2022-11-03 13:08:17 +00:00
|
|
|
namespace Ckzg;
|
|
|
|
|
|
2023-03-06 21:46:00 +00:00
|
|
|
public static partial class Ckzg
|
2022-11-03 13:08:17 +00:00
|
|
|
{
|
2023-02-21 15:57:25 +00:00
|
|
|
public const int BytesPerFieldElement = 32;
|
2023-03-06 21:46:00 +00:00
|
|
|
public const int FieldElementsPerBlob = 4096;
|
|
|
|
|
public const int BytesPerBlob = BytesPerFieldElement * FieldElementsPerBlob;
|
2023-02-21 15:57:25 +00:00
|
|
|
public const int BytesPerCommitment = 48;
|
|
|
|
|
public const int BytesPerProof = 48;
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
2023-03-06 21:46:00 +00:00
|
|
|
/// Loads trusted setup settings from file.
|
2023-02-21 15:57:25 +00:00
|
|
|
/// </summary>
|
|
|
|
|
/// <param name="filename">Settings file path</param>
|
2023-03-08 22:13:48 +00:00
|
|
|
/// <exception cref="ArgumentException">Thrown when the file path is not correct</exception>
|
2023-03-06 21:46:00 +00:00
|
|
|
/// <exception cref="InvalidOperationException">Thrown when unable to load the setup</exception>
|
|
|
|
|
/// <returns>Trusted setup settings as a pointer</returns>
|
|
|
|
|
public static IntPtr LoadTrustedSetup(string filepath)
|
|
|
|
|
{
|
|
|
|
|
if (!File.Exists(filepath)) throw new ArgumentException("Trusted setup file does not exist", nameof(filepath));
|
|
|
|
|
|
|
|
|
|
IntPtr ckzgSetup = InternalLoadTrustedSetup(filepath);
|
|
|
|
|
|
|
|
|
|
if (ckzgSetup == IntPtr.Zero) throw new InvalidOperationException("Unable to load trusted setup");
|
|
|
|
|
return ckzgSetup;
|
|
|
|
|
}
|
2023-02-21 15:57:25 +00:00
|
|
|
|
|
|
|
|
/// <summary>
|
2023-03-06 21:46:00 +00:00
|
|
|
/// Frees memory allocated for trusted setup settings.
|
2023-02-21 15:57:25 +00:00
|
|
|
/// </summary>
|
2023-03-06 21:46:00 +00:00
|
|
|
/// <param name="ckzgSetup">Trusted setup settings</param>
|
|
|
|
|
/// <exception cref="ArgumentException">Thrown when settings are not correct</exception>
|
|
|
|
|
|
|
|
|
|
public static void FreeTrustedSetup(IntPtr ckzgSetup)
|
|
|
|
|
{
|
|
|
|
|
ThrowOnUninitializedTrustedSetup(ckzgSetup);
|
|
|
|
|
InternalFreeTrustedSetup(ckzgSetup);
|
|
|
|
|
}
|
2023-02-21 15:57:25 +00:00
|
|
|
|
2022-11-22 07:44:34 +00:00
|
|
|
/// <summary>
|
2023-03-06 21:46:00 +00:00
|
|
|
/// Calculates commitment for the blob.
|
2022-11-22 07:44:34 +00:00
|
|
|
/// </summary>
|
2023-03-08 22:13:48 +00:00
|
|
|
/// <param name="commitment">Preallocated buffer of <inheritdoc cref="BytesPerCommitment"/> bytes to receive the commitment</param>
|
2022-11-22 07:44:34 +00:00
|
|
|
/// <param name="blob">Flatten array of blob elements</param>
|
2023-03-06 21:46:00 +00:00
|
|
|
/// <param name="ckzgSetup">Trusted setup settings</param>
|
|
|
|
|
/// <exception cref="ArgumentException">Thrown when length of an argument is not correct or settings are not correct</exception>
|
|
|
|
|
/// <exception cref="ApplicationException">Thrown when the library returns unexpected Error code</exception>
|
|
|
|
|
/// <exception cref="InsufficientMemoryException">Thrown when the library has no enough memory to process</exception>
|
|
|
|
|
public static unsafe void BlobToKzgCommitment(Span<byte> commitment, ReadOnlySpan<byte> blob, IntPtr ckzgSetup)
|
|
|
|
|
{
|
|
|
|
|
ThrowOnUninitializedTrustedSetup(ckzgSetup);
|
|
|
|
|
ThrowOnInvalidLength(blob, nameof(blob), BytesPerBlob);
|
|
|
|
|
ThrowOnInvalidLength(commitment, nameof(commitment), BytesPerCommitment);
|
2022-11-22 07:44:34 +00:00
|
|
|
|
2023-03-06 21:46:00 +00:00
|
|
|
fixed (byte* commitmentPtr = commitment, blobPtr = blob)
|
|
|
|
|
{
|
|
|
|
|
KzgResult result = BlobToKzgCommitment(commitmentPtr, blobPtr, ckzgSetup);
|
|
|
|
|
ThrowOnError(result);
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-11-03 13:08:17 +00:00
|
|
|
|
2022-11-22 07:44:34 +00:00
|
|
|
/// <summary>
|
2023-03-06 21:46:00 +00:00
|
|
|
/// Compute KZG proof at point `z` for the polynomial represented by `blob`.
