status-im
/
c-kzg-4844
mirror of https://github.com/status-im/c-kzg-4844.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Consolidate header files (#14) 

* Consolidate header files

User should now need only include c_kzg.h and bls12_381.h.

* Update README
This commit is contained in:
Ben Edgington 2021-07-09 13:35:19 +01:00 committed by GitHub
parent ca1acf61d6
commit b21d13684b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
37 changed files with 335 additions and 474 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
README.md
View File

@ -29,8 +29,8 @@ That's basically all the necessary stuff for Eth2 use cases. Things remaining (a
Build the [Blst library](https://github.com/supranational/blst) following the instructions there. Then,
1. Copy the resulting `libblst.a` file into the `lib/` directory here.
2. From Blst's `bindings/` directory copy `blst.h` and `blst_aux.h` to `inc/`
1. Copy the resulting *libblst.a* file into the *lib/* directory here.
2. From Blst's *bindings/* directory copy *blst.h* and *blst_aux.h* to *inc/*
That is,
@ -39,11 +39,13 @@ cp ../blst/libblast.a lib/
cp ../blst/bindings/*.h inc/
```
Alternatively, change the `INCLUDE_DIRS` in *Makefile* to point to the Blst header files.
This version of c-kzg is tested with Blst's master branch, commit `d4b40c3`. Blst release 0.3.4 is not sufficient since we make use of the more recently implemented Pippenger multiscalar multiplication for the polynomial commitments.
## Build
Build the `libckzg.a` library:
Build the *libckzg.a* library:
```
cd src
@ -57,6 +59,10 @@ cd src
make debuglib
```
## Integrate
Once you have *libkzg.a*, the only other files you should need in order to integrate `c-kzg` with your own application are *c_kzg.h* and *bls12_381.h* (in addition to the Blst library and header files). *c_kzg.h* contains all the prototypes for the accessible functions in `c-kzg` and the associated data structures.
## Run tests
```

14
src/Makefile
View File

@ -1,8 +1,8 @@
TESTS = bls12_381_test das_extension_test c_kzg_util_test fft_common_test fft_fr_test fft_g1_test \
TESTS = bls12_381_test das_extension_test c_kzg_alloc_test fft_common_test fft_fr_test fft_g1_test \
fk20_proofs_test kzg_proofs_test poly_test recover_test utility_test zero_poly_test
BENCH = fft_fr_bench fft_g1_bench recover_bench zero_poly_bench kzg_proofs_bench poly_bench
TUNE = poly_mul_tune poly_div_tune
LIB_SRC = bls12_381.c c_kzg_util.c das_extension.c fft_common.c fft_fr.c fft_g1.c fk20_proofs.c kzg_proofs.c poly.c recover.c utility.c zero_poly.c
LIB_SRC = bls12_381.c c_kzg_alloc.c das_extension.c fft_common.c fft_fr.c fft_g1.c fk20_proofs.c kzg_proofs.c poly.c recover.c utility.c zero_poly.c
LIB_OBJ = $(LIB_SRC:.c=.o)
KZG_CFLAGS =
@ -10,7 +10,7 @@ INCLUDE_DIRS = ../inc
.PRECIOUS: %.o
%.o: %.c %.h c_kzg.h Makefile
%.o: %.c c_kzg.h bls12_381.h Makefile
clang -Wall -I$(INCLUDE_DIRS) $(CFLAGS) $(KZG_CFLAGS) -c $*.c
libckzg.a: $(LIB_OBJ) Makefile
@ -27,14 +27,14 @@ libckzg.a: $(LIB_OBJ) Makefile
# Benchmarks
%_bench: KZG_CFLAGS += -O
%_bench: %_bench.c bench_util.o test_util.o $(LIB_OBJ) Makefile
clang -Wall -I$(INCLUDE_DIRS) $(CFLAGS) $(KZG_CFLAGS) -o $@ $@.c bench_util.o test_util.o $(LIB_OBJ) -L../lib -lblst
%_bench: %_bench.c bench_util.o test_util.o libckzg.a Makefile
clang -Wall -I$(INCLUDE_DIRS) $(CFLAGS) $(KZG_CFLAGS) -o $@ $@.c bench_util.o test_util.o libckzg.a -L../lib -lblst
./$@
# Tuning
%_tune: KZG_CFLAGS += -O
%_tune: %_tune.c bench_util.o test_util.o $(LIB_OBJ) Makefile
clang -Wall -I$(INCLUDE_DIRS) $(CFLAGS) $(KZG_CFLAGS) -o $@ $@.c bench_util.o test_util.o $(LIB_OBJ) -L../lib -lblst
%_tune: %_tune.c bench_util.o test_util.o libckzg.a Makefile
clang -Wall -I$(INCLUDE_DIRS) $(CFLAGS) $(KZG_CFLAGS) -o $@ $@.c bench_util.o test_util.o libckzg.a -L../lib -lblst
./$@
lib: KZG_CFLAGS += -O

1
src/bench_util.h
View File

@ -15,7 +15,6 @@
*/
#include <time.h> // CLOCK_REALTIME, clock_gettime(), timespec
#include "c_kzg.h"
typedef struct timespec timespec_t;

