From ca8a51fcf9b6b14135126d82e687010b0b4a57d5 Mon Sep 17 00:00:00 2001 From: Dankrad Feist Date: Mon, 6 Mar 2023 22:56:17 +0000 Subject: [PATCH] More CI tests for polynomial commitments --- .../test_polynomial_commitments.py | 98 +++++++++++++++++++ 1 file changed, 98 insertions(+) diff --git a/tests/core/pyspec/eth2spec/test/deneb/unittests/polynomial_commitments/test_polynomial_commitments.py b/tests/core/pyspec/eth2spec/test/deneb/unittests/polynomial_commitments/test_polynomial_commitments.py index 67dce5c5b..b4904580b 100644 --- a/tests/core/pyspec/eth2spec/test/deneb/unittests/polynomial_commitments/test_polynomial_commitments.py +++ b/tests/core/pyspec/eth2spec/test/deneb/unittests/polynomial_commitments/test_polynomial_commitments.py @@ -9,6 +9,24 @@ from eth2spec.test.helpers.sharding import ( get_poly_in_both_forms, eval_poly_in_coeff_form, ) +from eth2spec.utils import bls + + +BLS_MODULUS = bls.curve_order + + +def bls_add_one(x): + """ + Adds "one" (actually bls.G1()) to a compressed group element. + Useful to compute definitely incorrect proofs. + """ + return bls.G1_to_bytes48( + bls.add(bls.bytes48_to_G1(x), bls.G1()) + ) + + +def field_element_bytes(x): + return int.to_bytes(x % BLS_MODULUS, 32, "little") @with_deneb_and_later @@ -18,12 +36,53 @@ def test_verify_kzg_proof(spec, state): blob = get_sample_blob(spec) commitment = spec.blob_to_kzg_commitment(blob) polynomial = spec.blob_to_polynomial(blob) + proof = spec.compute_kzg_proof(blob, field_element_bytes(x)) + + y = spec.evaluate_polynomial_in_evaluation_form(polynomial, x) + assert spec.verify_kzg_proof(commitment, field_element_bytes(x), field_element_bytes(y), proof) + + +@with_deneb_and_later +@spec_state_test +def test_verify_kzg_proof_incorrect_proof(spec, state): + x = 3465 + blob = get_sample_blob(spec) + commitment = spec.blob_to_kzg_commitment(blob) + polynomial = spec.blob_to_polynomial(blob) + proof = spec.compute_kzg_proof(blob, field_element_bytes(x)) + proof = bls_add_one(proof) + + y = spec.evaluate_polynomial_in_evaluation_form(polynomial, x) + assert not spec.verify_kzg_proof(commitment, field_element_bytes(x), field_element_bytes(y), proof) + + +@with_deneb_and_later +@spec_state_test +def test_verify_kzg_proof_impl(spec, state): + x = spec.BLS_MODULUS - 1 + blob = get_sample_blob(spec) + commitment = spec.blob_to_kzg_commitment(blob) + polynomial = spec.blob_to_polynomial(blob) proof = spec.compute_kzg_proof_impl(polynomial, x) y = spec.evaluate_polynomial_in_evaluation_form(polynomial, x) assert spec.verify_kzg_proof_impl(commitment, x, y, proof) +@with_deneb_and_later +@spec_state_test +def test_verify_kzg_proof_impl_incorrect_proof(spec, state): + x = 324561 + blob = get_sample_blob(spec) + commitment = spec.blob_to_kzg_commitment(blob) + polynomial = spec.blob_to_polynomial(blob) + proof = spec.compute_kzg_proof_impl(polynomial, x) + proof = bls_add_one(proof) + + y = spec.evaluate_polynomial_in_evaluation_form(polynomial, x) + assert not spec.verify_kzg_proof_impl(commitment, x, y, proof) + + @with_deneb_and_later @spec_state_test def test_barycentric_outside_domain(spec, state): @@ -107,3 +166,42 @@ def test_compute_kzg_proof_within_domain(spec, state): y = spec.evaluate_polynomial_in_evaluation_form(polynomial, z) assert spec.verify_kzg_proof_impl(commitment, z, y, proof) + + +@with_deneb_and_later +@spec_state_test +def test_verify_blob_kzg_proof(spec, state): + """ + Create and verify KZG proof that p(z) == y + where z is in the domain of our KZG scheme (i.e. a relevant root of unity). + """ + blob = get_sample_blob(spec) + commitment = spec.blob_to_kzg_commitment(blob) + proof = spec.compute_blob_kzg_proof(blob) + + assert spec.verify_blob_kzg_proof(blob, commitment, proof) + + +@with_deneb_and_later +@spec_state_test +def test_verify_blob_kzg_proof_incorrect_proof(spec, state): + """ + Create and verify KZG proof that p(z) == y + where z is in the domain of our KZG scheme (i.e. a relevant root of unity). + """ + blob = get_sample_blob(spec) + commitment = spec.blob_to_kzg_commitment(blob) + proof = spec.compute_blob_kzg_proof(blob) + proof = bls_add_one(proof) + + assert not spec.verify_blob_kzg_proof(blob, commitment, proof) + + +@with_deneb_and_later +@spec_state_test +def test_validate_kzg_g1(spec, state): + """ + Verify that `validate_kzg_g1` allows the neutral element in G1 + """ + + spec.validate_kzg_g1(bls.G1_to_bytes48(bls.Z1()))