Merge pull request #17 from reilabs/wz/4844-versioned-hash

insertion_circuit: use versioned KZG hash
reilabs · Aug 30, 2024 · 568b3bb · 568b3bb
2 parents cd49443 + 12462b1
commit 568b3bb
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 15 deletions.
diff --git a/main_test.go b/main_test.go
@@ -103,10 +103,11 @@ func TestInsertionHappyPath(t *testing.T) {
 		t.Fatal(err)
 	}
 
+	versionedKzgHash := prover.KzgToVersionedHash(ir.Commitment4844)
 	publicWitness, err := frontend.NewWitness(&prover.InsertionMbuCircuit{
 		InputHash:          ir.InputHash,
-		ExpectedEvaluation: ir.ExpectedEvaluation[:],
-		Commitment4844:     ir.Commitment4844[:],
+		ExpectedEvaluation: *prover.BytesToBn254BigInt(ir.ExpectedEvaluation[:]),
+		Commitment4844:     *prover.BytesToBn254BigInt(versionedKzgHash[:]),
 		StartIndex:         params.StartIndex,
 		PreRoot:            params.PreRoot,
 		PostRoot:           params.PostRoot,

diff --git a/prover/circuit_utils.go b/prover/circuit_utils.go
@@ -1,6 +1,7 @@
 package prover
 
 import (
+	"crypto/sha256"
 	"fmt"
 	"io"
 	"math"
@@ -320,8 +321,8 @@ func identitiesToBlob(ids []big.Int) *gokzg4844.Blob {
 	return &blob
 }
 
-// bytesToBn254BigInt converts a slice of bytes to a *big.Int and reduces it by BN254 modulus
-func bytesToBn254BigInt(b []byte) *big.Int {
+// BytesToBn254BigInt converts a slice of bytes to a *big.Int and reduces it by BN254 modulus
+func BytesToBn254BigInt(b []byte) *big.Int {
 	n := new(big.Int).SetBytes(b)
 	modulus := bn254fr.Modulus()
 	return n.Mod(n, modulus)
@@ -338,7 +339,7 @@ func bigIntsToChallenge(input []big.Int) (challenge gokzg4844.Scalar) {
 	}
 
 	// Reduce keccak because gokzg4844 API expects that
-	hashBytes := bytesToBn254BigInt(keccak256.Hash(inputBytes)).Bytes()
+	hashBytes := BytesToBn254BigInt(keccak256.Hash(inputBytes)).Bytes()
 
 	copy(challenge[:], hashBytes)
 	return challenge
@@ -352,3 +353,11 @@ func treeDepth(leavesCount int) (height int) {
 	height = int(math.Ceil(math.Log2(float64(leavesCount))))
 	return
 }
+
+// KzgToVersionedHash converts a KZG commitment to a versioned hash.
+// Implementation as per https://github.com/ethereum/EIPs/blob/master/EIPS/eip-4844.md#helpers
+func KzgToVersionedHash(commitment gokzg4844.KZGCommitment) (hash [32]byte) {
+	hash = sha256.Sum256(commitment[:])
+	hash[0] = 0x01 // magic number, must be there
+	return
+}
diff --git a/prover/insertion_circuit_test.go b/prover/insertion_circuit_test.go
@@ -32,16 +32,17 @@ func TestInsertionCircuit(t *testing.T) {
 		smallTree.Update(i, id)
 	}
 	incomingIdsTreeRoot := smallTree.Root()
-	incomingIdsTreeRoot = *bytesToBn254BigInt(incomingIdsTreeRoot.Bytes())
+	incomingIdsTreeRoot = *BytesToBn254BigInt(incomingIdsTreeRoot.Bytes())
 
 	ctx, err := gokzg4844.NewContext4096Secure()
 	require.NoError(t, err)
 	blob := identitiesToBlob(incomingIds)
 	commitment, err := ctx.BlobToKZGCommitment(blob, numGoRoutines)
 	require.NoError(t, err)
-	commitment4844 := *bytesToBn254BigInt(commitment[:])
+	versionedKzgHash := KzgToVersionedHash(commitment)
+	versionedKzgHashReduced := *BytesToBn254BigInt(versionedKzgHash[:])
 
-	challenge := bigIntsToChallenge([]big.Int{incomingIdsTreeRoot, commitment4844})
+	challenge := bigIntsToChallenge([]big.Int{incomingIdsTreeRoot, versionedKzgHashReduced})
 	proof, evaluation, err := ctx.ComputeKZGProof(blob, challenge, numGoRoutines)
 	require.NoError(t, err)
 	err = ctx.VerifyKZGProof(commitment, challenge, evaluation, proof)
@@ -75,8 +76,8 @@ func TestInsertionCircuit(t *testing.T) {
 
 	assignment := InsertionMbuCircuit{
 		InputHash:          incomingIdsTreeRoot,
-		ExpectedEvaluation: evaluation[:],
-		Commitment4844:     commitment4844,
+		ExpectedEvaluation: *BytesToBn254BigInt(evaluation[:]),
+		Commitment4844:     versionedKzgHashReduced,
 		StartIndex:         existingUsersCount,
 		PreRoot:            preRoot,
 		PostRoot:           postRoot,

diff --git a/prover/insertion_proving_system.go b/prover/insertion_proving_system.go
@@ -85,7 +85,7 @@ func (ps *ProvingSystem) ProveInsertion(params *InsertionParameters) (*Insertion
 		idCommsTree.Update(i, params.IdComms[i])
 	}
 	incomingIdsTreeRoot := idCommsTree.Root()
-	incomingIdsTreeRoot = *bytesToBn254BigInt(incomingIdsTreeRoot.Bytes())
+	incomingIdsTreeRoot = *BytesToBn254BigInt(incomingIdsTreeRoot.Bytes())
 
 	proofs := make([][]frontend.Variable, ps.BatchSize)
 	for i := 0; i < int(ps.BatchSize); i++ {
@@ -106,9 +106,10 @@ func (ps *ProvingSystem) ProveInsertion(params *InsertionParameters) (*Insertion
 	if err != nil {
 		return nil, err
 	}
-	commitment4844 := *bytesToBn254BigInt(commitment[:])
+	versionedKzgHash := KzgToVersionedHash(commitment)
+	versionedKzgHashReduced := *BytesToBn254BigInt(versionedKzgHash[:])
 
-	challenge := bigIntsToChallenge([]big.Int{incomingIdsTreeRoot, commitment4844})
+	challenge := bigIntsToChallenge([]big.Int{incomingIdsTreeRoot, versionedKzgHashReduced})
 	kzgProof, evaluation, err := ctx.ComputeKZGProof(blob, challenge, numGoRoutines)
 	if err != nil {
 		return nil, err
@@ -121,8 +122,8 @@ func (ps *ProvingSystem) ProveInsertion(params *InsertionParameters) (*Insertion
 
 	assignment := InsertionMbuCircuit{
 		InputHash:          incomingIdsTreeRoot,
-		ExpectedEvaluation: evaluation[:],
-		Commitment4844:     commitment4844,
+		ExpectedEvaluation: *BytesToBn254BigInt(evaluation[:]),
+		Commitment4844:     versionedKzgHashReduced,
 		StartIndex:         params.StartIndex,
 		PreRoot:            params.PreRoot,
 		PostRoot:           params.PostRoot,