) WriteTo(w io.Writer) (int64, error) { - // encode the VerifyingKey - enc := {{ .CurvePackage }}.NewEncoder(w) - - toEncode := []interface{}{ - &srs.Vk.G2[0], - &srs.Vk.G2[1], - srs.Pk.G1, - } - - for _, v := range toEncode { - if err := enc.Encode(v); err != nil { - return enc.BytesWritten(), err - } - } - - return enc.BytesWritten(), nil + // encode the SRS + var pn, vn int64 + var err error + if pn, err = srs.Pk.WriteTo(w); err != nil { + return pn, err + } + vn, err = srs.Vk.WriteTo(w) + return pn + vn, err } // ReadFrom decodes ProvingKey data from reader. func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // decode the ProvingKey dec := {{ .CurvePackage }}.NewDecoder(r) - - toDecode := []interface{}{ - &pk.G1, - } - - for _, v := range toDecode { - if err := dec.Decode(v); err != nil { - return dec.BytesRead(), err - } + if err := dec.Decode(&pk.G1); err != nil { + return dec.BytesRead(), err } - return dec.BytesRead(), nil } @@ -104,23 +88,13 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { // ReadFrom decodes SRS data from reader. func (srs *SRS) ReadFrom(r io.Reader) (int64, error) { // decode the VerifyingKey - dec := {{ .CurvePackage }}.NewDecoder(r) - - toDecode := []interface{}{ - &srs.Vk.G2[0], - &srs.Vk.G2[1], - &srs.Pk.G1, + var pn, vn int64 + var err error + if pn, err = srs.Pk.ReadFrom(r); err != nil { + return pn, err } - - for _, v := range toDecode { - if err := dec.Decode(v); err != nil { - return dec.BytesRead(), err - } - } - - srs.Vk.G1 = srs.Pk.G1[0] - - return dec.BytesRead(), nil + vn, err = srs.Vk.ReadFrom(r) + return pn+vn, err } From 92f62d5f5c6b284820e9342634eedf74a509cd9b Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Sun, 16 Apr 2023 14:05:41 -0500 Subject: [PATCH 18/21] fix: don't ignore multiexp error --- ecc/bls12-377/fr/kzg/kzg.go | 5 ++--- ecc/bls12-378/fr/kzg/kzg.go | 5 ++--- ecc/bls12-381/fr/kzg/kzg.go | 5 ++--- ecc/bls24-315/fr/kzg/kzg.go | 5 ++--- ecc/bls24-317/fr/kzg/kzg.go | 5 ++--- ecc/bn254/fr/kzg/kzg.go | 5 ++--- ecc/bw6-633/fr/kzg/kzg.go | 5 ++--- ecc/bw6-756/fr/kzg/kzg.go | 5 ++--- ecc/bw6-761/fr/kzg/kzg.go | 5 ++--- internal/generator/kzg/template/kzg.go.tmpl | 5 ++--- 10 files changed, 20 insertions(+), 30 deletions(-) diff --git a/ecc/bls12-377/fr/kzg/kzg.go b/ecc/bls12-377/fr/kzg/kzg.go index 9f9397c9a9..13a01fc543 100644 --- a/ecc/bls12-377/fr/kzg/kzg.go +++ b/ecc/bls12-377/fr/kzg/kzg.go @@ -416,9 +416,8 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr quotients[i].Set(&proofs[i].H) } config := ecc.MultiExpConfig{} - _, err := foldedQuotients.MultiExp(quotients, randomNumbers, config) - if err != nil { - return nil + if _, err := foldedQuotients.MultiExp(quotients, randomNumbers, config); err != nil { + return err } // fold digests and evals diff --git a/ecc/bls12-378/fr/kzg/kzg.go b/ecc/bls12-378/fr/kzg/kzg.go index 20473b021d..6616844368 100644 --- a/ecc/bls12-378/fr/kzg/kzg.go +++ b/ecc/bls12-378/fr/kzg/kzg.go @@ -416,9 +416,8 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr quotients[i].Set(&proofs[i].H) } config := ecc.MultiExpConfig{} - _, err := foldedQuotients.MultiExp(quotients, randomNumbers, config) - if err != nil { - return nil + if _, err := foldedQuotients.MultiExp(quotients, randomNumbers, config); err != nil { + return err } // fold digests and evals diff --git a/ecc/bls12-381/fr/kzg/kzg.go b/ecc/bls12-381/fr/kzg/kzg.go index 6f5d35b86c..79992af903 100644 --- a/ecc/bls12-381/fr/kzg/kzg.go +++ b/ecc/bls12-381/fr/kzg/kzg.go @@ -416,9 +416,8 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr quotients[i].Set(&proofs[i].H) } config := ecc.MultiExpConfig{} - _, err := foldedQuotients.MultiExp(quotients, randomNumbers, config) - if err != nil { - return nil + if _, err := foldedQuotients.MultiExp(quotients, randomNumbers, config); err != nil { + return err } // fold digests and evals diff --git a/ecc/bls24-315/fr/kzg/kzg.go b/ecc/bls24-315/fr/kzg/kzg.go index cc3069676e..f4d662719d 100644 --- a/ecc/bls24-315/fr/kzg/kzg.go +++ b/ecc/bls24-315/fr/kzg/kzg.go @@ -416,9 +416,8 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr quotients[i].Set(&proofs[i].H) } config := ecc.MultiExpConfig{} - _, err := foldedQuotients.MultiExp(quotients, randomNumbers, config) - if err != nil { - return nil + if _, err := foldedQuotients.MultiExp(quotients, randomNumbers, config); err != nil { + return err } // fold digests and evals diff --git a/ecc/bls24-317/fr/kzg/kzg.go b/ecc/bls24-317/fr/kzg/kzg.go index 2c8ff3e67f..7ebcff3117 100644 --- a/ecc/bls24-317/fr/kzg/kzg.go +++ b/ecc/bls24-317/fr/kzg/kzg.go @@ -416,9 +416,8 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr quotients[i].Set(&proofs[i].H) } config := ecc.MultiExpConfig{} - _, err := foldedQuotients.MultiExp(quotients, randomNumbers, config) - if err != nil { - return nil + if _, err := foldedQuotients.MultiExp(quotients, randomNumbers, config); err != nil { + return err } // fold digests and evals diff --git a/ecc/bn254/fr/kzg/kzg.go b/ecc/bn254/fr/kzg/kzg.go index d3d60b9291..10188e0cd1 100644 --- a/ecc/bn254/fr/kzg/kzg.go +++ b/ecc/bn254/fr/kzg/kzg.go @@ -416,9 +416,8 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr quotients[i].Set(&proofs[i].H) } config := ecc.MultiExpConfig{} - _, err := foldedQuotients.MultiExp(quotients, randomNumbers, config) - if err != nil { - return nil + if _, err := foldedQuotients.MultiExp(quotients, randomNumbers, config); err != nil { + return err } // fold digests and evals diff --git a/ecc/bw6-633/fr/kzg/kzg.go b/ecc/bw6-633/fr/kzg/kzg.go index 342d795c6b..19c28fa7db 100644 --- a/ecc/bw6-633/fr/kzg/kzg.go +++ b/ecc/bw6-633/fr/kzg/kzg.go @@ -416,9 +416,8 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr quotients[i].Set(&proofs[i].H) } config := ecc.MultiExpConfig{} - _, err := foldedQuotients.MultiExp(quotients, randomNumbers, config) - if err != nil { - return nil + if _, err := foldedQuotients.MultiExp(quotients, randomNumbers, config); err != nil { + return err } // fold digests and evals diff --git a/ecc/bw6-756/fr/kzg/kzg.go b/ecc/bw6-756/fr/kzg/kzg.go index a47f3e83ec..2d64c3c12a 100644 --- a/ecc/bw6-756/fr/kzg/kzg.go +++ b/ecc/bw6-756/fr/kzg/kzg.go @@ -416,9 +416,8 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr quotients[i].Set(&proofs[i].H) } config := ecc.MultiExpConfig{} - _, err := foldedQuotients.MultiExp(quotients, randomNumbers, config) - if err != nil { - return nil + if _, err := foldedQuotients.MultiExp(quotients, randomNumbers, config); err != nil { + return err } // fold digests and evals diff --git a/ecc/bw6-761/fr/kzg/kzg.go b/ecc/bw6-761/fr/kzg/kzg.go index ebd5444a24..13edd057c6 100644 --- a/ecc/bw6-761/fr/kzg/kzg.go +++ b/ecc/bw6-761/fr/kzg/kzg.go @@ -416,9 +416,8 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr quotients[i].Set(&proofs[i].H) } config := ecc.MultiExpConfig{} - _, err := foldedQuotients.MultiExp(quotients, randomNumbers, config) - if err != nil { - return nil + if _, err := foldedQuotients.MultiExp(quotients, randomNumbers, config); err != nil { + return err } // fold digests and evals diff --git a/internal/generator/kzg/template/kzg.go.tmpl b/internal/generator/kzg/template/kzg.go.tmpl index 723d165a7e..644d0a77c9 100644 --- a/internal/generator/kzg/template/kzg.go.tmpl +++ b/internal/generator/kzg/template/kzg.go.tmpl @@ -398,9 +398,8 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr quotients[i].Set(&proofs[i].H) } config := ecc.MultiExpConfig{} - _, err := foldedQuotients.MultiExp(quotients, randomNumbers, config) - if err != nil { - return nil + if _, err := foldedQuotients.MultiExp(quotients, randomNumbers, config); err != nil { + return err } // fold digests and evals From f240f4a01d1f2315adf81aeb7f2e04d847a8977f Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Wed, 19 Apr 2023 20:57:57 -0500 Subject: [PATCH 19/21] docs: make comments more godoc friendly --- ecc/bls12-377/fr/kzg/kzg.go | 10 ++++++---- ecc/bls12-378/fr/kzg/kzg.go | 10 ++++++---- ecc/bls12-381/fr/kzg/kzg.go | 10 ++++++---- ecc/bls24-315/fr/kzg/kzg.go | 10 ++++++---- ecc/bls24-317/fr/kzg/kzg.go | 10 ++++++---- ecc/bn254/fr/kzg/kzg.go | 10 ++++++---- ecc/bw6-633/fr/kzg/kzg.go | 10 ++++++---- ecc/bw6-756/fr/kzg/kzg.go | 10 ++++++---- ecc/bw6-761/fr/kzg/kzg.go | 10 ++++++---- internal/generator/kzg/template/kzg.go.tmpl | 10 ++++++---- 10 files changed, 60 insertions(+), 40 deletions(-) diff --git a/ecc/bls12-377/fr/kzg/kzg.go b/ecc/bls12-377/fr/kzg/kzg.go index 13a01fc543..a645522434 100644 --- a/ecc/bls12-377/fr/kzg/kzg.go +++ b/ecc/bls12-377/fr/kzg/kzg.go @@ -41,16 +41,18 @@ var ( // Digest commitment of a polynomial. type Digest = bls12377.G1Affine -// Proving and Verifying keys together constitute the SRS (result of the MPC) +// ProvingKey used to create or open commitments type ProvingKey struct { G1 []bls12377.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] } +// VerifyingKey used to verify opening proofs type VerifyingKey struct { G2 [2]bls12377.G2Affine // [G₂, [α]G₂ ] G1 bls12377.G1Affine } +// SRS must be computed through MPC and comprises the ProvingKey and the VerifyingKey type SRS struct { Pk ProvingKey Vk VerifyingKey @@ -328,7 +330,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. nbDigests := len(digests) - // check consistancy between numbers of claims vs number of digests + // check consistency between numbers of claims vs number of digests if nbDigests != len(batchOpeningProof.ClaimedValues) { return OpeningProof{}, Digest{}, ErrInvalidNbDigests } @@ -389,7 +391,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro // * points the list of points at which the opening are done func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, vk VerifyingKey) error { - // check consistancy nb proogs vs nb digests + // check consistency nb proogs vs nb digests if len(digests) != len(proofs) || len(digests) != len(points) { return ErrInvalidNbDigests } @@ -485,7 +487,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // * Returns ∑ᵢcᵢdᵢ, ∑ᵢcᵢf(aᵢ) func fold(di []Digest, fai []fr.Element, ci []fr.Element) (Digest, fr.Element, error) { - // length inconsistancy between digests and evaluations should have been done before calling this function + // length inconsistency between digests and evaluations should have been done before calling this function nbDigests := len(di) // fold the claimed values ∑ᵢcᵢf(aᵢ) diff --git a/ecc/bls12-378/fr/kzg/kzg.go b/ecc/bls12-378/fr/kzg/kzg.go index 6616844368..88643e8e99 100644 --- a/ecc/bls12-378/fr/kzg/kzg.go +++ b/ecc/bls12-378/fr/kzg/kzg.go @@ -41,16 +41,18 @@ var ( // Digest commitment of a polynomial. type Digest = bls12378.G1Affine -// Proving and Verifying keys together constitute the SRS (result of the MPC) +// ProvingKey used to create or open commitments type ProvingKey struct { G1 []bls12378.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] } +// VerifyingKey used to verify opening proofs type VerifyingKey struct { G2 [2]bls12378.G2Affine // [G₂, [α]G₂ ] G1 bls12378.G1Affine } +// SRS must be computed through MPC and comprises the ProvingKey and the VerifyingKey type SRS struct { Pk ProvingKey Vk VerifyingKey @@ -328,7 +330,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. nbDigests := len(digests) - // check consistancy between numbers of claims vs number of digests + // check consistency between numbers of claims vs number of digests if nbDigests != len(batchOpeningProof.ClaimedValues) { return OpeningProof{}, Digest{}, ErrInvalidNbDigests } @@ -389,7 +391,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro // * points the list of points at which the opening are done func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, vk VerifyingKey) error { - // check consistancy nb proogs vs nb digests + // check consistency nb proogs vs nb digests if len(digests) != len(proofs) || len(digests) != len(points) { return ErrInvalidNbDigests } @@ -485,7 +487,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // * Returns ∑ᵢcᵢdᵢ, ∑ᵢcᵢf(aᵢ) func fold(di []Digest, fai []fr.Element, ci []fr.Element) (Digest, fr.Element, error) { - // length inconsistancy between digests and evaluations should have been done before calling this function + // length inconsistency between digests and evaluations should have been done before calling this function nbDigests := len(di) // fold the claimed values ∑ᵢcᵢf(aᵢ) diff --git a/ecc/bls12-381/fr/kzg/kzg.go b/ecc/bls12-381/fr/kzg/kzg.go index 79992af903..125d30558a 100644 --- a/ecc/bls12-381/fr/kzg/kzg.go +++ b/ecc/bls12-381/fr/kzg/kzg.go @@ -41,16 +41,18 @@ var ( // Digest commitment of a polynomial. type Digest = bls12381.G1Affine -// Proving and Verifying keys together constitute the SRS (result of the MPC) +// ProvingKey used to create or open commitments type ProvingKey struct { G1 []bls12381.