Add length check for polynomial commitment
This commit is contained in:
Ben Edgington
parent
37021b9653
commit
2cf8782e91
|
|
@ -52,7 +52,7 @@ void fk_single(void) {
|
|||
TEST_CHECK(C_KZG_OK == new_fk20_single_settings(&fk, 2 * poly_len, &ks));
|
||||
|
||||
// Commit to the polynomial
|
||||
commit_to_poly(&commitment, &p, &ks);
|
||||
TEST_CHECK(C_KZG_OK == commit_to_poly(&commitment, &p, &ks));
|
||||
|
||||
// 1. First with `da_using_fk20_single`
|
||||
|
||||
|
|
@ -125,7 +125,7 @@ void fk_single_strided(void) {
|
|||
TEST_CHECK(C_KZG_OK == new_fk20_single_settings(&fk, 2 * poly_len, &ks));
|
||||
|
||||
// Commit to the polynomial
|
||||
commit_to_poly(&commitment, &p, &ks);
|
||||
TEST_CHECK(C_KZG_OK == commit_to_poly(&commitment, &p, &ks));
|
||||
|
||||
// Generate the proofs
|
||||
TEST_CHECK(da_using_fk20_single(all_proofs, &p, &fk) == C_KZG_OK);
|
||||
|
|
@ -211,7 +211,7 @@ void fk_multi_0(void) {
|
|||
fr_negate(&p.coeffs[i * chunk_len + 14], &p.coeffs[i * chunk_len + 14]);
|
||||
}
|
||||
|
||||
commit_to_poly(&commitment, &p, &ks);
|
||||
TEST_CHECK(C_KZG_OK == commit_to_poly(&commitment, &p, &ks));
|
||||
|
||||
// Compute the multi proofs, assuming that the polynomial will be extended with zeros
|
||||
TEST_CHECK(C_KZG_OK == new_g1_array(&all_proofs, 2 * chunk_count));
|
||||
|
|
|
|||
|
|
@ -35,9 +35,13 @@
|
|||
* @param[out] out The commitment to the polynomial, in the form of a G1 group point
|
||||
* @param[in] p The polynomial to be committed to
|
||||
* @param[in] ks The settings containing the secrets, previously initialised with #new_kzg_settings
|
||||
* @retval C_CZK_OK All is well
|
||||
* @retval C_CZK_BADARGS Invalid parameters were supplied
|
||||
*/
|
||||
void commit_to_poly(g1_t *out, const poly *p, const KZGSettings *ks) {
|
||||
C_KZG_RET commit_to_poly(g1_t *out, const poly *p, const KZGSettings *ks) {
|
||||
CHECK(p->length <= ks->length);
|
||||
g1_linear_combination(out, ks->secret_g1, p->coeffs, p->length);
|
||||
return C_KZG_OK;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -122,7 +126,7 @@ C_KZG_RET compute_proof_multi(g1_t *out, const poly *p, const fr_t *x0, uint64_t
|
|||
// Calculate q = p / (x^n - x0^n)
|
||||
TRY(new_poly_long_div(&q, p, &divisor));
|
||||
|
||||
commit_to_poly(out, &q, ks);
|
||||
TRY(commit_to_poly(out, &q, ks));
|
||||
|
||||
free_poly(&q);
|
||||
free_poly(&divisor);
|
||||
|
|
@ -177,7 +181,7 @@ C_KZG_RET check_proof_multi(bool *out, const g1_t *commitment, const g1_t *proof
|
|||
g2_sub(&xn_minus_yn, &ks->secret_g2[n], &xn2);
|
||||
|
||||
// [interpolation_polynomial(s)]_1
|
||||
commit_to_poly(&is1, &interp, ks);
|
||||
TRY(commit_to_poly(&is1, &interp, ks));
|
||||
|
||||
// [commitment - interpolation_polynomial(s)]_1 = [commit]_1 - [interpolation_polynomial(s)]_1
|
||||
g1_sub(&commit_minus_interp, commitment, &is1);
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ typedef struct {
|
|||
uint64_t length; /**< The number of elements in secret_g1 and secret_g2 */
|
||||
} KZGSettings;
|
||||
|
||||
