implemented and integrated. verification failing

lambdaclass · Jan 25, 2024 · fa9db2f · fa9db2f
1 parent 29e5388
commit fa9db2f
Show file tree

Hide file tree

Showing 10 changed files with 593 additions and 247 deletions.
diff --git a/crypto/Cargo.toml b/crypto/Cargo.toml
@@ -15,6 +15,7 @@ sha2 = { version = "0.10", default-features = false }
 # Optional
 serde = { version = "1.0", default-features = false, features = ["derive", "alloc"], optional = true }
 rayon = { version = "1.8.0", optional = true }
+rand = "0.8.5"
 
 [dev-dependencies]
 criterion = "0.4"

diff --git a/crypto/src/commitments/kzg.rs b/crypto/src/commitments/kzg.rs
@@ -1,7 +1,7 @@
 use crate::fiat_shamir::transcript::Transcript;
 
 use super::traits::IsPolynomialCommitmentScheme;
-use alloc::{borrow::ToOwned, vec::Vec};
+use alloc::vec::Vec;
 use core::{borrow::Borrow, marker::PhantomData, mem};
 use lambdaworks_math::{
     cyclic_group::IsGroup,
@@ -10,7 +10,7 @@ use lambdaworks_math::{
     field::{element::FieldElement, traits::IsPrimeField},
     msm::pippenger::msm,
     polynomial::Polynomial,
-    traits::{AsBytes, Deserializable},
+    traits::{AsBytes, ByteConversion, Deserializable},
     unsigned_integer::element::UnsignedInteger,
 };
 
@@ -154,10 +154,12 @@ impl<F: IsPrimeField, P: IsPairing> KateZaveruchaGoldberg<F, P> {
 
 impl<const N: usize, F: IsPrimeField<RepresentativeType = UnsignedInteger<N>>, P: IsPairing>
     IsPolynomialCommitmentScheme<F> for KateZaveruchaGoldberg<F, P>
+where
+    FieldElement<F>: ByteConversion,
 {
     type Commitment = P::G1Point;
     type Polynomial = Polynomial<FieldElement<F>>;
-    type Proof = Self::Commitment;
+    type Proof = P::G1Point;
     type Point = FieldElement<F>;
 
     fn commit(&self, p: &Polynomial<FieldElement<F>>) -> Self::Commitment {
@@ -193,7 +195,7 @@ impl<const N: usize, F: IsPrimeField<RepresentativeType = UnsignedInteger<N>>, P
         point: impl Borrow<Self::Point>,
         eval: &FieldElement<F>,
         p_commitment: &Self::Commitment,
-        proof: &Self::Commitment,
+        proof: &Self::Proof,
         transcript: Option<&mut dyn Transcript>,
     ) -> bool {
         let g1 = &self.srs.powers_main_group[0];
@@ -219,20 +221,21 @@ impl<const N: usize, F: IsPrimeField<RepresentativeType = UnsignedInteger<N>>, P
         point: impl Borrow<Self::Point>,
         evals: &[FieldElement<F>],
         polys: &[Polynomial<FieldElement<F>>],
-        upsilon: &FieldElement<F>,
         transcript: Option<&mut dyn Transcript>,
     ) -> Self::Commitment {
+        let transcript = transcript.unwrap();
+        let upsilon = FieldElement::<F>::from_bytes_be(&transcript.challenge()).unwrap();
         let acc_polynomial = polys
             .iter()
             .rev()
             .fold(Polynomial::zero(), |acc, polynomial| {
-                acc * upsilon.to_owned() + polynomial
+                acc * &upsilon + polynomial
             });
 
         let acc_y = evals
             .iter()
             .rev()
-            .fold(FieldElement::zero(), |acc, y| acc * upsilon.to_owned() + y);
+            .fold(FieldElement::zero(), |acc, y| acc * &upsilon + y);
 
         self.open(point, &acc_y, &acc_polynomial, None)
     }
@@ -243,22 +246,23 @@ impl<const N: usize, F: IsPrimeField<RepresentativeType = UnsignedInteger<N>>, P
         evals: &[FieldElement<F>],
         p_commitments: &[Self::Commitment],
         proof: &Self::Commitment,
-        upsilon: &FieldElement<F>,
         transcript: Option<&mut dyn Transcript>,
     ) -> bool {
+        let transcript = transcript.unwrap();
+        let upsilon = FieldElement::<F>::from_bytes_be(&transcript.challenge()).unwrap();
         let acc_commitment =
             p_commitments
                 .iter()
                 .rev()
                 .fold(P::G1Point::neutral_element(), |acc, point| {
-                    acc.operate_with_self(upsilon.to_owned().representative())
-                        .operate_with(point.borrow())
+                    acc.operate_with_self(upsilon.representative())
+                        .operate_with(point)
                 });
 
