status-im
/
c-kzg-4844
mirror of https://github.com/status-im/c-kzg-4844.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add length check for polynomial commitment

This commit is contained in:
Ben Edgington 2021-06-23 11:51:50 +01:00
parent 37021b9653
commit 2cf8782e91
5 changed files with 37 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/fk20_proofs_test.c
View File

@ -52,7 +52,7 @@ void fk_single(void) {
TEST_CHECK(C_KZG_OK == new_fk20_single_settings(&fk, 2 * poly_len, &ks)); TEST_CHECK(C_KZG_OK == new_fk20_single_settings(&fk, 2 * poly_len, &ks));
// Commit to the polynomial // Commit to the polynomial
commit_to_poly(&commitment, &p, &ks); TEST_CHECK(C_KZG_OK == commit_to_poly(&commitment, &p, &ks));
// 1. First with `da_using_fk20_single` // 1. First with `da_using_fk20_single`
@ -125,7 +125,7 @@ void fk_single_strided(void) {
TEST_CHECK(C_KZG_OK == new_fk20_single_settings(&fk, 2 * poly_len, &ks)); TEST_CHECK(C_KZG_OK == new_fk20_single_settings(&fk, 2 * poly_len, &ks));
// Commit to the polynomial // Commit to the polynomial
commit_to_poly(&commitment, &p, &ks); TEST_CHECK(C_KZG_OK == commit_to_poly(&commitment, &p, &ks));
// Generate the proofs // Generate the proofs
TEST_CHECK(da_using_fk20_single(all_proofs, &p, &fk) == C_KZG_OK); TEST_CHECK(da_using_fk20_single(all_proofs, &p, &fk) == C_KZG_OK);
@ -211,7 +211,7 @@ void fk_multi_0(void) {
fr_negate(&p.coeffs[i * chunk_len + 14], &p.coeffs[i * chunk_len + 14]); fr_negate(&p.coeffs[i * chunk_len + 14], &p.coeffs[i * chunk_len + 14]);
} }
commit_to_poly(&commitment, &p, &ks); TEST_CHECK(C_KZG_OK == commit_to_poly(&commitment, &p, &ks));
// Compute the multi proofs, assuming that the polynomial will be extended with zeros // Compute the multi proofs, assuming that the polynomial will be extended with zeros
TEST_CHECK(C_KZG_OK == new_g1_array(&all_proofs, 2 * chunk_count)); TEST_CHECK(C_KZG_OK == new_g1_array(&all_proofs, 2 * chunk_count));

10
src/kzg_proofs.c
View File

@ -35,9 +35,13 @@
* @param[out] out The commitment to the polynomial, in the form of a G1 group point * @param[out] out The commitment to the polynomial, in the form of a G1 group point
* @param[in] p The polynomial to be committed to * @param[in] p The polynomial to be committed to
* @param[in] ks The settings containing the secrets, previously initialised with #new_kzg_settings * @param[in] ks The settings containing the secrets, previously initialised with #new_kzg_settings
* @retval C_CZK_OK All is well
* @retval C_CZK_BADARGS Invalid parameters were supplied
*/ */
void commit_to_poly(g1_t *out, const poly *p, const KZGSettings *ks) { C_KZG_RET commit_to_poly(g1_t *out, const poly *p, const KZGSettings *ks) {
CHECK(p->length <= ks->length);
g1_linear_combination(out, ks->secret_g1, p->coeffs, p->length); g1_linear_combination(out, ks->secret_g1, p->coeffs, p->length);
return C_KZG_OK;
} }
/** /**
@ -122,7 +126,7 @@ C_KZG_RET compute_proof_multi(g1_t *out, const poly *p, const fr_t *x0, uint64_t
// Calculate q = p / (x^n - x0^n) // Calculate q = p / (x^n - x0^n)
TRY(new_poly_long_div(&q, p, &divisor)); TRY(new_poly_long_div(&q, p, &divisor));
commit_to_poly(out, &q, ks); TRY(commit_to_poly(out, &q, ks));
free_poly(&q); free_poly(&q);
free_poly(&divisor); free_poly(&divisor);
@ -177,7 +181,7 @@ C_KZG_RET check_proof_multi(bool *out, const g1_t *commitment, const g1_t *proof
g2_sub(&xn_minus_yn, &ks->secret_g2[n], &xn2); g2_sub(&xn_minus_yn, &ks->secret_g2[n], &xn2);
// [interpolation_polynomial(s)]_1 // [interpolation_polynomial(s)]_1
commit_to_poly(&is1, &interp, ks); TRY(commit_to_poly(&is1, &interp, ks));
// [commitment - interpolation_polynomial(s)]_1 = [commit]_1 - [interpolation_polynomial(s)]_1 // [commitment - interpolation_polynomial(s)]_1 = [commit]_1 - [interpolation_polynomial(s)]_1
g1_sub(&commit_minus_interp, commitment, &is1); g1_sub(&commit_minus_interp, commitment, &is1);

