Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

generators/kzg_4844: Add positive G1_POINT_AT_INFINITY test vectors #3513

Merged
merged 2 commits into from
Sep 26, 2023
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
101 changes: 87 additions & 14 deletions tests/generators/kzg_4844/main.py
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ def evaluate_blob_at(blob, z):
G1_INVALID_P1_NOT_IN_G1, G1_INVALID_P1_NOT_ON_CURVE]

BLOB_ALL_ZEROS = spec.Blob()
BLOB_ALL_TWOS = spec.Blob(b''.join([field_element_bytes(2) for n in range(4096)]))
BLOB_RANDOM_VALID1 = spec.Blob(b''.join([field_element_bytes(pow(2, n + 256, spec.BLS_MODULUS)) for n in range(4096)]))
BLOB_RANDOM_VALID2 = spec.Blob(b''.join([field_element_bytes(pow(3, n + 256, spec.BLS_MODULUS)) for n in range(4096)]))
BLOB_RANDOM_VALID3 = spec.Blob(b''.join([field_element_bytes(pow(5, n + 256, spec.BLS_MODULUS)) for n in range(4096)]))
Expand All @@ -79,7 +80,7 @@ def evaluate_blob_at(blob, z):
BLOB_INVALID_LENGTH_PLUS_ONE = BLOB_RANDOM_VALID1 + b"\x00"
BLOB_INVALID_LENGTH_MINUS_ONE = BLOB_RANDOM_VALID1[:-1]

VALID_BLOBS = [BLOB_ALL_ZEROS, BLOB_RANDOM_VALID1, BLOB_RANDOM_VALID2,
VALID_BLOBS = [BLOB_ALL_ZEROS, BLOB_ALL_TWOS, BLOB_RANDOM_VALID1, BLOB_RANDOM_VALID2,
BLOB_RANDOM_VALID3, BLOB_ALL_MODULUS_MINUS_ONE, BLOB_ALMOST_ZERO]
INVALID_BLOBS = [BLOB_INVALID, BLOB_INVALID_CLOSE, BLOB_INVALID_LENGTH_PLUS_ONE, BLOB_INVALID_LENGTH_MINUS_ONE]

Expand Down Expand Up @@ -216,19 +217,61 @@ def case03_verify_kzg_proof():

# Incorrect `G1_POINT_AT_INFINITY` proof
blob = BLOB_RANDOM_VALID1
_, y = spec.compute_kzg_proof(blob, z)
commitment = spec.blob_to_kzg_commitment(blob)
proof = spec.G1_POINT_AT_INFINITY
assert not spec.verify_kzg_proof(commitment, z, y, proof)
yield 'verify_kzg_proof_case_incorrect_proof_point_at_infinity', {
'input': {
'commitment': encode_hex(commitment),
'z': encode_hex(z),
'y': encode_hex(y),
'proof': encode_hex(proof),
},
'output': False
}
for z in VALID_FIELD_ELEMENTS:
_, y = spec.compute_kzg_proof(blob, z)
commitment = spec.blob_to_kzg_commitment(blob)
proof = spec.G1_POINT_AT_INFINITY
assert not spec.verify_kzg_proof(commitment, z, y, proof)
prefix = 'verify_kzg_proof_case_incorrect_proof_point_at_infinity'
identifier = f'{encode_hex(hash(blob))}_{encode_hex(z)}'
yield f'{prefix}_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', {
'input': {
'commitment': encode_hex(commitment),
'z': encode_hex(z),
'y': encode_hex(y),
'proof': encode_hex(proof),
},
'output': False
}

# Correct `G1_POINT_AT_INFINITY` proof for zero poly
blob = BLOB_ALL_ZEROS
for z in VALID_FIELD_ELEMENTS:
_, y = spec.compute_kzg_proof(blob, z)
commitment = spec.blob_to_kzg_commitment(blob)
proof = spec.G1_POINT_AT_INFINITY
assert spec.verify_kzg_proof(commitment, z, y, proof)
prefix = 'verify_kzg_proof_case_correct_proof_point_at_infinity_for_zero_poly'
identifier = f'{encode_hex(hash(blob))}_{encode_hex(z)}'
yield f'{prefix}_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', {
'input': {
'commitment': encode_hex(commitment),
'z': encode_hex(z),
'y': encode_hex(y),
'proof': encode_hex(proof),
},
'output': True
}

# Correct `G1_POINT_AT_INFINITY` proof for poly of all twos
blob = BLOB_ALL_TWOS
for z in VALID_FIELD_ELEMENTS:
_, y = spec.compute_kzg_proof(blob, z)
commitment = spec.blob_to_kzg_commitment(blob)
proof = spec.G1_POINT_AT_INFINITY
assert spec.verify_kzg_proof(commitment, z, y, proof)
assert y == field_element_bytes(2)
prefix = 'verify_kzg_proof_case_correct_proof_point_at_infinity_for_twos_poly'
identifier = f'{encode_hex(hash(blob))}_{encode_hex(z)}'
yield f'{prefix}_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', {
'input': {
'commitment': encode_hex(commitment),
'z': encode_hex(z),
'y': encode_hex(y),
'proof': encode_hex(proof),
},
'output': True
}

# Edge case: Invalid commitment
for commitment in INVALID_G1_POINTS:
Expand Down Expand Up @@ -384,6 +427,36 @@ def case05_verify_blob_kzg_proof():
'output': False
}

# Correct `G1_POINT_AT_INFINITY` proof and commitment for zero poly
blob = BLOB_ALL_ZEROS
asn-d6 marked this conversation as resolved.
Show resolved Hide resolved
commitment = spec.blob_to_kzg_commitment(blob)
proof = spec.G1_POINT_AT_INFINITY
assert commitment == spec.G1_POINT_AT_INFINITY
assert spec.verify_blob_kzg_proof(blob, commitment, proof)
yield 'verify_blob_kzg_proof_case_correct_proof_point_at_infinity_for_zero_poly', {
'input': {
'blob': encode_hex(blob),
'commitment': encode_hex(commitment),
'proof': encode_hex(proof),
},
'output': True
}

# Correct `G1_POINT_AT_INFINITY` proof for all twos poly
blob = BLOB_ALL_TWOS
commitment = spec.blob_to_kzg_commitment(blob)
proof = spec.G1_POINT_AT_INFINITY
assert commitment != spec.G1_POINT_AT_INFINITY
assert spec.verify_blob_kzg_proof(blob, commitment, proof)
yield 'verify_blob_kzg_proof_case_correct_proof_point_at_infinity_for_twos_poly', {
'input': {
'blob': encode_hex(blob),
'commitment': encode_hex(commitment),
'proof': encode_hex(proof),
},
'output': True
}

# Edge case: Invalid blob
for blob in INVALID_BLOBS:
proof = G1
Expand Down