Add kzg4844 package

restricted/crypto/kzg4844/kzg4844.go

@@ -0,0 +1,110 @@
+// Copyright 2023 The go-ethereum Authors
+// This file is part of the go-ethereum library.
+//
+// The go-ethereum library is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Lesser General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// The go-ethereum library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
+
+// Package kzg4844 implements the KZG crypto for EIP-4844.
+package kzg4844
+
+import (
+	"embed"
+	"errors"
+	"sync/atomic"
+)
+
+//go:embed trusted_setup.json
+var content embed.FS
+
+// Blob represents a 4844 data blob.
+type Blob [131072]byte
+
+// Commitment is a serialized commitment to a polynomial.
+type Commitment [48]byte
+
+// Proof is a serialized commitment to the quotient polynomial.
+type Proof [48]byte
+
+// Point is a BLS field element.
+type Point [32]byte
+
+// Claim is a claimed evaluation value in a specific point.
+type Claim [32]byte
+
+// useCKZG controls whether the cryptography should use the Go or C backend.
+var useCKZG atomic.Bool
+
+// UseCKZG can be called to switch the default Go implementation of KZG to the C
+// library if fo some reason the user wishes to do so (e.g. consensus bug in one
+// or the other).
+func UseCKZG(use bool) error {
+	if use && !ckzgAvailable {
+		return errors.New("CKZG unavailable on your platform")
+	}
+	useCKZG.Store(use)
+
+	// Initializing the library can take 2-4 seconds - and can potentially crash
+	// on CKZG and non-ADX CPUs - so might as well do it now and don't wait until
+	// a crypto operation is actually needed live.
+	if use {
+		ckzgIniter.Do(ckzgInit)
+	} else {
+		gokzgIniter.Do(gokzgInit)
+	}
+	return nil
+}
+
+// BlobToCommitment creates a small commitment out of a data blob.
+func BlobToCommitment(blob Blob) (Commitment, error) {
+	if useCKZG.Load() {
+		return ckzgBlobToCommitment(blob)
+	}
+	return gokzgBlobToCommitment(blob)
+}
+
+// ComputeProof computes the KZG proof at the given point for the polynomial
+// represented by the blob.
+func ComputeProof(blob Blob, point Point) (Proof, Claim, error) {
+	if useCKZG.Load() {
+		return ckzgComputeProof(blob, point)
+	}
+	return gokzgComputeProof(blob, point)
+}
+
+// VerifyProof verifies the KZG proof that the polynomial represented by the blob
+// evaluated at the given point is the claimed value.
+func VerifyProof(commitment Commitment, point Point, claim Claim, proof Proof) error {
+	if useCKZG.Load() {
+		return ckzgVerifyProof(commitment, point, claim, proof)
+	}
+	return gokzgVerifyProof(commitment, point, claim, proof)
+}
+
+// ComputeBlobProof returns the KZG proof that is used to verify the blob against
+// the commitment.
+//
+// This method does not verify that the commitment is correct with respect to blob.
+func ComputeBlobProof(blob Blob, commitment Commitment) (Proof, error) {
+	if useCKZG.Load() {
+		return ckzgComputeBlobProof(blob, commitment)
+	}
+	return gokzgComputeBlobProof(blob, commitment)
+}
+
+// VerifyBlobProof verifies that the blob data corresponds to the provided commitment.
+func VerifyBlobProof(blob Blob, commitment Commitment, proof Proof) error {
+	if useCKZG.Load() {
+		return ckzgVerifyBlobProof(blob, commitment, proof)
+	}
+	return gokzgVerifyBlobProof(blob, commitment, proof)
+}

