{"id":22303555,"url":"https://github.com/lovesh/bg_poly_eval","last_synced_at":"2025-03-26T00:33:42.645Z","repository":{"id":150949728,"uuid":"235987691","full_name":"lovesh/bg_poly_eval","owner":"lovesh","description":"Zero-knowledge argument for polynomial evaluation and set (non)membership","archived":false,"fork":false,"pushed_at":"2020-01-24T13:13:18.000Z","size":14,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-01-30T21:20:01.840Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lovesh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-01-24T11:08:13.000Z","updated_at":"2024-01-27T00:38:11.000Z","dependencies_parsed_at":"2023-05-06T19:31:18.416Z","dependency_job_id":null,"html_url":"https://github.com/lovesh/bg_poly_eval","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lovesh%2Fbg_poly_eval","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lovesh%2Fbg_poly_eval/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lovesh%2Fbg_poly_eval/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lovesh%2Fbg_poly_eval/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lovesh","download_url":"https://codeload.github.com/lovesh/bg_poly_eval/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245566105,"owners_count":20636391,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-03T18:44:13.384Z","updated_at":"2025-03-26T00:33:42.625Z","avatar_url":"https://github.com/lovesh.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# [Zero-Knowledge Argument for Polynomial Evaluation with Application to Blacklists](http://www0.cs.ucl.ac.uk/staff/J.Groth/PolynomialZK.pdf)\n\nSpecial honest verifier zero-knowledge argument of knowledge for two committed values u, v satisfying P(u) = v for a given \npolynomial P(X) of degree D. Is a 3-move sigma protocol and has logarithmic communication complexity. The polynomial evaluation argument is then used to \nprove set membership and non-membership by encoding the set as a polynomial. The degree of the resulting polynomial is equal \nto the cardinality of the set.\n\n## API\n1. To initialize a polynomial evaluation argument, use `UnivarPolyEvalArgProtocol::init`. After receiving/computing the challenge, \nuse `UnivarPolyEvalArgProtocol::respond` to generate the argument. The verifier will then use `UnivarPolyEvalArg::verify` \nto verify the argument. Look at test `test_prove_evaluation`\n    ```rust\n    let comm_key = CommitmentKey::new(\"test\".as_bytes());\n   \n    let poly = UnivarPolynomial::random(degree);\n    let u = FieldElement::random();\n    let v = poly.eval(\u0026u);\n    let protocol = UnivarPolyEvalArgProtocol::init(\u0026poly, u, v, \u0026comm_key);\n    \n    let challenge_by_prover = FieldElement::from_msg_hash(\u0026protocol.get_bytes_for_challenge(\u0026poly, \u0026comm_key));\n    let zk_argument = protocol.respond(\u0026challenge_by_prover);\n    \n    let challenge_by_verifier = FieldElement::from_msg_hash(\u0026zk_argument.get_bytes_for_challenge(\u0026poly, \u0026c_0, \u0026c_v, \u0026comm_key));\n    assert!(zk_argument.verify(\u0026challenge_by_verifier, \u0026poly, \u0026c_0, \u0026c_v, \u0026comm_key));\n    ``` \n\n1. To initialize a set membership argument, follow similar steps as the polynomial evaluation argument and use `SetMembershipProtocol::init`. \nAfter receiving/computing the challenge, use `SetMembershipProtocol::respond` to generate the argument. The verifier will \nthen use `SetMembershipProtocol::verify` to verify the argument. Look at test `test_prove_set_membership`\n    ```rust\n        let comm_key = CommitmentKey::new(\"test\".as_bytes());\n       \n        let set: Vec\u003cFieldElement\u003e = FieldElementVector::random(set_size).into();\n        // member is a member of the set, comm_member is the commitment to the member with blinding blinding_member \n        let protocol = SetMembershipProtocol::init(\u0026set, member, blinding_member, comm_member, \u0026comm_key);\n                    \n        let challenge_by_prover = FieldElement::from_msg_hash(\u0026protocol.get_bytes_for_challenge(\u0026comm_key));\n        let zk_argument = protocol.respond(\u0026challenge_by_prover);\n        \n        let challenge_by_verifier = FieldElement::from_msg_hash(\u0026zk_argument.get_bytes_for_challenge(\u0026set, \u0026comm_member, \u0026comm_key));\n        assert!(zk_argument.verify(\u0026challenge_by_verifier, \u0026set, \u0026comm_member, \u0026comm_key));\n    ``` \n\n1. Proving non membership has a similar API as membership using `SetNonMembershipProtocol`. Look at test `test_prove_set_non_membership`\n\nThe tests print timing info. Run with `cargo test --release -- --nocapture`\n\n## TODO:\n1. More documentation\n1. Tests for failure cases\n1. Handle arbitrary degree\n1. Address various TODOs for optimization\n1. Convert asserts to errors\n1. Abstract the commitment group such that the argument can be used for commitments in group G2 ","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flovesh%2Fbg_poly_eval","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flovesh%2Fbg_poly_eval","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flovesh%2Fbg_poly_eval/lists"}