ethereum.crypto.kzg
The KZG Implementation ^^^^^^^^^^^^^^^^^^^^^^
FQ
| 24 | FQ = Tuple[ |
|---|---|
| 25 | optimized_bls12_381_FQ, optimized_bls12_381_FQ, optimized_bls12_381_FQ |
| 26 | ] |
FQ2
| 27 | FQ2 = Tuple[ |
|---|---|
| 28 | optimized_bls12_381_FQ2, optimized_bls12_381_FQ2, optimized_bls12_381_FQ2 |
| 29 | ] |
KZGCommitment
KZG commitment to a polynomial.
class KZGCommitment:
KZGProof
KZG proof
class KZGProof:
BLSFieldElement
A field element in the BLS12-381 field.
class BLSFieldElement:
VersionedHash
A versioned hash.
class VersionedHash:
G2Point
A point in G2.
class G2Point:
VERSIONED_HASH_VERSION_KZG
| 62 | VERSIONED_HASH_VERSION_KZG = hex_to_bytes("0x01") |
|---|
BYTES_PER_COMMITMENT
| 63 | BYTES_PER_COMMITMENT = 48 |
|---|
BYTES_PER_PROOF
| 64 | BYTES_PER_PROOF = 48 |
|---|
BYTES_PER_FIELD_ELEMENT
| 65 | BYTES_PER_FIELD_ELEMENT = 32 |
|---|
G1_POINT_AT_INFINITY
| 66 | G1_POINT_AT_INFINITY = b"\xc0" + b"\x00" * 47 |
|---|
BLS_MODULUS
| 67 | BLS_MODULUS = BLSFieldElement( |
|---|---|
| 68 | 52435875175126190479447740508185965837690552500527637822603658699938581184513 # noqa: E501 |
| 69 | ) |
KZG_SETUP_G2_LENGTH
| 70 | KZG_SETUP_G2_LENGTH = 65 |
|---|
KZG_SETUP_G2_MONOMIAL_1
| 71 | KZG_SETUP_G2_MONOMIAL_1 = "0xb5bfd7dd8cdeb128843bc287230af38926187075cbfbefa81009a2ce615ac53d2914e5870cb452d2afaaab24f3499f72185cbfee53492714734429b7b38608e23926c911cceceac9a36851477ba4c60b087041de621000edc98edada20c1def2" |
|---|
kzg_commitment_to_versioned_hash
Convert a KZG commitment to a versioned hash.
def kzg_commitment_to_versioned_hash(kzg_commitment: KZGCommitment) -> VersionedHash:
| 77 | """ |
|---|---|
| 78 | Convert a KZG commitment to a versioned hash. |
| 79 | """ |
| 80 | return VersionedHash( |
| 81 | VERSIONED_HASH_VERSION_KZG |
| 82 | + Bytes32(sha256(kzg_commitment).digest())[1:] |
| 83 | ) |
validate_kzg_g1
Perform BLS validation required by the types KZGProof
and KZGCommitment.
def validate_kzg_g1(b: Bytes48) -> None:
| 87 | """ |
|---|---|
| 88 | Perform BLS validation required by the types `KZGProof` |
| 89 | and `KZGCommitment`. |
| 90 | """ |
| 91 | if b == G1_POINT_AT_INFINITY: |
| 92 | return |
| 93 | |
| 94 | assert G2ProofOfPossession.KeyValidate(BLSPubkey(b)) |
bytes_to_kzg_commitment
Convert untrusted bytes into a trusted and validated KZGCommitment.
def bytes_to_kzg_commitment(b: Bytes48) -> KZGCommitment:
| 98 | """ |
|---|---|
| 99 | Convert untrusted bytes into a trusted and validated KZGCommitment. |
| 100 | """ |
| 101 | validate_kzg_g1(b) |
| 102 | return KZGCommitment(b) |
bytes_to_bls_field
Convert untrusted bytes to a trusted and validated BLS scalar field element. This function does not accept inputs greater than the BLS modulus.
def bytes_to_bls_field(b: Bytes32) -> BLSFieldElement:
| 106 | """ |
|---|---|
| 107 | Convert untrusted bytes to a trusted and validated BLS scalar |
| 108 | field element. This function does not accept inputs greater than |
| 109 | the BLS modulus. |
| 110 | """ |
| 111 | field_element = int.from_bytes(b, "big") |
| 112 | assert field_element < int(BLS_MODULUS) |
| 113 | return BLSFieldElement(field_element) |
bytes_to_kzg_proof
Convert untrusted bytes into a trusted and validated KZGProof.
def bytes_to_kzg_proof(b: Bytes48) -> KZGProof:
| 117 | """ |
|---|---|
| 118 | Convert untrusted bytes into a trusted and validated KZGProof. |
| 119 | """ |
| 120 | validate_kzg_g1(b) |
| 121 | return KZGProof(b) |
pairing_check
Check if the pairings are valid.
def pairing_check(values: Tuple[Tuple[FQ, FQ2], Tuple[FQ, FQ2]]) -> bool:
| 125 | """ |
|---|---|
| 126 | Check if the pairings are valid. |
| 127 | """ |
| 128 | p_q_1, p_q_2 = values |
| 129 | final_exponentiation = final_exponentiate( |
| 130 | pairing(p_q_1[1], p_q_1[0], final_exponentiate=False) |
| 131 | * pairing(p_q_2[1], p_q_2[0], final_exponentiate=False) |
| 132 | ) |
| 133 | return final_exponentiation == FQ12.one() |
verify_kzg_proof
Verify KZG proof that p(z) == y where p(z)
is the polynomial represented by polynomial_kzg.
Receives inputs as bytes.
Public method.
def verify_kzg_proof(commitment_bytes: Bytes48, z_bytes: Bytes32, y_bytes: Bytes32, proof_bytes: Bytes48) -> bool:
| 142 | """ |
|---|---|
| 143 | Verify KZG proof that ``p(z) == y`` where ``p(z)`` |
| 144 | is the polynomial represented by ``polynomial_kzg``. |
| 145 | Receives inputs as bytes. |
| 146 | Public method. |
| 147 | """ |
| 148 | assert len(commitment_bytes) == BYTES_PER_COMMITMENT |
| 149 | assert len(z_bytes) == BYTES_PER_FIELD_ELEMENT |
| 150 | assert len(y_bytes) == BYTES_PER_FIELD_ELEMENT |
| 151 | assert len(proof_bytes) == BYTES_PER_PROOF |
| 152 | |
| 153 | return verify_kzg_proof_impl( |
| 154 | bytes_to_kzg_commitment(commitment_bytes), |
| 155 | bytes_to_bls_field(z_bytes), |
| 156 | bytes_to_bls_field(y_bytes), |
| 157 | bytes_to_kzg_proof(proof_bytes), |
| 158 | ) |
verify_kzg_proof_impl
Verify KZG proof that p(z) == y where p(z)
is the polynomial represented by polynomial_kzg.
def verify_kzg_proof_impl(commitment: KZGCommitment, z: BLSFieldElement, y: BLSFieldElement, proof: KZGProof) -> bool:
| 167 | """ |
|---|---|
| 168 | Verify KZG proof that ``p(z) == y`` where ``p(z)`` |
| 169 | is the polynomial represented by ``polynomial_kzg``. |
| 170 | """ |
| 171 | # Verify: P - y = Q * (X - z) |
| 172 | X_minus_z = add( |
| 173 | signature_to_G2(BLSSignature(hex_to_bytes(KZG_SETUP_G2_MONOMIAL_1))), |
| 174 | multiply(G2, int((BLS_MODULUS - z) % BLS_MODULUS)), |
| 175 | ) |
| 176 | P_minus_y = add( |
| 177 | pubkey_to_G1(BLSPubkey(commitment)), |
| 178 | multiply(G1, int((BLS_MODULUS - y) % BLS_MODULUS)), |
| 179 | ) |
| 180 | return pairing_check( |
| 181 | ( |
| 182 | (P_minus_y, neg(G2)), |
| 183 | (pubkey_to_G1(BLSPubkey(proof)), X_minus_z), |
| 184 | ) |
| 185 | ) |