200
src/c_kzg.h
View File

@ -14,7 +14,11 @@
* limitations under the License.
*/
/** @file c_kzg.h */
/**
* @file c_kzg.h
*
* Type definitions and function prototypes for all user-accessible parts of the library.
*/
#ifndef C_KZG_H
#define C_KZG_H
@ -37,81 +41,137 @@ typedef enum {
C_KZG_MALLOC, /**< Could not allocate memory */
} C_KZG_RET;
#ifdef DEBUG
#include <stdlib.h>
#include <stdio.h>
#define CHECK(cond) \
if (!(cond)) { \
printf("\n%s:%d: Failed CHECK: %s\n", __FILE__, __LINE__, #cond); \
abort(); \
}
#define TRY(result) \
{ \
C_KZG_RET ret = (result); \
if (ret != C_KZG_OK) { \
printf("\n%s:%d: Failed TRY: %s, result = %d\n", __FILE__, __LINE__, #result, ret); \
abort(); \
} \
}
#define ASSERT(cond) \
if (!(cond)) { \
printf("\n%s:%d: Failed ASSERT: %s\n", __FILE__, __LINE__, #cond); \
abort(); \
}
#else
#define CHECK(cond) \
if (!(cond)) return C_KZG_BADARGS
#define TRY(result) \
{ \
C_KZG_RET ret = (result); \
if (ret == C_KZG_MALLOC) return ret; \
if (ret != C_KZG_OK) return C_KZG_ERROR; \
}
#define ASSERT(cond) \
if (!(cond)) return C_KZG_ERROR
#endif // DEBUG
//
// fft_common.c
//
/** @def CHECK
/**
* Stores the setup and parameters needed for performing FFTs.
*
* Test input parameters.
*
* Differs from `ASSERT` in returning `C_KZG_BADARGS`.
*
* This macro comes in two versions according to whether `DEBUG` is defined or not (`-DDEBUG` compiler flag).
* - `DEBUG` is undefined: when @p cond is false, return from the current function with the value `C_KZG_BADARGS`,
* otherwise continue.
* - `DEBUG` is defined: when @p cond is false, print file and line number information and abort the run. This is very
* useful for dubugging. The @p ret parameter is ignored in this case.
*
* @param cond The condition to be tested
* Initialise with #new_fft_settings. Free after use with #free_fft_settings.
*/
typedef struct {
uint64_t max_width; /**< The maximum size of FFT these settings support, a power of 2. */
fr_t root_of_unity; /**< The root of unity used to generate the lists in the structure. */
fr_t *expanded_roots_of_unity; /**< Ascending powers of the root of unity, size `width + 1`. */
fr_t *reverse_roots_of_unity; /**< Descending powers of the root of unity, size `width + 1`. */
} FFTSettings;
/** @def TRY
*
* Handle errors in called functions.
*
* This macro comes in two versions according to whether `DEBUG` is defined or not (`-DDEBUG` compiler flag).
* - `DEBUG` is undefined: if the @p result is not `C_KZG_OK`, return immediately with either `C_KZG_MALLOC` or
* `C_KZG_ERROR`. Otherwise continue.
* - `DEBUG` is defined: if @p result is not `C_KZG_OK`, print file and line number information and abort the run.
* This is very useful for dubugging.
*
* @param result The function call result to be tested
*/
C_KZG_RET new_fft_settings(FFTSettings *s, unsigned int max_scale);
void free_fft_settings(FFTSettings *s);
/** @def ASSERT
//
// fft_fr.c
//
C_KZG_RET fft_fr(fr_t *out, const fr_t *in, bool inverse, uint64_t n, const FFTSettings *fs);
//
// fft_g1.c
//
C_KZG_RET fft_g1(g1_t *out, const g1_t *in, bool inverse, uint64_t n, const FFTSettings *fs);
//
// poly.c
//
/**
* Defines a polynomial whose coefficients are members of the finite field F_r.
*
* Test the correctness of statements.
*
* Differs from `CHECK` in returning `C_KZG_ERROR`.
*
* This macro comes in two versions according to whether `DEBUG` is defined or not (`-DDEBUG` compiler flag).
* - `DEBUG` is undefined: when @p cond is false, return from the current function with the value `C_KZG_ERROR`,
* otherwise continue.
* - `DEBUG` is defined: when @p cond is false, print file and line number information and abort the run. This is very
* useful for dubugging. The @p ret parameter is ignored in this case.
*
