RubyGems - kzg - Versions diffs - 0.2.0 → 0.3.0 - Mend

kzg 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9efdb85768b3e83e464c61846a3cf712b8df989f20114875cb39a08558882736
-  data.tar.gz: 39b4c2c8c6a7b77d9fba96e4e8ef297e249da0640b3eba81f18b1093dbc59011
+  metadata.gz: 1d030fcbbf815eafe9c538839946e6337c2e9c60f1bcce5de79172b453c96fe9
+  data.tar.gz: 68c3d99c0cb6fea2f16e3617df6d198cae2cb352f22cd66c982ba362731a778c
 SHA512:
-  metadata.gz: 88f4f0e4cdd1fa1d954bc32d9546e3cf642f66200649629f3f1dc516970eed44467b6e7a753fafa1951180bcee9f9a6d4b4ce5d17d3427cb2ca0bd1873d39a6d
-  data.tar.gz: 35cb803d35ec7ad8e728228779b2e69654bbebfeadc2e744a7a75889d174dd9d3d608c79712e230ddd432e416bf3051e7d16ad579c5d2c50fb1b23437f2c90c4
+  metadata.gz: a3cae69f35050d6dba026231c2d783204359140a94e406676fb178ff58cc1bdbe1a1e2e73124ea29679a4d5c3b95c22b0c5b90d1d7a2ea4c394bf9317b4926a4
+  data.tar.gz: 1d21a4db43881ce872e41954b116cee5603ee80a8b8e3b7e7b7efc01c317d9addb5c9cc78b07a84898279be41d0b941166ee6840e90be95e92929298e89f32ec

data/.rubocop.yml CHANGED Viewed

@@ -10,7 +10,7 @@ RSpec/ExampleLength:
 Metrics:
   Enabled: false
 RSpec/MultipleExpectations:
-  Max: 5
+  Enabled: false
 Style/IfUnlessModifier:
   Enabled: false
 Style/WhileUntilModifier:

data/Gemfile CHANGED Viewed

@@ -12,4 +12,6 @@ gem 'rspec', '~> 3.0'
 gem 'prettier'
 gem 'rubocop-rake'
-gem 'rubocop-rspec'
+gem 'rubocop-rspec'
+gem 'parallel_tests'

data/README.md CHANGED Viewed

@@ -61,7 +61,19 @@ The committer can compute proof that the value of the polynomial (f(x)) for any
 proof = commitment.compute_proof(35)
 ```
-This proof is point in the `BLS::PointG1`.
+This proof is a point in the `BLS::PointG1`.
+#### Multi proof
+A multi-proof for disclosing multiple x values is created as follows:
+```ruby
+x = [1, 2, 3]
+multi_proof = commitment.compute_multi_proof(x)
+```
+This proof is a point in the `BLS::PointG1`.
 ### Verify
@@ -73,6 +85,16 @@ y = 808951170278371
 setting.valid_proof?(commitment.value, proof, x, y)
 ```
+#### Multi proof
+The validity of multiple proofs disclosing more than one value can be verified as follows:
+```ruby
+x = [1, 2, 3]
+y = [55, 9217, 280483]
+setting.valid_multi_proof?(commitment.value, multi_proof, x, y)
+```
 ### Use as vector commitment
 When used as a Vector commitment, the value to be committed is encoded in a polynomial expression as the evaluated value of the polynomial.