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] } +// VerifyingKey used to verify opening proofs type VerifyingKey struct { G2 [2]bls12381.G2Affine // [G₂, [α]G₂ ] G1 bls12381.G1Affine } +// SRS must be computed through MPC and comprises the ProvingKey and the VerifyingKey type SRS struct { Pk ProvingKey Vk VerifyingKey @@ -328,7 +330,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. nbDigests := len(digests) - // check consistancy between numbers of claims vs number of digests + // check consistency between numbers of claims vs number of digests if nbDigests != len(batchOpeningProof.ClaimedValues) { return OpeningProof{}, Digest{}, ErrInvalidNbDigests } @@ -389,7 +391,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro // * points the list of points at which the opening are done func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, vk VerifyingKey) error { - // check consistancy nb proogs vs nb digests + // check consistency nb proogs vs nb digests if len(digests) != len(proofs) || len(digests) != len(points) { return ErrInvalidNbDigests } @@ -485,7 +487,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // * Returns ∑ᵢcᵢdᵢ, ∑ᵢcᵢf(aᵢ) func fold(di []Digest, fai []fr.Element, ci []fr.Element) (Digest, fr.Element, error) { - // length inconsistancy between digests and evaluations should have been done before calling this function + // length inconsistency between digests and evaluations should have been done before calling this function nbDigests := len(di) // fold the claimed values ∑ᵢcᵢf(aᵢ) diff --git a/ecc/bls24-315/fr/kzg/kzg.go b/ecc/bls24-315/fr/kzg/kzg.go index f4d662719d..e9007c0c26 100644 --- a/ecc/bls24-315/fr/kzg/kzg.go +++ b/ecc/bls24-315/fr/kzg/kzg.go @@ -41,16 +41,18 @@ var ( // Digest commitment of a polynomial. type Digest = bls24315.G1Affine -// Proving and Verifying keys together constitute the SRS (result of the MPC) +// ProvingKey used to create or open commitments type ProvingKey struct { G1 []bls24315.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] } +// VerifyingKey used to verify opening proofs type VerifyingKey struct { G2 [2]bls24315.G2Affine // [G₂, [α]G₂ ] G1 bls24315.G1Affine } +// SRS must be computed through MPC and comprises the ProvingKey and the VerifyingKey type SRS struct { Pk ProvingKey Vk VerifyingKey @@ -328,7 +330,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. nbDigests := len(digests) - // check consistancy between numbers of claims vs number of digests + // check consistency between numbers of claims vs number of digests if nbDigests != len(batchOpeningProof.ClaimedValues) { return OpeningProof{}, Digest{}, ErrInvalidNbDigests } @@ -389,7 +391,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro // * points the list of points at which the opening are done func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, vk VerifyingKey) error { - // check consistancy nb proogs vs nb digests + // check consistency nb proogs vs nb digests if len(digests) != len(proofs) || len(digests) != len(points) { return ErrInvalidNbDigests } @@ -485,7 +487,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // * Returns ∑ᵢcᵢdᵢ, ∑ᵢcᵢf(aᵢ) func fold(di []Digest, fai []fr.Element, ci []fr.Element) (Digest, fr.Element, error) { - // length inconsistancy between digests and evaluations should have been done before calling this function + // length inconsistency between digests and evaluations should have been done before calling this function nbDigests := len(di) // fold the claimed values ∑ᵢcᵢf(aᵢ) diff --git a/ecc/bls24-317/fr/kzg/kzg.go b/ecc/bls24-317/fr/kzg/kzg.go index 7ebcff3117..c7f03b14e9 100644 --- a/ecc/bls24-317/fr/kzg/kzg.go +++ b/ecc/bls24-317/fr/kzg/kzg.go @@ -41,16 +41,18 @@ var ( // Digest commitment of a polynomial. type Digest = bls24317.G1Affine -// Proving and Verifying keys together constitute the SRS (result of the MPC) +// ProvingKey used to create or open commitments type ProvingKey struct { G1 []bls24317.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] } +// VerifyingKey used to verify opening proofs type VerifyingKey struct { G2 [2]bls24317.G2Affine // [G₂, [α]G₂ ] G1 bls24317.G1Affine } +// SRS must be computed through MPC and comprises the ProvingKey and the VerifyingKey type SRS struct { Pk ProvingKey Vk VerifyingKey @@ -328,7 +330,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. nbDigests := len(digests) - // check consistancy between numbers of claims vs number of digests + // check consistency between numbers of claims vs number of digests if nbDigests != len(batchOpeningProof.ClaimedValues) { return OpeningProof{}, Digest{}, ErrInvalidNbDigests } @@ -389,7 +391,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro // * points the list of points at which the opening are done func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, vk VerifyingKey) error { - // check consistancy nb proogs vs nb digests + // check consistency nb proogs vs nb digests if len(digests) != len(proofs) || len(digests) != len(points) { return ErrInvalidNbDigests } @@ -485,7 +487,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // * Returns ∑ᵢcᵢdᵢ, ∑ᵢcᵢf(aᵢ) func fold(di []Digest, fai []fr.Element, ci []fr.Element) (Digest, fr.Element, error) { - // length inconsistancy between digests and evaluations should have been done before calling this function + // length inconsistency between digests and evaluations should have been done before calling this function nbDigests := len(di) // fold the claimed values ∑ᵢcᵢf(aᵢ) diff --git a/ecc/bn254/fr/kzg/kzg.go b/ecc/bn254/fr/kzg/kzg.go index 10188e0cd1..9cc4f8c79e 100644 --- a/ecc/bn254/fr/kzg/kzg.go +++ b/ecc/bn254/fr/kzg/kzg.go @@ -41,16 +41,18 @@ var ( // Digest commitment of a polynomial. type Digest = bn254.G1Affine -// Proving and Verifying keys together constitute the SRS (result of the MPC) +// ProvingKey used to create or open commitments type ProvingKey struct { G1 []bn254.