github/caulk
1
1
Fork 0
mirror of https://github.com/caulk-crypto/caulk.git synced 2026-01-09 13:27:56 -05:00
Code Issues Packages Projects Releases Wiki Activity

end-to-end unit test

Browse Source
This commit is contained in:
zhenfei
2022-05-31 16:08:10 -04:00
parent 4a92e644af
commit aa1c2c147a
7 changed files with 108 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
caulk_single_opening/src/caulk_single.rs
View File

@@ -86,12 +86,7 @@ pub fn caulk_single_prove<E: PairingEngine, R: RngCore>(
///////////////////////////////
// hash the last round of the pedersen proof to determine hash input to the unity prover
hash_input = hash_caulk_single::<E>(
&hash_input,
None,
None,
Some(&[pi_ped.t1, pi_ped.t2]),
);
hash_input = hash_caulk_single::<E>(&hash_input, None, None, Some(&[pi_ped.t1, pi_ped.t2]));
// Setting up the public parameters for the unity prover
let pp_unity = PublicParametersUnity {

4
caulk_single_opening/src/caulk_single_setup.rs
View File

@@ -12,9 +12,9 @@ use ark_poly::{
use ark_poly_commit::kzg10::*;
use ark_std::{cfg_into_iter, rand::RngCore, One, Zero};
use ark_std::{end_timer, start_timer};
use std::cmp::max;
#[cfg(feature = "parallel")]
use rayon::iter::{IntoParallelIterator,ParallelIterator};
use rayon::iter::{IntoParallelIterator, ParallelIterator};
use std::cmp::max;
// structure of public parameters
#[allow(non_snake_case)]

10
caulk_single_opening/src/caulk_single_unity.rs
View File

@@ -14,7 +14,7 @@ use ark_poly_commit::kzg10::*;
use ark_std::{cfg_into_iter, One, Zero};
use ark_std::{rand::RngCore, UniformRand};
#[cfg(feature = "parallel")]
use rayon::iter::{IntoParallelIterator,ParallelIterator};
use rayon::iter::{IntoParallelIterator, ParallelIterator};
// prover public parameters structure for caulk_single_unity_prove
#[allow(non_snake_case)]
@@ -121,10 +121,10 @@ pub fn caulk_single_unity_prove<E: PairingEngine, R: RngCore>(
let mut shift_2 = E::Fr::one();
for i in 0..f_poly.len() {
f_poly_shift_1[i] *= shift_1;
f_poly_shift_2[i] *= shift_2;
shift_1 *= pp.domain_Vn.element(pp.domain_Vn.size() - 1);
shift_2 *= pp.domain_Vn.element(pp.domain_Vn.size() - 2);
f_poly_shift_1[i] *= shift_1;
f_poly_shift_2[i] *= shift_2;
shift_1 *= pp.domain_Vn.element(pp.domain_Vn.size() - 1);
shift_2 *= pp.domain_Vn.element(pp.domain_Vn.size() - 2);
}
////////////////////////////

86
caulk_single_opening/src/lib.rs
View File

@@ -9,3 +9,89 @@ pub use caulk_single::{caulk_single_prove, caulk_single_verify};
pub use caulk_single_setup::caulk_single_setup;
pub use multiopen::multiple_open;
pub use tools::{kzg_open_g1, read_line};
#[cfg(test)]
mod tests {
use crate::caulk_single_setup;
use crate::kzg_open_g1;
use crate::multiple_open;
use crate::{caulk_single_prove, caulk_single_verify};
use ark_bls12_381::{Bls12_381, Fr};
use ark_ec::{AffineCurve, ProjectiveCurve};
use ark_poly::univariate::DensePolynomial;
use ark_poly::{EvaluationDomain, GeneralEvaluationDomain, Polynomial, UVPolynomial};
use ark_poly_commit::kzg10::KZG10;
use ark_std::test_rng;
use ark_std::UniformRand;
type UniPoly381 = DensePolynomial<Fr>;
type KzgBls12_381 = KZG10<Bls12_381, UniPoly381>;
#[test]
#[allow(non_snake_case)]
fn test_caulk_single_end_to_end() {
for p in 4..7 {
let mut rng = test_rng();
// setting public parameters
// current kzg setup should be changed with output from a setup ceremony
let max_degree: usize = (1 << p) + 2;
let actual_degree: usize = (1 << p) - 1;
// run the setup
let pp = caulk_single_setup(max_degree, actual_degree, &mut rng);
// polynomial and commitment
// deterministic randomness. Should never be used in practice.
let c_poly = UniPoly381::rand(actual_degree, &mut rng);
let (g1_C, _) = KzgBls12_381::commit(&pp.poly_ck, &c_poly, None, None).unwrap();
let g1_C = g1_C.0;
//point at which we will open c_com
let input_domain: GeneralEvaluationDomain<Fr> =
EvaluationDomain::new(actual_degree).unwrap();
let position = 1;
let omega_i = input_domain.element(position);
// z = c(w_i) and cm = g^z h^r for random r
let z = c_poly.evaluate(&omega_i);
let r = Fr::rand(&mut rng);
let cm = (pp.ped_g.mul(z) + pp.ped_h.mul(r)).into_affine();
// open single position at 0
{
let a = kzg_open_g1(&pp.poly_ck, &c_poly, None, &[omega_i]);
let g1_q = a.1;
// run the prover
let proof_evaluate =
caulk_single_prove(&pp, &g1_C, &cm, position, &g1_q, &z, &r, &mut rng);
// run the verifier
assert!(caulk_single_verify(
&pp.verifier_pp,
&g1_C,
&cm,
&proof_evaluate
));
}
// compute all openings
{
let g1_qs = multiple_open(&c_poly, &pp.poly_ck, p);
let g1_q = g1_qs[position];
// run the prover
let proof_evaluate =
caulk_single_prove(&pp, &g1_C, &cm, position, &g1_q, &z, &r, &mut rng);
// run the verifier
assert!(caulk_single_verify(
&pp.verifier_pp,
&g1_C,
&cm,
&proof_evaluate
));
}
}
}
}

7
caulk_single_opening/src/multiopen.rs
View File

@@ -92,7 +92,7 @@ pub fn dft_g1<E: PairingEngine>(h: &[E::G1Projective], p: usize) -> Vec<E::G1Pro
}
l /= 2;
m *= 2;
xvec= xt;
xvec = xt;
}
xvec
}
@@ -189,10 +189,7 @@ pub fn idft_g1<E: PairingEngine>(h: &[E::G1Projective], p: usize) -> Vec<E::G1Pr
let domain_inverse = dom_fr.inverse().unwrap().into_repr();
xvec
.iter()
.map(|x| x.mul(domain_inverse))
.collect()
xvec.iter().map(|x| x.mul(domain_inverse)).collect()
}
#[cfg(test)]

7
caulk_single_opening/src/pedersen.rs
View File

@@ -53,12 +53,7 @@ pub fn verify_pedersen<E: PairingEngine>(
) -> bool {
// compute c = Hash(cm, R)
let c = hash_caulk_single::<E>(
hash_input,
Some(&[*cm, proof.g1_r]),
None,
None,
);
let c = hash_caulk_single::<E>(hash_input, Some(&[*cm, proof.g1_r]), None, None);
*hash_input = c;
// check that R g^(-t1) h^(-t2) cm^(c) = 1

25
caulk_single_opening/src/tools.rs
View File

@@ -16,9 +16,9 @@ use ark_std::{One, Zero};
use blake2s_simd::Params;
use rand::{RngCore, SeedableRng};
use rand_chacha::ChaChaRng;
use std::{error::Error, io, str::FromStr};
#[cfg(feature = "parallel")]
use rayon::iter::{IntoParallelRefIterator,ParallelIterator};
use rayon::iter::{IntoParallelRefIterator, ParallelIterator};
use std::{error::Error, io, str::FromStr};
// Function for reading inputs from the command line.
pub fn read_line<T: FromStr>() -> T
@@ -119,7 +119,7 @@ fn kzg_open_g1_single<E: PairingEngine>(
Algorithm described in Section 4.6.1, Multiple Openings
*/
pub fn kzg_verify_g1<E: PairingEngine>(
//Verify that @c_com is a commitment to C(X) such that C(x)=z
// Verify that @c_com is a commitment to C(X) such that C(x)=z
powers_of_g1: &[E::G1Affine], // generator of G1
powers_of_g2: &[E::G2Affine], // [1]_2, [x]_2, [x^2]_2, ...
c_com: &E::G1Affine, //commitment
@@ -134,16 +134,18 @@ pub fn kzg_verify_g1<E: PairingEngine>(
let mut lagrange_tau = DensePolynomial::from_coefficients_slice(&[E::Fr::zero()]);
let mut prod = DensePolynomial::from_coefficients_slice(&[E::Fr::one()]);
let mut components = vec![];
for &p in points.iter() {
let poly = DensePolynomial::from_coefficients_slice(&[-p, E::Fr::one()]);
prod = &prod * (&poly);
components.push(poly);
for &p in points.iter() {
let poly = DensePolynomial::from_coefficients_slice(&[-p, E::Fr::one()]);
prod = &prod * (&poly);
components.push(poly);
}
for i in 0..points.len() {
let mut temp = &prod / &components[i];
let lagrange_scalar = temp.evaluate(&points[i]).inverse().unwrap() * evals[i];
temp.coeffs.iter_mut().for_each(|x|*x = *x * lagrange_scalar);
temp.coeffs
.iter_mut()
.for_each(|x| *x = *x * lagrange_scalar);
lagrange_tau = lagrange_tau + temp;
}
@@ -158,11 +160,6 @@ pub fn kzg_verify_g1<E: PairingEngine>(
);
// vanishing polynomial
// z_tau[i] = polynomial equal to 0 at point[j]
// let mut z_tau = DensePolynomial::from_coefficients_slice(&[E::Fr::one()]);
// for &p in points.iter() {
// z_tau = &z_tau * (&DensePolynomial::from_coefficients_slice(&[-p, E::Fr::one()]));
// }
let z_tau = prod;
// commit to z_tau(X) in g2