From 86df1e1612ba28c45271ed5f764470da637f3d22 Mon Sep 17 00:00:00 2001 From: Youssef El Housni Date: Mon, 16 Oct 2023 16:09:54 -0400 Subject: [PATCH 1/3] feat: add bw6 emulated ScalarMul and ScalarMulBase --- std/algebra/emulated/sw_emulated/params.go | 19 +++++++ .../emulated/sw_emulated/params_compute.go | 27 ++++++++++ .../emulated/sw_emulated/point_test.go | 52 ++++++++++++++++++- 3 files changed, 97 insertions(+), 1 deletion(-) diff --git a/std/algebra/emulated/sw_emulated/params.go b/std/algebra/emulated/sw_emulated/params.go index efce7a1566..44a5c8cd61 100644 --- a/std/algebra/emulated/sw_emulated/params.go +++ b/std/algebra/emulated/sw_emulated/params.go @@ -6,6 +6,7 @@ import ( bls12381 "github.com/consensys/gnark-crypto/ecc/bls12-381" "github.com/consensys/gnark-crypto/ecc/bn254" + bw6761 "github.com/consensys/gnark-crypto/ecc/bw6-761" "github.com/consensys/gnark-crypto/ecc/secp256k1" "github.com/consensys/gnark/std/math/emulated" ) @@ -96,6 +97,20 @@ func GetP384Params() CurveParams { } } +// GetBW6761Params returns the curve parameters for the curve BW6-761. +// When initialising new curve, use the base field [emulated.BW6761Fp] and scalar +// field [emulated.BW6761Fr]. +func GetBW6761Params() CurveParams { + _, _, g1aff, _ := bw6761.Generators() + return CurveParams{ + A: big.NewInt(0), + B: big.NewInt(-1), + Gx: g1aff.X.BigInt(new(big.Int)), + Gy: g1aff.Y.BigInt(new(big.Int)), + Gm: computeBW6761Table(), + } +} + // GetCurveParams returns suitable curve parameters given the parametric type // Base as base field. It caches the parameters and modifying the values in the // parameters struct leads to undefined behaviour. @@ -112,6 +127,8 @@ func GetCurveParams[Base emulated.FieldParams]() CurveParams { return p256Params case emulated.P384Fp{}.Modulus().String(): return p384Params + case emulated.BW6761Fp{}.Modulus().String(): + return bw6761Params default: panic("no stored parameters") } @@ -123,6 +140,7 @@ var ( bls12381Params CurveParams p256Params CurveParams p384Params CurveParams + bw6761Params CurveParams ) func init() { @@ -131,4 +149,5 @@ func init() { bls12381Params = GetBLS12381Params() p256Params = GetP256Params() p384Params = GetP384Params() + bw6761Params = GetBW6761Params() } diff --git a/std/algebra/emulated/sw_emulated/params_compute.go b/std/algebra/emulated/sw_emulated/params_compute.go index 5eaf21e87b..88a514c7bc 100644 --- a/std/algebra/emulated/sw_emulated/params_compute.go +++ b/std/algebra/emulated/sw_emulated/params_compute.go @@ -6,6 +6,7 @@ import ( bls12381 "github.com/consensys/gnark-crypto/ecc/bls12-381" "github.com/consensys/gnark-crypto/ecc/bn254" + bw6761 "github.com/consensys/gnark-crypto/ecc/bw6-761" "github.com/consensys/gnark-crypto/ecc/secp256k1" ) @@ -130,3 +131,29 @@ func computeP384Table() [][2]*big.Int { } return table } + +func computeBW6761Table() [][2]*big.Int { + Gjac, _, _, _ := bw6761.Generators() + table := make([][2]*big.Int, 377) + tmp := new(bw6761.G1Jac).Set(&Gjac) + aff := new(bw6761.G1Affine) + jac := new(bw6761.G1Jac) + for i := 1; i < 377; i++ { + tmp = tmp.Double(tmp) + switch i { + case 1, 2: + jac.Set(tmp).AddAssign(&Gjac) + aff.FromJacobian(jac) + table[i-1] = [2]*big.Int{aff.X.BigInt(new(big.Int)), aff.Y.BigInt(new(big.Int))} + case 3: + jac.Set(tmp).SubAssign(&Gjac) + aff.FromJacobian(jac) + table[i-1] = [2]*big.Int{aff.X.BigInt(new(big.Int)), aff.Y.BigInt(new(big.Int))} + fallthrough + default: + aff.FromJacobian(tmp) + table[i] = [2]*big.Int{aff.X.BigInt(new(big.Int)), aff.Y.BigInt(new(big.Int))} + } + } + return table +} diff --git a/std/algebra/emulated/sw_emulated/point_test.go b/std/algebra/emulated/sw_emulated/point_test.go index 0f16765816..278d191574 100644 --- a/std/algebra/emulated/sw_emulated/point_test.go +++ b/std/algebra/emulated/sw_emulated/point_test.go @@ -11,6 +11,8 @@ import ( fr_bls381 "github.com/consensys/gnark-crypto/ecc/bls12-381/fr" "github.com/consensys/gnark-crypto/ecc/bn254" fr_bn "github.com/consensys/gnark-crypto/ecc/bn254/fr" + bw6761 "github.com/consensys/gnark-crypto/ecc/bw6-761" + fr_bw6761 "github.com/consensys/gnark-crypto/ecc/bw6-761/fr" "github.com/consensys/gnark-crypto/ecc/secp256k1" fp_secp "github.com/consensys/gnark-crypto/ecc/secp256k1/fp" fr_secp "github.com/consensys/gnark-crypto/ecc/secp256k1/fr" @@ -400,7 +402,7 @@ func TestScalarMulBase2(t *testing.T) { func TestScalarMulBase3(t *testing.T) { assert := test.NewAssert(t) _, _, g, _ := bls12381.Generators() - var r fr_bn.Element + var r fr_bls381.Element _, _ = r.SetRandom() s := new(big.Int) r.BigInt(s) @@ -419,6 +421,28 @@ func TestScalarMulBase3(t *testing.T) { assert.NoError(err) } +func TestScalarMulBase4(t *testing.T) { + assert := test.NewAssert(t) + _, _, g, _ := bw6761.Generators() + var r fr_bw6761.Element + _, _ = r.SetRandom() + s := new(big.Int) + r.BigInt(s) + var S bw6761.G1Affine + S.ScalarMultiplication(&g, s) + + circuit := ScalarMulBaseTest[emulated.BW6761Fp, emulated.BW6761Fr]{} + witness := ScalarMulBaseTest[emulated.BW6761Fp, emulated.BW6761Fr]{ + S: emulated.ValueOf[emulated.BW6761Fr](s), + Q: AffinePoint[emulated.BW6761Fp]{ + X: emulated.ValueOf[emulated.BW6761Fp](S.X), + Y: emulated.ValueOf[emulated.BW6761Fp](S.Y), + }, + } + err := test.IsSolved(&circuit, &witness, testCurve.ScalarField()) + assert.NoError(err) +} + type ScalarMulTest[T, S emulated.FieldParams] struct { P, Q AffinePoint[T] S emulated.Element[S] @@ -558,6 +582,32 @@ func TestScalarMul5(t *testing.T) { assert.NoError(err) } +func TestScalarMul6(t *testing.T) { + assert := test.NewAssert(t) + var r fr_bw6761.Element + _, _ = r.SetRandom() + s := new(big.Int) + r.BigInt(s) + var res bw6761.G1Affine + _, _, gen, _ := bw6761.Generators() + res.ScalarMultiplication(&gen, s) + + circuit := ScalarMulTest[emulated.BW6761Fp, emulated.BW6761Fr]{} + witness := ScalarMulTest[emulated.BW6761Fp, emulated.BW6761Fr]{ + S: emulated.ValueOf[emulated.BW6761Fr](s), + P: AffinePoint[emulated.BW6761Fp]{ + X: emulated.ValueOf[emulated.BW6761Fp](gen.X), + Y: emulated.ValueOf[emulated.BW6761Fp](gen.Y), + }, + Q: AffinePoint[emulated.BW6761Fp]{ + X: emulated.ValueOf[emulated.BW6761Fp](res.X), + Y: emulated.ValueOf[emulated.BW6761Fp](res.Y), + }, + } + err := test.IsSolved(&circuit, &witness, testCurve.ScalarField()) + assert.NoError(err) +} + type ScalarMulEdgeCasesTest[T, S emulated.FieldParams] struct { P, R AffinePoint[T] S emulated.Element[S] From fc28899de440f5c4cefb86b39701a53796d6fecf Mon Sep 17 00:00:00 2001 From: Youssef El Housni Date: Mon, 16 Oct 2023 17:09:22 -0400 Subject: [PATCH 2/3] feat: add bw6 kzg --- std/algebra/emulated/sw_bw6761/g1.go | 13 +++++++++++ std/commitments/kzg/verifier.go | 29 +++++++++++++++++++++++++ std/commitments/kzg/verifier_test.go | 32 ++++++++++++++++++++++++++++ 3 files changed, 74 insertions(+) diff --git a/std/algebra/emulated/sw_bw6761/g1.go b/std/algebra/emulated/sw_bw6761/g1.go index 0fe5ff2f40..4c5f5a573f 100644 --- a/std/algebra/emulated/sw_bw6761/g1.go +++ b/std/algebra/emulated/sw_bw6761/g1.go @@ -2,15 +2,28 @@ package sw_bw6761 import ( bw6761 "github.com/consensys/gnark-crypto/ecc/bw6-761" + fr_bw6761 "github.com/consensys/gnark-crypto/ecc/bw6-761/fr" "github.com/consensys/gnark/std/algebra/emulated/sw_emulated" "github.com/consensys/gnark/std/math/emulated" ) +// G1Affine is the point in G1. It is an alias to the generic emulated affine +// point. type G1Affine = sw_emulated.AffinePoint[emulated.BW6761Fp] +// Scalar is the scalar in the groups. It is an alias to the emulated element +// defined over the scalar field of the groups. +type Scalar = emulated.Element[emulated.BW6761Fr] + +// NewG1Affine allocates a witness from the native G1 element and returns it. func NewG1Affine(v bw6761.G1Affine) G1Affine { return G1Affine{ X: emulated.ValueOf[emulated.BW6761Fp](v.X), Y: emulated.ValueOf[emulated.BW6761Fp](v.Y), } } + +// NewScalar allocates a witness from the native scalar and returns it. +func NewScalar(v fr_bw6761.Element) Scalar { + return emulated.ValueOf[emulated.BW6761Fr](v) +} diff --git a/std/commitments/kzg/verifier.go b/std/commitments/kzg/verifier.go index 6ff3a0b7be..7d71ee5115 100644 --- a/std/commitments/kzg/verifier.go +++ b/std/commitments/kzg/verifier.go @@ -26,9 +26,13 @@ import ( "github.com/consensys/gnark-crypto/ecc/bn254" fr_bn254 "github.com/consensys/gnark-crypto/ecc/bn254/fr" kzg_bn254 "github.com/consensys/gnark-crypto/ecc/bn254/kzg" + bw6761 "github.com/consensys/gnark-crypto/ecc/bw6-761" + fr_bw6761 "github.com/consensys/gnark-crypto/ecc/bw6-761/fr" + kzg_bw6761 "github.com/consensys/gnark-crypto/ecc/bw6-761/kzg" "github.com/consensys/gnark/std/algebra" "github.com/consensys/gnark/std/algebra/emulated/sw_bls12381" "github.com/consensys/gnark/std/algebra/emulated/sw_bn254" + "github.com/consensys/gnark/std/algebra/emulated/sw_bw6761" "github.com/consensys/gnark/std/algebra/native/sw_bls12377" "github.com/consensys/gnark/std/algebra/native/sw_bls24315" ) @@ -63,6 +67,12 @@ func ValueOfCommitment[G1El algebra.G1ElementT](cmt any) (Commitment[G1El], erro return ret, fmt.Errorf("mismatching types %T %T", ret, cmt) } s.G1El = sw_bls12381.NewG1Affine(tCmt) + case *Commitment[sw_bw6761.G1Affine]: + tCmt, ok := cmt.