Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/lovesh/kzg-poly-commit

Polynomial Commitments using type-3 pairings
https://github.com/lovesh/kzg-poly-commit

commitment-schemes pairings polynomial

Last synced: about 1 month ago
JSON representation

Polynomial Commitments using type-3 pairings

Host: GitHub
URL: https://github.com/lovesh/kzg-poly-commit
Owner: lovesh
License: apache-2.0
Created: 2019-11-17T08:15:35.000Z (about 5 years ago)
Default Branch: master
Last Pushed: 2019-11-29T04:41:01.000Z (about 5 years ago)
Last Synced: 2023-04-04T22:21:38.333Z (almost 2 years ago)
Topics: commitment-schemes, pairings, polynomial
Language: Rust
Homepage:
Size: 27.3 KB
Stars: 5
Watchers: 3
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # Polynomial Commitments

Based on the paper [Polynomial Commitments](https://pdfs.semanticscholar.org/31eb/add7a0109a584cfbf94b3afaa3c117c78c91.pdf) by Aniket Kate, 

Gregory Zaverucha, Ian Goldberg. The schemes from the paper are modified to work with type-3 pairings.

Since type-3 requires both groups of the bilinear map to be distinct (in addition to other conditions), another group G2 is 

introduced. As a result public key becomes twice the size of whats mentioned in the paper as now for each power of secret key, 

there is an element in both G1 and G2.  

Scheme PolyCommit_DL in section 3.2, for efficiency we can choose the public key elements in G2 (g2^{alpha^i}s) to compute commitment 

since commitment is done once for each polynomial. The witness is computed in G1 since it is computed once 

for each evaluation. Verification requires 1 exponentiation in G2 in addition to a multi-pairing. There are precomputations possible, 

look at the verification methods for comments.  

Similarly for PolyCommit_Ped in 3.3, commitment is in G1 and witness is in G2.

For more details look at the code comments.

For batch openings, look at functions `create_witness_for_batch` and `verify_eval_for_batch` in both `PolyCommit_DL` and `PolyCommit_Ped`. 

Run tests `timing_batch_witness_random_poly` in both `PolyCommit_DL` and `PolyCommit_Ped` in release mode to see the time it takes for 

creating and verifying the witness for various degree polynomials and for various batch sizes. Those tests will also do witness creation

and verification individually as well and compare the timing with batched execution.   

## TODO:

- Error handling. Start by converting asserts into errors.

- Address TODOs in code

- More documentation.