From ff340068079a26a28e1695beb43e75b5dc011110 Mon Sep 17 00:00:00 2001 From: George Kadianakis Date: Wed, 9 Nov 2022 14:01:47 +0200 Subject: [PATCH 1/2] Refactor `verify_kzg_proof()` to receive bytes (used in precompile) This way, client devs don't need to convert to field elements themselves, and the KZG library takes care fo it. --- specs/eip4844/polynomial-commitments.md | 23 ++++++++++++++++--- .../test_polynomial_commitments.py | 2 +- 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/specs/eip4844/polynomial-commitments.md b/specs/eip4844/polynomial-commitments.md index 2c142c04b..05e19c22a 100644 --- a/specs/eip4844/polynomial-commitments.md +++ b/specs/eip4844/polynomial-commitments.md @@ -32,6 +32,7 @@ - [KZG](#kzg) - [`blob_to_kzg_commitment`](#blob_to_kzg_commitment) - [`verify_kzg_proof`](#verify_kzg_proof) + - [`verify_kzg_proof_impl`](#verify_kzg_proof_impl) - [`compute_kzg_proof`](#compute_kzg_proof) - [`compute_aggregated_poly_and_commitment`](#compute_aggregated_poly_and_commitment) - [`compute_aggregate_kzg_proof`](#compute_aggregate_kzg_proof) @@ -296,11 +297,27 @@ def blob_to_kzg_commitment(blob: Blob) -> KZGCommitment: ```python def verify_kzg_proof(polynomial_kzg: KZGCommitment, - z: BLSFieldElement, - y: BLSFieldElement, + z: Bytes32, + y: Bytes32, kzg_proof: KZGProof) -> bool: """ Verify KZG proof that ``p(z) == y`` where ``p(z)`` is the polynomial represented by ``polynomial_kzg``. + Receives inputs as bytes. + Public method. + """ + return verify_kzg_proof_impl(polynomial_kzg, bytes_to_bls_field(z), bytes_to_bls_field(y), kzg_proof) +``` + + +#### `verify_kzg_proof_impl` + +```python +def verify_kzg_proof_impl(polynomial_kzg: KZGCommitment, + z: BLSFieldElement, + y: BLSFieldElement, + kzg_proof: KZGProof) -> bool: + """ + Verify KZG proof that ``p(z) == y`` where ``p(z)`` is the polynomial represented by ``polynomial_kzg``. """ # Verify: P - y = Q * (X - z) X_minus_z = bls.add(bls.bytes96_to_G2(KZG_SETUP_G2[1]), bls.multiply(bls.G2, BLS_MODULUS - z)) @@ -390,5 +407,5 @@ def verify_aggregate_kzg_proof(blobs: Sequence[Blob], y = evaluate_polynomial_in_evaluation_form(aggregated_poly, evaluation_challenge) # Verify aggregated proof - return verify_kzg_proof(aggregated_poly_commitment, evaluation_challenge, y, kzg_aggregated_proof) + return verify_kzg_proof_impl(aggregated_poly_commitment, evaluation_challenge, y, kzg_aggregated_proof) ``` diff --git a/tests/core/pyspec/eth2spec/test/eip4844/unittests/polynomial_commitments/test_polynomial_commitments.py b/tests/core/pyspec/eth2spec/test/eip4844/unittests/polynomial_commitments/test_polynomial_commitments.py index dea6aeb8c..3e9e2cb63 100644 --- a/tests/core/pyspec/eth2spec/test/eip4844/unittests/polynomial_commitments/test_polynomial_commitments.py +++ b/tests/core/pyspec/eth2spec/test/eip4844/unittests/polynomial_commitments/test_polynomial_commitments.py @@ -17,4 +17,4 @@ def test_verify_kzg_proof(spec, state): proof = spec.compute_kzg_proof(polynomial, x) y = spec.evaluate_polynomial_in_evaluation_form(polynomial, x) - assert spec.verify_kzg_proof(commitment, x, y, proof) + assert spec.verify_kzg_proof_impl(commitment, x, y, proof) From fcac0b5c6976648af7ae825d3e3daba4d04ed179 Mon Sep 17 00:00:00 2001 From: George Kadianakis Date: Wed, 9 Nov 2022 14:02:56 +0200 Subject: [PATCH 2/2] Clarify which functions are public and provided by the KZG library --- specs/eip4844/polynomial-commitments.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/specs/eip4844/polynomial-commitments.md b/specs/eip4844/polynomial-commitments.md index 05e19c22a..62bd8441c 100644 --- a/specs/eip4844/polynomial-commitments.md +++ b/specs/eip4844/polynomial-commitments.md @@ -46,6 +46,8 @@ This document specifies basic polynomial operations and KZG polynomial commitment operations as they are needed for the EIP-4844 specification. The implementations are not optimized for performance, but readability. All practical implementations should optimize the polynomial operations. +Functions flagged as "Public method" MUST be provided by the underlying KZG library as public functions. All other functions are private functions used internally by the KZG library. + ## Custom types | Name | SSZ equivalent | Description | @@ -290,6 +292,9 @@ KZG core functions. These are also defined in EIP-4844 execution specs. ```python def blob_to_kzg_commitment(blob: Blob) -> KZGCommitment: + """ + Public method. + """ return g1_lincomb(bit_reversal_permutation(KZG_SETUP_LAGRANGE), blob_to_polynomial(blob)) ``` @@ -384,6 +389,9 @@ def compute_aggregated_poly_and_commitment( ```python def compute_aggregate_kzg_proof(blobs: Sequence[Blob]) -> KZGProof: + """ + Public method. + """ commitments = [blob_to_kzg_commitment(blob) for blob in blobs] aggregated_poly, aggregated_poly_commitment, evaluation_challenge = compute_aggregated_poly_and_commitment( blobs, @@ -398,6 +406,9 @@ def compute_aggregate_kzg_proof(blobs: Sequence[Blob]) -> KZGProof: def verify_aggregate_kzg_proof(blobs: Sequence[Blob], expected_kzg_commitments: Sequence[KZGCommitment], kzg_aggregated_proof: KZGCommitment) -> bool: + """ + Public method. + """ aggregated_poly, aggregated_poly_commitment, evaluation_challenge = compute_aggregated_poly_and_commitment( blobs, expected_kzg_commitments,