void commit_to_poly(g1_t *out, const poly *p, const KZGSettings *ks);
|
||||
C_KZG_RET commit_to_poly(g1_t *out, const poly *p, const KZGSettings *ks);
|
||||
C_KZG_RET compute_proof_single(g1_t *out, const poly *p, const fr_t *x0, const KZGSettings *ks);
|
||||
C_KZG_RET check_proof_single(bool *out, const g1_t *commitment, const g1_t *proof, const fr_t *x, fr_t *y,
|
||||
const KZGSettings *ks);
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@ long run_bench(int scale, int max_seconds) {
|
|||
g1_t commitment;
|
||||
clock_gettime(CLOCK_REALTIME, &t0);
|
||||
|
||||
commit_to_poly(&commitment, &p, &ks);
|
||||
assert(C_KZG_OK == commit_to_poly(&commitment, &p, &ks));
|
||||
|
||||
clock_gettime(CLOCK_REALTIME, &t1);
|
||||
nits++;
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ void proof_single(void) {
|
|||
|
||||
// Compute the proof for x = 25
|
||||
fr_from_uint64(&x, 25);
|
||||
commit_to_poly(&commitment, &p, &ks);
|
||||
TEST_CHECK(C_KZG_OK == commit_to_poly(&commitment, &p, &ks));
|
||||
TEST_CHECK(C_KZG_OK == compute_proof_single(&proof, &p, &x, &ks));
|
||||
|
||||
eval_poly(&value, &p, &x);
|
||||
|
|
@ -97,7 +97,7 @@ void proof_multi(void) {
|
|||
TEST_CHECK(C_KZG_OK == new_kzg_settings(&ks1, s1, s2, secrets_len, &fs1));
|
||||
|
||||
// Commit to the polynomial
|
||||
commit_to_poly(&commitment, &p, &ks1);
|
||||
TEST_CHECK(C_KZG_OK == commit_to_poly(&commitment, &p, &ks1));
|
||||
|
||||
TEST_CHECK(C_KZG_OK == new_fft_settings(&fs2, coset_scale));
|
||||
TEST_CHECK(C_KZG_OK == new_kzg_settings(&ks2, s1, s2, secrets_len, &fs2));
|
||||
|
|
@ -143,17 +143,39 @@ void commit_to_nil_poly(void) {
|
|||
TEST_CHECK(C_KZG_OK == new_kzg_settings(&ks, s1, s2, secrets_len, &fs));
|
||||
|
||||
new_poly(&a, 0);
|
||||
commit_to_poly(&result, &a, &ks);
|
||||
TEST_CHECK(C_KZG_OK == commit_to_poly(&result, &a, &ks));
|
||||
TEST_CHECK(g1_equal(&g1_identity, &result));
|
||||
|
||||
free_fft_settings(&fs);
|
||||
free_kzg_settings(&ks);
|
||||
}
|
||||
|
||||
void commit_to_too_long_poly(void) {
|
||||
poly a;
|
||||
FFTSettings fs;
|
||||
KZGSettings ks;
|
||||
uint64_t poly_len = 32, secrets_len = 16; // poly is longer than secrets!
|
||||
g1_t s1[secrets_len];
|
||||
g2_t s2[secrets_len];
|
||||
g1_t result;
|
||||
|
||||
// Initialise the (arbitrary) secrets and data structures
|
||||
generate_trusted_setup(s1, s2, &secret, secrets_len);
|
||||
TEST_CHECK(C_KZG_OK == new_fft_settings(&fs, 4));
|
||||
TEST_CHECK(C_KZG_OK == new_kzg_settings(&ks, s1, s2, secrets_len, &fs));
|
||||
|
||||
new_poly(&a, poly_len);
|
||||
TEST_CHECK(C_KZG_BADARGS == commit_to_poly(&result, &a, &ks));
|
||||
|
||||
free_fft_settings(&fs);
|
||||
free_kzg_settings(&ks);
|
||||
}
|
||||
|
||||
TEST_LIST = {
|
||||
{"KZG_PROOFS_TEST", title},
|
||||
{"proof_single", proof_single},
|
||||
{"proof_multi", proof_multi},
|
||||
{"commit_to_nil_poly", commit_to_nil_poly},
|
||||
{"commit_to_too_long_poly", commit_to_too_long_poly},
|
||||
{NULL, NULL} /* zero record marks the end of the list */
|
||||
};
|
||||
|
|
|
|||
Loading…
Reference in New Issue