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] } +// VerifyingKey used to verify opening proofs type VerifyingKey struct { G2 [2]bn254.G2Affine // [G₂, [α]G₂ ] G1 bn254.G1Affine } +// SRS must be computed through MPC and comprises the ProvingKey and the VerifyingKey type SRS struct { Pk ProvingKey Vk VerifyingKey @@ -328,7 +330,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. nbDigests := len(digests) - // check consistancy between numbers of claims vs number of digests + // check consistency between numbers of claims vs number of digests if nbDigests != len(batchOpeningProof.ClaimedValues) { return OpeningProof{}, Digest{}, ErrInvalidNbDigests } @@ -389,7 +391,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro // * points the list of points at which the opening are done func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, vk VerifyingKey) error { - // check consistancy nb proogs vs nb digests + // check consistency nb proogs vs nb digests if len(digests) != len(proofs) || len(digests) != len(points) { return ErrInvalidNbDigests } @@ -485,7 +487,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // * Returns ∑ᵢcᵢdᵢ, ∑ᵢcᵢf(aᵢ) func fold(di []Digest, fai []fr.Element, ci []fr.Element) (Digest, fr.Element, error) { - // length inconsistancy between digests and evaluations should have been done before calling this function + // length inconsistency between digests and evaluations should have been done before calling this function nbDigests := len(di) // fold the claimed values ∑ᵢcᵢf(aᵢ) diff --git a/ecc/bw6-633/fr/kzg/kzg.go b/ecc/bw6-633/fr/kzg/kzg.go index 19c28fa7db..3f7933eda1 100644 --- a/ecc/bw6-633/fr/kzg/kzg.go +++ b/ecc/bw6-633/fr/kzg/kzg.go @@ -41,16 +41,18 @@ var ( // Digest commitment of a polynomial. type Digest = bw6633.G1Affine -// Proving and Verifying keys together constitute the SRS (result of the MPC) +// ProvingKey used to create or open commitments type ProvingKey struct { G1 []bw6633.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] } +// VerifyingKey used to verify opening proofs type VerifyingKey struct { G2 [2]bw6633.G2Affine // [G₂, [α]G₂ ] G1 bw6633.G1Affine } +// SRS must be computed through MPC and comprises the ProvingKey and the VerifyingKey type SRS struct { Pk ProvingKey Vk VerifyingKey @@ -328,7 +330,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. nbDigests := len(digests) - // check consistancy between numbers of claims vs number of digests + // check consistency between numbers of claims vs number of digests if nbDigests != len(batchOpeningProof.ClaimedValues) { return OpeningProof{}, Digest{}, ErrInvalidNbDigests } @@ -389,7 +391,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro // * points the list of points at which the opening are done func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, vk VerifyingKey) error { - // check consistancy nb proogs vs nb digests + // check consistency nb proogs vs nb digests if len(digests) != len(proofs) || len(digests) != len(points) { return ErrInvalidNbDigests } @@ -485,7 +487,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // * Returns ∑ᵢcᵢdᵢ, ∑ᵢcᵢf(aᵢ) func fold(di []Digest, fai []fr.Element, ci []fr.Element) (Digest, fr.Element, error) { - // length inconsistancy between digests and evaluations should have been done before calling this function + // length inconsistency between digests and evaluations should have been done before calling this function nbDigests := len(di) // fold the claimed values ∑ᵢcᵢf(aᵢ) diff --git a/ecc/bw6-756/fr/kzg/kzg.go b/ecc/bw6-756/fr/kzg/kzg.go index 2d64c3c12a..dfe63bc1bd 100644 --- a/ecc/bw6-756/fr/kzg/kzg.go +++ b/ecc/bw6-756/fr/kzg/kzg.go @@ -41,16 +41,18 @@ var ( // Digest commitment of a polynomial. type Digest = bw6756.G1Affine -// Proving and Verifying keys together constitute the SRS (result of the MPC) +// ProvingKey used to create or open commitments type ProvingKey struct { G1 []bw6756.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] } +// VerifyingKey used to verify opening proofs type VerifyingKey struct { G2 [2]bw6756.G2Affine // [G₂, [α]G₂ ] G1 bw6756.G1Affine } +// SRS must be computed through MPC and comprises the ProvingKey and the VerifyingKey type SRS struct { Pk ProvingKey Vk VerifyingKey @@ -328,7 +330,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. nbDigests := len(digests) - // check consistancy between numbers of claims vs number of digests + // check consistency between numbers of claims vs number of digests if nbDigests != len(batchOpeningProof.ClaimedValues) { return OpeningProof{}, Digest{}, ErrInvalidNbDigests } @@ -389,7 +391,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro // * points the list of points at which the opening are done func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, vk VerifyingKey) error { - // check consistancy nb proogs vs nb digests + // check consistency nb proogs vs nb digests if len(digests) != len(proofs) || len(digests) != len(points) { return ErrInvalidNbDigests } @@ -485,7 +487,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // * Returns ∑ᵢcᵢdᵢ, ∑ᵢcᵢf(aᵢ) func fold(di []Digest, fai []fr.Element, ci []fr.Element) (Digest, fr.Element, error) { - // length inconsistancy between digests and evaluations should have been done before calling this function + // length inconsistency between digests and evaluations should have been done before calling this function nbDigests := len(di) // fold the claimed values ∑ᵢcᵢf(aᵢ) diff --git a/ecc/bw6-761/fr/kzg/kzg.go b/ecc/bw6-761/fr/kzg/kzg.go index 13edd057c6..519c6cab04 100644 --- a/ecc/bw6-761/fr/kzg/kzg.go +++ b/ecc/bw6-761/fr/kzg/kzg.go @@ -41,16 +41,18 @@ var ( // Digest commitment of a polynomial. type Digest = bw6761.G1Affine -// Proving and Verifying keys together constitute the SRS (result of the MPC) +// ProvingKey used to create or open commitments type ProvingKey struct { G1 []bw6761.