(bw6761.G1Affine) + if !ok { + return ret, fmt.Errorf("mismatching types %T %T", ret, cmt) + } + s.G1El = sw_bw6761.NewG1Affine(tCmt) case *Commitment[sw_bls24315.G1Affine]: tCmt, ok := cmt.(bls24315.G1Affine) if !ok { @@ -126,6 +136,18 @@ func ValueOfOpeningProof[S algebra.ScalarT, G1El algebra.G1ElementT](point any, s.QuotientPoly = sw_bls12381.NewG1Affine(tProof.H) s.ClaimedValue = sw_bls12381.NewScalar(tProof.ClaimedValue) s.Point = sw_bls12381.NewScalar(tPoint) + case *OpeningProof[sw_bw6761.Scalar, sw_bw6761.G1Affine]: + tProof, ok := proof.(kzg_bw6761.OpeningProof) + if !ok { + return ret, fmt.Errorf("mismatching types %T %T", ret, proof) + } + tPoint, ok := point.(fr_bw6761.Element) + if !ok { + return ret, fmt.Errorf("mismatching types %T %T", ret, point) + } + s.QuotientPoly = sw_bw6761.NewG1Affine(tProof.H) + s.ClaimedValue = sw_bw6761.NewScalar(tProof.ClaimedValue) + s.Point = sw_bw6761.NewScalar(tPoint) case *OpeningProof[sw_bls24315.Scalar, sw_bls24315.G1Affine]: tProof, ok := proof.(kzg_bls24315.OpeningProof) if !ok { @@ -177,6 +199,13 @@ func ValueOfVerifyingKey[G2El algebra.G2ElementT](vk any) (VerifyingKey[G2El], e } s.SRS[0] = sw_bls12381.NewG2Affine(tVk.G2[0]) s.SRS[1] = sw_bls12381.NewG2Affine(tVk.G2[1]) + case *VerifyingKey[sw_bw6761.G2Affine]: + tVk, ok := vk.(kzg_bw6761.VerifyingKey) + if !ok { + return ret, fmt.Errorf("mismatching types %T %T", ret, vk) + } + s.SRS[0] = sw_bw6761.NewG2Affine(tVk.G2[0]) + s.SRS[1] = sw_bw6761.NewG2Affine(tVk.G2[1]) case *VerifyingKey[sw_bls24315.G2Affine]: tVk, ok := vk.(kzg_bls24315.VerifyingKey) if !ok { diff --git a/std/commitments/kzg/verifier_test.go b/std/commitments/kzg/verifier_test.go index 902da2754b..4e1eaf06ef 100644 --- a/std/commitments/kzg/verifier_test.go +++ b/std/commitments/kzg/verifier_test.go @@ -18,10 +18,14 @@ import ( "github.com/consensys/gnark-crypto/ecc/bn254" fr_bn254 "github.com/consensys/gnark-crypto/ecc/bn254/fr" kzg_bn254 "github.com/consensys/gnark-crypto/ecc/bn254/kzg" + bw6761 "github.com/consensys/gnark-crypto/ecc/bw6-761" + fr_bw6761 "github.com/consensys/gnark-crypto/ecc/bw6-761/fr" + kzg_bw6761 "github.com/consensys/gnark-crypto/ecc/bw6-761/kzg" "github.com/consensys/gnark/frontend" "github.com/consensys/gnark/std/algebra" "github.com/consensys/gnark/std/algebra/emulated/sw_bls12381" "github.com/consensys/gnark/std/algebra/emulated/sw_bn254" + "github.com/consensys/gnark/std/algebra/emulated/sw_bw6761" "github.com/consensys/gnark/std/algebra/native/sw_bls12377" "github.com/consensys/gnark/std/algebra/native/sw_bls24315" "github.com/consensys/gnark/test" @@ -155,6 +159,12 @@ func TestValueOfCommitment(t *testing.T) { assert.NoError(err) _ = assignment }, "bls12381") + assert.Run(func(assert *test.Assert) { + _, _, G1, _ := bw6761.Generators() + assignment, err := ValueOfCommitment[sw_bw6761.G1Affine](G1) + assert.NoError(err) + _ = assignment + }, "bw6761") assert.Run(func(assert *test.Assert) { _, _, G1, _ := bls24315.Generators() assignment, err := ValueOfCommitment[sw_bls24315.G1Affine](G1) @@ -204,6 +214,19 @@ func TestValueOfOpeningProof(t *testing.T) { assert.NoError(err) _ = assignment }, "bls12381") + assert.Run(func(assert *test.Assert) { + _, _, G1, _ := bw6761.Generators() + var value, point fr_bw6761.Element + value.SetRandom() + point.SetRandom() + proof := kzg_bw6761.OpeningProof{ + H: G1, + ClaimedValue: value, + } + assignment, err := ValueOfOpeningProof[sw_bw6761.Scalar, sw_bw6761.G1Affine](point, proof) + assert.NoError(err) + _ = assignment + }, "bw6761") assert.Run(func(assert *test.Assert) { _, _, G1, _ := bls24315.Generators() var value, point fr_bls24315.Element @@ -248,6 +271,15 @@ func TestValueOfSRS(t *testing.T) { assert.NoError(err) _ = assignment }, "bls12381") + assert.Run(func(assert *test.Assert) { + _, _, _, G2 := bw6761.Generators() + vk := kzg_bw6761.VerifyingKey{ + G2: [2]bw6761.G2Affine{G2, G2}, + } + assignment, err := ValueOfVerifyingKey[sw_bw6761.G2Affine](vk) + assert.NoError(err) + _ = assignment + }, "bw6761") assert.Run(func(assert *test.Assert) { _, _, _, G2 := bls24315.Generators() vk := kzg_bls24315.VerifyingKey{ From ec09bcd913dcccdead73dbd30631001913f4b842 Mon Sep 17 00:00:00 2001 From: Youssef El Housni Date: Mon, 16 Oct 2023 18:13:14 -0400 Subject: [PATCH 3/3] test: bw6 emulated kzg --- std/algebra/defaults.go | 33 ++++++++ std/commitments/kzg/verifier_test.go | 121 +++++++++++++++++++++++++++ 2 files changed, 154 insertions(+) diff --git a/std/algebra/defaults.go b/std/algebra/defaults.go index ace659800f..3c78897959 100644 --- a/std/algebra/defaults.go +++ b/std/algebra/defaults.go @@ -4,9 +4,12 @@ import ( "fmt" "github.com/consensys/gnark/frontend" + "github.com/consensys/gnark/std/algebra/emulated/sw_bls12381" "github.com/consensys/gnark/std/algebra/emulated/sw_bn254" + "github.com/consensys/gnark/std/algebra/emulated/sw_bw6761" "github.com/consensys/gnark/std/algebra/emulated/sw_emulated" "github.com/consensys/gnark/std/algebra/native/sw_bls12377" + "github.com/consensys/gnark/std/algebra/native/sw_bls24315" "github.com/consensys/gnark/std/math/emulated/emparams" ) @@ -23,9 +26,24 @@ func GetCurve[S ScalarT, G1El G1ElementT](api frontend.API) (Curve[S, G1El], err return ret, fmt.Errorf("new curve: %w", err) } *s = c + case *Curve[sw_bw6761.Scalar, sw_bw6761.G1Affine]: + c, err := sw_emulated.New[emparams.BW6761Fp, emparams.BW6761Fr](api, sw_emulated.GetBW6761Params()) + if err != nil { + return ret, fmt.Errorf("new curve: %w", err) + } + *s = c + case *Curve[sw_bls12381.Scalar, sw_bls12381.G1Affine]: + c, err := sw_emulated.New[emparams.BLS12381Fp, emparams.BLS12381Fr](api, sw_emulated.GetBLS12381Params()) + if err != nil { + return ret, fmt.Errorf("new