Skip to content

Commit

Permalink
add open commitment utils (Layr-Labs#446)
Browse files Browse the repository at this point in the history
Co-authored-by: Bowen Xue <[email protected]>
  • Loading branch information
bxue-l2 and Bowen Xue authored Apr 29, 2024
1 parent 80252c3 commit 3620b7c
Show file tree
Hide file tree
Showing 2 changed files with 239 additions and 0 deletions.
134 changes: 134 additions & 0 deletions encoding/utils/openCommitment/open_commitment.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,134 @@
package openCommitment

import (
"errors"
"fmt"
"math/big"

"github.com/consensys/gnark-crypto/ecc"
"github.com/consensys/gnark-crypto/ecc/bn254"
"github.com/consensys/gnark-crypto/ecc/bn254/fr"
)

// Implement https://github.com/ethereum/consensus-specs/blob/017a8495f7671f5fff2075a9bfc9238c1a0982f8/specs/deneb/polynomial-commitments.md#compute_kzg_proof_impl
func ComputeKzgProof(
evalFr []fr.Element,
index int,
G1srsLagrange []bn254.G1Affine,
rootOfUnities []fr.Element,
) (*bn254.G1Affine, *fr.Element, error) {
if len(evalFr) != len(rootOfUnities) {
return nil, nil, fmt.Errorf("inconsistent length between blob and root of unities")
}
if index < 0 || index >= len(evalFr) {
return nil, nil, fmt.Errorf("the function only opens points within a blob")
}

polyShift := make([]fr.Element, len(evalFr))

valueFr := evalFr[index]

zFr := rootOfUnities[index]

for i := 0; i < len(polyShift); i++ {
polyShift[i].Sub(&evalFr[i], &valueFr)
}

denomPoly := make([]fr.Element, len(rootOfUnities))

for i := 0; i < len(evalFr); i++ {
denomPoly[i].Sub(&rootOfUnities[i], &zFr)
}

quotientPoly := make([]fr.Element, len(rootOfUnities))
for i := 0; i < len(quotientPoly); i++ {
if denomPoly[i].IsZero() {
quotientPoly[i] = computeQuotientEvalOnDomain(zFr, evalFr, valueFr, rootOfUnities)
} else {
quotientPoly[i].Div(&polyShift[i], &denomPoly[i])
}
}

config := ecc.MultiExpConfig{}

var proof bn254.G1Affine
_, err := proof.MultiExp(G1srsLagrange, quotientPoly, config)
if err != nil {
return nil, nil, err
}

return &proof, &valueFr, nil
}

func VerifyKzgProof(G1Gen, commitment, proof bn254.G1Affine, G2Gen, G2tau bn254.G2Affine, valueFr, zFr fr.Element) error {

var valueG1 bn254.G1Affine
var valueBig big.Int
valueG1.ScalarMultiplication(&G1Gen, valueFr.BigInt(&valueBig))

var commitMinusValue bn254.G1Affine
commitMinusValue.Sub(&commitment, &valueG1)

var zG2 bn254.G2Affine
zG2.ScalarMultiplication(&G2Gen, zFr.BigInt(&valueBig))

var xMinusZ bn254.G2Affine
xMinusZ.Sub(&G2tau, &zG2)

return PairingsVerify(&commitMinusValue, &G2Gen, &proof, &xMinusZ)
}

func PairingsVerify(a1 *bn254.G1Affine, a2 *bn254.G2Affine, b1 *bn254.G1Affine, b2 *bn254.G2Affine) error {
var negB1 bn254.G1Affine
negB1.Neg(b1)

P := [2]bn254.G1Affine{*a1, negB1}
Q := [2]bn254.G2Affine{*a2, *b2}

ok, err := bn254.PairingCheck(P[:], Q[:])
if err != nil {
return err
}
if !ok {
return errors.New("pairingCheck pairing not ok")
}

return nil
}

func CommitInLagrange(evalFr []fr.Element, G1srsLagrange []bn254.G1Affine) (*bn254.G1Affine, error) {
config := ecc.MultiExpConfig{}

var proof bn254.G1Affine
_, err := proof.MultiExp(G1srsLagrange, evalFr, config)
if err != nil {
return nil, err
}
return &proof, nil
}

// Implement https://github.com/ethereum/consensus-specs/blob/017a8495f7671f5fff2075a9bfc9238c1a0982f8/specs/deneb/polynomial-commitments.md#compute_quotient_eval_within_domain
func computeQuotientEvalOnDomain(zFr fr.Element, evalFr []fr.Element, valueFr fr.Element, rootOfunities []fr.Element) fr.Element {
var quotient fr.Element
var f_i, numerator, denominator, temp fr.Element

for i := 0; i < len(rootOfunities); i++ {
omega_i := rootOfunities[i]
if omega_i.Equal(&zFr) {
continue
}

f_i.Sub(&evalFr[i], &valueFr)
numerator.Mul(&f_i, &omega_i)

denominator.Sub(&zFr, &omega_i)
denominator.Mul(&denominator, &zFr)

numerator.Mul(&f_i, &omega_i)
temp.Div(&numerator, &denominator)

quotient.Add(&quotient, &temp)