* @param cond The condition to be tested
* Initialise the storage with #new_poly. After use, free the storage with #free_poly.
*/
typedef struct {
fr_t *coeffs; /**< `coeffs[i]` is the coefficient of the `x^i` term of the polynomial. */
uint64_t length; /**< One more than the polynomial's degree */
} poly;
void eval_poly(fr_t *out, const poly *p, const fr_t *x);
C_KZG_RET poly_inverse(poly *out, poly *b);
C_KZG_RET poly_mul(poly *out, const poly *a, const poly *b);
C_KZG_RET poly_mul_(poly *out, const poly *a, const poly *b, FFTSettings *fs);
C_KZG_RET new_poly_div(poly *out, const poly *dividend, const poly *divisor);
C_KZG_RET new_poly(poly *out, uint64_t length);
C_KZG_RET new_poly_with_coeffs(poly *out, const fr_t *coeffs, uint64_t length);
void free_poly(poly *p);
//
// kzg_proofs.c
//
/**
* Stores the setup and parameters needed for computing KZG proofs.
*
* Initialise with #new_kzg_settings. Free after use with #free_kzg_settings.
*/
typedef struct {
const FFTSettings *fs; /**< The corresponding settings for performing FFTs */
g1_t *secret_g1; /**< G1 group elements from the trusted setup */
g2_t *secret_g2; /**< G2 group elements from the trusted setup */
uint64_t length; /**< The number of elements in secret_g1 and secret_g2 */
} KZGSettings;
C_KZG_RET commit_to_poly(g1_t *out, const poly *p, const KZGSettings *ks);
C_KZG_RET compute_proof_single(g1_t *out, const poly *p, const fr_t *x0, const KZGSettings *ks);
C_KZG_RET check_proof_single(bool *out, const g1_t *commitment, const g1_t *proof, const fr_t *x, fr_t *y,
const KZGSettings *ks);
C_KZG_RET compute_proof_multi(g1_t *out, const poly *p, const fr_t *x0, uint64_t n, const KZGSettings *ks);
C_KZG_RET check_proof_multi(bool *out, const g1_t *commitment, const g1_t *proof, const fr_t *x, const fr_t *ys,
uint64_t n, const KZGSettings *ks);
C_KZG_RET new_kzg_settings(KZGSettings *ks, const g1_t *secret_g1, const g2_t *secret_g2, uint64_t length,
const FFTSettings *fs);
void free_kzg_settings(KZGSettings *ks);
//
// fk20_proofs.c
//
/**
* Stores the setup and parameters needed for computing FK20 single proofs.
*
* Initialise with #new_fk20_single_settings. Free after use with #free_fk20_single_settings.
*/
typedef struct {
const KZGSettings *ks; /**< The corresponding settings for performing KZG proofs */
g1_t *x_ext_fft; /**< The output of the first part of the Toeplitz process */
uint64_t x_ext_fft_len; /**< The length of the `x_ext_fft_len` array (TODO - do we need this?)*/
} FK20SingleSettings;
/**
* Stores the setup and parameters needed for computing FK20 multi proofs.
*/
typedef struct {
const KZGSettings *ks; /**< The corresponding settings for performing KZG proofs */
uint64_t chunk_len; /**< TODO */
g1_t **x_ext_fft_files; /**< TODO */
uint64_t length; /**< TODO */
} FK20MultiSettings;
C_KZG_RET da_using_fk20_single(g1_t *out, const poly *p, const FK20SingleSettings *fk);
C_KZG_RET da_using_fk20_multi(g1_t *out, const poly *p, const FK20MultiSettings *fk);
C_KZG_RET new_fk20_single_settings(FK20SingleSettings *fk, uint64_t n2, const KZGSettings *ks);
C_KZG_RET new_fk20_multi_settings(FK20MultiSettings *fk, uint64_t n2, uint64_t chunk_len, const KZGSettings *ks);
void free_fk20_single_settings(FK20SingleSettings *fk);
void free_fk20_multi_settings(FK20MultiSettings *fk);
//
// recover.c
//
C_KZG_RET recover_poly_from_samples(fr_t *reconstructed_data, fr_t *samples, uint64_t len_samples, FFTSettings *fs);
//
// zero_poly.c
//
C_KZG_RET zero_polynomial_via_multiplication(fr_t *zero_eval, poly *zero_poly, uint64_t width,
const uint64_t *missing_indices, uint64_t len_missing,
const FFTSettings *fs);
//
// das_extension.c
//
C_KZG_RET das_fft_extension(fr_t *vals, uint64_t n, const FFTSettings *fs);
#endif // C_KZG_H

