Skip to content

Commit

Permalink
Merge pull request ethereum#3 from asn-d6/prune-gokzg
Browse files Browse the repository at this point in the history 
Prune gokzg from crypto/kzg
  • Loading branch information
@protolambda
protolambda authored Feb 25, 2022
2 parents d19e6ee + f500191 commit a922276
Show file tree
Hide file tree
Showing 4 changed files with 97 additions and 26 deletions.
2 changes: 1 addition & 1 deletion core/vm/testdata/precompiles/blobVerification.json
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion core/vm/testdata/precompiles/pointEvaluation.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[
{
"Input": "0129a04308822db39c5cee9424bb2fd9f2f99b3793fc42c86d12234e028d1e134200000000000000000000000000000000000000000000000000000000000000c136e04ef71ca94369ec7e3524220b621893efc32d901aafc6dcef20f3c1a43b99df86586f41248521748827b8a3e701792425465d68c7528e7bcb899f788e5bd7590d3603c9da50b096da0a06826913a67e68de6b3f213050719b3cb3d8d3c2b34942eb0bd18439a74c0c3840fc91af22dfe6c0e7e4ce8d54ca8c60727a7c9e",
"Input": "01342233e6ebb423c766d3a0f8d183e84c453865b392f5ab1f8a8218506e89d842000000000000000000000000000000000000000000000000000000000000002b2f0b0a19cbe19b4c9dbc32af755539fec08bae3eeecbe0ec625037fe3f0a6fa3cfbde6cf9875270479e0e2290726d150412591e07b4fad36472fa1ad38c19eb232cd2ebd3738ea1d9a0a3be07764a8b2faf3776cf5fb7bea8263ab92181326b898c4dc5da95e76e6977c4e204a94f1a3fe5033e19435fa51a8c70b272c06ac",
"Expected": "",
"Name": "pointEvaluation1",
"Gas": 50000,
Expand Down
52 changes: 32 additions & 20 deletions crypto/kzg/kzg.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,35 +2,41 @@ package kzg

import (
"encoding/json"

"github.com/ethereum/go-ethereum/crypto"

"github.com/ethereum/go-ethereum/params"
gokzg "github.com/protolambda/go-kzg"
"github.com/protolambda/go-kzg/bls"
)

var kzg_settings gokzg.KZGSettings
var lagrange_crs []bls.G1Point

type JSONTrustedSetup struct {
SetupG1 []bls.G1Point
SetupG2 []bls.G2Point
SetupLagrange []bls.G1Point
}
var crsG2 []bls.G2Point
var crsLagrange []bls.G1Point
var CrsG1 []bls.G1Point // only used in tests (for proof creation)

// Convert polynomial in evaluation form to KZG commitment
func BlobToKzg(eval []bls.Fr) *bls.G1Point {
// Convert polynomial in evaluation form to KZG commitment

// XXX evaluation points?
return bls.LinCombG1(lagrange_crs, eval)
return bls.LinCombG1(crsLagrange, eval)
}

// Verify a KZG proof
func VerifyKzgProof(commitment *bls.G1Point, x *bls.Fr, y *bls.Fr, proof *bls.G1Point) bool {
return kzg_settings.CheckProofSingle(commitment, proof, x, y)
}
// Verify the pairing equation
var xG2 bls.G2Point
bls.MulG2(&xG2, &bls.GenG2, x)
var sMinuxX bls.G2Point
bls.SubG2(&sMinuxX, &crsG2[1], &xG2)
var yG1 bls.G1Point
bls.MulG1(&yG1, &bls.GenG1, y)
var commitmentMinusY bls.G1Point
bls.SubG1(&commitmentMinusY, commitment, &yG1)

func ComputeProof(polyCoeff []bls.Fr, x uint64) *bls.G1Point {
return kzg_settings.ComputeProofSingle(polyCoeff, x)
// This trick may be applied in the BLS-lib specific code:
//
// e([commitment - y], [1]) = e([proof], [s - x])
// equivalent to
// e([commitment - y]^(-1), [1]) * e([proof], [s - x]) = 1_T
//
return bls.PairingsVerify(&commitmentMinusY, &bls.GenG2, proof, &sMinuxX)
}

func KzgToVersionedHash(commitment *bls.G1Point) [32]byte {
Expand All @@ -39,6 +45,12 @@ func KzgToVersionedHash(commitment *bls.G1Point) [32]byte {
return h
}

type JSONTrustedSetup struct {
SetupG1 []bls.G1Point
SetupG2 []bls.G2Point
SetupLagrange []bls.G1Point
}