restricted/crypto/kzg4844/kzg4844_ckzg_cgo.go

@@ -0,0 +1,127 @@
+// Copyright 2023 The go-ethereum Authors
+// This file is part of the go-ethereum library.
+//
+// The go-ethereum library is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Lesser General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// The go-ethereum library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
+
+//go:build ckzg && !nacl && !js && cgo && !gofuzz
+
+package kzg4844
+
+import (
+	"encoding/json"
+	"errors"
+	"sync"
+
+	gokzg4844 "github.com/crate-crypto/go-kzg-4844"
+	ckzg4844 "github.com/ethereum/c-kzg-4844/bindings/go"
+	"github.com/openrelayxyz/cardinal-types/hexutil"
+)
+
+// ckzgAvailable signals whether the library was compiled into Geth.
+const ckzgAvailable = true
+
+// ckzgIniter ensures that we initialize the KZG library once before using it.
+var ckzgIniter sync.Once
+
+// ckzgInit initializes the KZG library with the provided trusted setup.
+func ckzgInit() {
+	config, err := content.ReadFile("trusted_setup.json")
+	if err != nil {
+		panic(err)
+	}
+	params := new(gokzg4844.JSONTrustedSetup)
+	if err = json.Unmarshal(config, params); err != nil {
+		panic(err)
+	}
+	if err = gokzg4844.CheckTrustedSetupIsWellFormed(params); err != nil {
+		panic(err)
+	}
+	g1s := make([]byte, len(params.SetupG1Lagrange)*(len(params.SetupG1Lagrange[0])-2)/2)
+	for i, g1 := range params.SetupG1Lagrange {
+		copy(g1s[i*(len(g1)-2)/2:], hexutil.MustDecode(g1))
+	}
+	g2s := make([]byte, len(params.SetupG2)*(len(params.SetupG2[0])-2)/2)
+	for i, g2 := range params.SetupG2 {
+		copy(g2s[i*(len(g2)-2)/2:], hexutil.MustDecode(g2))
+	}
+	if err = ckzg4844.LoadTrustedSetup(g1s, g2s); err != nil {
+		panic(err)
+	}
+}
+
+// ckzgBlobToCommitment creates a small commitment out of a data blob.
+func ckzgBlobToCommitment(blob Blob) (Commitment, error) {
+	ckzgIniter.Do(ckzgInit)
+
+	commitment, err := ckzg4844.BlobToKZGCommitment((ckzg4844.Blob)(blob))
+	if err != nil {
+		return Commitment{}, err
+	}
+	return (Commitment)(commitment), nil
+}
+
+// ckzgComputeProof computes the KZG proof at the given point for the polynomial
+// represented by the blob.
+func ckzgComputeProof(blob Blob, point Point) (Proof, Claim, error) {
+	ckzgIniter.Do(ckzgInit)
+
+	proof, claim, err := ckzg4844.ComputeKZGProof((ckzg4844.Blob)(blob), (ckzg4844.Bytes32)(point))
+	if err != nil {
+		return Proof{}, Claim{}, err
+	}
+	return (Proof)(proof), (Claim)(claim), nil
+}
+
+// ckzgVerifyProof verifies the KZG proof that the polynomial represented by the blob
+// evaluated at the given point is the claimed value.
+func ckzgVerifyProof(commitment Commitment, point Point, claim Claim, proof Proof) error {
+	ckzgIniter.Do(ckzgInit)
+
+	valid, err := ckzg4844.VerifyKZGProof((ckzg4844.Bytes48)(commitment), (ckzg4844.Bytes32)(point), (ckzg4844.Bytes32)(claim), (ckzg4844.Bytes48)(proof))
+	if err != nil {
+		return err
+	}
+	if !valid {
+		return errors.New("invalid proof")
+	}
+	return nil
+}
+
+// ckzgComputeBlobProof returns the KZG proof that is used to verify the blob against
+// the commitment.
+//
+// This method does not verify that the commitment is correct with respect to blob.
+func ckzgComputeBlobProof(blob Blob, commitment Commitment) (Proof, error) {
+	ckzgIniter.Do(ckzgInit)
+
+	proof, err := ckzg4844.ComputeBlobKZGProof((ckzg4844.Blob)(blob), (ckzg4844.Bytes48)(commitment))
+	if err != nil {
+		return Proof{}, err
+	}
+	return (Proof)(proof), nil
+}
+
+// ckzgVerifyBlobProof verifies that the blob data corresponds to the provided commitment.
+func ckzgVerifyBlobProof(blob Blob, commitment Commitment, proof Proof) error {
+	ckzgIniter.Do(ckzgInit)
+
+	valid, err := ckzg4844.VerifyBlobKZGProof((ckzg4844.Blob)(blob), (ckzg4844.Bytes48)(commitment), (ckzg4844.Bytes48)(proof))
+	if err != nil {
+		return err
+	}
+	if !valid {
+		return errors.New("invalid proof")
+	}
+	return nil
+}