data/lib/kzg/commitment.rb CHANGED Viewed

@@ -7,11 +7,19 @@ module KZG
     # Create commitment
     # @param [KZG::Setting] setting
-    # @param [Array(Integer | BLS::Fr)] coeffs Coefficients of polynomial equation.
-    def initialize(setting, polynomial, value)
+    # @param [KZG::Polynomial] polynomial
+    def initialize(setting, polynomial)
       @setting = setting
       @polynomial = polynomial
-      @value = value
+      @value =
+        polynomial
+          .coeffs
+          .map
+          .with_index do |c, i|
+            c = c.is_a?(BLS::Fr) ? c : BLS::Fr.new(c)
+            c.value.zero? ? BLS::PointG1::ZERO : setting.g1_points[i] * c
+          end
+          .inject(&:+)
     end
     # Create commitment using coefficients.
@@ -22,26 +30,30 @@ module KZG
         raise KZG::Error,
               "coeffs length is greater than the number of secret parameters."
       end
-      value =
-        coeffs
-          .map
-          .with_index do |c, i|
-            c = c.is_a?(BLS::Fr) ? c : BLS::Fr.new(c)
-            c.value.zero? ? BLS::PointG1::ZERO : setting.g1_points[i] * c
-          end
-          .inject(&:+)
-      Commitment.new(setting, KZG::Polynomial.new(coeffs), value)
+      Commitment.new(setting, KZG::Polynomial.new(coeffs))
     end
     # Compute KZG proof for polynomial in coefficient form at position x.
     # @param [Integer] x Position
     # @return [BLS::PointG1] Proof.
     def compute_proof(x)
-      divisor = Array.new(2)
-      divisor[0] = BLS::Fr.new(x).negate
-      divisor[1] = BLS::Fr::ONE
-      quotient_poly = polynomial.poly_long_div(divisor)
-      Commitment.from_coeffs(setting, quotient_poly).value
+      divisor = Polynomial.new([BLS::Fr.new(x).negate, BLS::Fr::ONE])
+      quotient_poly = polynomial / divisor
+      Commitment.new(setting, quotient_poly).value
+    end
+    # Compute KZG multi proof using list of x coordinate.
+    # @param [Array(Integer)] x An array of x coordinate.
+    # @return [BLS::PointG1]
+    def compute_multi_proof(x)
+      y = x.map { |i| polynomial.eval_at(i) }
+      # compute i(x)
+      i_poly = Polynomial.lagrange_interpolate(x, y)
+      # compute z(x)
+      z_poly = Polynomial.zero_poly(x)
+      # compute q(x) = (p(x) - i(x)) / z(x)
+      quotient_poly = (polynomial - i_poly) / z_poly
+      Commitment.new(setting, quotient_poly).value
     end
   end
 end

data/lib/kzg/polynomial.rb CHANGED Viewed

@@ -37,6 +37,15 @@ module KZG
       Polynomial.new(coeffs)
     end
+    # Create polynomial from array of x coordinate like f(x) = (x - x0)(x - x1)...(x - xn)
+    # @param [Array(Integer)] x An array of x coordinate.
+    # @return [KZG::Polynomial]
+    def self.zero_poly(x)
+      poleis =
+        x.map { |v| Polynomial.new([BLS::Fr.new(v).negate, BLS::Fr::ONE]) }
+      poleis[1..].inject(poleis.first) { |result, poly| result * poly }
+    end
     # Evaluate polynomial for given +x+ using Horner's method.
     # @param [Integer | BLS::Fr] x
     # @return [BLS::Fr] Evaluated value.
@@ -52,21 +61,71 @@ module KZG
       last
     end
-    # Long polynomial division for two polynomials in coefficient form
-    # @param [Array(BLS::Fr)] divisor Array of divisor.
-    # @return [Array(BLS::Fr)]
-    def poly_long_div(divisor)
+    # Returns a new polynomial that is the sum of the given polynomial and this polynomial.
+    # @param [KZG::Polynomial] other
+    # @return [KZG::Polynomial] Sum of polynomial.
+    # @raise ArgumentError
+    def add(other)
+      unless other.is_a?(Polynomial)
+        raise ArgumentError, "add target must be Polynomial"
+      end
+      sum = process(coeffs, other.coeffs) { |a, b| a + b }
+      Polynomial.new(sum)
+    end
+    alias + add
+    # Returns a new polynomial subtracting the given polynomial from self.
+    # @param [KZG::Polynomial] other
+    # @return [KZG::Polynomial] Subtracted polynomial.
+    # @raise ArgumentError
+    def sub(other)
+      unless other.is_a?(Polynomial)
+        raise ArgumentError, "subtract target must be Polynomial"
+      end
+      Polynomial.new(process(coeffs, other.coeffs) { |a, b| a - b })
+    end
+    alias - sub
+    # Return a new polynomial that multiply self and the given polynomial.
+    # @param [KZG::Polynomial] other Other polynomial
+    # @return [KZG::Polynomial] Multiplied polynomial
+    # @return ArgumentError
+    def multiply(other)
+      unless other.is_a?(Polynomial)
+        raise ArgumentError, "multiply target must be Polynomial"
+      end
+      new_coeffs = Array.new(coeffs.length + other.coeffs.length - 1)
+      coeffs.each.with_index do |a, i|
+        other.coeffs.each.with_index do |b, j|
+          k = i + j
+          new_coeffs[k] = a * b + (new_coeffs[k] || BLS::Fr::ZERO)
+        end
+      end
+      Polynomial.new(new_coeffs)
+    end
+    alias * multiply
+    # Return a new polynomial that divide self and the given polynomial, i.e. self / other.
+    # @param [KZG::Polynomial] other Other polynomial
+    # @return [KZG::Polynomial] Divided polynomial
+    # @return ArgumentError
+    def div(other)
+      unless other.is_a?(Polynomial)
+        raise ArgumentError, "divide target must be Polynomial"
+      end
       a = coeffs.dup
       a_pos = a.length - 1
-      b_pos = divisor.length - 1
+      b_pos = other.coeffs.length - 1
       diff = a_pos - b_pos
       quotient_poly = []
       while diff >= 0
-        quot = a[a_pos] / divisor[b_pos]
+        quot = a[a_pos] / other.coeffs[b_pos]
         i = b_pos
         while i >= 0
-          tmp = quot * divisor[i]
+          tmp = quot * other.coeffs[i]
           tmp2 = a[diff + i] - tmp
           a[diff + i] = tmp2
           i -= 1
@@ -75,7 +134,24 @@ module KZG
         a_pos -= 1
         diff -= 1
       end
-      quotient_poly
+      Polynomial.new(quotient_poly)
+    end
+    alias / div
+    def ==(other)
+      return false unless other.is_a?(Polynomial)
+      coeffs == other.coeffs
+    end
+    private
+    def process(a, b)
+      length = [a.length, b.length].max
+      length.times.map do |i|
+        c1 = i < a.length ? a[i] : BLS::Fr::ZERO
+        c2 = i < b.length ? b[i] : BLS::Fr::ZERO
+        yield(c1, c2)
+      end
     end
   end
 end

