kzg 0.1.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4ef0ee512428138b4158c95a1ff67254af2926668a45e812df640725108a2d9b
-  data.tar.gz: e1673fafdefa436f0c10aa7639ba68431831777718a38ecd5374101847a41fea
+  metadata.gz: 1d030fcbbf815eafe9c538839946e6337c2e9c60f1bcce5de79172b453c96fe9
+  data.tar.gz: 68c3d99c0cb6fea2f16e3617df6d198cae2cb352f22cd66c982ba362731a778c
 SHA512:
-  metadata.gz: 7a78076f208b2397f6c2dddd271dbe3ed47ba0ae1794b06451647639b70989f10bc5f52d6cd3ef80fe9fd1fe49535bfa3fb4b168402c4a2c87be9ade0cebfb6b
-  data.tar.gz: dc12b60adf07dd975c05cf44c0b3c01002714d7d11e9f2cee340b1b89097b253386ae9109f4859d1eba28e267928f90f7afe9ea17449ccf8cfa25da293d4b281
+  metadata.gz: a3cae69f35050d6dba026231c2d783204359140a94e406676fb178ff58cc1bdbe1a1e2e73124ea29679a4d5c3b95c22b0c5b90d1d7a2ea4c394bf9317b4926a4
+  data.tar.gz: 1d21a4db43881ce872e41954b116cee5603ee80a8b8e3b7e7b7efc01c317d9addb5c9cc78b07a84898279be41d0b941166ee6840e90be95e92929298e89f32ec

data/.rubocop.yml

@@ -10,7 +10,7 @@ RSpec/ExampleLength:
 Metrics:
   Enabled: false
 RSpec/MultipleExpectations:
-  Max: 5
+  Enabled: false
 Style/IfUnlessModifier:
   Enabled: false
 Style/WhileUntilModifier:

data/Gemfile

@@ -12,4 +12,6 @@ gem 'rspec', '~> 3.0'
 gem 'prettier'
 
 gem 'rubocop-rake'
-gem 'rubocop-rspec'
+gem 'rubocop-rspec'
+
+gem 'parallel_tests'

data/README.md

@@ -61,7 +61,19 @@ The committer can compute proof that the value of the polynomial (f(x)) for any
 proof = commitment.compute_proof(35)
 ```
 
-This proof is point in the `BLS::PointG1`.
+This proof is a point in the `BLS::PointG1`.
+
+#### Multi proof
+
+A multi-proof for disclosing multiple x values is created as follows:
+
+```ruby
+x = [1, 2, 3]
+
+multi_proof = commitment.compute_multi_proof(x)
+```
+
+This proof is a point in the `BLS::PointG1`.
 
 ### Verify
 
@@ -73,6 +85,16 @@ y = 808951170278371
 setting.valid_proof?(commitment.value, proof, x, y)
 ```
 
+#### Multi proof
+
+The validity of multiple proofs disclosing more than one value can be verified as follows:
+
+```ruby
+x = [1, 2, 3]
+y = [55, 9217, 280483]
+setting.valid_multi_proof?(commitment.value, multi_proof, x, y)
+```
+
 ### Use as vector commitment
 
 When used as a Vector commitment, the value to be committed is encoded in a polynomial expression as the evaluated value of the polynomial.

data/kzg.gemspec

@@ -29,7 +29,7 @@ Gem::Specification.new do |spec|
 
   # Uncomment to register a new dependency of your gem
   # spec.add_dependency "example-gem", "~> 1.0"
-  spec.add_dependency 'bls12-381', '>= 0.2.1'
+  spec.add_dependency 'bls12-381', '>= 0.2.2'
 
   # For more information and examples about making a new gem, checkout our
   # guide at: https://bundler.io/guides/creating_gem.html

data/lib/kzg/commitment.rb

@@ -7,11 +7,19 @@ module KZG
 
     # Create commitment
     # @param [KZG::Setting] setting
-    # @param [Array(Integer | BLS::Fr)] coeffs Coefficients of polynomial equation.
-    def initialize(setting, polynomial, value)
+    # @param [KZG::Polynomial] polynomial
+    def initialize(setting, polynomial)
       @setting = setting
       @polynomial = polynomial
-      @value = value
+      @value =
+        polynomial
+          .coeffs
+          .map
+          .with_index do |c, i|
+            c = c.is_a?(BLS::Fr) ? c : BLS::Fr.new(c)
+            c.value.zero? ? BLS::PointG1::ZERO : setting.g1_points[i] * c
+          end
+          .inject(&:+)
     end
 
     # Create commitment using coefficients.
@@ -22,25 +30,30 @@ module KZG
         raise KZG::Error,
               "coeffs length is greater than the number of secret parameters."
       end
-      value =
-        coeffs
-          .map
-          .with_index do |c, i|
-            setting.g1_points[i] * (c.is_a?(BLS::Fr) ? c : BLS::Fr.new(c))
-          end
-          .inject(&:+)
-      Commitment.new(setting, KZG::Polynomial.new(coeffs), value)
+      Commitment.new(setting, KZG::Polynomial.new(coeffs))
     end
 
