From 94aa388055b7ef4b350fbba0f2cc4261f3c6e4d9 Mon Sep 17 00:00:00 2001 From: George Kadianakis Date: Mon, 28 Nov 2022 14:00:01 +0200 Subject: [PATCH 1/4] Bring compute_challenges() closer to the spec --- src/c_kzg_4844.c | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/src/c_kzg_4844.c b/src/c_kzg_4844.c index 15aec87..c14aa33 100644 --- a/src/c_kzg_4844.c +++ b/src/c_kzg_4844.c @@ -1098,34 +1098,44 @@ static C_KZG_RET compute_challenges(BLSFieldElement *out, BLSFieldElement r_powe const size_t np = ni + n * BYTES_PER_BLOB; const size_t nb = np + n * 48; - uint8_t* bytes = calloc(nb + (n == 0), sizeof(uint8_t)); // need at least 1 byte more than ni for hash later + uint8_t* bytes = calloc(nb, sizeof(uint8_t)); if (bytes == NULL) return C_KZG_MALLOC; + /* Copy domain seperator */ memcpy(bytes, FIAT_SHAMIR_PROTOCOL_DOMAIN, 16); bytes_of_uint64(&bytes[16], FIELD_ELEMENTS_PER_BLOB); bytes_of_uint64(&bytes[16 + 8], n); + /* Copy polynomials */ for (i = 0; i < n; i++) for (j = 0; j < FIELD_ELEMENTS_PER_BLOB; j++) bytes_from_bls_field(&bytes[ni + BYTES_PER_FIELD_ELEMENT * (i * FIELD_ELEMENTS_PER_BLOB + j)], &polys[i][j]); + /* Copy commitments */ for (i = 0; i < n; i++) bytes_from_g1(&bytes[np + i * 48], &comms[i]); - uint8_t hash_output[32] = {0}; - hash(hash_output, bytes, nb); - memcpy(bytes, hash_output, 32); - bytes[32] = 0x0; - hash(hash_output, bytes, 33); + /* Now let's create challenges! */ + uint8_t hashed_data[32] = {0}; + hash(hashed_data, bytes, nb); + + uint8_t r[32] = {0}; + uint8_t hash_input_0[33] = {0}; // hashed_data + b'\x00' + memcpy(hash_input_0, hashed_data, 32); + hash_input_0[32] = 0x0; + hash(r, hash_input_0, 33); if (n > 0) { - if (n > 1) bytes_to_bls_field(&r_powers[1], hash_output); + if (n > 1) bytes_to_bls_field(&r_powers[1], r); compute_powers(r_powers, n); } - bytes[32] = 0x1; - hash(hash_output, bytes, 33); - bytes_to_bls_field(out, hash_output); + uint8_t eval_challenge[32] = {0}; + uint8_t hash_input_1[33] = {0}; // hashed_data + b'\x01' + memcpy(hash_input_1, hashed_data, 32); + hash_input_1[32] = 0x1; + hash(eval_challenge, hash_input_1, 33); + bytes_to_bls_field(out, eval_challenge); free(bytes); return C_KZG_OK; From 80fe1cb3e0f2e012037af717fd9d083a7de0208f Mon Sep 17 00:00:00 2001 From: George Kadianakis Date: Tue, 29 Nov 2022 19:03:19 +0200 Subject: [PATCH 2/4] Bring compute_powers() closer to the spec --- src/c_kzg_4844.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/src/c_kzg_4844.c b/src/c_kzg_4844.c index c14aa33..c5cbcab 100644 --- a/src/c_kzg_4844.c +++ b/src/c_kzg_4844.c @@ -825,10 +825,12 @@ void free_trusted_setup(KZGSettings *s) { free_kzg_settings(s); } -static void compute_powers(fr_t out[], uint64_t n) { - out[0] = fr_one; - for (uint64_t i = 2; i < n; i++) - fr_mul(&out[i], &out[i-1], &out[1]); +static void compute_powers(fr_t out[], BLSFieldElement *x, uint64_t n) { + BLSFieldElement current_power = fr_one; + for (uint64_t i = 0; i < n; i++) { + out[i] = current_power; + fr_mul(¤t_power, ¤t_power, x); + } } void