         let acc_y = evals
             .iter()
             .rev()
-            .fold(FieldElement::zero(), |acc, y| acc * upsilon.to_owned() + y);
+            .fold(FieldElement::zero(), |acc, y| acc * &upsilon + y);
         self.verify(point, &acc_y, &acc_commitment, proof, None)
     }
 }
@@ -286,7 +290,10 @@ mod tests {
         unsigned_integer::element::U256,
     };
 
-    use crate::commitments::traits::IsPolynomialCommitmentScheme;
+    use crate::{
+        commitments::traits::IsPolynomialCommitmentScheme,
+        fiat_shamir::default_transcript::DefaultTranscript,
+    };
 
     use super::{KateZaveruchaGoldberg, StructuredReferenceString};
     use rand::Rng;
@@ -355,11 +362,18 @@ mod tests {
 
         let x = FieldElement::one();
         let y0 = FieldElement::from(9000);
-        let upsilon = &FieldElement::from(1);
 
-        let proof = kzg.open_batch(&x, &[y0.clone()], &[p0], upsilon, None);
+        let mut prover_transcript = DefaultTranscript::new();
+        let proof = kzg.open_batch(&x, &[y0.clone()], &[p0], Some(&mut prover_transcript));
 
-        assert!(kzg.verify_batch(&x, &[y0], &[p0_commitment], &proof, upsilon, None));
+        let mut verifer_transcript = DefaultTranscript::new();
+        assert!(kzg.verify_batch(
+            &x,
+            &[y0],
+            &[p0_commitment],
+            &proof,
+            Some(&mut verifer_transcript)
+        ));
     }
 
     #[test]
@@ -370,23 +384,22 @@ mod tests {
 
         let x = FieldElement::one();
         let y0 = FieldElement::from(9000);
-        let upsilon = &FieldElement::from(1);
 
+        let mut prover_transcript = DefaultTranscript::new();
         let proof = kzg.open_batch(
             &x,
             &[y0.clone(), y0.clone()],
             &[p0.clone(), p0],
-            upsilon,
-            None,
+            Some(&mut prover_transcript),
         );
 
+        let mut verifer_transcript = DefaultTranscript::new();
         assert!(kzg.verify_batch(
             &x,
             &[y0.clone(), y0],
             &[p0_commitment.clone(), p0_commitment],
             &proof,
-            upsilon,
-            None
+            Some(&mut verifer_transcript),
         ));
     }
 
@@ -408,17 +421,21 @@ mod tests {
         let p1_commitment: <BLS12381AtePairing as IsPairing>::G1Point = kzg.commit(&p1);
         let y1 = p1.evaluate(&x);
 
-        let upsilon = &FieldElement::from(1);
-
-        let proof = kzg.open_batch(&x, &[y0.clone(), y1.clone()], &[p0, p1], upsilon, None);
+        let mut prover_transcript = DefaultTranscript::new();
+        let proof = kzg.open_batch(
+            &x,
+            &[y0.clone(), y1.clone()],
+            &[p0, p1],
+            Some(&mut prover_transcript),
+        );
 
+        let mut verifer_transcript = DefaultTranscript::new();
         assert!(kzg.verify_batch(
             &x,
             &[y0, y1],
             &[p0_commitment, p1_commitment],
             &proof,
-            upsilon,
-            None
+            Some(&mut verifer_transcript)
         ));
     }
 

diff --git a/crypto/src/commitments/traits.rs b/crypto/src/commitments/traits.rs
@@ -32,7 +32,6 @@ pub trait IsPolynomialCommitmentScheme<F: IsField> {
         point: impl Borrow<Self::Point>,
         eval: &[FieldElement<F>],
         polys: &[Self::Polynomial],
-        upsilon: &FieldElement<F>,
         transcript: Option<&mut dyn Transcript>,
     ) -> Self::Proof;
 
@@ -51,7 +50,6 @@ pub trait IsPolynomialCommitmentScheme<F: IsField> {
         evals: &[FieldElement<F>],
         p_commitments: &[Self::Commitment],
         proof: &Self::Proof,
-        upsilon: &FieldElement<F>,
         transcript: Option<&mut dyn Transcript>,
     ) -> bool;
 }