status-im
/
eth2.0-specs
mirror of https://github.com/status-im/eth2.0-specs.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

push @asn-d6 suggestions

This commit is contained in:
Kevaundray Wedderburn 2024-04-22 09:57:58 +01:00
parent 4684c5748c
commit dca048d8df
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
specs/_features/eip7594/polynomial-commitments-sampling.md
View File

@ -311,12 +311,12 @@ def compute_kzg_proof_multi_impl(
Compute a KZG multi-evaluation proof for a set of `k` points.
This is done by committing to the following quotient polynomial:
Q(X) = f(X) - r(X) / Z(X)
Q(X) = f(X) - I(X) / Z(X)
Where:
- r(X) is the degree `k-1` polynomial that agrees with f(x) at all `k` points
- I(X) is the degree `k-1` polynomial that agrees with f(x) at all `k` points
- Z(X) is the degree `k` polynomial that evaluates to zero on all `k` points
We further note that since the degree of r(X) is less than the degree of Z(X),
We further note that since the degree of I(X) is less than the degree of Z(X),
the computation can be simplified in monomial form to Q(X) = f(X) / Z(X)
"""
@ -343,23 +343,23 @@ def verify_kzg_proof_multi_impl(commitment: KZGCommitment,
Verify a KZG multi-evaluation proof for a set of `k` points.
This is done by checking if the following equation holds:
Q(x) Z(x) = f(X) - r(X)
Q(x) Z(x) = f(X) - I(X)
Where:
f(X) is the polynomial that we want to show opens at `k` points to `k` values
f(X) is the polynomial that we want to verify opens at `k` points to `k` values
Q(X) is the quotient polynomial computed by the prover
r(X) is the degree `k-1` polynomial that agrees with f(x) at all `k` points
I(X) is the degree k-1 polynomial that evaluates to `ys` at all `zs`` points
Z(X) is the polynomial that evaluates to zero on all `k` points
The verifier receives the commitments to Q(X) and f(X), so they check the equation
holds by using the following pairing equation:
e([Q(X)]_1, [Z(X)]_2) == e([f(X)]_1 - [r(X)]_1, [1]_2)
e([Q(X)]_1, [Z(X)]_2) == e([f(X)]_1 - [I(X)]_1, [1]_2)
"""
assert len(zs) == len(ys)
# Compute [Z(X)]_2
zero_poly = g2_lincomb(KZG_SETUP_G2_MONOMIAL[:len(zs) + 1], vanishing_polynomialcoeff(zs))
# Compute [r(X)]_1
# Compute [I(X)]_1
interpolated_poly = g1_lincomb(KZG_SETUP_G1_MONOMIAL[:len(zs)], interpolate_polynomialcoeff(zs, ys))
return (bls.pairing_check([