restricted/crypto/kzg4844/kzg4844_ckzg_nocgo.go

@@ -0,0 +1,62 @@
+// Copyright 2023 The go-ethereum Authors
+// This file is part of the go-ethereum library.
+//
+// The go-ethereum library is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Lesser General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// The go-ethereum library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
+
+//go:build !ckzg || nacl || js || !cgo || gofuzz
+
+package kzg4844
+
+import "sync"
+
+// ckzgAvailable signals whether the library was compiled into Geth.
+const ckzgAvailable = false
+
+// ckzgIniter ensures that we initialize the KZG library once before using it.
+var ckzgIniter sync.Once
+
+// ckzgInit initializes the KZG library with the provided trusted setup.
+func ckzgInit() {
+	panic("unsupported platform")
+}
+
+// ckzgBlobToCommitment creates a small commitment out of a data blob.
+func ckzgBlobToCommitment(blob Blob) (Commitment, error) {
+	panic("unsupported platform")
+}
+
+// ckzgComputeProof computes the KZG proof at the given point for the polynomial
+// represented by the blob.
+func ckzgComputeProof(blob Blob, point Point) (Proof, Claim, error) {
+	panic("unsupported platform")
+}
+
+// ckzgVerifyProof verifies the KZG proof that the polynomial represented by the blob
+// evaluated at the given point is the claimed value.
+func ckzgVerifyProof(commitment Commitment, point Point, claim Claim, proof Proof) error {
+	panic("unsupported platform")
+}
+
+// ckzgComputeBlobProof returns the KZG proof that is used to verify the blob against
+// the commitment.
+//
+// This method does not verify that the commitment is correct with respect to blob.
+func ckzgComputeBlobProof(blob Blob, commitment Commitment) (Proof, error) {
+	panic("unsupported platform")
+}
+
+// ckzgVerifyBlobProof verifies that the blob data corresponds to the provided commitment.
+func ckzgVerifyBlobProof(blob Blob, commitment Commitment, proof Proof) error {
+	panic("unsupported platform")
+}

restricted/crypto/kzg4844/kzg4844_gokzg.go

@@ -0,0 +1,98 @@
+// Copyright 2023 The go-ethereum Authors
+// This file is part of the go-ethereum library.
+//
+// The go-ethereum library is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Lesser General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// The go-ethereum library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
+
+package kzg4844
+
+import (
+	"encoding/json"
+	"sync"
+
+	gokzg4844 "github.com/crate-crypto/go-kzg-4844"
+)
+
+// context is the crypto primitive pre-seeded with the trusted setup parameters.
+var context *gokzg4844.Context
+
+// gokzgIniter ensures that we initialize the KZG library once before using it.
+var gokzgIniter sync.Once
+
+// gokzgInit initializes the KZG library with the provided trusted setup.
+func gokzgInit() {
+	config, err := content.ReadFile("trusted_setup.json")
+	if err != nil {
+		panic(err)
+	}
+	params := new(gokzg4844.JSONTrustedSetup)
+	if err = json.Unmarshal(config, params); err != nil {
+		panic(err)
+	}
+	context, err = gokzg4844.NewContext4096(params)
+	if err != nil {
+		panic(err)
+	}
+}
+
+// gokzgBlobToCommitment creates a small commitment out of a data blob.
+func gokzgBlobToCommitment(blob Blob) (Commitment, error) {
+	gokzgIniter.Do(gokzgInit)
+
+	commitment, err := context.BlobToKZGCommitment((gokzg4844.Blob)(blob), 0)
+	if err != nil {
+		return Commitment{}, err
+	}
+	return (Commitment)(commitment), nil
+}
+
+// gokzgComputeProof computes the KZG proof at the given point for the polynomial
+// represented by the blob.
+func gokzgComputeProof(blob Blob, point Point) (Proof, Claim, error) {
+	gokzgIniter.Do(gokzgInit)
+
+	proof, claim, err := context.ComputeKZGProof((gokzg4844.Blob)(blob), (gokzg4844.Scalar)(point), 0)
+	if err != nil {
+		return Proof{}, Claim{}, err
+	}
+	return (Proof)(proof), (Claim)(claim), nil
+}
+
+// gokzgVerifyProof verifies the KZG proof that the polynomial represented by the blob
+// evaluated at the given point is the claimed value.
+func gokzgVerifyProof(commitment Commitment, point Point, claim Claim, proof Proof) error {
+	gokzgIniter.Do(gokzgInit)
+
+	return context.VerifyKZGProof((gokzg4844.KZGCommitment)(commitment), (gokzg4844.Scalar)(point), (gokzg4844.Scalar)(claim), (gokzg4844.KZGProof)(proof))
+}
+
+// gokzgComputeBlobProof returns the KZG proof that is used to verify the blob against
+// the commitment.
+//
+// This method does not verify that the commitment is correct with respect to blob.
+func gokzgComputeBlobProof(blob Blob, commitment Commitment) (Proof, error) {
+	gokzgIniter.Do(gokzgInit)
+
+	proof, err := context.ComputeBlobKZGProof((gokzg4844.Blob)(blob), (gokzg4844.KZGCommitment)(commitment), 0)
+	if err != nil {
+		return Proof{}, err
+	}
+	return (Proof)(proof), nil
+}
+
+// gokzgVerifyBlobProof verifies that the blob data corresponds to the provided commitment.
+func gokzgVerifyBlobProof(blob Blob, commitment Commitment, proof Proof) error {
+	gokzgIniter.Do(gokzgInit)
+
+	return context.VerifyBlobKZGProof((gokzg4844.Blob)(blob), (gokzg4844.KZGCommitment)(commitment), (gokzg4844.KZGProof)(proof))
+}