6
src/c_kzg_util.c → src/c_kzg_alloc.c
View File

@ -15,12 +15,12 @@
*/
/**
* @file c_kzg_util.c
* @file c_kzg_alloc.c
*
* Utilities useful across the library.
* Utilities for dynamically allocating arrays of things.
*/
#include "c_kzg_util.h"
#include "c_kzg_alloc.h"
/**
* Wrapped `malloc()` that reports failures to allocate.

5
src/c_kzg_util.h → src/c_kzg_alloc.h
View File

@ -14,11 +14,10 @@
* limitations under the License.
*/
/** @file c_kzg_util.h */
/** @file c_kzg_alloc.h */
#include <stdlib.h> // free()
#include <stdlib.h> // free(), NULL
#include "c_kzg.h"
#include "poly.h"
/** @def min_u64
*

98
src/control.h Normal file
View File

@ -0,0 +1,98 @@
/*
* Copyright 2021 Benjamin Edgington
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* @file control.h
*
* Macros for control flow and error handling.
*/
#ifdef DEBUG
#include <stdlib.h>
#include <stdio.h>
#define CHECK(cond) \
if (!(cond)) { \
printf("\n%s:%d: Failed CHECK: %s\n", __FILE__, __LINE__, #cond); \
abort(); \
}
#define TRY(result) \
{ \
C_KZG_RET ret = (result); \
if (ret != C_KZG_OK) { \
printf("\n%s:%d: Failed TRY: %s, result = %d\n", __FILE__, __LINE__, #result, ret); \
abort(); \
} \
}
#define ASSERT(cond) \
if (!(cond)) { \
printf("\n%s:%d: Failed ASSERT: %s\n", __FILE__, __LINE__, #cond); \
abort(); \
}
#else
#define CHECK(cond) \
if (!(cond)) return C_KZG_BADARGS
#define TRY(result) \
{ \
C_KZG_RET ret = (result); \
if (ret == C_KZG_MALLOC) return ret; \
if (ret != C_KZG_OK) return C_KZG_ERROR; \
}
#define ASSERT(cond) \
if (!(cond)) return C_KZG_ERROR
#endif // DEBUG
/** @def CHECK
*
* Test input parameters.
*
* Differs from `ASSERT` in returning `C_KZG_BADARGS`.
*
* This macro comes in two versions according to whether `DEBUG` is defined or not (`-DDEBUG` compiler flag).
* - `DEBUG` is undefined: when @p cond is false, return from the current function with the value `C_KZG_BADARGS`,
* otherwise continue.
* - `DEBUG` is defined: when @p cond is false, print file and line number information and abort the run. This is very
* useful for dubugging. The @p ret parameter is ignored in this case.
*
* @param cond The condition to be tested
*/
/** @def TRY
*
* Handle errors in called functions.
*
* This macro comes in two versions according to whether `DEBUG` is defined or not (`-DDEBUG` compiler flag).
* - `DEBUG` is undefined: if the @p result is not `C_KZG_OK`, return immediately with either `C_KZG_MALLOC` or
* `C_KZG_ERROR`. Otherwise continue.
* - `DEBUG` is defined: if @p result is not `C_KZG_OK`, print file and line number information and abort the run.
* This is very useful for dubugging.
*
* @param result The function call result to be tested
*/
/** @def ASSERT
*
* Test the correctness of statements.
*
* Differs from `CHECK` in returning `C_KZG_ERROR`.
*
* This macro comes in two versions according to whether `DEBUG` is defined or not (`-DDEBUG` compiler flag).
* - `DEBUG` is undefined: when @p cond is false, return from the current function with the value `C_KZG_ERROR`,
* otherwise continue.
* - `DEBUG` is defined: when @p cond is false, print file and line number information and abort the run. This is very
* useful for dubugging. The @p ret parameter is ignored in this case.
*
* @param cond The condition to be tested
*/

5
src/das_extension.c
View File

@ -20,7 +20,8 @@
* Perform polynomial extension for data availability sampling.
*/
#include "das_extension.h"
#include "control.h"
#include "c_kzg.h"
#include "utility.h"
/**
@ -115,7 +116,7 @@ C_KZG_RET das_fft_extension(fr_t *vals, uint64_t n, const FFTSettings *fs) {
#ifdef KZGTEST
#include "../inc/acutest.h"
#include "c_kzg_util.h"
#include "c_kzg_alloc.h"
#include "test_util.h"
void das_extension_test_known(void) {

26
src/das_extension.h
View File

@ -1,26 +0,0 @@
/*
* Copyright 2021 Benjamin Edgington
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* @file das_extension.h
*
* Perform polynomial extension for data availability sampling.
*/
#include "c_kzg.h"
#include "fft_common.h"
C_KZG_RET das_fft_extension(fr_t *vals, uint64_t n, const FFTSettings *fs);

1
src/debug_util.c
View File

@ -14,6 +14,7 @@
* limitations under the License.
*/
#include <stdio.h>
#include "debug_util.h"
#ifdef BLST

3
src/debug_util.h
View File

@ -14,8 +14,7 @@
* limitations under the License.
*/
#include <stdio.h>
#include "c_kzg.h"
#include "bls12_381.h"
// Fr utilities
void print_fr(const fr_t *a);

58
src/fft_common.c
View File

@ -20,8 +20,62 @@
* Code shared between the FFTs over field elements and FFTs over G1 group elements.
*/
#include "fft_common.h"
#include "c_kzg_util.h"
#include "control.h"
#include "c_kzg_alloc.h"
/**
* The first 32 roots of unity in the finite field F_r.
*
* For element `{A, B, C, D}`, the field element value is `A + B * 2^64 + C * 2^128 + D * 2^192`. This format may be
* converted to an `fr_t` type via the #fr_from_uint64s library function.
*
* The decimal values may be calculated with the following Python code:
* @code{.py}
* MODULUS = 52435875175126190479447740508185965837690552500527637822603658699938581184513
* PRIMITIVE_ROOT = 7
* [pow(PRIMITIVE_ROOT, (MODULUS - 1) // (2**i), MODULUS) for i in range(32)]
* @endcode
*
* Note: Being a "primitive root" in this context means that r^k != 1 for any k < q-1 where q is the modulus. So
* powers of r generate the field. This is also known as being a "primitive element".
*
* This is easy to check for: we just require that r^((q-1)/2) != 1. Instead of 5, we could use 7, 10, 13, 14, 15, 20...
* to create the roots of unity below. There are a lot of primitive roots:
* https://crypto.stanford.edu/pbc/notes/numbertheory/gen.html
*/
static const uint64_t scale2_root_of_unity[][4] = {
{0x0000000000000001L, 0x0000000000000000L, 0x0000000000000000L, 0x0000000000000000L},
{0xffffffff00000000L, 0x53bda402fffe5bfeL, 0x3339d80809a1d805L, 0x73eda753299d7d48L},
{0x0001000000000000L, 0xec03000276030000L, 0x8d51ccce760304d0L, 0x0000000000000000L},
{0x7228fd3397743f7aL, 0xb38b21c28713b700L, 0x8c0625cd70d77ce2L, 0x345766f603fa66e7L},
{0x53ea61d87742bcceL, 0x17beb312f20b6f76L, 0xdd1c0af834cec32cL, 0x20b1ce9140267af9L},
{0x360c60997369df4eL, 0xbf6e88fb4c38fb8aL, 0xb4bcd40e22f55448L, 0x50e0903a157988baL},
{0x8140d032f0a9ee53L, 0x2d967f4be2f95155L, 0x14a1e27164d8fdbdL, 0x45af6345ec055e4dL},
{0x5130c2c1660125beL, 0x98d0caac87f5713cL, 0xb7c68b4d7fdd60d0L, 0x6898111413588742L},
{0x4935bd2f817f694bL, 0x0a0865a899e8deffL, 0x6b368121ac0cf4adL, 0x4f9b4098e2e9f12eL},
{0x4541b8ff2ee0434eL, 0xd697168a3a6000feL, 0x39feec240d80689fL, 0x095166525526a654L},
{0x3c28d666a5c2d854L, 0xea437f9626fc085eL, 0x8f4de02c0f776af3L, 0x325db5c3debf77a1L},
{0x4a838b5d59cd79e5L, 0x55ea6811be9c622dL, 0x09f1ca610a08f166L, 0x6d031f1b5c49c834L},
{0xe206da11a5d36306L, 0x0ad1347b378fbf96L, 0xfc3e8acfe0f8245fL, 0x564c0a11a0f704f4L},
{0x6fdd00bfc78c8967L, 0x146b58bc434906acL, 0x2ccddea2972e89edL, 0x485d512737b1da3dL},
{0x034d2ff22a5ad9e1L, 0xae4622f6a9152435L, 0xdc86b01c0d477fa6L, 0x56624634b500a166L},
{0xfbd047e11279bb6eL, 0xc8d5f51db3f32699L, 0x483405417a0cbe39L, 0x3291357ee558b50dL},
{0xd7118f85cd96b8adL, 0x67a665ae1fcadc91L, 0x88f39a78f1aeb578L, 0x2155379d12180caaL},
{0x08692405f3b70f10L, 0xcd7f2bd6d0711b7dL, 0x473a2eef772c33d6L, 0x224262332d8acbf4L},
{0x6f421a7d8ef674fbL, 0xbb97a3bf30ce40fdL, 0x652f717ae1c34bb0L, 0x2d3056a530794f01L},
{0x194e8c62ecb38d9dL, 0xad8e16e84419c750L, 0xdf625e80d0adef90L, 0x520e587a724a6955L},
{0xfece7e0e39898d4bL, 0x2f69e02d265e09d9L, 0xa57a6e07cb98de4aL, 0x03e1c54bcb947035L},
{0xcd3979122d3ea03aL, 0x46b3105f04db5844L, 0xc70d0874b0691d4eL, 0x47c8b5817018af4fL},
{0xc6e7a6ffb08e3363L, 0xe08fec7c86389beeL, 0xf2d38f10fbb8d1bbL, 0x0abe6a5e5abcaa32L},
{0x5616c57de0ec9eaeL, 0xc631ffb2585a72dbL, 0x5121af06a3b51e3cL, 0x73560252aa0655b2L},
{0x92cf4deb77bd779cL, 0x72cf6a8029b7d7bcL, 0x6e0bcd91ee762730L, 0x291cf6d68823e687L},
{0xce32ef844e11a51eL, 0xc0ba12bb3da64ca5L, 0x0454dc1edc61a1a3L, 0x019fe632fd328739L},
{0x531a11a0d2d75182L, 0x02c8118402867ddcL, 0x116168bffbedc11dL, 0x0a0a77a3b1980c0dL},
{0xe2d0a7869f0319edL, 0xb94f1101b1d7a628L, 0xece8ea224f31d25dL, 0x23397a9300f8f98bL},
{0xd7b688830a4f2089L, 0x6558e9e3f6ac7b41L, 0x99e276b571905a7dL, 0x52dd465e2f094256L},
{0x474650359d8e211bL, 0x84d37b826214abc6L, 0x8da40c1ef2bb4598L, 0x0c83ea7744bf1beeL},
{0x694341f608c9dd56L, 0xed3a181fabb30adcL, 0x1339a815da8b398fL, 0x2c6d4e4511657e1eL},
{0x63e7cb4906ffc93fL, 0xf070bb00e28a193dL, 0xad1715b02e5713b5L, 0x4b5371495990693fL}};
/**
* Generate powers of a root of unity in the field for use in the FFTs.

