From 9f443bc5aad2146dc7785b00be21a3781d376927 Mon Sep 17 00:00:00 2001 From: George Kadianakis Date: Tue, 31 Jan 2023 09:33:02 +0100 Subject: [PATCH] test_compute_kzg_proof() now also verifies the KZG proof (#101) Co-authored-by: Justin Traglia <95511699+jtraglia@users.noreply.github.com> --- src/c_kzg_4844.c | 12 +++--------- src/c_kzg_4844.h | 5 +++++ src/test_c_kzg_4844.c | 34 ++++++++++++++++++++++++++++++---- 3 files changed, 38 insertions(+), 13 deletions(-) diff --git a/src/c_kzg_4844.c b/src/c_kzg_4844.c index 765ac88..f1050f4 100644 --- a/src/c_kzg_4844.c +++ b/src/c_kzg_4844.c @@ -34,12 +34,6 @@ #define STATIC static #endif /* defined(UNIT_TESTS) */ -/////////////////////////////////////////////////////////////////////////////// -// Types -/////////////////////////////////////////////////////////////////////////////// - -typedef struct { fr_t evals[FIELD_ELEMENTS_PER_BLOB]; } Polynomial; - /////////////////////////////////////////////////////////////////////////////// // Constants /////////////////////////////////////////////////////////////////////////////// @@ -623,7 +617,7 @@ STATIC void hash_to_bls_field(fr_t *out, const Bytes32 *b) { * @retval C_KZG_OK Deserialization successful * @retval C_KZG_BADARGS Input was not a valid scalar field element */ -static C_KZG_RET bytes_to_bls_field(fr_t *out, const Bytes32 *b) { +STATIC C_KZG_RET bytes_to_bls_field(fr_t *out, const Bytes32 *b) { blst_scalar tmp; blst_scalar_from_lendian(&tmp, b->bytes); if (!blst_scalar_fr_check(&tmp)) return C_KZG_BADARGS; @@ -697,7 +691,7 @@ static C_KZG_RET bytes_to_kzg_proof(g1_t *out, const Bytes48 *b) { * @retval C_KZG_OK Deserialization successful * @retval C_KZG_BADARGS Invalid input bytes */ -static C_KZG_RET blob_to_polynomial(Polynomial *p, const Blob *blob) { +STATIC C_KZG_RET blob_to_polynomial(Polynomial *p, const Blob *blob) { C_KZG_RET ret; for (size_t i = 0; i < FIELD_ELEMENTS_PER_BLOB; i++) { ret = bytes_to_bls_field(&p->evals[i], (Bytes32 *)&blob->bytes[i * BYTES_PER_FIELD_ELEMENT]); @@ -908,7 +902,7 @@ static void compute_powers(fr_t *out, fr_t *x, uint64_t n) { * @retval C_KZG_OK Evaluation successful * @retval C_KZG_MALLOC Memory allocation failed */ -static C_KZG_RET evaluate_polynomial_in_evaluation_form(fr_t *out, const Polynomial *p, const fr_t *x, const KZGSettings *s) { +STATIC C_KZG_RET evaluate_polynomial_in_evaluation_form(fr_t *out, const Polynomial *p, const fr_t *x, const KZGSettings *s) { C_KZG_RET ret; fr_t tmp; fr_t *inverses_in = NULL; diff --git a/src/c_kzg_4844.h b/src/c_kzg_4844.h index 5370877..3baf530 100644 --- a/src/c_kzg_4844.h +++ b/src/c_kzg_4844.h @@ -124,10 +124,15 @@ C_KZG_RET compute_kzg_proof(KZGProof *out, const Bytes32 *z_bytes, const KZGSettings *s); +typedef struct { fr_t evals[FIELD_ELEMENTS_PER_BLOB]; } Polynomial; + #ifdef UNIT_TESTS void hash_to_bls_field(fr_t *out, const Bytes32 *b); void bytes_from_bls_field(Bytes32 *out, const fr_t *in); +C_KZG_RET evaluate_polynomial_in_evaluation_form(fr_t *out, const Polynomial *p, const fr_t *x, const KZGSettings *s); +C_KZG_RET blob_to_polynomial(Polynomial *p, const Blob *blob); +C_KZG_RET bytes_to_bls_field(fr_t *out, const Bytes32 *b); #endif diff --git a/src/test_c_kzg_4844.c b/src/test_c_kzg_4844.c index 49b61da..a88e7a0 100644 --- a/src/test_c_kzg_4844.c +++ b/src/test_c_kzg_4844.c @@ -187,23 +187,49 @@ static void test_blob_to_kzg_commitment__succeeds_consistent_commitment(void) { // Tests for compute_kzg_proof /////////////////////////////////////////////////////////////////////////////// -static void test_compute_kzg_proof(void) { +static void test_compute_and_verify_kzg_proof(void) { C_KZG_RET ret; Bytes48 proof; - Bytes32 z; + Bytes32 z, y; KZGCommitment c; Blob blob; + Polynomial poly; + fr_t y_fr, z_fr; + bool ok; + /* Some preparation */ get_rand_field_element(&z); get_rand_blob(&blob); ret = blob_to_kzg_commitment(&c, &blob, &s); ASSERT_EQUALS(ret, C_KZG_OK); + /* Compute the proof */ ret = compute_kzg_proof(&proof, &blob, &z, &s); ASSERT_EQUALS(ret, C_KZG_OK); - // XXX now verify it! + /* Now let's attempt to verify the proof */ + /* First convert the blob to field elements */ + ret = blob_to_polynomial(&poly, &blob); + ASSERT_EQUALS(ret, C_KZG_OK); + + /* Also convert z to a field element */ + ret = bytes_to_bls_field(&z_fr, &z); + ASSERT_EQUALS(ret, C_KZG_OK); + + /* Now evaluate the poly at `z` to learn `y` */ + ret = evaluate_polynomial_in_evaluation_form(&y_fr, &poly, &z_fr, &s); + ASSERT_EQUALS(ret, C_KZG_OK); + + /* Now also get `y` in bytes */ + bytes_from_bls_field(&y, &y_fr); + + /* Finally verify the proof */ + ret = verify_kzg_proof(&ok, &c, &z, &y, &proof, &s); + ASSERT_EQUALS(ret, C_KZG_OK); + + /* The proof should verify! */ + ASSERT_EQUALS(ok, 1); } /////////////////////////////////////////////////////////////////////////////// @@ -234,7 +260,7 @@ int main(void) { RUN(test_blob_to_kzg_commitment__fails_x_greater_than_modulus); RUN(test_blob_to_kzg_commitment__succeeds_point_at_infinity); RUN(test_blob_to_kzg_commitment__succeeds_consistent_commitment); - RUN(test_compute_kzg_proof); + RUN(test_compute_and_verify_kzg_proof); teardown(); return TEST_REPORT();