Add comments
This commit is contained in:
parent
5bd2564ff8
commit
a2ae798a66
|
@ -56,7 +56,7 @@ C_KZG_RET compute_proof_multi(blst_p1 *out, const KZGSettings *ks, poly *p, cons
|
||||||
|
|
||||||
ASSERT(p->length >= n + 1, C_KZG_BADARGS);
|
ASSERT(p->length >= n + 1, C_KZG_BADARGS);
|
||||||
|
|
||||||
// Construct x^n - x0^n
|
// Construct x^n - x0^n = (x - w^0)(x - w^1)...(x - w^(n-1))
|
||||||
init_poly(&divisor, n + 1);
|
init_poly(&divisor, n + 1);
|
||||||
|
|
||||||
// -(x0^n)
|
// -(x0^n)
|
||||||
|
@ -99,7 +99,7 @@ bool check_proof_multi(const KZGSettings *ks, const blst_p1 *commitment, const b
|
||||||
fft_fr(interp.coeffs, ys, ks->fs, true, n);
|
fft_fr(interp.coeffs, ys, ks->fs, true, n);
|
||||||
// if (ret != C_KZG_OK) return ret;
|
// if (ret != C_KZG_OK) return ret;
|
||||||
|
|
||||||
// Because it is a coset, not the subgroup, we have to multiply the polynomial coefficients by x^i
|
// Because it is a coset, not the subgroup, we have to multiply the polynomial coefficients by x^-i
|
||||||
blst_fr_eucl_inverse(&inv_x, x);
|
blst_fr_eucl_inverse(&inv_x, x);
|
||||||
inv_x_pow = inv_x;
|
inv_x_pow = inv_x;
|
||||||
for (uint64_t i = 1; i < n; i++) {
|
for (uint64_t i = 1; i < n; i++) {
|
||||||
|
|
|
@ -70,8 +70,9 @@ void proof_single(void) {
|
||||||
commit_to_poly(&commitment, &ks, &p);
|
commit_to_poly(&commitment, &ks, &p);
|
||||||
TEST_CHECK(C_KZG_OK == compute_proof_single(&proof, &ks, &p, &x));
|
TEST_CHECK(C_KZG_OK == compute_proof_single(&proof, &ks, &p, &x));
|
||||||
|
|
||||||
// Verify the proof for x = 25
|
|
||||||
eval_poly(&value, &p, &x);
|
eval_poly(&value, &p, &x);
|
||||||
|
|
||||||
|
// Verify the proof that the (unknown) polynomial has y = value at x = 25
|
||||||
TEST_CHECK(true == check_proof_single(&ks, &commitment, &proof, &x, &value));
|
TEST_CHECK(true == check_proof_single(&ks, &commitment, &proof, &x, &value));
|
||||||
|
|
||||||
free_fft_settings(&fs);
|
free_fft_settings(&fs);
|
||||||
|
@ -93,8 +94,10 @@ void proof_multi(void) {
|
||||||
blst_p1 *s1 = malloc(secrets_len * sizeof(blst_p1));
|
blst_p1 *s1 = malloc(secrets_len * sizeof(blst_p1));
|
||||||
blst_p2 *s2 = malloc(secrets_len * sizeof(blst_p2));
|
blst_p2 *s2 = malloc(secrets_len * sizeof(blst_p2));
|
||||||
blst_fr x, tmp;
|
blst_fr x, tmp;
|
||||||
int coset_scale = 3, coset_len = (1 << coset_scale); // Where do these come from?
|
|
||||||
blst_fr ys[coset_len];
|
// Must have coset_scale < poly_len [TODO: why?]
|
||||||
|
int coset_scale = 3, coset_len = (1 << coset_scale);
|
||||||
|
blst_fr y[coset_len];
|
||||||
|
|
||||||
// Create the polynomial
|
// Create the polynomial
|
||||||
init_poly(&p, poly_len);
|
init_poly(&p, poly_len);
|
||||||
|
@ -117,14 +120,14 @@ void proof_multi(void) {
|
||||||
fr_from_uint64(&x, 5431);
|
fr_from_uint64(&x, 5431);
|
||||||
TEST_CHECK(C_KZG_OK == compute_proof_multi(&proof, &ks2, &p, &x, coset_len));
|
TEST_CHECK(C_KZG_OK == compute_proof_multi(&proof, &ks2, &p, &x, coset_len));
|
||||||
|
|
||||||
// The ys are the values of the polynomial at the points above
|
// y_i is the value of the polynomial at each x_i
|
||||||
for (int i = 0; i < coset_len; i++) {
|
for (int i = 0; i < coset_len; i++) {
|
||||||
blst_fr_mul(&tmp, &x, &ks2.fs->expanded_roots_of_unity[i]);
|
blst_fr_mul(&tmp, &x, &ks2.fs->expanded_roots_of_unity[i]);
|
||||||
eval_poly(&ys[i], &p, &tmp);
|
eval_poly(&y[i], &p, &tmp);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Verify the proof
|
// Verify the proof that the (unknown) polynomial has value y_i at x_i
|
||||||
TEST_CHECK(check_proof_multi(&ks2, &commitment, &proof, &x, ys, coset_len));
|
TEST_CHECK(check_proof_multi(&ks2, &commitment, &proof, &x, y, coset_len));
|
||||||
|
|
||||||
free_fft_settings(&fs1);
|
free_fft_settings(&fs1);
|
||||||
free_fft_settings(&fs2);
|
free_fft_settings(&fs2);
|
||||||
|
|
Loading…
Reference in New Issue