Class: KZG::Setting

Inherits:

Object

• Object
• KZG::Setting

Defined in:

lib/kzg/setting.rb

Instance Attribute Summary

• #g1_points ⇒ Object readonly

  Returns the value of attribute g1_points.

• #g2_points ⇒ Object readonly

  Returns the value of attribute g2_points.

Instance Method Summary

• #==(other) ⇒ Object
• #initialize(g1_points, g2_points) ⇒ Setting constructor

  A new instance of Setting.

• #valid_multi_proof?(commit_point, proof, x, y) ⇒ Boolean

  Check a proof for a KZG commitment for an evaluation f(x) = y.

• #valid_proof?(commit_point, proof, x, y) ⇒ Boolean

  Check a proof for a KZG commitment for an evaluation f(x) = y.

Constructor Details

#initialize(g1_points, g2_points) ⇒ Setting

Returns a new instance of Setting.

Parameters:

• g1_points (Array(BLS::PointG1))
• g2_points (Array(BLS::PointG2))

Raises:

• (KZG::Error)

# File 'lib/kzg/setting.rb', line 10

def initialize(g1_points, g2_points)
  raise KZG::Error, "g1_points must be array." unless g1_points.is_a?(Array)
  unless g1_points.all? { |g| g.is_a?(BLS::PointG1) }
    raise KZG::Error, "All elements of g1_points must be BLS::PointG1."
  end
  unless g2_points.all? { |g| g.is_a?(BLS::PointG2) }
    raise KZG::Error, "All elements of g2_points must be BLS::PointG2."
  end

  @g1_points = g1_points
  @g2_points = g2_points
end

Instance Attribute Details

#g1_points ⇒ Object (readonly)

Returns the value of attribute g1_points.

# File 'lib/kzg/setting.rb', line 6

def g1_points
  @g1_points
end

#g2_points ⇒ Object (readonly)

Returns the value of attribute g2_points.

# File 'lib/kzg/setting.rb', line 6

def g2_points
  @g2_points
end

Instance Method Details

#==(other) ⇒ Object

# File 'lib/kzg/setting.rb', line 23

def ==(other)
  g1_points == other.g1_points && g2_points == other.g2_points
end

#valid_multi_proof?(commit_point, proof, x, y) ⇒ Boolean

Check a proof for a KZG commitment for an evaluation f(x) = y

Parameters:

• commit_point (BLS::PointG1)
• proof (BLS::PointG1)
• x (Array(Integer|BLS::Fr))
• y (Array(Integer|BLS::Fr))

Returns:

• (Boolean)

# File 'lib/kzg/setting.rb', line 55

def valid_multi_proof?(commit_point, proof, x, y)
  x = x.map { |v| v.is_a?(BLS::Fr) ? v.value : v }
  y = y.map { |v| v.is_a?(BLS::Fr) ? v.value : v }
  # compute i(x)
  i_poly = Polynomial.lagrange_interpolate(x, y)
  # compute z(x)
  z_poly = Polynomial.zero_poly(x)
  # e([commitment - interpolation_polynomial(s)]^(-1), [1]) * e([proof],  [s^n - x^n]) = 1
  is = Commitment.new(self, i_poly).value
  lhs =
    BLS.pairing(
      (commit_point - is).negate,
      BLS::PointG2::BASE,
      with_final_exp: false
    )
  z_commit =
    z_poly
      .coeffs
      .map
      .with_index do |c, i|
        c.value.zero? ? BLS::PointG2::ZERO : g2_points[i] * c
      end
      .inject(&:+)
  rhs = BLS.pairing(proof, z_commit, with_final_exp: false)
  exp = (lhs * rhs).final_exponentiate
  exp == BLS::Fp12::ONE
end

#valid_proof?(commit_point, proof, x, y) ⇒ Boolean

Check a proof for a KZG commitment for an evaluation f(x) = y

Parameters:

• commit_point (BLS::PointG1)
• proof (BLS::PointG1)
• x (Integer|BLS::Fr)
• y (Integer|BLS::Fr)

Returns:

• (Boolean)

# File 'lib/kzg/setting.rb', line 32

def valid_proof?(commit_point, proof, x, y)
  x = x.is_a?(BLS::Fr) ? x : BLS::Fr.new(x)
  y = y.is_a?(BLS::Fr) ? y : BLS::Fr.new(y)
  xg2 = x.value.zero? ? BLS::PointG2::ZERO : BLS::PointG2::BASE * x
  yg = y.value.zero? ? BLS::PointG1::ZERO : BLS::PointG1::BASE * y

  # e([commitment - y]^(-1), [1]) * e([proof],  [s - x]) = 1
  lhs =
    BLS.pairing(
      (commit_point - yg).negate,
      BLS::PointG2::BASE,
      with_final_exp: false
    )
  rhs = BLS.pairing(proof, g2_points[1] - xg2, with_final_exp: false)
  exp = (lhs * rhs).final_exponentiate
  exp == BLS::Fp12::ONE
end