     # Compute KZG proof for polynomial in coefficient form at position x.
     # @param [Integer] x Position
     # @return [BLS::PointG1] Proof.
     def compute_proof(x)
-      divisor = Array.new(2)
-      divisor[0] = BLS::Fr.new(x).negate
-      divisor[1] = BLS::Fr::ONE
-      quotient_poly = polynomial.poly_long_div(divisor)
-      Commitment.from_coeffs(setting, quotient_poly).value
+      divisor = Polynomial.new([BLS::Fr.new(x).negate, BLS::Fr::ONE])
+      quotient_poly = polynomial / divisor
+      Commitment.new(setting, quotient_poly).value
+    end
+
+    # Compute KZG multi proof using list of x coordinate.
+    # @param [Array(Integer)] x An array of x coordinate.
+    # @return [BLS::PointG1]
+    def compute_multi_proof(x)
+      y = x.map { |i| polynomial.eval_at(i) }
+      # compute i(x)
+      i_poly = Polynomial.lagrange_interpolate(x, y)
+      # compute z(x)
+      z_poly = Polynomial.zero_poly(x)
+      # compute q(x) = (p(x) - i(x)) / z(x)
+      quotient_poly = (polynomial - i_poly) / z_poly
+      Commitment.new(setting, quotient_poly).value
     end
   end
 end

data/lib/kzg/polynomial.rb

@@ -37,34 +37,95 @@ module KZG
       Polynomial.new(coeffs)
     end
 
-    # Evaluates a polynomial expression with the specified value +x+.
-    # @param [Integer|BLS::Fr] x
-    # @return [BLS::Fr]
+    # Create polynomial from array of x coordinate like f(x) = (x - x0)(x - x1)...(x - xn)
+    # @param [Array(Integer)] x An array of x coordinate.
+    # @return [KZG::Polynomial]
+    def self.zero_poly(x)
+      poleis =
+        x.map { |v| Polynomial.new([BLS::Fr.new(v).negate, BLS::Fr::ONE]) }
+      poleis[1..].inject(poleis.first) { |result, poly| result * poly }
+    end
+
+    # Evaluate polynomial for given +x+ using Horner's method.
+    # @param [Integer | BLS::Fr] x
+    # @return [BLS::Fr] Evaluated value.
     def eval_at(x)
-      power = x.is_a?(BLS::Fr) ? x : BLS::Fr.new(x)
-      sum = coeffs.first
-      coeffs[1..].each do |c|
-        sum += c * power
-        power *= power
+      x = x.is_a?(BLS::Fr) ? x : BLS::Fr.new(x)
+      return BLS::Fr::ZERO if coeffs.empty?
+      return coeffs.first if x.value.zero?
+      last = coeffs[coeffs.length - 1]
+      (coeffs.length - 2).step(0, -1) do |i|
+        tmp = last * x
+        last = tmp + coeffs[i]
+      end
+      last
+    end
+
+    # Returns a new polynomial that is the sum of the given polynomial and this polynomial.
+    # @param [KZG::Polynomial] other
+    # @return [KZG::Polynomial] Sum of polynomial.
+    # @raise ArgumentError
+    def add(other)
+      unless other.is_a?(Polynomial)
+        raise ArgumentError, "add target must be Polynomial"
       end
-      sum
+
+      sum = process(coeffs, other.coeffs) { |a, b| a + b }
+      Polynomial.new(sum)
+    end
+    alias + add
+
+    # Returns a new polynomial subtracting the given polynomial from self.
+    # @param [KZG::Polynomial] other
+    # @return [KZG::Polynomial] Subtracted polynomial.
+    # @raise ArgumentError
+    def sub(other)
+      unless other.is_a?(Polynomial)
+        raise ArgumentError, "subtract target must be Polynomial"
+      end
+
+      Polynomial.new(process(coeffs, other.coeffs) { |a, b| a - b })
     end
+    alias - sub
 
-    # Long polynomial division for two polynomials in coefficient form
-    # @param [Array(BLS::Fr)] divisor Array of divisor.
-    # @return [Array(BLS::Fr)]
-    def poly_long_div(divisor)
-      a = coeffs
+    # Return a new polynomial that multiply self and the given polynomial.
+    # @param [KZG::Polynomial] other Other polynomial
+    # @return [KZG::Polynomial] Multiplied polynomial
+    # @return ArgumentError
+    def multiply(other)
+      unless other.is_a?(Polynomial)
+        raise ArgumentError, "multiply target must be Polynomial"
+      end
+      new_coeffs = Array.new(coeffs.length + other.coeffs.length - 1)
+      coeffs.each.with_index do |a, i|
+        other.coeffs.each.with_index do |b, j|
+          k = i + j
+          new_coeffs[k] = a * b + (new_coeffs[k] || BLS::Fr::ZERO)
+        end
+      end
+      Polynomial.new(new_coeffs)
+    end
+    alias * multiply
+
+    # Return a new polynomial that divide self and the given polynomial, i.e. self / other.
+    # @param [KZG::Polynomial] other Other polynomial
+    # @return [KZG::Polynomial] Divided polynomial
+    # @return ArgumentError
+    def div(other)
+      unless other.is_a?(Polynomial)
+        raise ArgumentError, "divide target must be Polynomial"
+      end
+      a = coeffs.dup
       a_pos = a.length - 1
-      b_pos = divisor.length - 1
+      b_pos = other.coeffs.length - 1
       diff = a_pos - b_pos
       quotient_poly = []
 