data/lib/kzg/setting.rb CHANGED Viewed

@@ -5,12 +5,10 @@ module KZG
   class Setting
     attr_reader :g1_points, :g2_points
-    # @param [Array[BLS::PointG1]] g1s
-    # @param [Array[BLS::PointG2]] g2s
+    # @param [Array(BLS::PointG1)] g1_points
+    # @param [Array(BLS::PointG2)] g2_points
     def initialize(g1_points, g2_points)
-      if !g1_points.is_a?(Array) || !g2_points.is_a?(Array)
-        raise KZG::Error, "g1_points and g2_points must be array."
-      end
+      raise KZG::Error, "g1_points must be array." unless g1_points.is_a?(Array)
       unless g1_points.all? { |g| g.is_a?(BLS::PointG1) }
         raise KZG::Error, "All elements of g1_points must be BLS::PointG1."
       end
@@ -48,5 +46,38 @@ module KZG
       exp = (lhs * rhs).final_exponentiate
       exp == BLS::Fq12::ONE
     end
+    # Check a proof for a KZG commitment for an evaluation f(x) = y
+    # @param [BLS::PointG1] commit_point
+    # @param [BLS::PointG1] proof
+    # @param [Array(Integer|BLS::Fr)] x
+    # @param [Array(Integer|BLS::Fr)] y
+    def valid_multi_proof?(commit_point, proof, x, y)
+      x = x.map { |v| v.is_a?(BLS::Fr) ? v.value : v }
+      y = y.map { |v| v.is_a?(BLS::Fr) ? v.value : v }
+      # compute i(x)
+      i_poly = Polynomial.lagrange_interpolate(x, y)
+      # compute z(x)
+      z_poly = Polynomial.zero_poly(x)
+      # e([commitment - interpolation_polynomial(s)]^(-1), [1]) * e([proof],  [s^n - x^n]) = 1
+      is = Commitment.new(self, i_poly).value
+      lhs =
+        BLS.pairing(
+          (commit_point - is).negate,
+          BLS::PointG2::BASE,
+          with_final_exp: false
+        )
+      z_commit =
+        z_poly
+          .coeffs
+          .map
+          .with_index do |c, i|
+            c.value.zero? ? BLS::PointG2::ZERO : g2_points[i] * c
+          end
+          .inject(&:+)
+      rhs = BLS.pairing(proof, z_commit, with_final_exp: false)
+      exp = (lhs * rhs).final_exponentiate
+      exp == BLS::Fq12::ONE
+    end
   end
 end

data/lib/kzg/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module KZG
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kzg
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - azuchi
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-01-26 00:00:00.000000000 Z
+date: 2023-02-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bls12-381