forked from ethereum/go-ethereum
-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
make verify_kzg_proof apis more closely mimic the specs (#46)
- Loading branch information
1 parent
bca26b3
commit e8e85fe
Showing
5 changed files
with
100 additions
and
86 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
package kzg | ||
|
||
import ( | ||
"errors" | ||
"fmt" | ||
|
||
"github.com/protolambda/go-kzg/bls" | ||
|
||
"github.com/ethereum/go-ethereum/crypto" | ||
"github.com/ethereum/go-ethereum/params" | ||
) | ||
|
||
// VerifyKZGProof implements verify_kzg_proof from the EIP-4844 consensus spec: | ||
// https://github.com/ethereum/consensus-specs/blob/dev/specs/eip4844/polynomial-commitments.md#verify_kzg_proof | ||
func VerifyKZGProof(polynomialKZG [48]byte, z *bls.Fr, y *bls.Fr, kzgProof [48]byte) (bool, error) { | ||
polynomialKZGG1, err := bls.FromCompressedG1(polynomialKZG[:]) | ||
if err != nil { | ||
return false, fmt.Errorf("failed to decode polynomialKZG: %v", err) | ||
} | ||
kzgProofG1, err := bls.FromCompressedG1(kzgProof[:]) | ||
if err != nil { | ||
return false, fmt.Errorf("failed to decode kzgProof: %v", err) | ||
} | ||
return VerifyKZGProofFromPoints(polynomialKZGG1, z, y, kzgProofG1), nil | ||
} | ||
|
||
func VerifyKZGProofFromPoints(polynomialKZG *bls.G1Point, z *bls.Fr, y *bls.Fr, kzgProof *bls.G1Point) bool { | ||
var zG2 bls.G2Point | ||
bls.MulG2(&zG2, &bls.GenG2, z) | ||
var yG1 bls.G1Point | ||
bls.MulG1(&yG1, &bls.GenG1, y) | ||
|
||
var xMinusZ bls.G2Point | ||
bls.SubG2(&xMinusZ, &kzgSetupG2[1], &zG2) | ||
var pMinusY bls.G1Point | ||
bls.SubG1(&pMinusY, polynomialKZG, &yG1) | ||
|
||
return bls.PairingsVerify(&pMinusY, &bls.GenG2, kzgProof, &xMinusZ) | ||
} | ||
|
||
// KZGToVersionedHash implements kzg_to_versioned_hash from EIP-4844 | ||
func KZGToVersionedHash(kzg [48]byte) [32]byte { | ||
h := crypto.Keccak256Hash(kzg[:]) | ||
h[0] = params.BlobCommitmentVersionKZG | ||
return h | ||
} | ||
|
||
// PointEvaluationPrecompile implements point_evaluation_precompile from EIP-4844 | ||
func PointEvaluationPrecompile(input []byte) ([]byte, error) { | ||
if len(input) != 192 { | ||
return nil, errors.New("invalid input length") | ||
} | ||
|
||
// versioned hash: first 32 bytes | ||
var versionedHash [32]byte | ||
copy(versionedHash[:], input[:32]) | ||
|
||
var x, y [32]byte | ||
// Evaluation point: next 32 bytes | ||
copy(x[:], input[32:64]) | ||
// Expected output: next 32 bytes | ||
copy(y[:], input[64:96]) | ||
|
||
// successfully converting x and y to bls.Fr confirms they are < MODULUS per the spec | ||
var xFr, yFr bls.Fr | ||
ok := bls.FrFrom32(&xFr, x) | ||
if !ok { | ||
return nil, errors.New("invalid evaluation point") | ||
} | ||
ok = bls.FrFrom32(&yFr, y) | ||
if !ok { | ||
return nil, errors.New("invalid expected output") | ||
} | ||
|
||
// input kzg point: next 48 bytes | ||
var dataKZG [48]byte | ||
copy(dataKZG[:], input[96:144]) | ||
if KZGToVersionedHash(dataKZG) != versionedHash { | ||
return nil, errors.New("mismatched versioned hash") | ||
} | ||
|
||
// Quotient kzg: next 48 bytes | ||
var quotientKZG [48]byte | ||
copy(quotientKZG[:], input[144:192]) | ||
|
||
ok, err := VerifyKZGProof(dataKZG, &xFr, &yFr, quotientKZG) | ||
if err != nil { | ||
return nil, fmt.Errorf("verify_kzg_proof error: %v", err) | ||
} | ||
if !ok { | ||
return nil, errors.New("failed to verify kzg proof") | ||
} | ||
return []byte{}, nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters