kzgceremony

package module
v0.0.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 14, 2023 License: GPL-3.0 Imports: 7 Imported by: 0

README

eth-kzg-ceremony-alt GoDoc Test

Alternative (non-official) implementation in Go of the contributor for the Ethereum KZG Trusted Setup Ceremony.

The purpose of this repo is to use it to contribute to the upcoming Ethereum KZG Trusted Setup Ceremony, without using the official implementation.

The Ceremony is considered safe as long as there is at least one honest participant, with the idea that if you participate, assuming that you consider yourself honest, you can consider the Ceremony safe. Ethereum will run the Ceremony which will be used at least in EIP-4844.

Probably most of the contributions will be generated with the same code (official impl, which has been audited). The idea of this repo is to try to bring more diversity to the table with another independent implementation.

This implementation has been done without looking at the other impls code (except for the point parsers test vectors), in order to not be biased by that code.

This code has not been audited, use it at your own risk.

Why in Go? Ideally would have done this code using Rust & arkworks, but the official impl already uses that. This implementation uses Kilic's BLS12-381 pairing implementation.

Documents used for this implementation:

You can find more info on the logic behind the powers of tau computation & verification in these notes: http://arnaucube.com/blog/powersoftau.html

Usage

Get the binary from the releases (alternative you can compile it from source), and run:

> ./kzgceremony

eth-kzg-ceremony-alt
====================

Usage of ./kzgceremony:
  -u, --url string       sequencer url (default "https://seq.ceremony.ethereum.org")
  -r, --rand string      randomness, needs to be bigger than 64 bytes
  -s, --sleeptime uint   time (seconds) sleeping before trying again to be the next contributor (default 30)

So for example, run your contribution with:

./kzgceremony -r "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod"

(where the "Lorem ipsum..." is your source of randomness)

Documentation

Index

Constants

View Source 
const MinRandomnessLen = 64

MinRandomnessLen is the minimum accepted length for the user defined randomness

Variables

This section is empty.

Functions

func Contribute 

func Contribute(prevSRS *SRS, round int, randomness []byte) (*SRS, *Proof, error)

Contribute takes as input the previous SRS and a random byte slice, and returns the new SRS together with the Proof

func VerifyNewSRSFromPrevSRS added in v0.0.4 

func VerifyNewSRSFromPrevSRS(prevSRS, newSRS *SRS, proof *Proof) bool

VerifyNewSRSFromPrevSRS checks the correct computation of the new SRS respectively from the previous SRS. These are the checks that the Sequencer would do.

func VerifyState added in v0.0.4 

func VerifyState(s *State) bool

VerifyState acts similarly to VerifyNewSRSFromPrevSRS, but verifying the given State (which can be obtained from the Sequencer)

Types

type BatchContribution 

type BatchContribution struct {
	Contributions []Contribution
}

BatchContribution represents the data structure obtained from the Sequencer at the /contribute endpoint

func (*BatchContribution) Contribute 

func (pb *BatchContribution) Contribute(randomness []byte) (*BatchContribution, error)

Contribute takes the last BatchContribution and computes a new BatchContribution using the defined randomness

func (BatchContribution) MarshalJSON 

func (c BatchContribution) MarshalJSON() ([]byte, error)

MarshalJSON implements the BatchContribution json marshaler, compatible with the official Ethereum KZG Ceremony formats

func (*BatchContribution) UnmarshalJSON 

func (c *BatchContribution) UnmarshalJSON(b []byte) error

UnmarshalJSON implements the BatchContribution json unmarshaler, compatible with the official Ethereum KZG Ceremony formats

type Contribution 

type Contribution struct {
	NumG1Powers uint64
	NumG2Powers uint64
	PowersOfTau *SRS
	PotPubKey   *bls12381.PointG2
}

type Proof 

type Proof struct {
	G2P    *bls12381.PointG2 // g₂ᵖ
	G1PTau *bls12381.PointG1 // g₂^τ' = g₂^{p ⋅ τ}
}

Proof contains g₂ᵖ and g₂^τ', used by the verifier

type SRS 

type SRS struct {
	G1Powers []*bls12381.PointG1
	G2Powers []*bls12381.PointG2
}

SRS contains the powers of tau in G1 & G2, eg. [τ'⁰]₁, [τ'¹]₁, [τ'²]₁, ..., [τ'ⁿ⁻¹]₁, [τ'⁰]₂, [τ'¹]₂, [τ'²]₂, ..., [τ'ⁿ⁻¹]₂

type State 

type State struct {
	Transcripts                []Transcript
	ParticipantIDs             []string // WIP
	ParticipantECDSASignatures []string
}

State represents the data structure obtained from the Sequencer at the /info/current_state endpoint

func (*State) Contribute 

func (cs *State) Contribute(randomness []byte) (*State, error)

Contribute takes the last State and computes a new State using the defined randomness

func (State) MarshalJSON 

func (s State) MarshalJSON() ([]byte, error)

MarshalJSON implements the State json marshaler, compatible with the official Ethereum KZG Ceremony formats

func (*State) UnmarshalJSON 

func (s *State) UnmarshalJSON(b []byte) error

UnmarshalJSON implements the State json unmarshaler, compatible with the official Ethereum KZG Ceremony formats

type Transcript 

type Transcript struct {
	NumG1Powers uint64
	NumG2Powers uint64
	PowersOfTau *SRS
	Witness     *Witness
}

type Witness 

type Witness struct {
	RunningProducts []*bls12381.PointG1
	PotPubKeys      []*bls12381.PointG2
	BLSSignatures   []*bls12381.PointG1
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.