93
src/fft_common.h
View File

@ -1,93 +0,0 @@
/*
* Copyright 2021 Benjamin Edgington
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/** @file fft_common.h */
#ifndef FFT_COMMON
#define FFT_COMMON
#include "c_kzg.h"
/**
* The first 32 roots of unity in the finite field F_r.
*
* For element `{A, B, C, D}`, the field element value is `A + B * 2^64 + C * 2^128 + D * 2^192`. This format may be
* converted to an `fr_t` type via the #fr_from_uint64s library function.
*
* The decimal values may be calculated with the following Python code:
* @code{.py}
* MODULUS = 52435875175126190479447740508185965837690552500527637822603658699938581184513
* PRIMITIVE_ROOT = 7
* [pow(PRIMITIVE_ROOT, (MODULUS - 1) // (2**i), MODULUS) for i in range(32)]
* @endcode
*
* Note: Being a "primitive root" in this context means that r^k != 1 for any k < q-1 where q is the modulus. So
* powers of r generate the field. This is also known as being a "primitive element".
*
* This is easy to check for: we just require that r^((q-1)/2) != 1. Instead of 5, we could use 7, 10, 13, 14, 15, 20...
* to create the roots of unity below. There are a lot of primitive roots:
* https://crypto.stanford.edu/pbc/notes/numbertheory/gen.html
*/
static const uint64_t scale2_root_of_unity[][4] = {
{0x0000000000000001L, 0x0000000000000000L, 0x0000000000000000L, 0x0000000000000000L},
{0xffffffff00000000L, 0x53bda402fffe5bfeL, 0x3339d80809a1d805L, 0x73eda753299d7d48L},
{0x0001000000000000L, 0xec03000276030000L, 0x8d51ccce760304d0L, 0x0000000000000000L},
{0x7228fd3397743f7aL, 0xb38b21c28713b700L, 0x8c0625cd70d77ce2L, 0x345766f603fa66e7L},
{0x53ea61d87742bcceL, 0x17beb312f20b6f76L, 0xdd1c0af834cec32cL, 0x20b1ce9140267af9L},
{0x360c60997369df4eL, 0xbf6e88fb4c38fb8aL, 0xb4bcd40e22f55448L, 0x50e0903a157988baL},
{0x8140d032f0a9ee53L, 0x2d967f4be2f95155L, 0x14a1e27164d8fdbdL, 0x45af6345ec055e4dL},
{0x5130c2c1660125beL, 0x98d0caac87f5713cL, 0xb7c68b4d7fdd60d0L, 0x6898111413588742L},
{0x4935bd2f817f694bL, 0x0a0865a899e8deffL, 0x6b368121ac0cf4adL, 0x4f9b4098e2e9f12eL},
{0x4541b8ff2ee0434eL, 0xd697168a3a6000feL, 0x39feec240d80689fL, 0x095166525526a654L},
{0x3c28d666a5c2d854L, 0xea437f9626fc085eL, 0x8f4de02c0f776af3L, 0x325db5c3debf77a1L},
{0x4a838b5d59cd79e5L, 0x55ea6811be9c622dL, 0x09f1ca610a08f166L, 0x6d031f1b5c49c834L},
{0xe206da11a5d36306L, 0x0ad1347b378fbf96L, 0xfc3e8acfe0f8245fL, 0x564c0a11a0f704f4L},
{0x6fdd00bfc78c8967L, 0x146b58bc434906acL, 0x2ccddea2972e89edL, 0x485d512737b1da3dL},
{0x034d2ff22a5ad9e1L, 0xae4622f6a9152435L, 0xdc86b01c0d477fa6L, 0x56624634b500a166L},
{0xfbd047e11279bb6eL, 0xc8d5f51db3f32699L, 0x483405417a0cbe39L, 0x3291357ee558b50dL},
{0xd7118f85cd96b8adL, 0x67a665ae1fcadc91L, 0x88f39a78f1aeb578L, 0x2155379d12180caaL},
{0x08692405f3b70f10L, 0xcd7f2bd6d0711b7dL, 0x473a2eef772c33d6L, 0x224262332d8acbf4L},
{0x6f421a7d8ef674fbL, 0xbb97a3bf30ce40fdL, 0x652f717ae1c34bb0L, 0x2d3056a530794f01L},
{0x194e8c62ecb38d9dL, 0xad8e16e84419c750L, 0xdf625e80d0adef90L, 0x520e587a724a6955L},
{0xfece7e0e39898d4bL, 0x2f69e02d265e09d9L, 0xa57a6e07cb98de4aL, 0x03e1c54bcb947035L},
{0xcd3979122d3ea03aL, 0x46b3105f04db5844L, 0xc70d0874b0691d4eL, 0x47c8b5817018af4fL},
{0xc6e7a6ffb08e3363L, 0xe08fec7c86389beeL, 0xf2d38f10fbb8d1bbL, 0x0abe6a5e5abcaa32L},
{0x5616c57de0ec9eaeL, 0xc631ffb2585a72dbL, 0x5121af06a3b51e3cL, 0x73560252aa0655b2L},
{0x92cf4deb77bd779cL, 0x72cf6a8029b7d7bcL, 0x6e0bcd91ee762730L, 0x291cf6d68823e687L},
{0xce32ef844e11a51eL, 0xc0ba12bb3da64ca5L, 0x0454dc1edc61a1a3L, 0x019fe632fd328739L},
{0x531a11a0d2d75182L, 0x02c8118402867ddcL, 0x116168bffbedc11dL, 0x0a0a77a3b1980c0dL},
{0xe2d0a7869f0319edL, 0xb94f1101b1d7a628L, 0xece8ea224f31d25dL, 0x23397a9300f8f98bL},
{0xd7b688830a4f2089L, 0x6558e9e3f6ac7b41L, 0x99e276b571905a7dL, 0x52dd465e2f094256L},
{0x474650359d8e211bL, 0x84d37b826214abc6L, 0x8da40c1ef2bb4598L, 0x0c83ea7744bf1beeL},
{0x694341f608c9dd56L, 0xed3a181fabb30adcL, 0x1339a815da8b398fL, 0x2c6d4e4511657e1eL},
{0x63e7cb4906ffc93fL, 0xf070bb00e28a193dL, 0xad1715b02e5713b5L, 0x4b5371495990693fL}};
/**
* Stores the setup and parameters needed for performing FFTs.
*
* Initialise with #new_fft_settings. Free after use with #free_fft_settings.
*/
typedef struct {
uint64_t max_width; /**< The maximum size of FFT these settings support, a power of 2. */
fr_t root_of_unity; /**< The root of unity used to generate the lists in the structure. */
fr_t *expanded_roots_of_unity; /**< Ascending powers of the root of unity, size `width + 1`. */
fr_t *reverse_roots_of_unity; /**< Descending powers of the root of unity, size `width + 1`. */
} FFTSettings;
C_KZG_RET new_fft_settings(FFTSettings *s, unsigned int max_scale);
void free_fft_settings(FFTSettings *s);
#endif // FFT_COMMON

3
src/fft_fr.c
View File

@ -25,7 +25,8 @@
* @remark Functions here work only for lengths that are a power of two.
*/
#include "fft_fr.h"
#include "control.h"
#include "c_kzg.h"
#include "utility.h"
/**

21
src/fft_fr.h
View File

@ -1,21 +0,0 @@
/*
* Copyright 2021 Benjamin Edgington
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/** @file fft_fr.h */
#include "fft_common.h"
C_KZG_RET fft_fr(fr_t *out, const fr_t *in, bool inverse, uint64_t n, const FFTSettings *fs);

2
src/fft_fr_bench.c
View File

@ -20,7 +20,7 @@
#include <unistd.h> // EXIT_SUCCESS/FAILURE
#include "bench_util.h"
#include "test_util.h"
#include "fft_fr.h"
#include "c_kzg.h"
// Run the benchmark for `max_seconds` and return the time per iteration in nanoseconds.
long run_bench(int scale, int max_seconds) {

4
src/fft_g1.c
View File

@ -25,7 +25,8 @@
* @remark Functions here work only for lengths that are a power of two.
*/
#include "fft_g1.h"
#include "control.h"
#include "c_kzg.h"
#include "utility.h"
/**
@ -90,7 +91,6 @@ C_KZG_RET fft_g1(g1_t *out, const g1_t *in, bool inverse, uint64_t n, const FFTS
#include "../inc/acutest.h"
#include "test_util.h"
#include "fft_g1.h"
static void make_data(g1_t *out, uint64_t n) {
// Multiples of g1_gen

21
src/fft_g1.h
View File

@ -1,21 +0,0 @@
/*
* Copyright 2021 Benjamin Edgington
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/** @file fft_g1.h */
#include "fft_common.h"
C_KZG_RET fft_g1(g1_t *out, const g1_t *in, bool inverse, uint64_t n, const FFTSettings *fs);

2
src/fft_g1_bench.c
View File

@ -20,7 +20,7 @@
#include <unistd.h> // EXIT_SUCCESS/FAILURE
#include "bench_util.h"
#include "test_util.h"
#include "fft_g1.h"
#include "c_kzg.h"
// Run the benchmark for `max_seconds` and return the time per iteration in nanoseconds.
long run_bench(int scale, int max_seconds) {

5
src/fk20_proofs.c
View File

@ -23,9 +23,8 @@
* @todo Split this out into smaller files.
*/
#include "fk20_proofs.h"
#include "fft_g1.h"
#include "c_kzg_util.h"
#include "control.h"
#include "c_kzg_alloc.h"
#include "utility.h"
/**

47
src/fk20_proofs.h
View File

@ -1,47 +0,0 @@
/*
* Copyright 2021 Benjamin Edgington
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/** @file fk20_proofs.h */
#include "kzg_proofs.h"
/**
* Stores the setup and parameters needed for computing FK20 single proofs.
*
* Initialise with #new_fk20_single_settings. Free after use with #free_fk20_single_settings.
*/
typedef struct {
const KZGSettings *ks; /**< The corresponding settings for performing KZG proofs */
g1_t *x_ext_fft; /**< The output of the first part of the Toeplitz process */
uint64_t x_ext_fft_len; /**< The length of the `x_ext_fft_len` array (TODO - do we need this?)*/
} FK20SingleSettings;
/**
* Stores the setup and parameters needed for computing FK20 multi proofs.
*/
typedef struct {
const KZGSettings *ks; /**< The corresponding settings for performing KZG proofs */
uint64_t chunk_len; /**< TODO */
g1_t **x_ext_fft_files; /**< TODO */
uint64_t length; /**< TODO */
} FK20MultiSettings;
C_KZG_RET da_using_fk20_single(g1_t *out, const poly *p, const FK20SingleSettings *fk);
C_KZG_RET da_using_fk20_multi(g1_t *out, const poly *p, const FK20MultiSettings *fk);
C_KZG_RET new_fk20_single_settings(FK20SingleSettings *fk, uint64_t n2, const KZGSettings *ks);
C_KZG_RET new_fk20_multi_settings(FK20MultiSettings *fk, uint64_t n2, uint64_t chunk_len, const KZGSettings *ks);
void free_fk20_single_settings(FK20SingleSettings *fk);
void free_fk20_multi_settings(FK20MultiSettings *fk);

5
src/kzg_proofs.c
View File

@ -24,10 +24,9 @@
*/
#include <stddef.h> // NULL
#include "kzg_proofs.h"
#include "c_kzg_util.h"
#include "control.h"
#include "c_kzg_alloc.h"
#include "utility.h"
#include <assert.h>
/**
* Make a KZG commitment to a polynomial.

48
src/kzg_proofs.h
View File

@ -1,48 +0,0 @@
/*
* Copyright 2021 Benjamin Edgington
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/** @file kzg_proofs.h */
#ifndef KZG_PROOFS_H
#define KZG_PROOFS_H
#include "fft_fr.h"
#include "poly.h"
/**
* Stores the setup and parameters needed for computing KZG proofs.
*
* Initialise with #new_kzg_settings. Free after use with #free_kzg_settings.
*/
typedef struct {
const FFTSettings *fs; /**< The corresponding settings for performing FFTs */
g1_t *secret_g1; /**< G1 group elements from the trusted setup */
g2_t *secret_g2; /**< G2 group elements from the trusted setup */
uint64_t length; /**< The number of elements in secret_g1 and secret_g2 */
} KZGSettings;
C_KZG_RET commit_to_poly(g1_t *out, const poly *p, const KZGSettings *ks);
C_KZG_RET compute_proof_single(g1_t *out, const poly *p, const fr_t *x0, const KZGSettings *ks);
C_KZG_RET check_proof_single(bool *out, const g1_t *commitment, const g1_t *proof, const fr_t *x, fr_t *y,
const KZGSettings *ks);
C_KZG_RET compute_proof_multi(g1_t *out, const poly *p, const fr_t *x0, uint64_t n, const KZGSettings *ks);
C_KZG_RET check_proof_multi(bool *out, const g1_t *commitment, const g1_t *proof, const fr_t *x, const fr_t *ys,
uint64_t n, const KZGSettings *ks);
C_KZG_RET new_kzg_settings(KZGSettings *ks, const g1_t *secret_g1, const g2_t *secret_g2, uint64_t length,
const FFTSettings *fs);
void free_kzg_settings(KZGSettings *ks);
#endif // KZG_PROOFS_H

2
src/kzg_proofs_bench.c
View File

@ -20,7 +20,7 @@
#include <unistd.h> // EXIT_SUCCESS/FAILURE
#include "bench_util.h"
#include "test_util.h"
#include "kzg_proofs.h"
#include "c_kzg.h"
// Run the benchmark for `max_seconds` and return the time per iteration in nanoseconds.
long run_bench(int scale, int max_seconds) {

4
src/poly.c
View File

@ -20,9 +20,9 @@
* Operations on polynomials defined over the finite field.
*/
#include "c_kzg_util.h"
#include "control.h"
#include "c_kzg_alloc.h"
#include "utility.h"
#include "poly.h"
/**
* Internal utility for calculating the length to be allocated for the result of dividing two polynomials.

