Skip to content

Commit

Permalink
🦄 refactor(kzg hiding): modify parameters
Browse files Browse the repository at this point in the history 
Move parameter hiding_bound from function 'init' to 'commit'
  • Loading branch information
@ahy231
ahy231 committed Oct 21, 2024
1 parent a4ce45e commit 42f7921
Showing 1 changed file with 22 additions and 27 deletions.
49 changes: 22 additions & 27 deletions src/kzg_hiding.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,20 +63,18 @@ def __repr__(self):
class KZG10Commitment:
"""KZG10 commitment scheme implementation."""

def __init__(self, G1, G2, max_degree, hiding_bound=None, debug=False):
def __init__(self, G1, G2, max_degree, debug=False):
"""
Initialize the KZG10 commitment scheme.
Args:
G1, G2: Elliptic curve groups
max_degree: Maximum polynomial degree supported
hiding_bound: Upper bound for the hiding polynomial degree (optional)
debug: Enable debug assertions
"""
self.G1 = G1
self.G2 = G2
self.max_degree = max_degree
self.hiding_bound = hiding_bound
self.debug = debug
self.params = self.setup()

Expand Down Expand Up @@ -128,7 +126,7 @@ def setup(self, produce_g2_powers=False, secret_symbol = None, g1_generator = No

return result

def commit(self, polynomial: UniPolynomial):
def commit(self, polynomial: UniPolynomial, hiding_bound=None):
"""
Commit to a polynomial.
Expand Down Expand Up @@ -162,17 +160,17 @@ def commit(self, polynomial: UniPolynomial):

# Add hiding polynomial if hiding_bound is set
random_ints = []
if self.hiding_bound is not None:
if hiding_bound is not None:
while UniPolynomial(random_ints).degree == 0:
random_ints = [self.G1.field.random_element() for _ in range(self.hiding_bound + 1)]
random_ints = [self.G1.field.random_element() for _ in range(hiding_bound + 1)]

if self.debug:
assert UniPolynomial(random_ints).degree > 0, f"Degree of random poly is zero, random_ints: {random_ints}"

# Check hiding bound
hiding_poly_degree = len(random_ints) - 1
num_powers = len(self.params['powers_of_gamma_g'])
assert self.hiding_bound != 0, "Hiding bound is zero"
assert hiding_bound != 0, "Hiding bound is zero"
assert hiding_poly_degree < num_powers, "Hiding bound is too large"

random_commitment = msm_bigint(negation_is_cheap, self.params['powers_of_gamma_g'], random_ints)
Expand All @@ -184,7 +182,7 @@ def commit(self, polynomial: UniPolynomial):

return Commitment(self.G1, commitment), random_ints

def compute_witness_polynomial(self, polynomial: UniPolynomial, point, random_ints):
def compute_witness_polynomial(self, polynomial: UniPolynomial, point, random_ints, hiding=False):
"""
Compute the witness polynomial for a given polynomial and point.
Expand All @@ -198,7 +196,7 @@ def compute_witness_polynomial(self, polynomial: UniPolynomial, point, random_in
"""
witness_polynomial, _pz = polynomial.division_by_linear_divisor(point)
random_witness_polynomial = None
if self.hiding_bound is not None:
if hiding:
random_poly = UniPolynomial(random_ints)
if self.debug:
assert random_poly.degree > 0, f"Degree of random poly is zero, random_ints: {random_ints}"
Expand Down Expand Up @@ -231,7 +229,7 @@ def open_with_witness_polynomial(self, point, random_ints, witness_polynomial, h

return {'w': w, 'random_v': random_v}

def open(self, polynomial: UniPolynomial, point, random_ints):
def open(self, polynomial: UniPolynomial, point, random_ints, hiding=False):
"""
Open the polynomial at a given point.
Expand All @@ -245,15 +243,12 @@ def open(self, polynomial: UniPolynomial, point, random_ints):
"""
assert polynomial.degree + 1 < len(self.params['powers_of_g']), f"Too many coefficients, polynomial.degree: {polynomial.degree}"

witness_poly, hiding_witness_poly = self.compute_witness_polynomial(polynomial, point, random_ints)
if self.debug:
assert isinstance(witness_poly, UniPolynomial)
if self.debug:
assert isinstance(hiding_witness_poly, UniPolynomial)
witness_poly, hiding_witness_poly = self.compute_witness_polynomial(polynomial, point, random_ints, hiding)