restricted/crypto/kzg4844/kzg4844_test.go

@@ -0,0 +1,195 @@
+// Copyright 2023 The go-ethereum Authors
+// This file is part of the go-ethereum library.
+//
+// The go-ethereum library is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Lesser General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// The go-ethereum library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
+
+package kzg4844
+
+import (
+	"crypto/rand"
+	"testing"
+
+	"github.com/consensys/gnark-crypto/ecc/bls12-381/fr"
+	gokzg4844 "github.com/crate-crypto/go-kzg-4844"
+)
+
+func randFieldElement() [32]byte {
+	bytes := make([]byte, 32)
+	_, err := rand.Read(bytes)
+	if err != nil {
+		panic("failed to get random field element")
+	}
+	var r fr.Element
+	r.SetBytes(bytes)
+
+	return gokzg4844.SerializeScalar(r)
+}
+
+func randBlob() Blob {
+	var blob Blob
+	for i := 0; i < len(blob); i += gokzg4844.SerializedScalarSize {
+		fieldElementBytes := randFieldElement()
+		copy(blob[i:i+gokzg4844.SerializedScalarSize], fieldElementBytes[:])
+	}
+	return blob
+}
+
+func TestCKZGWithPoint(t *testing.T)  { testKZGWithPoint(t, true) }
+func TestGoKZGWithPoint(t *testing.T) { testKZGWithPoint(t, false) }
+func testKZGWithPoint(t *testing.T, ckzg bool) {
+	if ckzg && !ckzgAvailable {
+		t.Skip("CKZG unavailable in this test build")
+	}
+	defer func(old bool) { useCKZG.Store(old) }(useCKZG.Load())
+	useCKZG.Store(ckzg)
+
+	blob := randBlob()
+
+	commitment, err := BlobToCommitment(blob)
+	if err != nil {
+		t.Fatalf("failed to create KZG commitment from blob: %v", err)
+	}
+	point := randFieldElement()
+	proof, claim, err := ComputeProof(blob, point)
+	if err != nil {
+		t.Fatalf("failed to create KZG proof at point: %v", err)
+	}
+	if err := VerifyProof(commitment, point, claim, proof); err != nil {
+		t.Fatalf("failed to verify KZG proof at point: %v", err)
+	}
+}
+
+func TestCKZGWithBlob(t *testing.T)  { testKZGWithBlob(t, true) }
+func TestGoKZGWithBlob(t *testing.T) { testKZGWithBlob(t, false) }
+func testKZGWithBlob(t *testing.T, ckzg bool) {
+	if ckzg && !ckzgAvailable {
+		t.Skip("CKZG unavailable in this test build")
+	}
+	defer func(old bool) { useCKZG.Store(old) }(useCKZG.Load())
+	useCKZG.Store(ckzg)
+
+	blob := randBlob()
+
+	commitment, err := BlobToCommitment(blob)
+	if err != nil {
+		t.Fatalf("failed to create KZG commitment from blob: %v", err)
+	}
+	proof, err := ComputeBlobProof(blob, commitment)
+	if err != nil {
+		t.Fatalf("failed to create KZG proof for blob: %v", err)
+	}
+	if err := VerifyBlobProof(blob, commitment, proof); err != nil {
+		t.Fatalf("failed to verify KZG proof for blob: %v", err)
+	}
+}
+
+func BenchmarkCKZGBlobToCommitment(b *testing.B)  { benchmarkBlobToCommitment(b, true) }
+func BenchmarkGoKZGBlobToCommitment(b *testing.B) { benchmarkBlobToCommitment(b, false) }