|
2022-11-22 07:44:34 +00:00
|
|
|
/// </summary>
|
2023-03-08 22:13:48 +00:00
|
|
|
/// <param name="proof">Preallocated buffer of <inheritdoc cref="BytesPerProof"/> bytes to receive the proof</param>
|
|
|
|
|
/// <param name="y">Preallocated buffer of <inheritdoc cref="BytesPerFieldElement"/> bytes to receive y</param>
|
2023-03-06 21:46:00 +00:00
|
|
|
/// <param name="blob">Blob bytes</param>
|
|
|
|
|
/// <param name="z">Z point</param>
|
|
|
|
|
/// <param name="ckzgSetup">Trusted setup settings</param>
|
|
|
|
|
/// <exception cref="ArgumentException">Thrown when length of an argument is not correct or settings are not correct</exception>
|
|
|
|
|
/// <exception cref="ApplicationException">Thrown when the library returns unexpected Error code</exception>
|
|
|
|
|
/// <exception cref="InsufficientMemoryException">Thrown when the library has no enough memory to process</exception>
|
2023-03-08 22:13:48 +00:00
|
|
|
public static unsafe void ComputeKzgProof(Span<byte> proof, Span<byte> y, ReadOnlySpan<byte> blob,
|
|
|
|
|
ReadOnlySpan<byte> z, IntPtr ckzgSetup)
|
2023-03-06 21:46:00 +00:00
|
|
|
{
|
|
|
|
|
ThrowOnUninitializedTrustedSetup(ckzgSetup);
|
|
|
|
|
ThrowOnInvalidLength(proof, nameof(proof), BytesPerProof);
|
2023-03-08 22:13:48 +00:00
|
|
|
ThrowOnInvalidLength(y, nameof(y), BytesPerFieldElement);
|
2023-03-06 21:46:00 +00:00
|
|
|
ThrowOnInvalidLength(blob, nameof(blob), BytesPerBlob);
|
|
|
|
|
ThrowOnInvalidLength(z, nameof(z), BytesPerFieldElement);
|
|
|
|
|
|
2023-03-08 22:13:48 +00:00
|
|
|
fixed (byte* proofPtr = proof, yPtr = y, blobPtr = blob, zPtr = z)
|
2023-03-06 21:46:00 +00:00
|
|
|
{
|
2023-03-08 22:13:48 +00:00
|
|
|
KzgResult result = ComputeKzgProof(proofPtr, yPtr, blobPtr, zPtr, ckzgSetup);
|
2023-03-06 21:46:00 +00:00
|
|
|
ThrowOnError(result);
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-11-03 13:08:17 +00:00
|
|
|
|
2022-11-22 07:44:34 +00:00
|
|
|
/// <summary>
|
2023-03-06 21:46:00 +00:00
|
|
|
/// Given a blob, return the KZG proof that is used to verify it against the commitment.