return self.open_with_witness_polynomial(point, random_ints, witness_poly, hiding_witness_poly)


def check(self, comm: Commitment, point, value, proof):
def check(self, comm: Commitment, point, value, proof, hiding=False):
"""
Check the validity of the proof.
Expand All @@ -267,14 +262,14 @@ def check(self, comm: Commitment, point, value, proof):
bool: True if the proof is valid, False otherwise
"""
inner = comm.value - self.params['powers_of_g'][0] * value
if self.hiding_bound is not None:
if hiding:
inner -= self.params['powers_of_gamma_g'][0] * proof['random_v']
lhs = DummyGroup.pairing(inner, self.params['h'])
rhs = DummyGroup.pairing(proof['w'], self.params['beta_h'] - self.params['h'] * point)
return lhs.value[0] == rhs.value[0]


def batch_check(self, commitments, points, values, proofs):
def batch_check(self, commitments, points, values, proofs, hiding=False):
total_c = 0
total_w = 0

Expand All @@ -286,14 +281,14 @@ def batch_check(self, commitments, points, values, proofs):
for c, z, v, proof in zip(commitments, points, values, proofs):
c = z * proof['w'] + c.value.value[0]
g_multiplier += randomizer * v
if self.hiding_bound is not None:
if hiding:
gamma_g_multiplier += randomizer * proof['random_v']
total_c += c.value[0] * randomizer
total_w += proof['w'] * randomizer
randomizer = randint(0, 1 << 128)

total_c -= self.params['powers_of_g'][0] * g_multiplier
if self.hiding_bound is not None:
if hiding:
total_c -= self.params['powers_of_gamma_g'][0] * gamma_g_multiplier

return DummyGroup.pairing(total_w, self.params['beta_h']) \
Expand Down Expand Up @@ -440,7 +435,7 @@ def next_power_of_two(n):
test_point = randint(0, 100)

# Create KZG10 commitment scheme instance
kzg = KZG10Commitment(DummyGroup(Field), DummyGroup(Field), 10, hiding_bound=3, debug=True)
kzg = KZG10Commitment(DummyGroup(Field), DummyGroup(Field), 10, debug=True)

# Commit to the polynomial
commitment, random_ints = kzg.commit(test_poly)
Expand Down Expand Up @@ -472,35 +467,35 @@ def next_power_of_two(n):
points = [randint(0, 100) for _ in range(num_polynomials)]

# Create KZG10 commitment scheme instance
kzg = KZG10Commitment(DummyGroup(Field), DummyGroup(Field), 101, hiding_bound=3)
kzg = KZG10Commitment(DummyGroup(Field), DummyGroup(Field), 101)

commitments = []
values = []
proofs = []

for p, point in zip(polynomials, points):
# Commit to the polynomial
comm, random_ints = kzg.commit(p)
comm, random_ints = kzg.commit(p, hiding_bound=3)
commitments.append(comm)

# Evaluate the polynomial
value = p.evaluate(point)
values.append(value)

# Generate proof
proof = kzg.open(p, point, random_ints)
proof = kzg.open(p, point, random_ints, True)
proofs.append(proof)

# Verify batch
assert kzg.batch_check(commitments, points, values, proofs), "Batch check failed"
assert kzg.batch_check(commitments, points, values, proofs, True), "Batch check failed"

print("Batch check passed successfully")

# Test with an invalid proof
invalid_proof_index = randint(0, num_polynomials - 1)
proofs[invalid_proof_index] = kzg.open(polynomials[invalid_proof_index], points[invalid_proof_index] + 1, random_ints) # Invalid point
proofs[invalid_proof_index] = kzg.open(polynomials[invalid_proof_index], points[invalid_proof_index] + 1, random_ints, True) # Invalid point

assert not kzg.batch_check(commitments, points, values, proofs), "Batch check should have failed with invalid proof"
assert not kzg.batch_check(commitments, points, values, proofs, True), "Batch check should have failed with invalid proof"

print("Batch check correctly failed with invalid proof")

Expand Down

0 comments on commit 42f7921

Please sign in to comment.