+func benchmarkBlobToCommitment(b *testing.B, ckzg bool) {
+	if ckzg && !ckzgAvailable {
+		b.Skip("CKZG unavailable in this test build")
+	}
+	defer func(old bool) { useCKZG.Store(old) }(useCKZG.Load())
+	useCKZG.Store(ckzg)
+
+	blob := randBlob()
+
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		BlobToCommitment(blob)
+	}
+}
+
+func BenchmarkCKZGComputeProof(b *testing.B)  { benchmarkComputeProof(b, true) }
+func BenchmarkGoKZGComputeProof(b *testing.B) { benchmarkComputeProof(b, false) }
+func benchmarkComputeProof(b *testing.B, ckzg bool) {
+	if ckzg && !ckzgAvailable {
+		b.Skip("CKZG unavailable in this test build")
+	}
+	defer func(old bool) { useCKZG.Store(old) }(useCKZG.Load())
+	useCKZG.Store(ckzg)
+
+	var (
+		blob  = randBlob()
+		point = randFieldElement()
+	)
+
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		ComputeProof(blob, point)
+	}
+}
+
+func BenchmarkCKZGVerifyProof(b *testing.B)  { benchmarkVerifyProof(b, true) }
+func BenchmarkGoKZGVerifyProof(b *testing.B) { benchmarkVerifyProof(b, false) }
+func benchmarkVerifyProof(b *testing.B, ckzg bool) {
+	if ckzg && !ckzgAvailable {
+		b.Skip("CKZG unavailable in this test build")
+	}
+	defer func(old bool) { useCKZG.Store(old) }(useCKZG.Load())
+	useCKZG.Store(ckzg)
+
+	var (
+		blob            = randBlob()
+		point           = randFieldElement()
+		commitment, _   = BlobToCommitment(blob)
+		proof, claim, _ = ComputeProof(blob, point)
+	)
+
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		VerifyProof(commitment, point, claim, proof)
+	}
+}
+
+func BenchmarkCKZGComputeBlobProof(b *testing.B)  { benchmarkComputeBlobProof(b, true) }
+func BenchmarkGoKZGComputeBlobProof(b *testing.B) { benchmarkComputeBlobProof(b, false) }
+func benchmarkComputeBlobProof(b *testing.B, ckzg bool) {
+	if ckzg && !ckzgAvailable {
+		b.Skip("CKZG unavailable in this test build")
+	}
+	defer func(old bool) { useCKZG.Store(old) }(useCKZG.Load())
+	useCKZG.Store(ckzg)
+
+	var (
+		blob          = randBlob()
+		commitment, _ = BlobToCommitment(blob)
+	)
+
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		ComputeBlobProof(blob, commitment)
+	}
+}
+
+func BenchmarkCKZGVerifyBlobProof(b *testing.B)  { benchmarkVerifyBlobProof(b, true) }
+func BenchmarkGoKZGVerifyBlobProof(b *testing.B) { benchmarkVerifyBlobProof(b, false) }
+func benchmarkVerifyBlobProof(b *testing.B, ckzg bool) {
+	if ckzg && !ckzgAvailable {
+		b.Skip("CKZG unavailable in this test build")
+	}
+	defer func(old bool) { useCKZG.Store(old) }(useCKZG.Load())
+	useCKZG.Store(ckzg)
+
+	var (
+		blob          = randBlob()
+		commitment, _ = BlobToCommitment(blob)
+		proof, _      = ComputeBlobProof(blob, commitment)
+	)
+
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		VerifyBlobProof(blob, commitment, proof)
+	}
+}