From 8cdd4f9a9d17b10be3956c44607fcec41a91523b Mon Sep 17 00:00:00 2001
From: Mamy Ratsimbazafy <mamy_github@numforge.co>
Date: Thu, 14 Sep 2023 21:08:10 +0200
Subject: [PATCH] pass compute_blob_kzg_proof tests

---
 ...eum_eip4844_kzg_polynomial_commitments.nim | 45 +++++++++++++++++--
 tests/t_ethereum_eip4844_deneb_kzg.nim        | 23 +++++++++-
 2 files changed, 64 insertions(+), 4 deletions(-)

diff --git a/constantine/ethereum_eip4844_kzg_polynomial_commitments.nim b/constantine/ethereum_eip4844_kzg_polynomial_commitments.nim
index 4530aadc1..1bd8ab65a 100644
--- a/constantine/ethereum_eip4844_kzg_polynomial_commitments.nim
+++ b/constantine/ethereum_eip4844_kzg_polynomial_commitments.nim
@@ -110,9 +110,9 @@ func fiatShamirChallenge(dst: var Fr[BLS12_381], blob: Blob, commitmentBytes: ar
 
   transcript.update(FIAT_SHAMIR_PROTOCOL_DOMAIN)
 
-  # Append the degree of polynomial as a domain separator
-  transcript.update(FIELD_ELEMENTS_PER_BLOB.uint64.toBytes(bigEndian))
+  # Append the degree of polynomial as 16-byte big-endian integer as a domain separator
   transcript.update(default(array[16-sizeof(uint64), byte]))
+  transcript.update(FIELD_ELEMENTS_PER_BLOB.uint64.toBytes(bigEndian))
 
   transcript.update(blob)
   transcript.update(commitmentBytes)
@@ -315,7 +315,7 @@ func compute_kzg_proof*(
     proof, y,
     poly[], ctx.domain,
     z, ctx.srs_lagrange_g1,
-    bitreversedDomain = true)
+    isBitReversedDomain = true)
 
   discard proof_bytes.serialize_g1_compressed(proof) # cannot fail
   y_bytes.marshal(y, bigEndian) # cannot fail
@@ -349,6 +349,45 @@ func verify_kzg_proof*(
   else:
     return cttEthKZG_VerificationFailure
 
+func compute_blob_kzg_proof*(
+       ctx: ptr EthereumKZGContext,
+       proof_bytes: var array[48, byte],
+       blob: ptr Blob,
+       commitment_bytes: array[48, byte]): CttEthKzgStatus =
+  ## Given a blob, return the KZG proof that is used to verify it against the commitment.
+  ## This method does not verify that the commitment is correct with respect to `blob`.
+
+  var commitment {.noInit.}: KZGCommitment
+  check commitment.bytes_to_kzg_commitment(commitment_bytes)
+
+  # Blob -> Polynomial
+  let poly = allocHeapAligned(PolynomialEval[FIELD_ELEMENTS_PER_BLOB, Fr[BLS12_381]], 64)
+  var status = poly.blob_to_field_polynomial(blob)
+  if status == cttCodecScalar_ScalarLargerThanCurveOrder:
+    freeHeap(poly)
+    return cttEthKZG_ScalarLargerThanCurveOrder
+  elif status != cttCodecScalar_Success:
+    debugEcho "Unreachable status in compute_kzg_proof: ", status
+    debugEcho "Panicking ..."
+    quit 1
+
+  var challenge {.noInit.}: Fr[BLS12_381]
+  challenge.fiatShamirChallenge(blob[], commitment_bytes)
+
+  var y {.noInit.}: Fr[BLS12_381]                         # y = p(z), eval at challenge z
+  var proof {.noInit.}: ECP_ShortW_Aff[Fp[BLS12_381], G1] # [proof]₁ = [(p(τ) - p(z)) / (τ-z)]₁
+
+  kzg_prove(
+    proof, y,
+    poly[], ctx.domain,
+    challenge, ctx.srs_lagrange_g1,
+    isBitReversedDomain = true)
+
+  discard proof_bytes.serialize_g1_compressed(proof) # cannot fail
+
+  freeHeap(poly)
+  return cttEthKZG_Success
+
 # Ethereum Trusted Setup
 # ------------------------------------------------------------
 
diff --git a/tests/t_ethereum_eip4844_deneb_kzg.nim b/tests/t_ethereum_eip4844_deneb_kzg.nim
index 2a6ff6a99..972a02ebb 100644
--- a/tests/t_ethereum_eip4844_deneb_kzg.nim
+++ b/tests/t_ethereum_eip4844_deneb_kzg.nim
@@ -58,7 +58,7 @@ template testGen*(name, testData: untyped, body: untyped): untyped {.dirty.} =
     var skipped = 0
     const testdir = TestVectorsDir / astToStr(name)/"small"
     for dir, file in walkTests(testdir, skipped):
-      stdout.write("       " & astToStr(name) & " test: " & alignLeft(file, 70))
+      stdout.write("       " & alignLeft(astToStr(name) & " test:", 36) & alignLeft(file, 90))
       let testData = loadVectors(dir/file)
 
       body
@@ -142,6 +142,24 @@ testGen(verify_kzg_proof, testVector):
   else:
     doAssert testVector["output"].content == "null"
 
+testGen(compute_blob_kzg_proof, testVector):
+  parseAssign(blob,  32*4096, testVector["input"]["blob"].content)
+  parseAssign(commitment, 48, testVector["input"]["commitment"].content)
+
+  var proof: array[48, byte]
+
+  let status = compute_blob_kzg_proof(ctx, proof, blob[].addr, commitment[])
+  stdout.write "[" & $status & "]\n"
+
+  if status == cttEthKZG_Success:
+    parseAssign(expectedProof, 48, testVector["output"].content)
+
+    doAssert bool(proof == expectedProof[]), block:
+      "\nproof:    " & proof.toHex() &
+      "\nexpected: " & expectedProof[].toHex() & "\n"
+  else:
+    doAssert testVector["output"].content == "null"
+
 block:
   suite "Ethereum Deneb Hardfork / EIP-4844 / Proto-Danksharding / KZG Polynomial Commitments":
     let ctx = load_ethereum_kzg_test_trusted_setup_mainnet()
@@ -155,4 +173,7 @@ block:
     test "verify_kzg_proof(commitment: array[48, byte], z, y: array[32, byte], proof: array[48, byte]) -> bool":
       ctx.test_verify_kzg_proof()
 
+    test "compute_blob_kzg_proof(proof: var array[48, byte], blob: ptr array[4096, byte], commitment: array[48, byte])":
+      ctx.test_compute_blob_kzg_proof()
+
     ctx.delete()