Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add explicit drop of toxic_waste once SRS is generated #913

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Add explicit drop of toxic_waste once SRS is generated #913

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
a56ef36
Add constant MAX_POLYNOMIAL_DEGREE, add explicit deletion of toxic_wa…
0xAdriaTorralba Sep 14, 2024
6f5de59
Merge branch 'main' of https://github.com/0xAdriaTorralba/lambdaworks
0xAdriaTorralba Sep 14, 2024
8f64225
Add tests
0xAdriaTorralba Sep 14, 2024
6d09863
Remove toxic_waste once its used
0xAdriaTorralba Dec 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
120 changes: 107 additions & 13 deletions crypto/src/commitments/kzg.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
#![deny(clippy::all)]
use super::traits::IsCommitmentScheme;
use alloc::{borrow::ToOwned, vec::Vec};
use core::{marker::PhantomData, mem};
Expand Down Expand Up @@ -283,33 +284,126 @@ mod tests {
#[allow(clippy::upper_case_acronyms)]
type KZG = KateZaveruchaGoldberg<FrField, BLS12381AtePairing>;

const MAX_POLYNOMIAL_DEGREE: usize = 100;

fn create_srs() -> StructuredReferenceString<
<BLS12381AtePairing as IsPairing>::G1Point,
<BLS12381AtePairing as IsPairing>::G2Point,
> {
let mut rng = rand::thread_rng();
let toxic_waste = FrElement::new(U256 {
let mut toxic_waste = Some(FrElement::new(U256 {
limbs: [
rng.gen::<u64>(),
rng.gen::<u64>(),
rng.gen::<u64>(),
rng.gen::<u64>(),
],
});
let g1 = BLS12381Curve::generator();
let g2 = BLS12381TwistCurve::generator();
let powers_main_group: Vec<G1> = (0..100)
.map(|exponent| {
g1.operate_with_self(toxic_waste.pow(exponent as u128).representative())
})
.collect();
let powers_secondary_group = [
g2.clone(),
g2.operate_with_self(toxic_waste.representative()),
];
}));

let powers_main_group: Vec<G1> = {
let g1 = BLS12381Curve::generator();
(0..MAX_POLYNOMIAL_DEGREE)
.map(|exponent| {
let tw = toxic_waste.as_ref().expect("toxic_waste should be available");
g1.operate_with_self(tw.pow(exponent as u128).representative())
})
.collect()
};

let powers_secondary_group = {
let g2 = BLS12381TwistCurve::generator();
[
g2.clone(),
g2.operate_with_self(
toxic_waste
.as_ref()
.expect("toxic_waste should be available")
.representative(),
),
]
};

toxic_waste = None;
assert!(toxic_waste.is_none(), "toxic_waste should be poisoned");
StructuredReferenceString::new(&powers_main_group, &powers_secondary_group)
}

#[test]
fn e2e_kzg_single_polynomial() {
// Setup phase: create the SRS
let kzg = KZG::new(create_srs());

// Commit phase: create the desired polynomial, and commit that polyonmial
let p = Polynomial::<FrElement>::new(&[
FieldElement::from(7),
FieldElement::from(5),
FieldElement::from(3),
]);
// ASSERT: the polynomial is not too large
assert!(p.degree() <= MAX_POLYNOMIAL_DEGREE);
let p_commitment: <BLS12381AtePairing as IsPairing>::G1Point = kzg.commit(&p);

// Open phase: evaluate the polynomial at the desired point i, and create the proof for that opening
let i = FieldElement::from(1); // Challenge from the verifier
let y = p.evaluate(&i); // Evaluation of the polynomial at challenge
// ASSERT: the evaluation is correct
assert_eq!(y, FieldElement::from(15));
let proof = kzg.open(&i, &y, &p);

// Verify phase: the proof should verify
// ASSERT: the proof verifies
assert!(kzg.verify(&i, &y, &p_commitment, &proof));
}

#[test]
fn e2e_kzg_batched_polynomials() {
// Setup phase: create the SRS
let kzg = KZG::new(create_srs());

// Commit phase: create the polynomials, and compute the commitments.
let p0 = Polynomial::<FrElement>::new(&[
FieldElement::from(5),
FieldElement::from(4),
-FieldElement::from(7),
]);
// ASSERT: deg(p0) < MAX_POLYNOMIAL_DEGREE
assert!(p0.degree() < MAX_POLYNOMIAL_DEGREE);
let p0_commitment: <BLS12381AtePairing as IsPairing>::G1Point = kzg.commit(&p0);

let p1 = Polynomial::<FrElement>::new(&[
FieldElement::from(1),
FieldElement::from(2),
-FieldElement::from(1),
]);
// ASSERT: deg(p1) < MAX_POLYNOMIAL_DEGREE
assert!(p1.degree() < MAX_POLYNOMIAL_DEGREE);
let p1_commitment: <BLS12381AtePairing as IsPairing>::G1Point = kzg.commit(&p1);

// Open phase: open the polynomials at point i, and compute the proof for the batch.
let i = FieldElement::from(3);

let y0 = p0.evaluate(&i);
// ASSERT: evaluation on p0 is correct
assert_eq!(y0, -FieldElement::from(46));

// ASSERT: evaluation on p1 is correct
let y1 = p1.evaluate(&i);
assert_eq!(y1, -FieldElement::from(2));

let upsilon = &FieldElement::from(1);

let proof = kzg.open_batch(&i, &[y0.clone(), y1.clone()], &[p0, p1], upsilon);

assert!(kzg.verify_batch(
&i,
&[y0, y1],
&[p0_commitment, p1_commitment],
&proof,
upsilon
));
}


#[test]
fn kzg_1() {
let kzg = KZG::new(create_srs());
Expand Down