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] } +// VerifyingKey used to verify opening proofs type VerifyingKey struct { G2 [2]bw6761.G2Affine // [G₂, [α]G₂ ] G1 bw6761.G1Affine } +// SRS must be computed through MPC and comprises the ProvingKey and the VerifyingKey type SRS struct { Pk ProvingKey Vk VerifyingKey @@ -328,7 +330,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. nbDigests := len(digests) - // check consistancy between numbers of claims vs number of digests + // check consistency between numbers of claims vs number of digests if nbDigests != len(batchOpeningProof.ClaimedValues) { return OpeningProof{}, Digest{}, ErrInvalidNbDigests } @@ -389,7 +391,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro // * points the list of points at which the opening are done func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, vk VerifyingKey) error { - // check consistancy nb proogs vs nb digests + // check consistency nb proogs vs nb digests if len(digests) != len(proofs) || len(digests) != len(points) { return ErrInvalidNbDigests } @@ -485,7 +487,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // * Returns ∑ᵢcᵢdᵢ, ∑ᵢcᵢf(aᵢ) func fold(di []Digest, fai []fr.Element, ci []fr.Element) (Digest, fr.Element, error) { - // length inconsistancy between digests and evaluations should have been done before calling this function + // length inconsistency between digests and evaluations should have been done before calling this function nbDigests := len(di) // fold the claimed values ∑ᵢcᵢf(aᵢ) diff --git a/internal/generator/kzg/template/kzg.go.tmpl b/internal/generator/kzg/template/kzg.go.tmpl index 644d0a77c9..ef9bccef6a 100644 --- a/internal/generator/kzg/template/kzg.go.tmpl +++ b/internal/generator/kzg/template/kzg.go.tmpl @@ -23,16 +23,18 @@ var ( // Digest commitment of a polynomial. type Digest = {{ .CurvePackage }}.G1Affine -// Proving and Verifying keys together constitute the SRS (result of the MPC) +// ProvingKey used to create or open commitments type ProvingKey struct { G1 []{{ .CurvePackage }}.G1Affine // [G₁ [α]G₁ , [α²]G₁, ... ] } +// VerifyingKey used to verify opening proofs type VerifyingKey struct { G2 [2]{{ .CurvePackage }}.G2Affine // [G₂, [α]G₂ ] G1 {{ .CurvePackage }}.G1Affine } +// SRS must be computed through MPC and comprises the ProvingKey and the VerifyingKey type SRS struct { Pk ProvingKey Vk VerifyingKey @@ -310,7 +312,7 @@ func FoldProof(digests []Digest, batchOpeningProof *BatchOpeningProof, point fr. nbDigests := len(digests) - // check consistancy between numbers of claims vs number of digests + // check consistency between numbers of claims vs number of digests if nbDigests != len(batchOpeningProof.ClaimedValues) { return OpeningProof{}, Digest{}, ErrInvalidNbDigests } @@ -371,7 +373,7 @@ func BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchOpeningPro // * points the list of points at which the opening are done func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr.Element, vk VerifyingKey) error { - // check consistancy nb proogs vs nb digests + // check consistency nb proogs vs nb digests if len(digests) != len(proofs) || len(digests) != len(points) { return ErrInvalidNbDigests } @@ -467,7 +469,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // * Returns ∑ᵢcᵢdᵢ, ∑ᵢcᵢf(aᵢ) func fold(di []Digest, fai []fr.Element, ci []fr.Element) (Digest, fr.Element, error) { - // length inconsistancy between digests and evaluations should have been done before calling this function + // length inconsistency between digests and evaluations should have been done before calling this function nbDigests := len(di) // fold the claimed values ∑ᵢcᵢf(aᵢ) From f0a38e9c85cc38c925fb363aec942a6b15f715a2 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Wed, 19 Apr 2023 21:11:11 -0500 Subject: [PATCH 20/21] refactor: move roundtrip func to utils --- ecc/bls12-377/fr/kzg/kzg_test.go | 32 ++--------------- ecc/bls12-378/fr/kzg/kzg_test.go | 34 +++--------------- ecc/bls12-381/fr/kzg/kzg_test.go | 34 +++--------------- ecc/bls24-315/fr/kzg/kzg_test.go | 34 +++--------------- ecc/bls24-317/fr/kzg/kzg_test.go | 34 +++--------------- ecc/bn254/fr/kzg/kzg_test.go | 34 +++--------------- ecc/bw6-633/fr/kzg/kzg_test.go | 34 +++--------------- ecc/bw6-756/fr/kzg/kzg_test.go | 34 +++--------------- ecc/bw6-761/fr/kzg/kzg_test.go | 34 +++--------------- .../generator/kzg/template/kzg.test.go.tmpl | 35 +++---------------- utils/testing.go | 31 ++++++++++++++++ 11 files changed, 79 insertions(+), 291 deletions(-) create mode 100644 utils/testing.go diff --git a/ecc/bls12-377/fr/kzg/kzg_test.go b/ecc/bls12-377/fr/kzg/kzg_test.go index 7993a1078c..e1d4b29992 100644 --- a/ecc/bls12-377/fr/kzg/kzg_test.go +++ b/ecc/bls12-377/fr/kzg/kzg_test.go @@ -17,12 +17,9 @@ package kzg import ( - "bytes" "crypto/sha256" "github.com/stretchr/testify/assert" - "io" "math/big" - "reflect" "testing" "github.com/consensys/gnark-crypto/ecc" @@ -79,36 +76,13 @@ func TestDividePolyByXminusA(t *testing.T) { } } -// TODO @Tabaie not curve dependent. move to neutral territory? -type serializable interface { - io.ReaderFrom - io.WriterTo -} - -func serializationRoundtrip(o serializable) func(*testing.T) { - return func(t *testing.T) { - // serialize it... - var buf bytes.Buffer - _, err := o.WriteTo(&buf) - assert.NoError(t, err) - - // reconstruct the object - _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) - _, err = _o.ReadFrom(&buf) - assert.NoError(t, err) - - // compare - assert.Equal(t, o, _o) - } -} - func TestSerializationSRS(t *testing.T) { // create a SRS srs, err := NewSRS(64, new(big.Int).SetInt64(42)) assert.NoError(t, err) - t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) - t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) - t.Run("whole SRS round-trip", serializationRoundtrip(srs)) + t.Run("proving key round-trip", utils.SerializationRoundTrip(&srs.Pk)) + t.Run("verifying key round-trip", utils.SerializationRoundTrip(&srs.Vk)) + t.Run("whole SRS round-trip", utils.SerializationRoundTrip(srs)) } func TestCommit(t *testing.T) { diff --git a/ecc/bls12-378/fr/kzg/kzg_test.go b/ecc/bls12-378/fr/kzg/kzg_test.go index fb67cba3b7..ac34313269 100644 --- a/ecc/bls12-378/fr/kzg/kzg_test.go +++ b/ecc/bls12-378/fr/kzg/kzg_test.go @@ -17,17 +17,16 @@ package kzg import ( - "bytes" "crypto/sha256" "github.com/stretchr/testify/assert" - "io" "math/big" - "reflect" "testing" "github.com/consensys/gnark-crypto/ecc" "github.com/consensys/gnark-crypto/ecc/bls12-378" "github.com/consensys/gnark-crypto/ecc/bls12-378/fr" + + "github.com/consensys/gnark-crypto/utils" ) // Test SRS re-used across tests of the KZG scheme @@ -79,36 +78,13 @@ func TestDividePolyByXminusA(t *testing.T) { } } -// TODO @Tabaie not curve dependent. move to neutral territory? -type serializable interface { - io.ReaderFrom - io.WriterTo -} - -func serializationRoundtrip(o serializable) func(*testing.T) { - return func(t *testing.T) { - // serialize it... - var buf bytes.Buffer - _, err := o.WriteTo(&buf) - assert.NoError(t, err) - - // reconstruct the object - _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) - _, err = _o.ReadFrom(&buf) - assert.NoError(t, err) - - // compare - assert.Equal(t, o, _o) - } -} - func TestSerializationSRS(t *testing.T) { // create a SRS srs, err := NewSRS(64, new(big.Int).SetInt64(42)) assert.NoError(t, err) - t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) - t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) - t.Run("whole SRS round-trip", serializationRoundtrip(srs)) + t.Run("proving key round-trip", utils.SerializationRoundTrip(&srs.Pk)) + t.Run("verifying key round-trip", utils.SerializationRoundTrip(&srs.Vk)) + t.Run("whole SRS round-trip", utils.SerializationRoundTrip(srs)) } func TestCommit(t *testing.T) { diff --git a/ecc/bls12-381/fr/kzg/kzg_test.go b/ecc/bls12-381/fr/kzg/kzg_test.go index dfd1f9d1ce..eb72cadb34 100644 --- a/ecc/bls12-381/fr/kzg/kzg_test.go +++ b/ecc/bls12-381/fr/kzg/kzg_test.go @@ -17,17 +17,16 @@ package kzg import ( - "bytes" "crypto/sha256" "github.com/stretchr/testify/assert" - "io" "math/big" - "reflect" "testing" "github.com/consensys/gnark-crypto/ecc" "github.com/consensys/gnark-crypto/ecc/bls12-381" "github.com/consensys/gnark-crypto/ecc/bls12-381/fr" + + "github.com/consensys/gnark-crypto/utils" ) // Test SRS re-used across tests of the KZG scheme @@ -79,36 +78,13 @@ func TestDividePolyByXminusA(t *testing.T) { } } -// TODO @Tabaie not curve dependent. move to neutral territory? -type serializable interface { - io.ReaderFrom - io.WriterTo -} - -func serializationRoundtrip(o serializable) func(*testing.T) { - return func(t *testing.T) { - // serialize it... - var buf bytes.Buffer - _, err := o.WriteTo(&buf) - assert.NoError(t, err) - - // reconstruct the object - _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) - _, err = _o.ReadFrom(&buf) - assert.NoError(t, err) - - // compare - assert.Equal(t, o, _o) - } -} - func TestSerializationSRS(t *testing.T) { // create a SRS srs, err := NewSRS(64, new(big.Int).SetInt64(42)) assert.NoError(t, err) - t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) - t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) - t.Run("whole SRS round-trip", serializationRoundtrip(srs)) + t.Run("proving key round-trip", utils.SerializationRoundTrip(&srs.Pk)) + t.Run("verifying key round-trip", utils.SerializationRoundTrip(&srs.Vk)) + t.Run("whole SRS round-trip", utils.SerializationRoundTrip(srs)) } func TestCommit(t *testing.T) { diff --git a/ecc/bls24-315/fr/kzg/kzg_test.go b/ecc/bls24-315/fr/kzg/kzg_test.go index 520a4c0af4..31183a6188 100644 --- a/ecc/bls24-315/fr/kzg/kzg_test.go +++ b/ecc/bls24-315/fr/kzg/kzg_test.go @@ -17,17 +17,16 @@ package kzg import ( - "bytes" "crypto/sha256" "github.com/stretchr/testify/assert" - "io" "math/big" - "reflect" "testing" "github.com/consensys/gnark-crypto/ecc" "github.com/consensys/gnark-crypto/ecc/bls24-315" "github.com/consensys/gnark-crypto/ecc/bls24-315/fr" + + "github.com/consensys/gnark-crypto/utils" ) // Test SRS re-used across tests of the KZG scheme @@ -79,36 +78,13 @@ func TestDividePolyByXminusA(t *testing.T) { } } -// TODO @Tabaie not curve dependent. move to neutral territory? -type serializable interface { - io.ReaderFrom - io.WriterTo -} - -func serializationRoundtrip(o serializable) func(*testing.T) { - return func(t *testing.T) { - // serialize it... - var buf bytes.Buffer - _, err := o.WriteTo(&buf) - assert.NoError(t, err) - - // reconstruct the object - _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) - _, err = _o.ReadFrom(&buf) - assert.NoError(t, err) - - // compare - assert.Equal(t, o, _o) - } -} - func TestSerializationSRS(t *testing.T) { // create a SRS srs, err := NewSRS(64, new(big.Int).SetInt64(42)) assert.NoError(t, err) - t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) - t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) - t.Run("whole SRS round-trip", serializationRoundtrip(srs)) + t.Run("proving key round-trip", utils.SerializationRoundTrip(&srs.Pk)) + t.Run("verifying key round-trip", utils.SerializationRoundTrip(&srs.Vk)) + t.Run("whole