2
src/kzg_proofs.h
View File

@ -31,7 +31,7 @@ typedef struct {
uint64_t length; /**< The number of elements in secret_g1 and secret_g2 */ uint64_t length; /**< The number of elements in secret_g1 and secret_g2 */
} KZGSettings; } KZGSettings;
void commit_to_poly(g1_t *out, const poly *p, const KZGSettings *ks); C_KZG_RET commit_to_poly(g1_t *out, const poly *p, const KZGSettings *ks);
C_KZG_RET compute_proof_single(g1_t *out, const poly *p, const fr_t *x0, const KZGSettings *ks); C_KZG_RET compute_proof_single(g1_t *out, const poly *p, const fr_t *x0, const KZGSettings *ks);
C_KZG_RET check_proof_single(bool *out, const g1_t *commitment, const g1_t *proof, const fr_t *x, fr_t *y, C_KZG_RET check_proof_single(bool *out, const g1_t *commitment, const g1_t *proof, const fr_t *x, fr_t *y,
const KZGSettings *ks); const KZGSettings *ks);

2
src/kzg_proofs_bench.c
View File

@ -48,7 +48,7 @@ long run_bench(int scale, int max_seconds) {
g1_t commitment; g1_t commitment;
clock_gettime(CLOCK_REALTIME, &t0); clock_gettime(CLOCK_REALTIME, &t0);
commit_to_poly(&commitment, &p, &ks); assert(C_KZG_OK == commit_to_poly(&commitment, &p, &ks));
clock_gettime(CLOCK_REALTIME, &t1); clock_gettime(CLOCK_REALTIME, &t1);
nits++; nits++;

28
src/kzg_proofs_test.c
View File

@ -46,7 +46,7 @@ void proof_single(void) {
// Compute the proof for x = 25 // Compute the proof for x = 25
fr_from_uint64(&x, 25); fr_from_uint64(&x, 25);
commit_to_poly(&commitment, &p, &ks); TEST_CHECK(C_KZG_OK == commit_to_poly(&commitment, &p, &ks));
TEST_CHECK(C_KZG_OK == compute_proof_single(&proof, &p, &x, &ks)); TEST_CHECK(C_KZG_OK == compute_proof_single(&proof, &p, &x, &ks));
eval_poly(&value, &p, &x); eval_poly(&value, &p, &x);
@ -97,7 +97,7 @@ void proof_multi(void) {
TEST_CHECK(C_KZG_OK == new_kzg_settings(&ks1, s1, s2, secrets_len, &fs1)); TEST_CHECK(C_KZG_OK == new_kzg_settings(&ks1, s1, s2, secrets_len, &fs1));
// Commit to the polynomial // Commit to the polynomial
commit_to_poly(&commitment, &p, &ks1); TEST_CHECK(C_KZG_OK == commit_to_poly(&commitment, &p, &ks1));
TEST_CHECK(C_KZG_OK == new_fft_settings(&fs2, coset_scale)); TEST_CHECK(C_KZG_OK == new_fft_settings(&fs2, coset_scale));
TEST_CHECK(C_KZG_OK == new_kzg_settings(&ks2, s1, s2, secrets_len, &fs2)); TEST_CHECK(C_KZG_OK == new_kzg_settings(&ks2, s1, s2, secrets_len, &fs2));
@ -143,17 +143,39 @@ void commit_to_nil_poly(void) {
TEST_CHECK(C_KZG_OK == new_kzg_settings(&ks, s1, s2, secrets_len, &fs)); TEST_CHECK(C_KZG_OK == new_kzg_settings(&ks, s1, s2, secrets_len, &fs));
new_poly(&a, 0); new_poly(&a, 0);
commit_to_poly(&result, &a, &ks); TEST_CHECK(C_KZG_OK == commit_to_poly(&result, &a, &ks));
TEST_CHECK(g1_equal(&g1_identity, &result)); TEST_CHECK(g1_equal(&g1_identity, &result));
free_fft_settings(&fs); free_fft_settings(&fs);
free_kzg_settings(&ks); free_kzg_settings(&ks);
} }
void commit_to_too_long_poly(void) {
poly a;
FFTSettings fs;
KZGSettings ks;
uint64_t poly_len = 32, secrets_len = 16; // poly is longer than secrets!
g1_t s1[secrets_len];
g2_t s2[secrets_len];
g1_t result;
// Initialise the (arbitrary) secrets and data structures
generate_trusted_setup(s1, s2, &secret, secrets_len);
TEST_CHECK(C_KZG_OK == new_fft_settings(&fs, 4));
TEST_CHECK(C_KZG_OK == new_kzg_settings(&ks, s1, s2, secrets_len, &fs));
new_poly(&a, poly_len);
TEST_CHECK(C_KZG_BADARGS == commit_to_poly(&result, &a, &ks));
free_fft_settings(&fs);
free_kzg_settings(&ks);
}
TEST_LIST = { TEST_LIST = {
{"KZG_PROOFS_TEST", title}, {"KZG_PROOFS_TEST", title},
{"proof_single", proof_single}, {"proof_single", proof_single},
{"proof_multi", proof_multi}, {"proof_multi", proof_multi},
{"commit_to_nil_poly", commit_to_nil_poly}, {"commit_to_nil_poly", commit_to_nil_poly},
{"commit_to_too_long_poly", commit_to_too_long_poly},
{NULL, NULL} /* zero record marks the end of the list */ {NULL, NULL} /* zero record marks the end of the list */
}; };