       while diff >= 0
-        quot = a[a_pos] / divisor[b_pos]
+        quot = a[a_pos] / other.coeffs[b_pos]
         i = b_pos
         while i >= 0
-          tmp = quot * divisor[i]
+          tmp = quot * other.coeffs[i]
           tmp2 = a[diff + i] - tmp
           a[diff + i] = tmp2
           i -= 1
@@ -73,7 +134,24 @@ module KZG
         a_pos -= 1
         diff -= 1
       end
-      quotient_poly
+      Polynomial.new(quotient_poly)
+    end
+    alias / div
+
+    def ==(other)
+      return false unless other.is_a?(Polynomial)
+      coeffs == other.coeffs
+    end
+
+    private
+
+    def process(a, b)
+      length = [a.length, b.length].max
+      length.times.map do |i|
+        c1 = i < a.length ? a[i] : BLS::Fr::ZERO
+        c2 = i < b.length ? b[i] : BLS::Fr::ZERO
+        yield(c1, c2)
+      end
     end
   end
 end

data/lib/kzg/setting.rb

@@ -5,12 +5,10 @@ module KZG
   class Setting
     attr_reader :g1_points, :g2_points
 
-    # @param [Array[BLS::PointG1]] g1s
-    # @param [Array[BLS::PointG2]] g2s
+    # @param [Array(BLS::PointG1)] g1_points
+    # @param [Array(BLS::PointG2)] g2_points
     def initialize(g1_points, g2_points)
-      if !g1_points.is_a?(Array) || !g2_points.is_a?(Array)
-        raise KZG::Error, "g1_points and g2_points must be array."
-      end
+      raise KZG::Error, "g1_points must be array." unless g1_points.is_a?(Array)
       unless g1_points.all? { |g| g.is_a?(BLS::PointG1) }
         raise KZG::Error, "All elements of g1_points must be BLS::PointG1."
       end
@@ -34,8 +32,8 @@ module KZG
     def valid_proof?(commit_point, proof, x, y)
       x = x.is_a?(BLS::Fr) ? x : BLS::Fr.new(x)
       y = y.is_a?(BLS::Fr) ? y : BLS::Fr.new(y)
-      xg2 = BLS::PointG2::BASE * x
-      yg = BLS::PointG1::BASE * y
+      xg2 = x.value.zero? ? BLS::PointG2::ZERO : BLS::PointG2::BASE * x
+      yg = y.value.zero? ? BLS::PointG1::ZERO : BLS::PointG1::BASE * y
 
       # e([commitment - y]^(-1), [1]) * e([proof],  [s - x]) = 1
       lhs =
@@ -48,5 +46,38 @@ module KZG
       exp = (lhs * rhs).final_exponentiate
       exp == BLS::Fq12::ONE
     end
+
+    # Check a proof for a KZG commitment for an evaluation f(x) = y
+    # @param [BLS::PointG1] commit_point
+    # @param [BLS::PointG1] proof
+    # @param [Array(Integer|BLS::Fr)] x
+    # @param [Array(Integer|BLS::Fr)] y
+    def valid_multi_proof?(commit_point, proof, x, y)
+      x = x.map { |v| v.is_a?(BLS::Fr) ? v.value : v }
+      y = y.map { |v| v.is_a?(BLS::Fr) ? v.value : v }
+      # compute i(x)
+      i_poly = Polynomial.lagrange_interpolate(x, y)
+      # compute z(x)
+      z_poly = Polynomial.zero_poly(x)
+      # e([commitment - interpolation_polynomial(s)]^(-1), [1]) * e([proof],  [s^n - x^n]) = 1
+      is = Commitment.new(self, i_poly).value
+      lhs =
+        BLS.pairing(
+          (commit_point - is).negate,
+          BLS::PointG2::BASE,
+          with_final_exp: false
+        )
+      z_commit =
+        z_poly
+          .coeffs
+          .map
+          .with_index do |c, i|
+            c.value.zero? ? BLS::PointG2::ZERO : g2_points[i] * c
+          end
+          .inject(&:+)
+      rhs = BLS.pairing(proof, z_commit, with_final_exp: false)
+      exp = (lhs * rhs).final_exponentiate
+      exp == BLS::Fq12::ONE
+    end
   end
 end

data/lib/kzg/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module KZG
-  VERSION = "0.1.0"
+  VERSION = "0.3.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kzg
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.3.0
 platform: ruby
 authors:
 - azuchi
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2023-01-25 00:00:00.000000000 Z
+date: 2023-02-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bls12-381
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.2.1
+        version: 0.2.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.2.1
+        version: 0.2.2
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement