ethereum.crypto.kzg

The KZG Implementation ^^^^^^^^^^^^^^^^^^^^^^

FQ

24
FQ = Tuple[
25
    optimized_bls12_381_FQ, optimized_bls12_381_FQ, optimized_bls12_381_FQ
26
]

FQ2

27
FQ2 = Tuple[
28
    optimized_bls12_381_FQ2, optimized_bls12_381_FQ2, optimized_bls12_381_FQ2
29
]

KZGCommitment

KZG commitment to a polynomial.

class KZGCommitment:

KZGProof

KZG proof

class KZGProof:

BLSFieldElement

A field element in the BLS12-381 field.

class BLSFieldElement:

VersionedHash

A versioned hash.

class VersionedHash:

G2Point

A point in G2.

class G2Point:

VERSIONED_HASH_VERSION_KZG

62
VERSIONED_HASH_VERSION_KZG = hex_to_bytes("0x01")

BYTES_PER_COMMITMENT

63
BYTES_PER_COMMITMENT = 48

BYTES_PER_PROOF

64
BYTES_PER_PROOF = 48

BYTES_PER_FIELD_ELEMENT

65
BYTES_PER_FIELD_ELEMENT = 32

G1_POINT_AT_INFINITY

66
G1_POINT_AT_INFINITY = b"\xc0" + b"\x00" * 47

BLS_MODULUS

67
BLS_MODULUS = BLSFieldElement(
68
    52435875175126190479447740508185965837690552500527637822603658699938581184513  # noqa: E501
69
)

KZG_SETUP_G2_LENGTH

70
KZG_SETUP_G2_LENGTH = 65

KZG_SETUP_G2_MONOMIAL_1

71
KZG_SETUP_G2_MONOMIAL_1 = "0xb5bfd7dd8cdeb128843bc287230af38926187075cbfbefa81009a2ce615ac53d2914e5870cb452d2afaaab24f3499f72185cbfee53492714734429b7b38608e23926c911cceceac9a36851477ba4c60b087041de621000edc98edada20c1def2"

kzg_commitment_to_versioned_hash

Convert a KZG commitment to a versioned hash.

def kzg_commitment_to_versioned_hash(kzg_commitment: KZGCommitment) -> VersionedHash:
77
    """
78
    Convert a KZG commitment to a versioned hash.
79
    """
80
    return VersionedHash(
81
        VERSIONED_HASH_VERSION_KZG
82
        + Bytes32(sha256(kzg_commitment).digest())[1:]
83
    )

validate_kzg_g1

Perform BLS validation required by the types KZGProof and KZGCommitment.

def validate_kzg_g1(b: Bytes48) -> None:
87
    """
88
    Perform BLS validation required by the types `KZGProof`
89
    and `KZGCommitment`.
90
    """
91
    if b == G1_POINT_AT_INFINITY:
92
        return
93
94
    assert G2ProofOfPossession.KeyValidate(BLSPubkey(b))

bytes_to_kzg_commitment

Convert untrusted bytes into a trusted and validated KZGCommitment.

def bytes_to_kzg_commitment(b: Bytes48) -> KZGCommitment:
98
    """
99
    Convert untrusted bytes into a trusted and validated KZGCommitment.
100
    """
101
    validate_kzg_g1(b)
102
    return KZGCommitment(b)

bytes_to_bls_field

Convert untrusted bytes to a trusted and validated BLS scalar field element. This function does not accept inputs greater than the BLS modulus.

def bytes_to_bls_field(b: Bytes32) -> BLSFieldElement:
106
    """
107
    Convert untrusted bytes to a trusted and validated BLS scalar
108
    field element. This function does not accept inputs greater than
109
    the BLS modulus.
110
    """
111
    field_element = int.from_bytes(b, "big")
112
    assert field_element < int(BLS_MODULUS)
113
    return BLSFieldElement(field_element)

bytes_to_kzg_proof

Convert untrusted bytes into a trusted and validated KZGProof.

def bytes_to_kzg_proof(b: Bytes48) -> KZGProof:
117
    """
118
    Convert untrusted bytes into a trusted and validated KZGProof.
119
    """
120
    validate_kzg_g1(b)
121
    return KZGProof(b)

pairing_check

Check if the pairings are valid.

def pairing_check(values: Tuple[Tuple[FQ, FQ2], Tuple[FQ, FQ2]]) -> bool:
125
    """
126
    Check if the pairings are valid.
127
    """
128
    p_q_1, p_q_2 = values
129
    final_exponentiation = final_exponentiate(
130
        pairing(p_q_1[1], p_q_1[0], final_exponentiate=False)
131
        * pairing(p_q_2[1], p_q_2[0], final_exponentiate=False)
132
    )
133
    return final_exponentiation == FQ12.one()

verify_kzg_proof

Verify KZG proof that p(z) == y where p(z) is the polynomial represented by polynomial_kzg. Receives inputs as bytes. Public method.

def verify_kzg_proof(commitment_bytes: Bytes48, ​​z_bytes: Bytes32, ​​y_bytes: Bytes32, ​​proof_bytes: Bytes48) -> bool:
142
    """
143
    Verify KZG proof that ``p(z) == y`` where ``p(z)``
144
    is the polynomial represented by ``polynomial_kzg``.
145
    Receives inputs as bytes.
146
    Public method.
147
    """
148
    assert len(commitment_bytes) == BYTES_PER_COMMITMENT
149
    assert len(z_bytes) == BYTES_PER_FIELD_ELEMENT
150
    assert len(y_bytes) == BYTES_PER_FIELD_ELEMENT
151
    assert len(proof_bytes) == BYTES_PER_PROOF
152
153
    return verify_kzg_proof_impl(
154
        bytes_to_kzg_commitment(commitment_bytes),
155
        bytes_to_bls_field(z_bytes),
156
        bytes_to_bls_field(y_bytes),
157
        bytes_to_kzg_proof(proof_bytes),
158
    )

verify_kzg_proof_impl

Verify KZG proof that p(z) == y where p(z) is the polynomial represented by polynomial_kzg.

def verify_kzg_proof_impl(commitment: KZGCommitment, ​​z: BLSFieldElement, ​​y: BLSFieldElement, ​​proof: KZGProof) -> bool:
167
    """
168
    Verify KZG proof that ``p(z) == y`` where ``p(z)``
169
    is the polynomial represented by ``polynomial_kzg``.
170
    """
171
    # Verify: P - y = Q * (X - z)
172
    X_minus_z = add(
173
        signature_to_G2(BLSSignature(hex_to_bytes(KZG_SETUP_G2_MONOMIAL_1))),
174
        multiply(G2, int((BLS_MODULUS - z) % BLS_MODULUS)),
175
    )
176
    P_minus_y = add(
177
        pubkey_to_G1(BLSPubkey(commitment)),
178
        multiply(G1, int((BLS_MODULUS - y) % BLS_MODULUS)),
179
    )
180
    return pairing_check(
181
        (
182
            (P_minus_y, neg(G2)),
183
            (pubkey_to_G1(BLSPubkey(proof)), X_minus_z),
184
        )
185
    )