SRS round-trip", utils.SerializationRoundTrip(srs)) } func TestCommit(t *testing.T) { diff --git a/ecc/bls24-317/fr/kzg/kzg_test.go b/ecc/bls24-317/fr/kzg/kzg_test.go index 5cbce17c45..079aa49ee8 100644 --- a/ecc/bls24-317/fr/kzg/kzg_test.go +++ b/ecc/bls24-317/fr/kzg/kzg_test.go @@ -17,17 +17,16 @@ package kzg import ( - "bytes" "crypto/sha256" "github.com/stretchr/testify/assert" - "io" "math/big" - "reflect" "testing" "github.com/consensys/gnark-crypto/ecc" "github.com/consensys/gnark-crypto/ecc/bls24-317" "github.com/consensys/gnark-crypto/ecc/bls24-317/fr" + + "github.com/consensys/gnark-crypto/utils" ) // Test SRS re-used across tests of the KZG scheme @@ -79,36 +78,13 @@ func TestDividePolyByXminusA(t *testing.T) { } } -// TODO @Tabaie not curve dependent. move to neutral territory? -type serializable interface { - io.ReaderFrom - io.WriterTo -} - -func serializationRoundtrip(o serializable) func(*testing.T) { - return func(t *testing.T) { - // serialize it... - var buf bytes.Buffer - _, err := o.WriteTo(&buf) - assert.NoError(t, err) - - // reconstruct the object - _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) - _, err = _o.ReadFrom(&buf) - assert.NoError(t, err) - - // compare - assert.Equal(t, o, _o) - } -} - func TestSerializationSRS(t *testing.T) { // create a SRS srs, err := NewSRS(64, new(big.Int).SetInt64(42)) assert.NoError(t, err) - t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) - t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) - t.Run("whole SRS round-trip", serializationRoundtrip(srs)) + t.Run("proving key round-trip", utils.SerializationRoundTrip(&srs.Pk)) + t.Run("verifying key round-trip", utils.SerializationRoundTrip(&srs.Vk)) + t.Run("whole SRS round-trip", utils.SerializationRoundTrip(srs)) } func TestCommit(t *testing.T) { diff --git a/ecc/bn254/fr/kzg/kzg_test.go b/ecc/bn254/fr/kzg/kzg_test.go index 9050792b58..e571341aef 100644 --- a/ecc/bn254/fr/kzg/kzg_test.go +++ b/ecc/bn254/fr/kzg/kzg_test.go @@ -17,17 +17,16 @@ package kzg import ( - "bytes" "crypto/sha256" "github.com/stretchr/testify/assert" - "io" "math/big" - "reflect" "testing" "github.com/consensys/gnark-crypto/ecc" "github.com/consensys/gnark-crypto/ecc/bn254" "github.com/consensys/gnark-crypto/ecc/bn254/fr" + + "github.com/consensys/gnark-crypto/utils" ) // Test SRS re-used across tests of the KZG scheme @@ -79,36 +78,13 @@ func TestDividePolyByXminusA(t *testing.T) { } } -// TODO @Tabaie not curve dependent. move to neutral territory? -type serializable interface { - io.ReaderFrom - io.WriterTo -} - -func serializationRoundtrip(o serializable) func(*testing.T) { - return func(t *testing.T) { - // serialize it... - var buf bytes.Buffer - _, err := o.WriteTo(&buf) - assert.NoError(t, err) - - // reconstruct the object - _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) - _, err = _o.ReadFrom(&buf) - assert.NoError(t, err) - - // compare - assert.Equal(t, o, _o) - } -} - func TestSerializationSRS(t *testing.T) { // create a SRS srs, err := NewSRS(64, new(big.Int).SetInt64(42)) assert.NoError(t, err) - t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) - t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) - t.Run("whole SRS round-trip", serializationRoundtrip(srs)) + t.Run("proving key round-trip", utils.SerializationRoundTrip(&srs.Pk)) + t.Run("verifying key round-trip", utils.SerializationRoundTrip(&srs.Vk)) + t.Run("whole SRS round-trip", utils.SerializationRoundTrip(srs)) } func TestCommit(t *testing.T) { diff --git a/ecc/bw6-633/fr/kzg/kzg_test.go b/ecc/bw6-633/fr/kzg/kzg_test.go index 15a346691e..0d0ddedcb2 100644 --- a/ecc/bw6-633/fr/kzg/kzg_test.go +++ b/ecc/bw6-633/fr/kzg/kzg_test.go @@ -17,17 +17,16 @@ package kzg import ( - "bytes" "crypto/sha256" "github.com/stretchr/testify/assert" - "io" "math/big" - "reflect" "testing" "github.com/consensys/gnark-crypto/ecc" "github.com/consensys/gnark-crypto/ecc/bw6-633" "github.com/consensys/gnark-crypto/ecc/bw6-633/fr" + + "github.com/consensys/gnark-crypto/utils" ) // Test SRS re-used across tests of the KZG scheme @@ -79,36 +78,13 @@ func TestDividePolyByXminusA(t *testing.T) { } } -// TODO @Tabaie not curve dependent. move to neutral territory? -type serializable interface { - io.ReaderFrom - io.WriterTo -} - -func serializationRoundtrip(o serializable) func(*testing.T) { - return func(t *testing.T) { - // serialize it... - var buf bytes.Buffer - _, err := o.WriteTo(&buf) - assert.NoError(t, err) - - // reconstruct the object - _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) - _, err = _o.ReadFrom(&buf) - assert.NoError(t, err) - - // compare - assert.Equal(t, o, _o) - } -} - func TestSerializationSRS(t *testing.T) { // create a SRS srs, err := NewSRS(64, new(big.Int).SetInt64(42)) assert.NoError(t, err) - t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) - t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) - t.Run("whole SRS round-trip", serializationRoundtrip(srs)) + t.Run("proving key round-trip", utils.SerializationRoundTrip(&srs.Pk)) + t.Run("verifying key round-trip", utils.SerializationRoundTrip(&srs.Vk)) + t.Run("whole SRS round-trip", utils.SerializationRoundTrip(srs)) } func TestCommit(t *testing.T) { diff --git a/ecc/bw6-756/fr/kzg/kzg_test.go b/ecc/bw6-756/fr/kzg/kzg_test.go index 432debae27..92446f9d7a 100644 --- a/ecc/bw6-756/fr/kzg/kzg_test.go +++ b/ecc/bw6-756/fr/kzg/kzg_test.go @@ -17,17 +17,16 @@ package kzg import ( - "bytes" "crypto/sha256" "github.com/stretchr/testify/assert" - "io" "math/big" - "reflect" "testing" "github.com/consensys/gnark-crypto/ecc" "github.com/consensys/gnark-crypto/ecc/bw6-756" "github.com/consensys/gnark-crypto/ecc/bw6-756/fr" + + "github.com/consensys/gnark-crypto/utils" ) // Test SRS re-used across tests of the KZG scheme @@ -79,36 +78,13 @@ func TestDividePolyByXminusA(t *testing.T) { } } -// TODO @Tabaie not curve dependent. move to neutral territory? -type