|
2022-11-22 07:44:34 +00:00
|
|
|
/// </summary>
|
2023-03-08 22:13:48 +00:00
|
|
|
/// <param name="proof">Preallocated buffer of <inheritdoc cref="BytesPerProof"/> bytes to receive the proof</param>
|
2023-03-06 21:46:00 +00:00
|
|
|
/// <param name="blob">Blob bytes</param>
|
2023-03-08 22:13:48 +00:00
|
|
|
/// <param name="commitment">Commitment bytes</param>
|
2023-03-06 21:46:00 +00:00
|
|
|
/// <param name="ckzgSetup">Trusted setup settings</param>
|
|
|
|
|
/// <exception cref="ArgumentException">Thrown when length of an argument is not correct or settings are not correct</exception>
|
|
|
|
|
/// <exception cref="ApplicationException">Thrown when the library returns unexpected Error code</exception>
|
|
|
|
|
/// <exception cref="InsufficientMemoryException">Thrown when the library has no enough memory to process</exception>
|
2023-03-08 22:13:48 +00:00
|
|
|
public static unsafe void ComputeBlobKzgProof(Span<byte> proof, ReadOnlySpan<byte> blob,
|
|
|
|
|
ReadOnlySpan<byte> commitment, IntPtr ckzgSetup)
|
2023-03-06 21:46:00 +00:00
|
|
|
{
|
|
|
|
|
ThrowOnUninitializedTrustedSetup(ckzgSetup);
|
|
|
|
|
ThrowOnInvalidLength(proof, nameof(proof), BytesPerProof);
|
|
|
|
|
ThrowOnInvalidLength(blob, nameof(blob), BytesPerBlob);
|
|
|
|
|
|
2023-03-08 22:13:48 +00:00
|
|
|
fixed (byte* proofPtr = proof, blobPtr = blob, commitmentPtr = commitment)
|
2023-03-06 21:46:00 +00:00
|
|
|
{
|
2023-03-08 22:13:48 +00:00
|
|
|
KzgResult result = ComputeBlobKzgProof(proofPtr, blobPtr, commitmentPtr, ckzgSetup);
|
2023-03-06 21:46:00 +00:00
|
|
|
ThrowOnError(result);
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-11-03 13:08:17 +00:00
|
|
|
|
2022-11-22 07:44:34 +00:00
|
|
|
/// <summary>
|
2023-03-06 21:46:00 +00:00
|
|
|
/// Given a blob and a KZG proof, verify that the blob data corresponds to the provided commitment.
|
2022-11-22 07:44:34 +00:00
|
|
|
/// </summary>
|
2023-03-08 22:13:48 +00:00
|
|
|
/// <param name="commitment">Commitment bytes</param>
|
|
|
|
|
/// <param name="z">Z bytes</param>
|
|
|
|
|
/// <param name="y">Y bytes</param>
|
|
|
|
|
/// <param name="proof">Proof bytes</param>
|
2023-03-06 21:46:00 +00:00
|
|
|
/// <param name="ckzgSetup">Trusted setup settings</param>
|
|
|
|
|
/// <exception cref="ArgumentException">Thrown when length of an argument is not correct or settings are not correct</exception>
|
|
|
|
|
/// <exception cref="ApplicationException">Thrown when the library returns unexpected Error code</exception>
|
|
|
|
|
/// <exception cref="InsufficientMemoryException">Thrown when the library has no enough memory to process</exception>
|
|
|
|
|
/// <returns>Verification result</returns>
|
|
|
|
|
public static unsafe bool VerifyKzgProof(ReadOnlySpan<byte> commitment, ReadOnlySpan<byte> z, ReadOnlySpan<byte> y,
|
|
|
|
|
ReadOnlySpan<byte> proof, IntPtr ckzgSetup)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
ThrowOnUninitializedTrustedSetup(ckzgSetup);
|
|
|
|
|
ThrowOnInvalidLength(commitment, nameof(commitment), BytesPerCommitment);
|
|
|
|
|
ThrowOnInvalidLength(z, nameof(z), BytesPerFieldElement);
|
|
|
|
|
ThrowOnInvalidLength(y, nameof(y), BytesPerFieldElement);
|
|
|
|
|
ThrowOnInvalidLength(proof, nameof(proof), BytesPerProof);
|
|
|
|
|
|
|
|
|
|
fixed (byte* commitmentPtr = commitment, zPtr = z, yPtr = y, proofPtr = proof)
|
|
|
|
|
{
|
|
|
|
|
KzgResult kzgResult = VerifyKzgProof(out var result, commitmentPtr, zPtr, yPtr, proofPtr, ckzgSetup);
|
|
|
|
|
ThrowOnError(kzgResult);
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
/// Given a blob and a KZG proof, verify that the blob data corresponds to the provided commitment.
|
|
|
|
|
/// </summary>
|
|
|
|
|
/// <param name="blob">Blob bytes</param>
|
|
|
|
|
/// <param name="commitment">Commitment bytes</param>
|
|
|
|
|
/// <param name="proof">Proof bytes</param>
|
|
|
|
|
/// <param name="ckzgSetup">Trusted setup settings</param>
|
|
|
|
|
/// <exception cref="ArgumentException">Thrown when length of an argument is not correct or settings are not correct</exception>
|
|
|
|
|
/// <exception cref="ApplicationException">Thrown when the library returns unexpected Error code</exception>
|
|
|
|
|
/// <exception cref="InsufficientMemoryException">Thrown when the library has no enough memory to process</exception>
|
|
|
|
|
/// <returns>Verification result</returns>
|
|
|
|
|
public static unsafe bool VerifyBlobKzgProof(ReadOnlySpan<byte> blob, ReadOnlySpan<byte> commitment,
|
|
|
|
|
ReadOnlySpan<byte> proof, IntPtr ckzgSetup)
|
|
|
|
|
{
|
|
|
|
|
ThrowOnUninitializedTrustedSetup(ckzgSetup);
|
|
|
|
|
ThrowOnInvalidLength(blob, nameof(blob), BytesPerBlob);
|
|
|
|
|
ThrowOnInvalidLength(commitment, nameof(proof), BytesPerCommitment);
|
|
|
|
|
ThrowOnInvalidLength(proof, nameof(proof), BytesPerProof);
|
|
|
|
|
|
|
|
|
|
fixed (byte* blobPtr = blob, commitmentPtr = commitment, proofPtr = proof)
|
|
|
|
|
{
|
|
|
|
|
KzgResult kzgResult = VerifyBlobKzgProof(out var result, blobPtr, commitmentPtr, proofPtr, ckzgSetup);
|
|
|
|
|
ThrowOnError(kzgResult);
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-11-03 13:08:17 +00:00
|
|
|
|
2022-11-22 07:44:34 +00:00
|
|
|
/// <summary>
|
2023-03-06 21:46:00 +00:00
|
|
|
/// Given a list of blobs and blob KZG proofs, verify that they correspond to the provided commitments.
|
2022-11-22 07:44:34 +00:00
|
|
|
/// </summary>
|
2023-02-21 15:57:25 +00:00
|
|
|
/// <param name="blobs">Blobs as a flattened byte array</param>
|
|
|
|
|
/// <param name="commitments">Commitments as a flattened byte array</param>
|
|
|
|
|
/// <param name="proofs">Proofs as a flattened byte array</param>
|
|
|
|
|
/// <param name="count">The number of blobs/commitments/proofs</param>
|
2023-03-06 21:46:00 +00:00
|
|
|
/// <param name="ckzgSetup">Trusted setup settings</param>
|
|
|
|
|
/// <exception cref="ArgumentException">Thrown when length of an argument is not correct or settings are not correct</exception>
|
|
|
|
|
/// <exception cref="ApplicationException">Thrown when the library returns unexpected Error code</exception>
|
|
|
|
|
/// <exception cref="InsufficientMemoryException">Thrown when the library has no enough memory to process</exception>
|
|
|
|
|
/// <returns>Verification result</returns>
|
|
|
|
|
public static unsafe bool VerifyBlobKzgProofBatch(ReadOnlySpan<byte> blobs, ReadOnlySpan<byte> commitments,
|
|
|
|
|
ReadOnlySpan<byte> proofs, int count, IntPtr ckzgSetup)
|
|
|
|
|
{
|
|
|
|
|
ThrowOnUninitializedTrustedSetup(ckzgSetup);
|
|
|
|
|
ThrowOnInvalidLength(blobs, nameof(blobs), BytesPerBlob * count);
|
|
|
|
|
ThrowOnInvalidLength(commitments, nameof(proofs), BytesPerCommitment * count);
|
|
|
|
|
ThrowOnInvalidLength(proofs, nameof(proofs), BytesPerProof * count);
|
|
|
|
|
|
|
|
|
|
fixed (byte* blobsPtr = blobs, commitmentsPtr = commitments, proofsPtr = proofs)
|
|
|
|
|
{
|
|
|
|
|
KzgResult kzgResult =
|
|
|
|
|
VerifyBlobKzgProofBatch(out var result, blobsPtr, commitmentsPtr, proofsPtr, count, ckzgSetup);
|
|
|
|
|
ThrowOnError(kzgResult);
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#region Argument verification helpers
|
|
|
|
|
private static void ThrowOnError(KzgResult result)
|
|
|
|
|
{
|
|
|
|
|
switch (result)
|
|
|
|
|
{
|
|
|
|
|
case KzgResult.BadArgs: throw new ArgumentException();
|
|
|
|
|
case KzgResult.Malloc: throw new InsufficientMemoryException();
|
|
|
|
|
case KzgResult.Ok:
|
|
|
|
|
return;
|
|
|
|
|
default:
|
|
|
|
|
throw new ApplicationException("KZG returned unexpected result");
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-11-03 13:08:17 +00:00
|
|
|
|
2023-03-06 21:46:00 +00:00
|
|
|
private static void ThrowOnUninitializedTrustedSetup(IntPtr ckzgSetup)
|
|
|
|
|
{
|
|
|
|
|
if (ckzgSetup == IntPtr.Zero)
|
|
|
|
|
throw new ArgumentException("Trusted setup is not initialized", nameof(ckzgSetup));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private static void ThrowOnInvalidLength(ReadOnlySpan<byte> data, string fieldName, int expectedLength)
|
|
|
|
|
{
|
|
|
|
|
if (data.Length != expectedLength)
|
|
|
|
|
throw new ArgumentException("Invalid data size", fieldName);
|
|
|
|
|
}
|
|
|
|
|
#endregion
|
|
|
|
|
}
|