bytes_to_bls_field(BLSFieldElement *out, const uint8_t bytes[32]) { @@ -1119,17 +1121,19 @@ static C_KZG_RET compute_challenges(BLSFieldElement *out, BLSFieldElement r_powe uint8_t hashed_data[32] = {0}; hash(hashed_data, bytes, nb); - uint8_t r[32] = {0}; + /* Compute r */ + uint8_t r_bytes[32] = {0}; uint8_t hash_input_0[33] = {0}; // hashed_data + b'\x00' memcpy(hash_input_0, hashed_data, 32); hash_input_0[32] = 0x0; - hash(r, hash_input_0, 33); + hash(r_bytes, hash_input_0, 33); - if (n > 0) { - if (n > 1) bytes_to_bls_field(&r_powers[1], r); - compute_powers(r_powers, n); - } + /* Compute r_powers */ + BLSFieldElement r; + bytes_to_bls_field(&r, r_bytes); + compute_powers(r_powers, &r, n); + /* Compute eval_challenge */ uint8_t eval_challenge[32] = {0}; uint8_t hash_input_1[33] = {0}; // hashed_data + b'\x01' memcpy(hash_input_1, hashed_data, 32); From bcf14e7662fc277071d4991f0d8f2b3404185ab0 Mon Sep 17 00:00:00 2001 From: George Kadianakis Date: Fri, 2 Dec 2022 12:35:24 +0200 Subject: [PATCH 3/4] compute_powers(): Be consistent about argument types --- src/c_kzg_4844.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/c_kzg_4844.c b/src/c_kzg_4844.c index c5cbcab..e5bfbd5 100644 --- a/src/c_kzg_4844.c +++ b/src/c_kzg_4844.c @@ -825,7 +825,7 @@ void free_trusted_setup(KZGSettings *s) { free_kzg_settings(s); } -static void compute_powers(fr_t out[], BLSFieldElement *x, uint64_t n) { +static void compute_powers(BLSFieldElement out[], BLSFieldElement *x, uint64_t n) { BLSFieldElement current_power = fr_one; for (uint64_t i = 0; i < n; i++) { out[i] = current_power; From bdfa79ca47e35cd952fcc7fade944ba8fffd3354 Mon Sep 17 00:00:00 2001 From: George Kadianakis Date: Fri, 2 Dec 2022 12:35:46 +0200 Subject: [PATCH 4/4] compute_challenges(): Use a single hash_input array --- src/c_kzg_4844.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/c_kzg_4844.c b/src/c_kzg_4844.c index e5bfbd5..122f35d 100644 --- a/src/c_kzg_4844.c +++ b/src/c_kzg_4844.c @@ -1121,12 +1121,14 @@ static C_KZG_RET compute_challenges(BLSFieldElement *out, BLSFieldElement r_powe uint8_t hashed_data[32] = {0}; hash(hashed_data, bytes, nb); + /* We will use hash_input in the computation of both challenges */ + uint8_t hash_input[33]; + /* Compute r */ uint8_t r_bytes[32] = {0}; - uint8_t hash_input_0[33] = {0}; // hashed_data + b'\x00' - memcpy(hash_input_0, hashed_data, 32); - hash_input_0[32] = 0x0; - hash(r_bytes, hash_input_0, 33); + memcpy(hash_input, hashed_data, 32); + hash_input[32] = 0x0; + hash(r_bytes, hash_input, 33); /* Compute r_powers */ BLSFieldElement r; @@ -1135,10 +1137,8 @@ static C_KZG_RET compute_challenges(BLSFieldElement *out, BLSFieldElement r_powe /* Compute eval_challenge */ uint8_t eval_challenge[32] = {0}; - uint8_t hash_input_1[33] = {0}; // hashed_data + b'\x01' - memcpy(hash_input_1, hashed_data, 32); - hash_input_1[32] = 0x1; - hash(eval_challenge, hash_input_1, 33); + hash_input[32] = 0x1; + hash(eval_challenge, hash_input, 33); bytes_to_bls_field(out, eval_challenge); free(bytes);