}
return quotient
}
105 changes: 105 additions & 0 deletions encoding/utils/openCommitment/open_commitment_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
package openCommitment_test

import (
"crypto/rand"
"log"
"math/big"
"runtime"
"testing"

"github.com/Layr-Labs/eigenda/encoding"
"github.com/Layr-Labs/eigenda/encoding/kzg"
kzgProver "github.com/Layr-Labs/eigenda/encoding/kzg/prover"
"github.com/Layr-Labs/eigenda/encoding/rs"
"github.com/Layr-Labs/eigenda/encoding/utils/codec"
oc "github.com/Layr-Labs/eigenda/encoding/utils/openCommitment"

"github.com/consensys/gnark-crypto/ecc/bn254"
"github.com/consensys/gnark-crypto/ecc/bn254/fr"
"github.com/stretchr/testify/require"
)

var (
gettysburgAddressBytes = []byte("Fourscore and seven years ago our fathers brought forth, on this continent, a new nation, conceived in liberty, and dedicated to the proposition that all men are created equal. Now we are engaged in a great civil war, testing whether that nation, or any nation so conceived, and so dedicated, can long endure. We are met on a great battle-field of that war. We have come to dedicate a portion of that field, as a final resting-place for those who here gave their lives, that that nation might live. It is altogether fitting and proper that we should do this. But, in a larger sense, we cannot dedicate, we cannot consecrate—we cannot hallow—this ground. The brave men, living and dead, who struggled here, have consecrated it far above our poor power to add or detract. The world will little note, nor long remember what we say here, but it can never forget what they did here. It is for us the living, rather, to be dedicated here to the unfinished work which they who fought here have thus far so nobly advanced. It is rather for us to be here dedicated to the great task remaining before us—that from these honored dead we take increased devotion to that cause for which they here gave the last full measure of devotion—that we here highly resolve that these dead shall not have died in vain—that this nation, under God, shall have a new birth of freedom, and that government of the people, by the people, for the people, shall not perish from the earth.")
kzgConfig *kzg.KzgConfig
numNode uint64
numSys uint64
numPar uint64
)

func TestOpenCommitment(t *testing.T) {
log.Println("Setting up suite")

kzgConfig = &kzg.KzgConfig{
G1Path: "../../../inabox/resources/kzg/g1.point",
G2Path: "../../../inabox/resources/kzg/g2.point",
G2PowerOf2Path: "../../../inabox/resources/kzg/g2.point.powerOf2",
CacheDir: "../../../inabox/resources/kzg/SRSTables",
SRSOrder: 3000,
SRSNumberToLoad: 3000,
NumWorker: uint64(runtime.GOMAXPROCS(0)),
}

// input evaluation
validInput := codec.ConvertByPaddingEmptyByte(gettysburgAddressBytes)
inputFr, err := rs.ToFrArray(validInput)
require.Nil(t, err)

frLen := uint64(len(inputFr))
paddedInputFr := make([]fr.Element, encoding.NextPowerOf2(frLen))
// pad input Fr to power of 2 for computing FFT
for i := 0; i < len(paddedInputFr); i++ {
if i < len(inputFr) {
paddedInputFr[i].Set(&inputFr[i])
} else {
paddedInputFr[i].SetZero()
}
}

// we need prover only to access kzg SRS, and get kzg commitment of encoding
group, err := kzgProver.NewProver(kzgConfig, true)
require.Nil(t, err)

// get root of unit for blob
numNode = 4
numSys = 4
numPar = 0
numOpenChallenge := 10

params := encoding.ParamsFromSysPar(numSys, numPar, uint64(len(validInput)))
enc, err := group.GetKzgEncoder(params)
require.Nil(t, err)
rootOfUnities := enc.Fs.ExpandedRootsOfUnity[:len(enc.Fs.ExpandedRootsOfUnity)-1]

// Lagrange basis SRS in normal order, not butterfly
lagrangeG1SRS, err := enc.Fs.FFTG1(group.Srs.G1[:len(paddedInputFr)], true)
require.Nil(t, err)

// commit in lagrange form
commitLagrange, err := oc.CommitInLagrange(paddedInputFr, lagrangeG1SRS)
require.Nil(t, err)

modulo := big.NewInt(int64(len(inputFr)))
// pick a random place in the blob to open
for k := 0; k < numOpenChallenge; k++ {

indexBig, err := rand.Int(rand.Reader, modulo)
require.Nil(t, err)

index := int(indexBig.Int64())

// open at index on the kzg
proof, valueFr, err := oc.ComputeKzgProof(paddedInputFr, index, lagrangeG1SRS, rootOfUnities)
require.Nil(t, err)

_, _, g1Gen, g2Gen := bn254.Generators()

err = oc.VerifyKzgProof(g1Gen, *commitLagrange, *proof, g2Gen, group.Srs.G2[1], *valueFr, rootOfUnities[index])
require.Nil(t, err)

require.Equal(t, *valueFr, inputFr[index])

//valueBytse := valueFr.Bytes()
//fmt.Println("value Byte", string(valueBytse[1:]))
}
}

0 comments on commit 3620b7c

Please sign in to comment.