curve: %w", err) + } + *s = c case *Curve[sw_bls12377.Scalar, sw_bls12377.G1Affine]: c := sw_bls12377.NewCurve(api) *s = c + case *Curve[sw_bls24315.Scalar, sw_bls24315.G1Affine]: + c := sw_bls24315.NewCurve(api) + *s = c default: return ret, fmt.Errorf("unknown type parametrisation") } @@ -44,9 +62,24 @@ func GetPairing[G1El G1ElementT, G2El G2ElementT, GtEl GtElementT](api frontend. return ret, fmt.Errorf("new pairing: %w", err) } *s = p + case *Pairing[sw_bw6761.G1Affine, sw_bw6761.G2Affine, sw_bw6761.GTEl]: + p, err := sw_bw6761.NewPairing(api) + if err != nil { + return ret, fmt.Errorf("new pairing: %w", err) + } + *s = p + case *Pairing[sw_bls12381.G1Affine, sw_bls12381.G2Affine, sw_bls12381.GTEl]: + p, err := sw_bls12381.NewPairing(api) + if err != nil { + return ret, fmt.Errorf("new pairing: %w", err) + } + *s = p case *Pairing[sw_bls12377.G1Affine, sw_bls12377.G2Affine, sw_bls12377.GT]: p := sw_bls12377.NewPairing(api) *s = p + case *Pairing[sw_bls24315.G1Affine, sw_bls24315.G2Affine, sw_bls24315.GT]: + p := sw_bls24315.NewPairing(api) + *s = p default: return ret, fmt.Errorf("unknown type parametrisation") } diff --git a/std/commitments/kzg/verifier_test.go b/std/commitments/kzg/verifier_test.go index 4e1eaf06ef..2fed4f36f7 100644 --- a/std/commitments/kzg/verifier_test.go +++ b/std/commitments/kzg/verifier_test.go @@ -98,6 +98,86 @@ func TestKZGVerificationEmulated(t *testing.T) { assert.CheckCircuit(&KZGVerificationCircuit[sw_bn254.Scalar, sw_bn254.G1Affine, sw_bn254.G2Affine, sw_bn254.GTEl]{}, test.WithValidAssignment(&assignment)) } +func TestKZGVerificationEmulated2(t *testing.T) { + assert := test.NewAssert(t) + + alpha, err := rand.Int(rand.Reader, ecc.BLS12_381.ScalarField()) + assert.NoError(err) + srs, err := kzg_bls12381.NewSRS(kzgSize, alpha) + assert.NoError(err) + + f := make([]fr_bls12381.Element, polynomialSize) + for i := range f { + f[i].SetRandom() + } + + com, err := kzg_bls12381.Commit(f, srs.Pk) + assert.NoError(err) + + var point fr_bls12381.Element + point.SetRandom() + proof, err := kzg_bls12381.Open(f, point, srs.Pk) + assert.NoError(err) + + if err = kzg_bls12381.Verify(&com, &proof, point, srs.Vk); err != nil { + t.Fatal("verify proof", err) + } + + wCmt, err := ValueOfCommitment[sw_bls12381.G1Affine](com) + assert.NoError(err) + wProof, err := ValueOfOpeningProof[sw_bls12381.Scalar, sw_bls12381.G1Affine](point, proof) + assert.NoError(err) + wVk, err := ValueOfVerifyingKey[sw_bls12381.G2Affine](srs.Vk) + assert.NoError(err) + + assignment := KZGVerificationCircuit[sw_bls12381.Scalar, sw_bls12381.G1Affine, sw_bls12381.G2Affine, sw_bls12381.GTEl]{ + VerifyingKey: wVk, + Commitment: wCmt, + OpeningProof: wProof, + } + assert.CheckCircuit(&KZGVerificationCircuit[sw_bls12381.Scalar, sw_bls12381.G1Affine, sw_bls12381.G2Affine, sw_bls12381.GTEl]{}, test.WithValidAssignment(&assignment)) +} + +func TestKZGVerificationEmulated3(t *testing.T) { + assert := test.NewAssert(t) + + alpha, err := rand.Int(rand.Reader, ecc.BW6_761.ScalarField()) + assert.NoError(err) + srs, err := kzg_bw6761.NewSRS(kzgSize, alpha) + assert.NoError(err) + + f := make([]fr_bw6761.Element, polynomialSize) + for i := range f { + f[i].SetRandom() + } + + com, err := kzg_bw6761.Commit(f, srs.Pk) + assert.NoError(err) + + var point fr_bw6761.Element + point.SetRandom() + proof, err := kzg_bw6761.Open(f, point, srs.Pk) + assert.NoError(err) + + if err = kzg_bw6761.Verify(&com, &proof, point, srs.Vk); err != nil { + t.Fatal("verify proof", err) + } + + wCmt, err := ValueOfCommitment[sw_bw6761.G1Affine](com) + assert.NoError(err) + wProof, err := ValueOfOpeningProof[sw_bw6761.Scalar, sw_bw6761.G1Affine](point, proof) + assert.NoError(err) + wVk, err := ValueOfVerifyingKey[sw_bw6761.G2Affine](srs.Vk) + assert.NoError(err) + + assignment := KZGVerificationCircuit[sw_bw6761.Scalar, sw_bw6761.G1Affine, sw_bw6761.G2Affine, sw_bw6761.GTEl]{ + VerifyingKey: wVk, + Commitment: wCmt, + OpeningProof: wProof, + } + assert.CheckCircuit(&KZGVerificationCircuit[sw_bw6761.Scalar, sw_bw6761.G1Affine, sw_bw6761.G2Affine, sw_bw6761.GTEl]{}, test.WithValidAssignment(&assignment), test.WithCurves(ecc.BN254)) +} + func TestKZGVerificationTwoChain(t *testing.T) { assert := test.NewAssert(t) @@ -139,6 +219,47 @@ func TestKZGVerificationTwoChain(t *testing.T) { assert.CheckCircuit(&KZGVerificationCircuit[sw_bls12377.Scalar, sw_bls12377.G1Affine, sw_bls12377.G2Affine, sw_bls12377.GT]{}, test.WithValidAssignment(&assignment), test.WithCurves(ecc.BW6_761)) } +func TestKZGVerificationTwoChain2(t *testing.T) { + assert := test.NewAssert(t) + + alpha, err := rand.Int(rand.Reader, ecc.BLS24_315.ScalarField()) + assert.NoError(err) + srs, err := kzg_bls24315.NewSRS(kzgSize, alpha) + assert.NoError(err) + + f := make([]fr_bls24315.Element, polynomialSize) + for i := range f { + f[i].SetRandom() + } + + com, err := kzg_bls24315.Commit(f, srs.Pk) + assert.NoError(err) + + var point fr_bls24315.Element + point.SetRandom() + proof, err := kzg_bls24315.Open(f, point, srs.Pk) + assert.NoError(err) + + if err = kzg_bls24315.Verify(&com, &proof, point, srs.Vk); err != nil { + t.Fatal("verify proof", err) + } + + wCmt, err := ValueOfCommitment[sw_bls24315.G1Affine](com) + assert.NoError(err) + wProof, err := ValueOfOpeningProof[sw_bls24315.Scalar, sw_bls24315.G1Affine](point, proof) + assert.NoError(err) + wVk, err := ValueOfVerifyingKey[sw_bls24315.G2Affine](srs.Vk) + assert.NoError(err) + + assignment := KZGVerificationCircuit[sw_bls24315.Scalar, sw_bls24315.G1Affine, sw_bls24315.G2Affine, sw_bls24315.GT]{ + VerifyingKey: wVk, + Commitment: wCmt, + OpeningProof: wProof, + } + + assert.CheckCircuit(&KZGVerificationCircuit[sw_bls24315.Scalar, sw_bls24315.G1Affine, sw_bls24315.G2Affine, sw_bls24315.GT]{}, test.WithValidAssignment(&assignment), test.WithCurves(ecc.BW6_633)) +} + func TestValueOfCommitment(t *testing.T) { assert := test.NewAssert(t) assert.Run(func(assert *test.Assert) {