From 75a011faec774145906d523bc334d3aba48b9f44 Mon Sep 17 00:00:00 2001 From: Justin Traglia Date: Thu, 18 Jul 2024 11:02:33 -0500 Subject: [PATCH 01/11] Increase column limit & run make format --- src/.clang-format | 1 + src/c_kzg_4844.c | 453 +++++++++++------------------------------- src/c_kzg_4844.h | 16 +- src/test_c_kzg_4844.c | 169 +++++----------- 4 files changed, 161 insertions(+), 478 deletions(-) diff --git a/src/.clang-format b/src/.clang-format index 86391edd9..66ea6ec78 100644 --- a/src/.clang-format +++ b/src/.clang-format @@ -10,3 +10,4 @@ BinPackArguments: False BinPackParameters: False PenaltyReturnTypeOnItsOwnLine: 1000 PenaltyBreakAssignment: 100 +ColumnLimit: 100 diff --git a/src/c_kzg_4844.c b/src/c_kzg_4844.c index ac46ed57c..03afe90c1 100644 --- a/src/c_kzg_4844.c +++ b/src/c_kzg_4844.c @@ -63,12 +63,10 @@ typedef struct { static const char *FIAT_SHAMIR_PROTOCOL_DOMAIN = "FSBLOBVERIFY_V1_"; /** The domain separator for verify_blob_kzg_proof's random challenge. */ -static const char *RANDOM_CHALLENGE_DOMAIN_VERIFY_BLOB_KZG_PROOF_BATCH = - "RCKZGBATCH___V1_"; +static const char *RANDOM_CHALLENGE_DOMAIN_VERIFY_BLOB_KZG_PROOF_BATCH = "RCKZGBATCH___V1_"; /** The domain separator for verify_cell_kzg_proof_batch's random challenge. */ -static const char *RANDOM_CHALLENGE_DOMAIN_VERIFY_CELL_KZG_PROOF_BATCH = - "RCKZGCBATCH__V1_"; +static const char *RANDOM_CHALLENGE_DOMAIN_VERIFY_CELL_KZG_PROOF_BATCH = "RCKZGCBATCH__V1_"; /** Length of the domain strings above. */ #define DOMAIN_STR_LENGTH 16 @@ -470,9 +468,7 @@ static void g2_sub(g2_t *out, const g2_t *a, const g2_t *b) { * @retval true The pairings were equal * @retval false The pairings were not equal */ -static bool pairings_verify( - const g1_t *a1, const g2_t *a2, const g1_t *b1, const g2_t *b2 -) { +static bool pairings_verify(const g1_t *a1, const g2_t *a2, const g1_t *b1, const g2_t *b2) { blst_fp12 loop0, loop1, gt_point; blst_p1_affine aa1, bb1; blst_p2_affine aa2, bb2; @@ -585,8 +581,7 @@ static C_KZG_RET validate_kzg_g1(g1_t *out, const Bytes48 *b) { /* Convert the bytes to a p1 point */ /* The uncompress routine checks that the point is on the curve */ - if (blst_p1_uncompress(&p1_affine, b->bytes) != BLST_SUCCESS) - return C_KZG_BADARGS; + if (blst_p1_uncompress(&p1_affine, b->bytes) != BLST_SUCCESS) return C_KZG_BADARGS; blst_p1_from_affine(out, &p1_affine); /* The point at infinity is accepted! */ @@ -636,8 +631,7 @@ static C_KZG_RET blob_to_polynomial(Polynomial *p, const Blob *blob) { } /* Input size to the Fiat-Shamir challenge computation. */ -#define CHALLENGE_INPUT_SIZE \ - (DOMAIN_STR_LENGTH + 16 + BYTES_PER_BLOB + BYTES_PER_COMMITMENT) +#define CHALLENGE_INPUT_SIZE (DOMAIN_STR_LENGTH + 16 + BYTES_PER_BLOB + BYTES_PER_COMMITMENT) /** * Return the Fiat-Shamir challenge required to verify `blob` and `commitment`. @@ -648,9 +642,7 @@ static C_KZG_RET blob_to_polynomial(Polynomial *p, const Blob *blob) { * * @remark This function should compute challenges even if `n == 0`. */ -static void compute_challenge( - fr_t *eval_challenge_out, const Blob *blob, const g1_t *commitment -) { +static void compute_challenge(fr_t *eval_challenge_out, const Blob *blob, const g1_t *commitment) { Bytes32 eval_challenge; uint8_t bytes[CHALLENGE_INPUT_SIZE]; @@ -692,9 +684,7 @@ static void compute_challenge( * This function computes the result naively without using Pippenger's * algorithm. */ -static void g1_lincomb_naive( - g1_t *out, const g1_t *p, const fr_t *coeffs, uint64_t len -) { +static void g1_lincomb_naive(g1_t *out, const g1_t *p, const fr_t *coeffs, uint64_t len) { g1_t tmp; *out = G1_IDENTITY; for (uint64_t i = 0; i < len; i++) { @@ -732,9 +722,7 @@ static void g1_lincomb_naive( * * We do the second of these to save memory here. */ -static C_KZG_RET g1_lincomb_fast( - g1_t *out, const g1_t *p, const fr_t *coeffs, size_t len -) { +static C_KZG_RET g1_lincomb_fast(g1_t *out, const g1_t *p, const fr_t *coeffs, size_t len) { C_KZG_RET ret; void *scratch = NULL; blst_p1 *p_filtered = NULL; @@ -796,9 +784,7 @@ static C_KZG_RET g1_lincomb_fast( /* Call the Pippenger implementation */ const byte *scalars_arg[2] = {(byte *)scalars, NULL}; const blst_p1_affine *points_arg[2] = {p_affine, NULL}; - blst_p1s_mult_pippenger( - out, points_arg, new_len, scalars_arg, BITS_PER_FIELD_ELEMENT, scratch - ); + blst_p1s_mult_pippenger(out, points_arg, new_len, scalars_arg, BITS_PER_FIELD_ELEMENT, scratch); ret = C_KZG_OK; out: @@ -900,14 +886,9 @@ static C_KZG_RET evaluate_polynomial_in_evaluation_form( * @param[in] p The polynomial to commit to * @param[in] s The trusted setup */ -static C_KZG_RET poly_to_kzg_commitment( - g1_t *out, const Polynomial *p, const KZGSettings *s -) { +static C_KZG_RET poly_to_kzg_commitment(g1_t *out, const Polynomial *p, const KZGSettings *s) { return g1_lincomb_fast( - out, - s->g1_values_lagrange_brp, - (const fr_t *)(&p->evals), - FIELD_ELEMENTS_PER_BLOB + out, s->g1_values_lagrange_brp, (const fr_t *)(&p->evals), FIELD_ELEMENTS_PER_BLOB ); } @@ -918,9 +899,7 @@ static C_KZG_RET poly_to_kzg_commitment( * @param[in] blob The blob representing the polynomial to be committed to * @param[in] s The trusted setup */ -C_KZG_RET blob_to_kzg_commitment( - KZGCommitment *out, const Blob *blob, const KZGSettings *s -) { +C_KZG_RET blob_to_kzg_commitment(KZGCommitment *out, const Blob *blob, const KZGSettings *s) { C_KZG_RET ret; Polynomial p; g1_t commitment; @@ -978,9 +957,7 @@ C_KZG_RET verify_kzg_proof( if (ret != C_KZG_OK) return ret; /* Call helper to do pairings check */ - return verify_kzg_proof_impl( - ok, &commitment_g1, &z_fr, &y_fr, &proof_g1, s - ); + return verify_kzg_proof_impl(ok, &commitment_g1, &z_fr, &y_fr, &proof_g1, s); } /** @@ -1144,10 +1121,7 @@ static C_KZG_RET compute_kzg_proof_impl( g1_t out_g1; ret = g1_lincomb_fast( - &out_g1, - s->g1_values_lagrange_brp, - (const fr_t *)(&q.evals), - FIELD_ELEMENTS_PER_BLOB + &out_g1, s->g1_values_lagrange_brp, (const fr_t *)(&q.evals), FIELD_ELEMENTS_PER_BLOB ); if (ret != C_KZG_OK) goto out; @@ -1170,10 +1144,7 @@ static C_KZG_RET compute_kzg_proof_impl( * @param[in] s The trusted setup */ C_KZG_RET compute_blob_kzg_proof( - KZGProof *out, - const Blob *blob, - const Bytes48 *commitment_bytes, - const KZGSettings *s + KZGProof *out, const Blob *blob, const Bytes48 *commitment_bytes, const KZGSettings *s ) { C_KZG_RET ret; Polynomial polynomial; @@ -1191,9 +1162,7 @@ C_KZG_RET compute_blob_kzg_proof( compute_challenge(&evaluation_challenge_fr, blob, &commitment_g1); /* Call helper function to compute proof and y */ - ret = compute_kzg_proof_impl( - out, &y, &polynomial, &evaluation_challenge_fr, s - ); + ret = compute_kzg_proof_impl(out, &y, &polynomial, &evaluation_challenge_fr, s); if (ret != C_KZG_OK) goto out; out: @@ -1236,15 +1205,11 @@ C_KZG_RET verify_blob_kzg_proof( compute_challenge(&evaluation_challenge_fr, blob, &commitment_g1); /* Evaluate challenge to get y */ - ret = evaluate_polynomial_in_evaluation_form( - &y_fr, &polynomial, &evaluation_challenge_fr, s - ); + ret = evaluate_polynomial_in_evaluation_form(&y_fr, &polynomial, &evaluation_challenge_fr, s); if (ret != C_KZG_OK) return ret; /* Call helper to do pairings check */ - return verify_kzg_proof_impl( - ok, &commitment_g1, &evaluation_challenge_fr, &y_fr, &proof_g1, s - ); + return verify_kzg_proof_impl(ok, &commitment_g1, &evaluation_challenge_fr, &y_fr, &proof_g1, s); } /** @@ -1269,10 +1234,9 @@ static C_KZG_RET compute_r_powers_for_verify_kzg_proof_batch( Bytes32 r_bytes; fr_t r; - size_t input_size = DOMAIN_STR_LENGTH + sizeof(uint64_t) + - sizeof(uint64_t) + - (n * (BYTES_PER_COMMITMENT + - 2 * BYTES_PER_FIELD_ELEMENT + BYTES_PER_PROOF)); + size_t input_size = DOMAIN_STR_LENGTH + sizeof(uint64_t) + sizeof(uint64_t) + + (n * (BYTES_PER_COMMITMENT + 2 * BYTES_PER_FIELD_ELEMENT + BYTES_PER_PROOF) + ); ret = c_kzg_malloc((void **)&bytes, input_size); if (ret != C_KZG_OK) goto out; @@ -1280,11 +1244,7 @@ static C_KZG_RET compute_r_powers_for_verify_kzg_proof_batch( uint8_t *offset = bytes; /* Copy domain separator */ - memcpy( - offset, - RANDOM_CHALLENGE_DOMAIN_VERIFY_BLOB_KZG_PROOF_BATCH, - DOMAIN_STR_LENGTH - ); + memcpy(offset, RANDOM_CHALLENGE_DOMAIN_VERIFY_BLOB_KZG_PROOF_BATCH, DOMAIN_STR_LENGTH); offset += DOMAIN_STR_LENGTH; /* Copy degree of the polynomial */ @@ -1398,9 +1358,7 @@ static C_KZG_RET verify_kzg_proof_batch( blst_p1_add_or_double(&rhs_g1, &C_minus_y_lincomb, &proof_z_lincomb); /* Do the pairing check! */ - *ok = pairings_verify( - &proof_lincomb, &s->g2_values_monomial[1], &rhs_g1, blst_p2_generator() - ); + *ok = pairings_verify(&proof_lincomb, &s->g2_values_monomial[1], &rhs_g1, blst_p2_generator()); out: c_kzg_free(r_powers); @@ -1447,9 +1405,7 @@ C_KZG_RET verify_blob_kzg_proof_batch( /* For a single blob, just do a regular single verification */ if (n == 1) { - return verify_blob_kzg_proof( - ok, &blobs[0], &commitments_bytes[0], &proofs_bytes[0], s - ); + return verify_blob_kzg_proof(ok, &blobs[0], &commitments_bytes[0], &proofs_bytes[0], s); } /* We will need a bunch of arrays to store our objects... */ @@ -1466,18 +1422,14 @@ C_KZG_RET verify_blob_kzg_proof_batch( Polynomial polynomial; /* Convert each commitment to a g1 point */ - ret = bytes_to_kzg_commitment( - &commitments_g1[i], &commitments_bytes[i] - ); + ret = bytes_to_kzg_commitment(&commitments_g1[i], &commitments_bytes[i]); if (ret != C_KZG_OK) goto out; /* Convert each blob from bytes to a poly */ ret = blob_to_polynomial(&polynomial, &blobs[i]); if (ret != C_KZG_OK) goto out; - compute_challenge( - &evaluation_challenges_fr[i], &blobs[i], &commitments_g1[i] - ); + compute_challenge(&evaluation_challenges_fr[i], &blobs[i], &commitments_g1[i]); ret = evaluate_polynomial_in_evaluation_form( &ys_fr[i], &polynomial, &evaluation_challenges_fr[i], s @@ -1532,20 +1484,13 @@ static bool is_power_of_two(uint64_t n) { * @param[in] n Length of the FFT, must be a power of two */ static void fft_g1_fast( - g1_t *out, - const g1_t *in, - uint64_t stride, - const fr_t *roots, - uint64_t roots_stride, - uint64_t n + g1_t *out, const g1_t *in, uint64_t stride, const fr_t *roots, uint64_t roots_stride, uint64_t n ) { g1_t y_times_root; uint64_t half = n / 2; if (half > 0) { /* Tunable parameter */ fft_g1_fast(out, in, stride * 2, roots, roots_stride * 2, half); - fft_g1_fast( - out + half, in + stride, stride * 2, roots, roots_stride * 2, half - ); + fft_g1_fast(out + half, in + stride, stride * 2, roots, roots_stride * 2, half); for (uint64_t i = 0; i < half; i++) { /* If the point is infinity, we can skip the calculation */ if (blst_p1_is_inf(&out[i + half])) { @@ -1555,9 +1500,7 @@ static void fft_g1_fast( if (fr_is_one(&roots[i * roots_stride])) { y_times_root = out[i + half]; } else { - g1_mul( - &y_times_root, &out[i + half], &roots[i * roots_stride] - ); + g1_mul(&y_times_root, &out[i + half], &roots[i * roots_stride]); } g1_sub(&out[i + half], &out[i], &y_times_root); blst_p1_add_or_double(&out[i], &out[i], &y_times_root); @@ -1690,9 +1633,7 @@ static uint32_t reverse_bits_limited(uint32_t n, uint32_t value) { * bit-reversing n. As opposed to reverse_bits, this bit-reversal * operates on log2(n)-bit numbers. */ -static C_KZG_RET bit_reversal_permutation( - void *values, size_t size, uint64_t n -) { +static C_KZG_RET bit_reversal_permutation(void *values, size_t size, uint64_t n) { C_KZG_RET ret; byte *tmp = NULL; byte *v = values; @@ -1734,9 +1675,7 @@ static C_KZG_RET bit_reversal_permutation( * @remark `root` must be such that `root ^ width` is equal to one, but * no smaller power of `root` is equal to one. */ -static C_KZG_RET expand_root_of_unity( - fr_t *out, const fr_t *root, uint64_t width -) { +static C_KZG_RET expand_root_of_unity(fr_t *out, const fr_t *root, uint64_t width) { uint64_t i; /* We assume it's at least two */ @@ -1784,28 +1723,19 @@ static C_KZG_RET compute_roots_of_unity(KZGSettings *s) { blst_fr_from_uint64(&root_of_unity, SCALE2_ROOT_OF_UNITY[max_scale]); /* Populate the roots of unity */ - ret = expand_root_of_unity( - s->expanded_roots_of_unity, &root_of_unity, s->max_width - ); + ret = expand_root_of_unity(s->expanded_roots_of_unity, &root_of_unity, s->max_width); if (ret != C_KZG_OK) goto out; /* Copy all but the last root to the roots of unity */ - memcpy( - s->roots_of_unity, - s->expanded_roots_of_unity, - sizeof(fr_t) * s->max_width - ); + memcpy(s->roots_of_unity, s->expanded_roots_of_unity, sizeof(fr_t) * s->max_width); /* Permute the roots of unity */ - ret = bit_reversal_permutation( - s->roots_of_unity, sizeof(fr_t), s->max_width - ); + ret = bit_reversal_permutation(s->roots_of_unity, sizeof(fr_t), s->max_width); if (ret != C_KZG_OK) goto out; /* Populate reverse roots of unity */ for (uint64_t i = 0; i <= s->max_width; i++) { - s->reverse_roots_of_unity[i] = - s->expanded_roots_of_unity[s->max_width - i]; + s->reverse_roots_of_unity[i] = s->expanded_roots_of_unity[s->max_width - i]; } out: @@ -1860,9 +1790,7 @@ void free_trusted_setup(KZGSettings *s) { * @param[in] n The length of the input vector x * @param[in] s The trusted setup */ -static C_KZG_RET toeplitz_part_1( - g1_t *out, const g1_t *x, size_t n, const KZGSettings *s -) { +static C_KZG_RET toeplitz_part_1(g1_t *out, const g1_t *x, size_t n, const KZGSettings *s) { C_KZG_RET ret; size_t n2 = n * 2; g1_t *x_ext; @@ -1949,9 +1877,7 @@ static C_KZG_RET init_fk20_multi_settings(KZGSettings *s) { if (ret != C_KZG_OK) goto out; /* Allocate space for points in affine representation */ - ret = c_kzg_calloc( - (void **)&p_affine, FIELD_ELEMENTS_PER_CELL, sizeof(blst_p1_affine) - ); + ret = c_kzg_calloc((void **)&p_affine, FIELD_ELEMENTS_PER_CELL, sizeof(blst_p1_affine)); if (ret != C_KZG_OK) goto out; /* Calculate the size of each table, this can be re-used */ @@ -1976,9 +1902,7 @@ static C_KZG_RET init_fk20_multi_settings(KZGSettings *s) { } /* Calculate the size of the scratch */ - s->scratch_size = blst_p1s_mult_wbits_scratch_sizeof( - FIELD_ELEMENTS_PER_CELL - ); + s->scratch_size = blst_p1s_mult_wbits_scratch_sizeof(FIELD_ELEMENTS_PER_CELL); } out: @@ -1995,9 +1919,7 @@ static C_KZG_RET init_fk20_multi_settings(KZGSettings *s) { * @param[in] n1 Number of `g1` points in trusted_setup * @param[in] n2 Number of `g2` points in trusted_setup */ -static C_KZG_RET is_trusted_setup_in_lagrange_form( - const KZGSettings *s, size_t n1, size_t n2 -) { +static C_KZG_RET is_trusted_setup_in_lagrange_form(const KZGSettings *s, size_t n1, size_t n2) { /* Trusted setup is too small; we can't work with this */ if (n1 < 2 || n2 < 2) { return C_KZG_BADARGS; @@ -2105,9 +2027,7 @@ C_KZG_RET load_trusted_setup( /* Convert all g1 monomial bytes to g1 points */ for (uint64_t i = 0; i < NUM_G1_POINTS; i++) { blst_p1_affine g1_affine; - BLST_ERROR err = blst_p1_uncompress( - &g1_affine, &g1_monomial_bytes[BYTES_PER_G1 * i] - ); + BLST_ERROR err = blst_p1_uncompress(&g1_affine, &g1_monomial_bytes[BYTES_PER_G1 * i]); if (err != BLST_SUCCESS) { ret = C_KZG_BADARGS; goto out_error; @@ -2118,9 +2038,7 @@ C_KZG_RET load_trusted_setup( /* Convert all g1 Lagrange bytes to g1 points */ for (uint64_t i = 0; i < NUM_G1_POINTS; i++) { blst_p1_affine g1_affine; - BLST_ERROR err = blst_p1_uncompress( - &g1_affine, &g1_lagrange_bytes[BYTES_PER_G1 * i] - ); + BLST_ERROR err = blst_p1_uncompress(&g1_affine, &g1_lagrange_bytes[BYTES_PER_G1 * i]); if (err != BLST_SUCCESS) { ret = C_KZG_BADARGS; goto out_error; @@ -2131,9 +2049,7 @@ C_KZG_RET load_trusted_setup( /* Convert all g2 bytes to g2 points */ for (uint64_t i = 0; i < NUM_G2_POINTS; i++) { blst_p2_affine g2_affine; - BLST_ERROR err = blst_p2_uncompress( - &g2_affine, &g2_monomial_bytes[BYTES_PER_G2 * i] - ); + BLST_ERROR err = blst_p2_uncompress(&g2_affine, &g2_monomial_bytes[BYTES_PER_G2 * i]); if (err != BLST_SUCCESS) { ret = C_KZG_BADARGS; goto out_error; @@ -2150,9 +2066,7 @@ C_KZG_RET load_trusted_setup( if (ret != C_KZG_OK) goto out_error; /* Bit reverse the Lagrange form points */ - ret = bit_reversal_permutation( - out->g1_values_lagrange_brp, sizeof(g1_t), NUM_G1_POINTS - ); + ret = bit_reversal_permutation(out->g1_values_lagrange_brp, sizeof(g1_t), NUM_G1_POINTS); if (ret != C_KZG_OK) goto out_error; /* Setup for FK20 proof computation */ @@ -2185,9 +2099,7 @@ C_KZG_RET load_trusted_setup( * the first two numbers are in decimal and the remainder are hexstrings * and any whitespace can be used as separators. */ -C_KZG_RET load_trusted_setup_file( - KZGSettings *out, FILE *in, size_t precompute -) { +C_KZG_RET load_trusted_setup_file(KZGSettings *out, FILE *in, size_t precompute) { C_KZG_RET ret; int num_matches; uint64_t i; @@ -2196,17 +2108,11 @@ C_KZG_RET load_trusted_setup_file( uint8_t *g2_monomial_bytes = NULL; /* Allocate space for points */ - ret = c_kzg_calloc( - (void **)&g1_monomial_bytes, NUM_G1_POINTS, BYTES_PER_G1 - ); + ret = c_kzg_calloc((void **)&g1_monomial_bytes, NUM_G1_POINTS, BYTES_PER_G1); if (ret != C_KZG_OK) goto out; - ret = c_kzg_calloc( - (void **)&g1_lagrange_bytes, NUM_G1_POINTS, BYTES_PER_G1 - ); + ret = c_kzg_calloc((void **)&g1_lagrange_bytes, NUM_G1_POINTS, BYTES_PER_G1); if (ret != C_KZG_OK) goto out; - ret = c_kzg_calloc( - (void **)&g2_monomial_bytes, NUM_G2_POINTS, BYTES_PER_G2 - ); + ret = c_kzg_calloc((void **)&g2_monomial_bytes, NUM_G2_POINTS, BYTES_PER_G2); if (ret != C_KZG_OK) goto out; /* Read the number of g1 points */ @@ -2286,24 +2192,15 @@ C_KZG_RET load_trusted_setup_file( * @param[in] n Length of the FFT, must be a power of two */ static void fft_fr_fast( - fr_t *out, - const fr_t *in, - size_t stride, - const fr_t *roots, - size_t roots_stride, - size_t n + fr_t *out, const fr_t *in, size_t stride, const fr_t *roots, size_t roots_stride, size_t n ) { size_t half = n / 2; if (half > 0) { fr_t y_times_root; fft_fr_fast(out, in, stride * 2, roots, roots_stride * 2, half); - fft_fr_fast( - out + half, in + stride, stride * 2, roots, roots_stride * 2, half - ); + fft_fr_fast(out + half, in + stride, stride * 2, roots, roots_stride * 2, half); for (size_t i = 0; i < half; i++) { - blst_fr_mul( - &y_times_root, &out[i + half], &roots[i * roots_stride] - ); + blst_fr_mul(&y_times_root, &out[i + half], &roots[i * roots_stride]); blst_fr_sub(&out[i + half], &out[i], &y_times_root); blst_fr_add(&out[i], &out[i], &y_times_root); } @@ -2323,9 +2220,7 @@ static void fft_fr_fast( * @remark The array lengths must be a power of two. * @remark Use ifft_fr() for inverse transformation. */ -static C_KZG_RET fft_fr( - fr_t *out, const fr_t *in, size_t n, const KZGSettings *s -) { +static C_KZG_RET fft_fr(fr_t *out, const fr_t *in, size_t n, const KZGSettings *s) { /* Ensure the length is valid */ if (n > s->max_width || !is_power_of_two(n)) { return C_KZG_BADARGS; @@ -2348,9 +2243,7 @@ static C_KZG_RET fft_fr( * @remark The array lengths must be a power of two. * @remark Use fft_fr() for forward transformation. */ -static C_KZG_RET ifft_fr( - fr_t *out, const fr_t *in, size_t n, const KZGSettings *s -) { +static C_KZG_RET ifft_fr(fr_t *out, const fr_t *in, size_t n, const KZGSettings *s) { /* Ensure the length is valid */ if (n > s->max_width || !is_power_of_two(n)) { return C_KZG_BADARGS; @@ -2416,11 +2309,7 @@ static inline uint64_t next_power_of_two(uint64_t v) { * @remark `dst_len` must be at least `indices_len + 1` in length. */ static C_KZG_RET do_zero_poly_mul_partial( - fr_t *dst, - size_t *dst_len, - const uint64_t *indices, - uint64_t indices_len, - const KZGSettings *s + fr_t *dst, size_t *dst_len, const uint64_t *indices, uint64_t indices_len, const KZGSettings *s ) { fr_t neg_di; @@ -2457,9 +2346,7 @@ static C_KZG_RET do_zero_poly_mul_partial( * @param[in] in The input polynomial to be copied * @param[in] in_len The length of the input polynomial */ -static C_KZG_RET pad_p( - fr_t *out, size_t out_len, const fr_t *in, size_t in_len -) { +static C_KZG_RET pad_p(fr_t *out, size_t out_len, const fr_t *in, size_t in_len) { /* Ensure out is big enough */ if (out_len < in_len) { return C_KZG_BADARGS; @@ -2540,10 +2427,7 @@ static C_KZG_RET reduce_partials( * padding can remain in place for the rest. */ ret = pad_p( - p_padded, - len_out, - partials[partial_count - 1].coeffs, - partials[partial_count - 1].length + p_padded, len_out, partials[partial_count - 1].coeffs, partials[partial_count - 1].length ); if (ret != C_KZG_OK) goto out; @@ -2551,9 +2435,7 @@ static C_KZG_RET reduce_partials( if (ret != C_KZG_OK) goto out; for (size_t i = 0; i < partial_count - 1; i++) { - ret = pad_p( - p_padded, partials[i].length, partials[i].coeffs, partials[i].length - ); + ret = pad_p(p_padded, partials[i].length, partials[i].coeffs, partials[i].length); if (ret != C_KZG_OK) goto out; ret = fft_fr(p_eval, p_padded, len_out, s); if (ret != C_KZG_OK) goto out; @@ -2617,14 +2499,11 @@ static C_KZG_RET zero_polynomial_via_multiplication( const size_t degree_of_partial = 32; const size_t missing_per_partial = degree_of_partial - 1; - size_t partial_count = (len_missing + missing_per_partial - 1) / - missing_per_partial; + size_t partial_count = (len_missing + missing_per_partial - 1) / missing_per_partial; size_t n = next_power_of_two(partial_count * degree_of_partial); if (len_missing <= missing_per_partial) { - ret = do_zero_poly_mul_partial( - zero_poly, zero_poly_len, missing_indices, len_missing, s - ); + ret = do_zero_poly_mul_partial(zero_poly, zero_poly_len, missing_indices, len_missing, s); if (ret != C_KZG_OK) goto out; } else { ret = new_fr_array(&work, n); @@ -2642,11 +2521,7 @@ static C_KZG_RET zero_polynomial_via_multiplication( partials[i].length = degree_of_partial; ret = do_zero_poly_mul_partial( - partials[i].coeffs, - &partials[i].length, - &missing_indices[offset], - end - offset, - s + partials[i].coeffs, &partials[i].length, &missing_indices[offset], end - offset, s ); if (ret != C_KZG_OK) goto out; @@ -2656,35 +2531,21 @@ static C_KZG_RET zero_polynomial_via_multiplication( /* Adjust the length of the last partial */ partials[partial_count - 1].length = 1 + len_missing - - (partial_count - 1) * - missing_per_partial; + (partial_count - 1) * missing_per_partial; /* Reduce all the partials to a single polynomial */ while (partial_count > 1) { - size_t reduced_count = (partial_count + reduction_factor - 1) / - reduction_factor; + size_t reduced_count = (partial_count + reduction_factor - 1) / reduction_factor; size_t partial_size = next_power_of_two(partials[0].length); for (size_t i = 0; i < reduced_count; i++) { size_t start = i * reduction_factor; - size_t out_end = MIN( - (start + reduction_factor) * partial_size, n - ); - size_t reduced_len = MIN( - out_end - start * partial_size, s->max_width - ); - size_t partials_num = MIN( - reduction_factor, partial_count - start - ); + size_t out_end = MIN((start + reduction_factor) * partial_size, n); + size_t reduced_len = MIN(out_end - start * partial_size, s->max_width); + size_t partials_num = MIN(reduction_factor, partial_count - start); partials[i].coeffs = work + start * partial_size; if (partials_num > 1) { ret = reduce_partials( - &partials[i], - reduced_len, - scratch, - n * 3, - &partials[start], - partials_num, - s + &partials[i], reduced_len, scratch, n * 3, &partials[start], partials_num, s ); if (ret != C_KZG_OK) goto out; } else { @@ -2695,9 +2556,7 @@ static C_KZG_RET zero_polynomial_via_multiplication( } /* Pad the output with zeros */ - ret = pad_p( - zero_poly, s->max_width, partials[0].coeffs, partials[0].length - ); + ret = pad_p(zero_poly, s->max_width, partials[0].coeffs, partials[0].length); if (ret != C_KZG_OK) goto out; *zero_poly_len = partials[0].length; @@ -2773,9 +2632,7 @@ static void shift_poly(fr_t *p, size_t len, const fr_t *shift_factor) { * * @remark The coset shift factor is RECOVERY_SHIFT_FACTOR. */ -static C_KZG_RET coset_fft_fr( - fr_t *out, const fr_t *in, size_t n, const KZGSettings *s -) { +static C_KZG_RET coset_fft_fr(fr_t *out, const fr_t *in, size_t n, const KZGSettings *s) { C_KZG_RET ret; fr_t *in_shifted = NULL; @@ -2806,9 +2663,7 @@ static C_KZG_RET coset_fft_fr( * @remark The coset shift factor is RECOVERY_SHIFT_FACTOR. In this function we * use its inverse to implement the IFFT. */ -static C_KZG_RET coset_ifft_fr( - fr_t *out, const fr_t *in, size_t n, const KZGSettings *s -) { +static C_KZG_RET coset_ifft_fr(fr_t *out, const fr_t *in, size_t n, const KZGSettings *s) { C_KZG_RET ret; ret = ifft_fr(out, in, n, s); @@ -2899,20 +2754,13 @@ static C_KZG_RET recover_cells_impl( if (fr_is_null(&cells_brp[i])) { extended_evaluation_times_zero[i] = FR_ZERO; } else { - blst_fr_mul( - &extended_evaluation_times_zero[i], - &cells_brp[i], - &zero_poly_eval[i] - ); + blst_fr_mul(&extended_evaluation_times_zero[i], &cells_brp[i], &zero_poly_eval[i]); } } /* Convert (E*Z)(x) to monomial form */ ret = ifft_fr( - extended_evaluation_times_zero_coeffs, - extended_evaluation_times_zero, - s->max_width, - s + extended_evaluation_times_zero_coeffs, extended_evaluation_times_zero, s->max_width, s ); if (ret != C_KZG_OK) goto out; @@ -2923,10 +2771,7 @@ static C_KZG_RET recover_cells_impl( * Q3 = D(k * x) */ ret = coset_fft_fr( - extended_evaluations_over_coset, - extended_evaluation_times_zero_coeffs, - s->max_width, - s + extended_evaluations_over_coset, extended_evaluation_times_zero_coeffs, s->max_width, s ); if (ret != C_KZG_OK) goto out; @@ -2947,12 +2792,7 @@ static C_KZG_RET recover_cells_impl( * the same polynomial as reconstructed_poly_over_coset in the spec */ /* Convert the evaluations back to coefficents */ - ret = coset_ifft_fr( - reconstructed_poly_coeff, - extended_evaluations_over_coset, - s->max_width, - s - ); + ret = coset_ifft_fr(reconstructed_poly_coeff, extended_evaluations_over_coset, s->max_width, s); if (ret != C_KZG_OK) goto out; /* @@ -2960,15 +2800,11 @@ static C_KZG_RET recover_cells_impl( * evaluates to our original data at the roots of unity. Next, we evaluate * the polynomial to get the original data. */ - ret = fft_fr( - reconstructed_data_out, reconstructed_poly_coeff, s->max_width, s - ); + ret = fft_fr(reconstructed_data_out, reconstructed_poly_coeff, s->max_width, s); if (ret != C_KZG_OK) goto out; /* Bit-reverse the recovered data points */ - ret = bit_reversal_permutation( - reconstructed_data_out, sizeof(fr_t), s->max_width - ); + ret = bit_reversal_permutation(reconstructed_data_out, sizeof(fr_t), s->max_width); if (ret != C_KZG_OK) goto out; out: @@ -3051,8 +2887,7 @@ static C_KZG_RET toeplitz_coeffs_stride( for (uint64_t i = 1; i <= k + 1 && i < k2; i++) { out[i] = FR_ZERO; } - for (uint64_t i = k + 2, j = 2 * stride - offset - 1; i < k2; - i++, j += stride) { + for (uint64_t i = k + 2, j = 2 * stride - offset - 1; i < k2; i++, j += stride) { out[i] = in[j]; } @@ -3071,9 +2906,7 @@ static C_KZG_RET toeplitz_coeffs_stride( * the lower half of the extended