From 0250b18968085f6236eb1a7db0f746e1602ac804 Mon Sep 17 00:00:00 2001 From: Valeh Farzaliyev Date: Tue, 1 Aug 2023 13:48:15 +0000 Subject: [PATCH] kzg batch impl, verification works now --- .github/workflows/run_tests.yml | 1 + .../crypto3/zk/commitments/polynomial/kzg.hpp | 9 +- test/commitment/kzg.cpp | 185 +++++++++--------- 3 files changed, 94 insertions(+), 101 deletions(-) diff --git a/.github/workflows/run_tests.yml b/.github/workflows/run_tests.yml index 001b56323..717175533 100644 --- a/.github/workflows/run_tests.yml +++ b/.github/workflows/run_tests.yml @@ -70,6 +70,7 @@ jobs: crypto3_zk_commitment_fold_polynomial_test crypto3_zk_commitment_fri_test crypto3_zk_commitment_lpc_test + crypto3_zk_commitment_kzg_test crypto3_zk_systems_plonk_placeholder_placeholder_test crypto3_zk_transcript_kimchi_transcript_test, ] # Tests to execute diff --git a/include/nil/crypto3/zk/commitments/polynomial/kzg.hpp b/include/nil/crypto3/zk/commitments/polynomial/kzg.hpp index dc714b7c6..8f89b0e98 100644 --- a/include/nil/crypto3/zk/commitments/polynomial/kzg.hpp +++ b/include/nil/crypto3/zk/commitments/polynomial/kzg.hpp @@ -527,17 +527,12 @@ namespace nil { if (KZG::batch_size == 1) { assert(right == KZG::verification_type::one()); } - left_side_pairing = left_side_pairing + algebra::pair(left, right); + left_side_pairing = left_side_pairing * algebra::pair_reduced(left, right); factor = factor * gamma; } - typename KZG::gt_value_type one = algebra::pair(2 * KZG::commitment_type::one(), KZG::verification_type::one()); - typename KZG::gt_value_type two = algebra::pair(3 * KZG::commitment_type::one(), KZG::verification_type::one()); - typename KZG::gt_value_type three = algebra::pair(5 * KZG::commitment_type::one(), KZG::verification_type::one()); - assert(one * two == three); - auto right = commit_g2(params, create_polynom_by_zeros(public_key.T)); - auto right_side_pairing = algebra::pair(proof, right); + auto right_side_pairing = algebra::pair_reduced(proof, right); return left_side_pairing == right_side_pairing; // return true; diff --git a/test/commitment/kzg.cpp b/test/commitment/kzg.cpp index 4dc0d5954..426088be0 100644 --- a/test/commitment/kzg.cpp +++ b/test/commitment/kzg.cpp @@ -38,9 +38,6 @@ #include #include #include -#include -#include -#include #include #include @@ -56,124 +53,124 @@ using namespace nil::crypto3::math; BOOST_AUTO_TEST_SUITE(kzg_test_suite) -// BOOST_AUTO_TEST_CASE(kzg_basic_test) { +BOOST_AUTO_TEST_CASE(kzg_basic_test) { -// typedef algebra::curves::bls12<381> curve_type; -// typedef typename curve_type::base_field_type::value_type base_value_type; -// typedef typename curve_type::base_field_type base_field_type; -// typedef typename curve_type::scalar_field_type scalar_field_type; -// typedef typename curve_type::scalar_field_type::value_type scalar_value_type; + typedef algebra::curves::bls12<381> curve_type; + typedef typename curve_type::base_field_type::value_type base_value_type; + typedef typename curve_type::base_field_type base_field_type; + typedef typename curve_type::scalar_field_type scalar_field_type; + typedef typename curve_type::scalar_field_type::value_type scalar_value_type; -// typedef zk::commitments::kzg kzg_type; + typedef zk::commitments::kzg kzg_type; -// scalar_value_type alpha = 10; -// std::size_t n = 16; -// scalar_value_type z = 2; -// const polynomial f = {-1, 1, 2, 3}; + scalar_value_type alpha = 10; + std::size_t n = 16; + scalar_value_type z = 2; + const polynomial f = {-1, 1, 2, 3}; -// auto params = typename kzg_type::params_type(n, alpha); -// BOOST_CHECK(curve_type::template g1_type<>::value_type::one() == params.commitment_key[0]); -// BOOST_CHECK(alpha * curve_type::template g1_type<>::value_type::one() == params.commitment_key[1]); -// BOOST_CHECK(alpha * alpha * curve_type::template g1_type<>::value_type::one() == params.commitment_key[2]); -// BOOST_CHECK(alpha * alpha * alpha * curve_type::template g1_type<>::value_type::one() == params.commitment_key[3]); -// BOOST_CHECK(alpha * curve_type::template g2_type<>::value_type::one() == params.verification_key); + auto params = typename kzg_type::params_type(n, alpha); + BOOST_CHECK(curve_type::template g1_type<>::value_type::one() == params.commitment_key[0]); + BOOST_CHECK(alpha * curve_type::template g1_type<>::value_type::one() == params.commitment_key[1]); + BOOST_CHECK(alpha * alpha * curve_type::template g1_type<>::value_type::one() == params.commitment_key[2]); + BOOST_CHECK(alpha * alpha * alpha * curve_type::template g1_type<>::value_type::one() == params.commitment_key[3]); + BOOST_CHECK(alpha * curve_type::template g2_type<>::value_type::one() == params.verification_key); -// auto commit = zk::algorithms::commit(params, f); -// BOOST_CHECK(3209 * curve_type::template g1_type<>::value_type::one() == commit); + auto commit = zk::algorithms::commit(params, f); + BOOST_CHECK(3209 * curve_type::template g1_type<>::value_type::one() == commit); -// typename kzg_type::public_key_type pk = {commit, z, f.evaluate(z)}; -// auto proof = zk::algorithms::proof_eval(params, f, pk); + typename kzg_type::public_key_type pk = {commit, z, f.evaluate(z)}; + auto proof = zk::algorithms::proof_eval(params, f, pk); -// BOOST_CHECK(zk::algorithms::verify_eval(params, proof, pk)); -// } + BOOST_CHECK(zk::algorithms::verify_eval(params, proof, pk)); +} -// BOOST_AUTO_TEST_CASE(kzg_random_test) { +BOOST_AUTO_TEST_CASE(kzg_random_test) { -// typedef algebra::curves::bls12<381> curve_type; -// typedef typename curve_type::base_field_type::value_type base_value_type; -// typedef typename curve_type::base_field_type base_field_type; -// typedef typename curve_type::scalar_field_type scalar_field_type; -// typedef typename curve_type::scalar_field_type::value_type scalar_value_type; + typedef algebra::curves::bls12<381> curve_type; + typedef typename curve_type::base_field_type::value_type base_value_type; + typedef typename curve_type::base_field_type base_field_type; + typedef typename curve_type::scalar_field_type scalar_field_type; + typedef typename curve_type::scalar_field_type::value_type scalar_value_type; -// typedef zk::commitments::kzg kzg_type; + typedef zk::commitments::kzg kzg_type; -// std::size_t n = 298; -// scalar_value_type z = algebra::random_element(); -// const polynomial f = {-1, 1, 2, 3, 5, -15}; + std::size_t n = 298; + scalar_value_type z = algebra::random_element(); + const polynomial f = {-1, 1, 2, 3, 5, -15}; -// auto params = typename kzg_type::params_type(n); -// auto commit = zk::algorithms::commit(params, f); + auto params = typename kzg_type::params_type(n); + auto commit = zk::algorithms::commit(params, f); -// typename kzg_type::public_key_type pk = {commit, z, f.evaluate(z)}; -// auto proof = zk::algorithms::proof_eval(params, f, pk); + typename kzg_type::public_key_type pk = {commit, z, f.evaluate(z)}; + auto proof = zk::algorithms::proof_eval(params, f, pk); -// BOOST_CHECK(zk::algorithms::verify_eval(params, proof, pk)); -// } + BOOST_CHECK(zk::algorithms::verify_eval(params, proof, pk)); +} -// BOOST_AUTO_TEST_CASE(kzg_false_test) { +BOOST_AUTO_TEST_CASE(kzg_false_test) { -// typedef algebra::curves::bls12<381> curve_type; -// typedef typename curve_type::base_field_type::value_type base_value_type; -// typedef typename curve_type::base_field_type base_field_type; -// typedef typename curve_type::scalar_field_type scalar_field_type; -// typedef typename curve_type::scalar_field_type::value_type scalar_value_type; + typedef algebra::curves::bls12<381> curve_type; + typedef typename