44
src/poly.h
View File

@ -1,44 +0,0 @@
/*
* Copyright 2021 Benjamin Edgington
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/** @file poly.h */
#ifndef POLY_H
#define POLY_H
#include "c_kzg.h"
#include "fft_fr.h"
/**
* Defines a polynomial whose coefficients are members of the finite field F_r.
*
* Initialise the storage with #new_poly. After use, free the storage with #free_poly.
*/
typedef struct {
fr_t *coeffs; /**< `coeffs[i]` is the coefficient of the `x^i` term of the polynomial. */
uint64_t length; /**< One more than the polynomial's degree */
} poly;
void eval_poly(fr_t *out, const poly *p, const fr_t *x);
C_KZG_RET poly_inverse(poly *out, poly *b);
C_KZG_RET poly_mul(poly *out, const poly *a, const poly *b);
C_KZG_RET poly_mul_(poly *out, const poly *a, const poly *b, FFTSettings *fs);
C_KZG_RET new_poly_div(poly *out, const poly *dividend, const poly *divisor);
C_KZG_RET new_poly(poly *out, uint64_t length);
C_KZG_RET new_poly_with_coeffs(poly *out, const fr_t *coeffs, uint64_t length);
void free_poly(poly *p);
#endif // POLY_H

2
src/poly_bench.c
View File

@ -20,7 +20,7 @@
#include <unistd.h> // EXIT_SUCCESS/FAILURE
#include "bench_util.h"
#include "test_util.h"
#include "poly.h"
#include "c_kzg.h"
// Run the benchmark for `max_seconds` and return the time per iteration in nanoseconds.
long run_bench(int scale, int max_seconds) {

2
src/poly_div_tune.c
View File

@ -20,7 +20,7 @@
#include <unistd.h> // EXIT_SUCCESS/FAILURE
#include "bench_util.h"
#include "test_util.h"
#include "poly.h"
#include "c_kzg.h"
// Run the benchmark for `max_seconds` and return the time per iteration in nanoseconds.
long run_bench(int scale_0, int scale_1, int max_seconds) {

2
src/poly_mul_tune.c
View File

@ -20,7 +20,7 @@
#include <unistd.h> // EXIT_SUCCESS/FAILURE
#include "bench_util.h"
#include "test_util.h"
#include "poly.h"
#include "c_kzg.h"
// Run the benchmark for `max_seconds` and return the time per iteration in nanoseconds.
long run_bench(int scale_0, int scale_1, int max_seconds) {

6
src/recover.c
View File

@ -20,11 +20,9 @@
* Recover polynomials from samples.
*/
#include "recover.h"
#include "c_kzg_util.h"
#include "fft_fr.h"
#include "control.h"
#include "c_kzg_alloc.h"
#include "utility.h"
#include "zero_poly.h"
/** 5 is a primitive element, but actually this can be pretty much anything not 0 or a low-degree root of unity */
#define SCALE_FACTOR 5

22
src/recover.h
View File

@ -1,22 +0,0 @@
/*
* Copyright 2021 Benjamin Edgington
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/** @file recover.h */
#include "c_kzg.h"
#include "fft_common.h"
C_KZG_RET recover_poly_from_samples(fr_t *reconstructed_data, fr_t *samples, uint64_t len_samples, FFTSettings *fs);

3
src/recover_bench.c
View File

@ -20,8 +20,7 @@
#include <unistd.h> // EXIT_SUCCESS/FAILURE
#include "bench_util.h"
#include "test_util.h"
#include "fft_fr.h"
#include "recover.h"
#include "c_kzg.h"
// Run the benchmark for `max_seconds` and return the time per iteration in nanoseconds.
long run_bench(int scale, int max_seconds) {

2
src/test_util.h
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
#include "c_kzg.h"
#include "bls12_381.h"
// The generator for our "trusted" setup
static const scalar_t secret = {0xa4, 0x73, 0x31, 0x95, 0x28, 0xc8, 0xb6, 0xea, 0x4d, 0x08, 0xcc,

3
src/utility.c
View File

@ -21,6 +21,7 @@
*/
#include <string.h> // memcpy()
#include "control.h"
#include "utility.h"
/**
@ -157,7 +158,7 @@ C_KZG_RET reverse_bit_order(void *values, size_t size, uint64_t n) {
#include "../inc/acutest.h"
#include "test_util.h"
#include "c_kzg_util.h"
#include "c_kzg_alloc.h"
static uint32_t rev_bits_slow(uint32_t a) {
uint32_t ret = 0;

5
src/zero_poly.c
View File

@ -20,9 +20,8 @@
* Methods for constructing polynomials that evaluate to zero for given lists of powers of roots of unity.
*/
#include "zero_poly.h"
#include "c_kzg_util.h"
#include "fft_fr.h"
#include "control.h"
#include "c_kzg_alloc.h"
#include "utility.h"
/**

29
src/zero_poly.h
View File

@ -1,29 +0,0 @@
/*
* Copyright 2021 Benjamin Edgington
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* @file zero_poly.h
*
* Methods for constructing polynomials that evaluate to zero for given lists of powers of roots of unity.
*/
#include "c_kzg.h"
#include "fft_common.h"
#include "poly.h"
C_KZG_RET zero_polynomial_via_multiplication(fr_t *zero_eval, poly *zero_poly, uint64_t width,
const uint64_t *missing_indices, uint64_t len_missing,
const FFTSettings *fs);

3
src/zero_poly_bench.c
View File

@ -20,8 +20,7 @@
#include <unistd.h> // EXIT_SUCCESS/FAILURE
#include "bench_util.h"
#include "test_util.h"
#include "fft_fr.h"
#include "zero_poly.h"
#include "c_kzg.h"
// Run the benchmark for `max_seconds` and return the time per iteration in nanoseconds.
long run_bench(int scale, int max_seconds) {