serializable interface { - io.ReaderFrom - io.WriterTo -} - -func serializationRoundtrip(o serializable) func(*testing.T) { - return func(t *testing.T) { - // serialize it... - var buf bytes.Buffer - _, err := o.WriteTo(&buf) - assert.NoError(t, err) - - // reconstruct the object - _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) - _, err = _o.ReadFrom(&buf) - assert.NoError(t, err) - - // compare - assert.Equal(t, o, _o) - } -} - func TestSerializationSRS(t *testing.T) { // create a SRS srs, err := NewSRS(64, new(big.Int).SetInt64(42)) assert.NoError(t, err) - t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) - t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) - t.Run("whole SRS round-trip", serializationRoundtrip(srs)) + t.Run("proving key round-trip", utils.SerializationRoundTrip(&srs.Pk)) + t.Run("verifying key round-trip", utils.SerializationRoundTrip(&srs.Vk)) + t.Run("whole SRS round-trip", utils.SerializationRoundTrip(srs)) } func TestCommit(t *testing.T) { diff --git a/ecc/bw6-761/fr/kzg/kzg_test.go b/ecc/bw6-761/fr/kzg/kzg_test.go index c2ccef64f6..a482066475 100644 --- a/ecc/bw6-761/fr/kzg/kzg_test.go +++ b/ecc/bw6-761/fr/kzg/kzg_test.go @@ -17,17 +17,16 @@ package kzg import ( - "bytes" "crypto/sha256" "github.com/stretchr/testify/assert" - "io" "math/big" - "reflect" "testing" "github.com/consensys/gnark-crypto/ecc" "github.com/consensys/gnark-crypto/ecc/bw6-761" "github.com/consensys/gnark-crypto/ecc/bw6-761/fr" + + "github.com/consensys/gnark-crypto/utils" ) // Test SRS re-used across tests of the KZG scheme @@ -79,36 +78,13 @@ func TestDividePolyByXminusA(t *testing.T) { } } -// TODO @Tabaie not curve dependent. move to neutral territory? -type serializable interface { - io.ReaderFrom - io.WriterTo -} - -func serializationRoundtrip(o serializable) func(*testing.T) { - return func(t *testing.T) { - // serialize it... - var buf bytes.Buffer - _, err := o.WriteTo(&buf) - assert.NoError(t, err) - - // reconstruct the object - _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) - _, err = _o.ReadFrom(&buf) - assert.NoError(t, err) - - // compare - assert.Equal(t, o, _o) - } -} - func TestSerializationSRS(t *testing.T) { // create a SRS srs, err := NewSRS(64, new(big.Int).SetInt64(42)) assert.NoError(t, err) - t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) - t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) - t.Run("whole SRS round-trip", serializationRoundtrip(srs)) + t.Run("proving key round-trip", utils.SerializationRoundTrip(&srs.Pk)) + t.Run("verifying key round-trip", utils.SerializationRoundTrip(&srs.Vk)) + t.Run("whole SRS round-trip", utils.SerializationRoundTrip(srs)) } func TestCommit(t *testing.T) { diff --git a/internal/generator/kzg/template/kzg.test.go.tmpl b/internal/generator/kzg/template/kzg.test.go.tmpl index 24db10cfdf..31c82727a4 100644 --- a/internal/generator/kzg/template/kzg.test.go.tmpl +++ b/internal/generator/kzg/template/kzg.test.go.tmpl @@ -1,15 +1,14 @@ import ( - "bytes" "crypto/sha256" "github.com/stretchr/testify/assert" - "io" "math/big" - "reflect" "testing" "github.com/consensys/gnark-crypto/ecc" "github.com/consensys/gnark-crypto/ecc/{{ .Name }}" "github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr" + + "github.com/consensys/gnark-crypto/utils" ) // Test SRS re-used across tests of the KZG scheme @@ -61,37 +60,13 @@ func TestDividePolyByXminusA(t *testing.T) { } } - -// TODO @Tabaie not curve dependent. move to neutral territory? -type serializable interface { - io.ReaderFrom - io.WriterTo -} - -func serializationRoundtrip(o serializable) func(*testing.T) { - return func(t *testing.T) { - // serialize it... - var buf bytes.Buffer - _, err := o.WriteTo(&buf) - assert.NoError(t, err) - - // reconstruct the object - _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(serializable) - _, err = _o.ReadFrom(&buf) - assert.NoError(t, err) - - // compare - assert.Equal(t, o, _o) - } -} - func TestSerializationSRS(t *testing.T) { // create a SRS srs, err := NewSRS(64, new(big.Int).SetInt64(42)) assert.NoError(t, err) - t.Run("proving key round-trip", serializationRoundtrip(&srs.Pk)) - t.Run("verifying key round-trip", serializationRoundtrip(&srs.Vk)) - t.Run("whole SRS round-trip", serializationRoundtrip(srs)) + t.Run("proving key round-trip", utils.SerializationRoundTrip(&srs.Pk)) + t.Run("verifying key round-trip", utils.SerializationRoundTrip(&srs.Vk)) + t.Run("whole SRS round-trip", utils.SerializationRoundTrip(srs)) } func TestCommit(t *testing.T) { diff --git a/utils/testing.go b/utils/testing.go new file mode 100644 index 0000000000..af2d37c20d --- /dev/null +++ b/utils/testing.go @@ -0,0 +1,31 @@ +package utils + +import ( + "bytes" + "github.com/stretchr/testify/assert" + "io" + "reflect" + "testing" +) + +type Serializable interface { + io.ReaderFrom + io.WriterTo +} + +func SerializationRoundTrip(o Serializable) func(*testing.T) { + return func(t *testing.T) { + // serialize it... + var buf bytes.Buffer + _, err := o.WriteTo(&buf) + assert.NoError(t, err) + + // reconstruct the object + _o := reflect.New(reflect.TypeOf(o).Elem()).Interface().(Serializable) + _, err = _o.ReadFrom(&buf) + assert.NoError(t, err) + + // compare + assert.Equal(t, o, _o) + } +} From 8e64cd2b216c919aefdf7a109400f175d174b2b0 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Wed, 19 Apr 2023 21:16:38 -0500 Subject: [PATCH 21/21] fix: import utils --- ecc/bls12-377/fr/kzg/kzg_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ecc/bls12-377/fr/kzg/kzg_test.go b/ecc/bls12-377/fr/kzg/kzg_test.go index e1d4b29992..15fd138c8c 100644 --- a/ecc/bls12-377/fr/kzg/kzg_test.go +++ b/ecc/bls12-377/fr/kzg/kzg_test.go @@ -25,6 +25,8 @@ import ( "github.com/consensys/gnark-crypto/ecc" "github.com/consensys/gnark-crypto/ecc/bls12-377" "github.com/consensys/gnark-crypto/ecc/bls12-377/fr" + + "github.com/consensys/gnark-crypto/utils" ) // Test SRS re-used across tests of the KZG scheme