// Initialize KZG subsystem (load the trusted setup data)
func init() {
var parsedSetup = JSONTrustedSetup{}
Expand All @@ -49,7 +61,7 @@ func init() {
panic(err)
}

kzg_settings.SecretG1 = parsedSetup.SetupG1
kzg_settings.SecretG2 = parsedSetup.SetupG2
lagrange_crs = parsedSetup.SetupLagrange
crsG2 = parsedSetup.SetupG2
crsLagrange = parsedSetup.SetupLagrange
CrsG1 = parsedSetup.SetupG1
}
67 changes: 63 additions & 4 deletions tests/sharding_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,17 +3,76 @@ package tests
import (
"encoding/hex"
"fmt"
"github.com/ethereum/go-ethereum/params"
"math"
"strings"
"testing"

"github.com/ethereum/go-ethereum/params"

"github.com/ethereum/go-ethereum/crypto/kzg"

gokzg "github.com/protolambda/go-kzg"
"github.com/protolambda/go-kzg/bls"
)

// Helper: invert the divisor, then multiply
func polyFactorDiv(dst *bls.Fr, a *bls.Fr, b *bls.Fr) {
// TODO: use divmod instead.
var tmp bls.Fr
bls.InvModFr(&tmp, b)
bls.MulModFr(dst, &tmp, a)
}

// Helper: Long polynomial division for two polynomials in coefficient form
func polyLongDiv(dividend []bls.Fr, divisor []bls.Fr) []bls.Fr {
a := make([]bls.Fr, len(dividend), len(dividend))
for i := 0; i < len(a); i++ {
bls.CopyFr(&a[i], &dividend[i])
}
aPos := len(a) - 1
bPos := len(divisor) - 1
diff := aPos - bPos
out := make([]bls.Fr, diff+1, diff+1)
for diff >= 0 {
quot := &out[diff]
polyFactorDiv(quot, &a[aPos], &divisor[bPos])
var tmp, tmp2 bls.Fr
for i := bPos; i >= 0; i-- {
// In steps: a[diff + i] -= b[i] * quot
// tmp = b[i] * quot
bls.MulModFr(&tmp, quot, &divisor[i])
// tmp2 = a[diff + i] - tmp
bls.SubModFr(&tmp2, &a[diff+i], &tmp)
// a[diff + i] = tmp2
bls.CopyFr(&a[diff+i], &tmp2)
}
aPos -= 1
diff -= 1
}
return out
}

// Helper: Compute proof for polynomial
func ComputeProof(poly []bls.Fr, x uint64, crsG1 []bls.G1Point) *bls.G1Point {
// divisor = [-x, 1]
divisor := [2]bls.Fr{}
var tmp bls.Fr
bls.AsFr(&tmp, x)
bls.SubModFr(&divisor[0], &bls.ZERO, &tmp)
bls.CopyFr(&divisor[1], &bls.ONE)
//for i := 0; i < 2; i++ {
// fmt.Printf("div poly %d: %s\n", i, FrStr(&divisor[i]))
//}
// quot = poly / divisor
quotientPolynomial := polyLongDiv(poly, divisor[:])
//for i := 0; i < len(quotientPolynomial); i++ {
// fmt.Printf("quot poly %d: %s\n", i, FrStr(&quotientPolynomial[i]))
//}

// evaluate quotient poly at shared secret, in G1
return bls.LinCombG1(crsG1[:len(quotientPolynomial)], quotientPolynomial)
}

func TestGoKzg(t *testing.T) {
/// Test the go-kzg library for correctness
/// Do the trusted setup, generate a polynomial, commit to it, make proof, verify proof.
Expand Down Expand Up @@ -55,7 +114,7 @@ func TestGoKzg(t *testing.T) {

// Create proof for testing
x := uint64(17)
proof := kzgSettings.ComputeProofSingle(polynomial, x)
proof := ComputeProof(polynomial, x, kzg.CrsG1)

// Get actual evaluation at x
var xFr bls.Fr
Expand Down Expand Up @@ -93,7 +152,7 @@ func TestKzg(t *testing.T) {

// Create proof for testing
x := uint64(17)
proof := kzg.ComputeProof(polynomial, x)
proof := ComputeProof(polynomial, x, kzg.CrsG1)

// Get actual evaluation at x
var xFr bls.Fr
Expand Down Expand Up @@ -147,7 +206,7 @@ func TestPointEvaluationTestVector(t *testing.T) {

// Create proof for testing
x := uint64(0x42)
proof := kzg.ComputeProof(polynomial, x)
proof := ComputeProof(polynomial, x, kzg.CrsG1)

// Get actual evaluation at x
var xFr bls.Fr
Expand Down

0 comments on commit a922276

Please sign in to comment.