Minimal 4844 version of c-kzg
Go to file
Michael Sproul 4c0d477c0f
Use blst crate for Rust blst dep (#351)
2023-08-24 14:13:39 -06:00
.github/workflows Make C# package versions match library versions (#349) 2023-08-21 16:29:28 +03:00
bindings Use blst crate for Rust blst dep (#351) 2023-08-24 14:13:39 -06:00
blst@3dd0f804b1 Upgrade blst to v0.3.11 (#330) 2023-08-10 12:53:42 +01:00
doc/audit Add the Sigma Prime audit report in doc/audit/ 2023-06-14 18:33:37 +03:00
fuzz Add coverage-guided C fuzzers (#203) 2023-03-13 12:45:02 +02:00
inc Small cleanups (#202) 2023-03-10 11:32:13 -06:00
lib Insert lib/ directory and update Readme 2021-02-02 11:36:36 +00:00
src Use blst's generator functions (#340) 2023-08-14 22:01:35 +03:00
tests Switch to big-endian (#305) 2023-05-24 08:44:05 -05:00
.gitignore Force use of portable blst in Nim bindings (#335) 2023-08-11 15:19:36 +01:00
.gitmodules Upgrade blst & remove sha256 patch (#85) 2023-01-25 20:07:15 +00:00
LICENSE Initial commit 2021-02-01 20:15:45 +00:00
README.md Fix typos/nits in README (#321) 2023-06-27 18:00:03 +03:00
go.mod Upgrade blst to v0.3.11 (#330) 2023-08-10 12:53:42 +01:00
go.sum Upgrade blst to v0.3.11 (#330) 2023-08-10 12:53:42 +01:00
kzg4844.nimble Add support for nimble package (#232) 2023-03-24 08:02:38 -05:00

README.md

C-KZG-4844

A minimal implementation of the Polynomial Commitments API for EIP-4844, written in C.

Bindings

While the core implementation is in C, bindings are available for various high-level languages, providing convenient wrappers around C functions. These bindings are intended to be used by Ethereum clients, to avoid re-implementation of crucial cryptographic functions.

Language Link
C# README
Go README
Java README
Nim README
Node.js README
Python README
Rust README

Interface functions

The C-KZG-4844 library provides implementations of the public KZG functions that are defined in the Polynomial Commitments specification. The aim is to align these functions as closely as possible with the specification.

  • blob_to_kzg_commitment
  • compute_kzg_proof
  • compute_blob_kzg_proof
  • verify_kzg_proof
  • verify_blob_kzg_proof
  • verify_blob_kzg_proof_batch

This library also provides functions for loading and freeing the trusted setup, which are not defined in the specification. These functions are intended to be executed once during the initialization process. As the name suggests, the trusted setup file is considered to be trustworthy.

  • load_trusted_setup
  • load_trusted_setup_file
  • free_trusted_setup

Remarks

Tests

All the bindings are tested against the KZG reference tests, which are defined in the consensus-spec-tests. Additionally, a suite of unit tests for internal C functions is located here.

Parallelization

The interface functions in C-KZG-4844 are single-threaded for simplicity, as implementing multi-threading across multiple platforms can be complex. While performance is important, these functions are already quite fast and efficient. For instance, verify_blob_kzg_proof is expected to finish in under 3ms on most systems.

Batched verification

When processing multiple blobs, verify_blob_kzg_proof_batch is more efficient than calling verify_blob_kzg_proof individually. In CI tests, verifying 64 blobs in batch is 53% faster per blob than verifying them individually. For a single blob, verify_blob_kzg_proof_batch calls verify_blob_kzg_proof, and the overhead is negligible.

Benchmarks

C-KZG-4844 does not include C benchmarks; however, some bindings (Go, Java, and Rust) have their own benchmarks. Including benchmarks in the bindings offers a more realistic performance estimate, as C-KZG-4844 is not expected to be used outside the bindings.

Security audit

The source code of C-KZG-4844 was audited by Sigma Prime in June 2023. You can find the audit report in the doc/audit/ directory.

Why C?

The primary reason for choosing C is that blst, the BLS12-381 signature library we wanted to use, is mostly written in C. Rust was a viable alternative, but it has some disadvantages. The C toolchain is ubiquitous, and it would be somewhat awkward for all the bindings to depend on another toolchain, such as Rust. Compared to Rust, C offers a lighter memory and binary footprint. Furthermore, C serves as the de facto language for FFI, so we could not have completely avoided using C anyway.