curve_type::base_field_type::value_type base_value_type; + typedef typename curve_type::base_field_type base_field_type; + typedef typename curve_type::scalar_field_type scalar_field_type; + typedef typename curve_type::scalar_field_type::value_type scalar_value_type; -// typedef zk::commitments::kzg kzg_type; + typedef zk::commitments::kzg kzg_type; -// scalar_value_type alpha = 10; -// std::size_t n = 16; -// scalar_value_type z = 5; -// const polynomial f = {100, 1, 2, 3}; + scalar_value_type alpha = 10; + std::size_t n = 16; + scalar_value_type z = 5; + const polynomial f = {100, 1, 2, 3}; -// auto params = typename kzg_type::params_type(n, alpha); + auto params = typename kzg_type::params_type(n, alpha); -// auto commit = zk::algorithms::commit(params, f); + auto commit = zk::algorithms::commit(params, f); -// typename kzg_type::public_key_type pk = {commit, z, f.evaluate(z)}; -// auto proof = zk::algorithms::proof_eval(params, f, pk); + typename kzg_type::public_key_type pk = {commit, z, f.evaluate(z)}; + auto proof = zk::algorithms::proof_eval(params, f, pk); -// BOOST_CHECK(zk::algorithms::verify_eval(params, proof, pk)); + BOOST_CHECK(zk::algorithms::verify_eval(params, proof, pk)); -// // wrong params -// auto ck2 = params.commitment_key; -// ck2[0] = ck2[0] * 2; -// auto params2 = kzg_type::params_type(ck2, params.verification_key * 2); -// BOOST_CHECK(!zk::algorithms::verify_eval(params2, proof, pk)); + // wrong params + auto ck2 = params.commitment_key; + ck2[0] = ck2[0] * 2; + auto params2 = kzg_type::params_type(ck2, params.verification_key * 2); + BOOST_CHECK(!zk::algorithms::verify_eval(params2, proof, pk)); -// // wrong commit -// auto pk2 = pk; -// pk2.commit = pk2.commit * 2; -// BOOST_CHECK(!zk::algorithms::verify_eval(params, proof, pk2)); + // wrong commit + auto pk2 = pk; + pk2.commit = pk2.commit * 2; + BOOST_CHECK(!zk::algorithms::verify_eval(params, proof, pk2)); -// // wrong eval -// pk2 = pk; -// pk2.eval *= 2; -// BOOST_CHECK(!zk::algorithms::verify_eval(params, proof, pk2)); + // wrong eval + pk2 = pk; + pk2.eval *= 2; + BOOST_CHECK(!zk::algorithms::verify_eval(params, proof, pk2)); -// // wrong proof -// { -// // wrong params -// typename kzg_type::proof_type proof2; -// bool exception = false; -// try {auto proof2 = zk::algorithms::proof_eval(params2, f, pk);} -// catch (std::runtime_error& e) {exception = true;} -// if (!exception) { -// BOOST_CHECK(proof2 != proof); -// BOOST_CHECK_MESSAGE(!zk::algorithms::verify_eval(params, proof2, pk), "wrong params"); -// } + // wrong proof + { + // wrong params + typename kzg_type::proof_type proof2; + bool exception = false; + try {auto proof2 = zk::algorithms::proof_eval(params2, f, pk);} + catch (std::runtime_error& e) {exception = true;} + if (!exception) { + BOOST_CHECK(proof2 != proof); + BOOST_CHECK_MESSAGE(!zk::algorithms::verify_eval(params, proof2, pk), "wrong params"); + } -// // wrong transcript -// exception = false; -// try {auto proof2 = zk::algorithms::proof_eval(params, f, pk2);} -// catch (std::runtime_error& e) {exception = true;} -// if (!exception) { -// BOOST_CHECK(proof2 != proof); -// BOOST_CHECK_MESSAGE(!zk::algorithms::verify_eval(params, proof2, pk), "wrong transcript"); -// } -// } -// auto proof2 = proof * 2; -// BOOST_CHECK(!zk::algorithms::verify_eval(params, proof2, pk)); -// } + // wrong transcript + exception = false; + try {auto proof2 = zk::algorithms::proof_eval(params, f, pk2);} + catch (std::runtime_error& e) {exception = true;} + if (!exception) { + BOOST_CHECK(proof2 != proof); + BOOST_CHECK_MESSAGE(!zk::algorithms::verify_eval(params, proof2, pk), "wrong transcript"); + } + } + auto proof2 = proof * 2; + BOOST_CHECK(!zk::algorithms::verify_eval(params, proof2, pk)); +} BOOST_AUTO_TEST_SUITE_END()