polynomial is supplied because the * upper half is assumed to be zero. */ -static C_KZG_RET compute_fk20_proofs( - g1_t *out, const fr_t *p, size_t n, const KZGSettings *s -) { +static C_KZG_RET compute_fk20_proofs(g1_t *out, const fr_t *p, size_t n, const KZGSettings *s) { C_KZG_RET ret; uint64_t k, k2; @@ -3104,9 +2937,7 @@ static C_KZG_RET compute_fk20_proofs( /* Allocations for fixed-base MSM */ ret = c_kzg_malloc(&scratch, s->scratch_size); if (ret != C_KZG_OK) goto out; - ret = c_kzg_calloc( - (void **)&scalars, FIELD_ELEMENTS_PER_CELL, sizeof(blst_scalar) - ); + ret = c_kzg_calloc((void **)&scalars, FIELD_ELEMENTS_PER_CELL, sizeof(blst_scalar)); if (ret != C_KZG_OK) goto out; } @@ -3125,9 +2956,7 @@ static C_KZG_RET compute_fk20_proofs( /* Compute toeplitz coefficients and organize by column */ for (uint64_t i = 0; i < FIELD_ELEMENTS_PER_CELL; i++) { - ret = toeplitz_coeffs_stride( - toeplitz_coeffs, p, n, i, FIELD_ELEMENTS_PER_CELL - ); + ret = toeplitz_coeffs_stride(toeplitz_coeffs, p, n, i, FIELD_ELEMENTS_PER_CELL); if (ret != C_KZG_OK) goto out; ret = fft_fr(toeplitz_coeffs_fft, toeplitz_coeffs, k2, s); if (ret != C_KZG_OK) goto out; @@ -3158,10 +2987,7 @@ static C_KZG_RET compute_fk20_proofs( } else { /* A pretty fast MSM without precomputation */ ret = g1_lincomb_fast( - &h_ext_fft[i], - s->x_ext_fft_columns[i], - coeffs[i], - FIELD_ELEMENTS_PER_CELL + &h_ext_fft[i], s->x_ext_fft_columns[i], coeffs[i], FIELD_ELEMENTS_PER_CELL ); if (ret != C_KZG_OK) goto out; } @@ -3228,16 +3054,15 @@ static C_KZG_RET compute_r_powers_for_verify_cell_kzg_proof_batch( fr_t r; /* Calculate the size of the data we're going to hash */ - size_t input_size = DOMAIN_STR_LENGTH /* The domain separator */ - + sizeof(uint64_t) /* FIELD_ELEMENTS_PER_CELL */ - + sizeof(uint64_t) /* num_commitments */ - + sizeof(uint64_t) /* num_cells */ + size_t input_size = DOMAIN_STR_LENGTH /* The domain separator */ + + sizeof(uint64_t) /* FIELD_ELEMENTS_PER_CELL */ + + sizeof(uint64_t) /* num_commitments */ + + sizeof(uint64_t) /* num_cells */ + (num_commitments * BYTES_PER_COMMITMENT) /* comms */ - + - (num_cells * sizeof(uint64_t)) /* commitment_indices */ - + (num_cells * sizeof(uint64_t)) /* cell_indices */ - + (num_cells * BYTES_PER_CELL) /* cells */ - + (num_cells * BYTES_PER_PROOF); /* proofs_bytes */ + + (num_cells * sizeof(uint64_t)) /* commitment_indices */ + + (num_cells * sizeof(uint64_t)) /* cell_indices */ + + (num_cells * BYTES_PER_CELL) /* cells */ + + (num_cells * BYTES_PER_PROOF); /* proofs_bytes */ /* Allocate space to copy this data into */ ret = c_kzg_malloc((void **)&bytes, input_size); @@ -3247,11 +3072,7 @@ static C_KZG_RET compute_r_powers_for_verify_cell_kzg_proof_batch( uint8_t *offset = bytes; /* Copy domain separator */ - memcpy( - offset, - RANDOM_CHALLENGE_DOMAIN_VERIFY_CELL_KZG_PROOF_BATCH, - DOMAIN_STR_LENGTH - ); + memcpy(offset, RANDOM_CHALLENGE_DOMAIN_VERIFY_CELL_KZG_PROOF_BATCH, DOMAIN_STR_LENGTH); offset += DOMAIN_STR_LENGTH; /* Copy field elements per cell */ @@ -3426,9 +3247,7 @@ C_KZG_RET compute_cells_and_kzg_proofs( if (ret != C_KZG_OK) goto out; /* We need the polynomial to be in monomial form */ - ret = poly_lagrange_to_monomial( - poly_monomial, poly_lagrange, FIELD_ELEMENTS_PER_BLOB, s - ); + ret = poly_lagrange_to_monomial(poly_monomial, poly_lagrange, FIELD_ELEMENTS_PER_BLOB, s); if (ret != C_KZG_OK) goto out; if (cells != NULL) { @@ -3441,9 +3260,7 @@ C_KZG_RET compute_cells_and_kzg_proofs( if (ret != C_KZG_OK) goto out; /* Bit-reverse the data points */ - ret = bit_reversal_permutation( - data_fr, sizeof(fr_t), FIELD_ELEMENTS_PER_EXT_BLOB - ); + ret = bit_reversal_permutation(data_fr, sizeof(fr_t), FIELD_ELEMENTS_PER_EXT_BLOB); if (ret != C_KZG_OK) goto out; /* Convert all of the cells to byte-form */ @@ -3451,9 +3268,7 @@ C_KZG_RET compute_cells_and_kzg_proofs( for (size_t j = 0; j < FIELD_ELEMENTS_PER_CELL; j++) { size_t index = i * FIELD_ELEMENTS_PER_CELL + j; size_t offset = j * BYTES_PER_FIELD_ELEMENT; - bytes_from_bls_field( - (Bytes32 *)&cells[i].bytes[offset], &data_fr[index] - ); + bytes_from_bls_field((Bytes32 *)&cells[i].bytes[offset], &data_fr[index]); } } } @@ -3464,15 +3279,11 @@ C_KZG_RET compute_cells_and_kzg_proofs( if (ret != C_KZG_OK) goto out; /* Compute the proofs, provide only the first half */ - ret = compute_fk20_proofs( - proofs_g1, poly_monomial, FIELD_ELEMENTS_PER_BLOB, s - ); + ret = compute_fk20_proofs(proofs_g1, poly_monomial, FIELD_ELEMENTS_PER_BLOB, s); if (ret != C_KZG_OK) goto out; /* Bit-reverse the proofs */ - ret = bit_reversal_permutation( - proofs_g1, sizeof(g1_t), CELLS_PER_EXT_BLOB - ); + ret = bit_reversal_permutation(proofs_g1, sizeof(g1_t), CELLS_PER_EXT_BLOB); if (ret != C_KZG_OK) goto out; /* Convert all of the proofs to byte-form */ @@ -3585,8 +3396,7 @@ C_KZG_RET recover_cells_and_kzg_proofs( size_t index = i * FIELD_ELEMENTS_PER_CELL + j; size_t offset = j * BYTES_PER_FIELD_ELEMENT; bytes_from_bls_field( - (Bytes32 *)&recovered_cells[i].bytes[offset], - &recovered_cells_fr[index] + (Bytes32 *)&recovered_cells[i].bytes[offset], &recovered_cells_fr[index] ); } } @@ -3599,10 +3409,7 @@ C_KZG_RET recover_cells_and_kzg_proofs( * cells and we can safely mutate the array. */ ret = poly_lagrange_to_monomial( - recovered_cells_fr, - recovered_cells_fr, - FIELD_ELEMENTS_PER_EXT_BLOB, - s + recovered_cells_fr, recovered_cells_fr, FIELD_ELEMENTS_PER_EXT_BLOB, s ); if (ret != C_KZG_OK) goto out; @@ -3613,9 +3420,7 @@ C_KZG_RET recover_cells_and_kzg_proofs( if (ret != C_KZG_OK) goto out; /* Bit-reverse the proofs */ - ret = bit_reversal_permutation( - recovered_proofs_g1, sizeof(g1_t), CELLS_PER_EXT_BLOB - ); + ret = bit_reversal_permutation(recovered_proofs_g1, sizeof(g1_t), CELLS_PER_EXT_BLOB); if (ret != C_KZG_OK) goto out; /* Convert all of the proofs to byte-form */ @@ -3696,13 +3501,9 @@ C_KZG_RET verify_cell_kzg_proof_batch( // Deduplicate Commitments /////////////////////////////////////////////////////////////////////////// - ret = c_kzg_calloc( - (void **)&unique_commitments, num_cells, sizeof(Bytes48) - ); + ret = c_kzg_calloc((void **)&unique_commitments, num_cells, sizeof(Bytes48)); if (ret != C_KZG_OK) goto out; - ret = c_kzg_calloc( - (void **)&commitment_indices, num_cells, sizeof(uint64_t) - ); + ret = c_kzg_calloc((void **)&commitment_indices, num_cells, sizeof(uint64_t)); if (ret != C_KZG_OK) goto out; /* @@ -3713,9 +3514,7 @@ C_KZG_RET verify_cell_kzg_proof_batch( */ num_commitments = num_cells; memcpy(unique_commitments, commitments_bytes, num_cells * sizeof(Bytes48)); - deduplicate_commitments( - unique_commitments, commitment_indices, &num_commitments - ); + deduplicate_commitments(unique_commitments, commitment_indices, &num_commitments); /////////////////////////////////////////////////////////////////////////// // Array allocations @@ -3778,9 +3577,7 @@ C_KZG_RET verify_cell_kzg_proof_batch( for (size_t i = 0; i < num_commitments; i++) { /* Convert & validate commitment */ - ret = bytes_to_kzg_commitment( - &commitments_g1[i], &unique_commitments[i] - ); + ret = bytes_to_kzg_commitment(&commitments_g1[i], &unique_commitments[i]); if (ret != C_KZG_OK) goto out; /* Initialize the weight to zero */ @@ -3797,9 +3594,7 @@ C_KZG_RET verify_cell_kzg_proof_batch( } /* Compute commitment sum */ - ret = g1_lincomb_fast( - &final_g1_sum, commitments_g1, commitment_weights, num_commitments - ); + ret = g1_lincomb_fast(&final_g1_sum, commitments_g1, commitment_weights, num_commitments); if (ret != C_KZG_OK) goto out; /////////////////////////////////////////////////////////////////////////// @@ -3819,17 +3614,11 @@ C_KZG_RET verify_cell_kzg_proof_batch( for (size_t j = 0; j < FIELD_ELEMENTS_PER_CELL; j++) { fr_t field, scaled; size_t offset = j * BYTES_PER_FIELD_ELEMENT; - ret = bytes_to_bls_field( - &field, (Bytes32 *)&cells[i].bytes[offset] - ); + ret = bytes_to_bls_field(&field, (Bytes32 *)&cells[i].bytes[offset]); if (ret != C_KZG_OK) goto out; blst_fr_mul(&scaled, &field, &r_powers[i]); size_t index = cell_indices[i] * FIELD_ELEMENTS_PER_CELL + j; - blst_fr_add( - &aggregated_column_cells[index], - &aggregated_column_cells[index], - &scaled - ); + blst_fr_add(&aggregated_column_cells[index], &aggregated_column_cells[index], &scaled); /* Mark the cell as being used */ is_cell_used[index] = true; @@ -3855,9 +3644,7 @@ C_KZG_RET verify_cell_kzg_proof_batch( /* We don't need to copy this because it's not used again */ ret = bit_reversal_permutation( - &aggregated_column_cells[index], - sizeof(fr_t), - FIELD_ELEMENTS_PER_CELL + &aggregated_column_cells[index], sizeof(fr_t), FIELD_ELEMENTS_PER_CELL ); if (ret != C_KZG_OK) goto out; @@ -3868,10 +3655,7 @@ C_KZG_RET verify_cell_kzg_proof_batch( * subgroup. */ ret = ifft_fr( - column_interpolation_poly, - &aggregated_column_cells[index], - FIELD_ELEMENTS_PER_CELL, - s + column_interpolation_poly, &aggregated_column_cells[index], FIELD_ELEMENTS_PER_CELL, s ); if (ret != C_KZG_OK) goto out; @@ -3881,14 +3665,8 @@ C_KZG_RET verify_cell_kzg_proof_batch( */ uint32_t pos = reverse_bits_limited(CELLS_PER_EXT_BLOB, i); fr_t inv_coset_factor; - blst_fr_eucl_inverse( - &inv_coset_factor, &s->expanded_roots_of_unity[pos] - ); - shift_poly( - column_interpolation_poly, - FIELD_ELEMENTS_PER_CELL, - &inv_coset_factor - ); + blst_fr_eucl_inverse(&inv_coset_factor, &s->expanded_roots_of_unity[pos]); + shift_poly(column_interpolation_poly, FIELD_ELEMENTS_PER_CELL, &inv_coset_factor); /* Update the aggregated poly */ for (size_t k = 0; k < FIELD_ELEMENTS_PER_CELL; k++) { @@ -3902,10 +3680,7 @@ C_KZG_RET verify_cell_kzg_proof_batch( /* Commit to the final aggregated interpolation polynomial */ ret = g1_lincomb_fast( - &evaluation, - s->g1_values_monomial, - aggregated_interpolation_poly, - FIELD_ELEMENTS_PER_CELL + &evaluation, s->g1_values_monomial, aggregated_interpolation_poly, FIELD_ELEMENTS_PER_CELL ); if (ret != C_KZG_OK) goto out; @@ -3917,17 +3692,13 @@ C_KZG_RET verify_cell_kzg_proof_batch( /////////////////////////////////////////////////////////////////////////// for (size_t i = 0; i < num_cells; i++) { - uint32_t pos = reverse_bits_limited( - CELLS_PER_EXT_BLOB, cell_indices[i] - ); + uint32_t pos = reverse_bits_limited(CELLS_PER_EXT_BLOB, cell_indices[i]); fr_t coset_factor = s->expanded_roots_of_unity[pos]; fr_pow(&weights[i], &coset_factor, FIELD_ELEMENTS_PER_CELL); blst_fr_mul(&weighted_powers_of_r[i], &r_powers[i], &weights[i]); } - ret = g1_lincomb_fast( - &weighted_proof_lincomb, proofs_g1, weighted_powers_of_r, num_cells - ); + ret = g1_lincomb_fast(&weighted_proof_lincomb, proofs_g1, weighted_powers_of_r, num_cells); if (ret != C_KZG_OK) goto out; blst_p1_add(&final_g1_sum, &final_g1_sum, &weighted_proof_lincomb); @@ -3936,9 +3707,7 @@ C_KZG_RET verify_cell_kzg_proof_batch( // Do the final pairing check /////////////////////////////////////////////////////////////////////////// - *ok = pairings_verify( - &final_g1_sum, blst_p2_generator(), &proof_lincomb, &power_of_s - ); + *ok = pairings_verify(&final_g1_sum, blst_p2_generator(), &proof_lincomb, &power_of_s); out: c_kzg_free(unique_commitments); diff --git a/src/c_kzg_4844.h b/src/c_kzg_4844.h index 30b2c7695..08dd3f2f4 100644 --- a/src/c_kzg_4844.h +++ b/src/c_kzg_4844.h @@ -61,8 +61,7 @@ extern "C" { #define FIELD_ELEMENTS_PER_CELL 64 /** The number of cells in an extended blob. */ -#define CELLS_PER_EXT_BLOB \ - (FIELD_ELEMENTS_PER_EXT_BLOB / FIELD_ELEMENTS_PER_CELL) +#define CELLS_PER_EXT_BLOB (FIELD_ELEMENTS_PER_EXT_BLOB / FIELD_ELEMENTS_PER_CELL) /** The number of bytes in a single cell. */ #define BYTES_PER_CELL (FIELD_ELEMENTS_PER_CELL * BYTES_PER_FIELD_ELEMENT) @@ -173,15 +172,11 @@ C_KZG_RET load_trusted_setup( size_t precompute ); -C_KZG_RET load_trusted_setup_file( - KZGSettings *out, FILE *in, size_t precompute -); +C_KZG_RET load_trusted_setup_file(KZGSettings *out, FILE *in, size_t precompute); void free_trusted_setup(KZGSettings *s); -C_KZG_RET blob_to_kzg_commitment( - KZGCommitment *out, const Blob *blob, const KZGSettings *s -); +C_KZG_RET blob_to_kzg_commitment(KZGCommitment *out, const Blob *blob, const KZGSettings *s); C_KZG_RET compute_kzg_proof( KZGProof *proof_out, @@ -192,10 +187,7 @@ C_KZG_RET compute_kzg_proof( ); C_KZG_RET compute_blob_kzg_proof( - KZGProof *out, - const Blob *blob, - const Bytes48 *commitment_bytes, - const KZGSettings *s + KZGProof *out, const Blob *blob, const Bytes48 *commitment_bytes, const KZGSettings *s ); C_KZG_RET verify_kzg_proof( diff --git a/src/test_c_kzg_4844.c b/src/test_c_kzg_4844.c index 9c30e5018..f857e5f5c 100644 --- a/src/test_c_kzg_4844.c +++ b/src/test_c_kzg_4844.c @@ -470,8 +470,7 @@ static void test_blob_to_kzg_commitment__succeeds_x_less_than_modulus(void) { * int(BLS_MODULUS - 1).to_bytes(32, 'big').hex() */ bytes32_from_hex( - &field_element, - "73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000000" + &field_element, "73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000000" ); memset(&blob, 0, sizeof(blob)); @@ -493,8 +492,7 @@ static void test_blob_to_kzg_commitment__fails_x_equal_to_modulus(void) { * int(BLS_MODULUS).to_bytes(32, 'big').hex() */ bytes32_from_hex( - &field_element, - "73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001" + &field_element, "73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001" ); memset(&blob, 0, sizeof(blob)); @@ -516,8 +514,7 @@ static void test_blob_to_kzg_commitment__fails_x_greater_than_modulus(void) { * int(BLS_MODULUS + 1).to_bytes(32, 'big').hex() */ bytes32_from_hex( - &field_element, - "73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000002" + &field_element, "73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000002" ); memset(&blob, 0, sizeof(blob)); @@ -557,8 +554,7 @@ static void test_blob_to_kzg_commitment__succeeds_expected_commitment(void) { int diff; bytes32_from_hex( - &field_element, - "14629a3a39f7b854e6aa49aa2edb450267eac2c14bb2d4f97a0b81a3f57055ad" + &field_element, "14629a3a39f7b854e6aa49aa2edb450267eac2c14bb2d4f97a0b81a3f57055ad" ); /* Initialize the blob with a single field element */ @@ -902,9 +898,7 @@ static void test_bit_reversal_permutation__fails_n_too_large(void) { for (size_t i = 0; i < 256; i++) { reversed[i] = 0; } - ret = bit_reversal_permutation( - &reversed, sizeof(uint32_t), (uint64_t)1 << 32 - ); + ret = bit_reversal_permutation(&reversed, sizeof(uint32_t), (uint64_t)1 << 32); ASSERT_EQUALS(ret, C_KZG_BADARGS); } @@ -946,8 +940,7 @@ static void test_compute_powers__succeeds_expected_powers(void) { /* Convert random field element to a fr_t */ bytes32_from_hex( - &field_element_bytes, - "1bf5410da0468196b4e242ca17617331d238ba5e586198bd42ebd7252919c3e1" + &field_element_bytes, "1bf5410da0468196b4e242ca17617331d238ba5e586198bd42ebd7252919c3e1" ); ret = bytes_to_bls_field(&field_element_fr, &field_element_bytes); ASSERT_EQUALS(ret, C_KZG_OK); @@ -961,12 +954,10 @@ static void test_compute_powers__succeeds_expected_powers(void) { * input field element. The third element can be verified with Python. */ bytes32_from_hex( - &expected_bytes[0], - "0000000000000000000000000000000000000000000000000000000000000001" + &expected_bytes[0], "0000000000000000000000000000000000000000000000000000000000000001" ); bytes32_from_hex( - &expected_bytes[1], - "1bf5410da0468196b4e242ca17617331d238ba5e586198bd42ebd7252919c3e1" + &expected_bytes[1], "1bf5410da0468196b4e242ca17617331d238ba5e586198bd42ebd7252919c3e1" ); /* @@ -975,15 +966,12 @@ static void test_compute_powers__succeeds_expected_powers(void) { * print(i.to_bytes(32, "big").hex()) */ bytes32_from_hex( - &expected_bytes[2], - "2f417bcb88693ff8bc5d61b6d44503f3a99e8c3df3891e0040dee96047458a0e" + &expected_bytes[2], "2f417bcb88693ff8bc5d61b6d44503f3a99e8c3df3891e0040dee96047458a0e" ); for (int i = 0; i < n; i++) { bytes_from_bls_field(&powers_bytes[i], &powers[i]); - diff = memcmp( - powers_bytes[i].bytes, expected_bytes[i].bytes, sizeof(Bytes32) - ); + diff = memcmp(powers_bytes[i].bytes, expected_bytes[i].bytes, sizeof(Bytes32)); ASSERT_EQUALS(diff, 0); } } @@ -1015,9 +1003,7 @@ static void test_g1_lincomb__verify_consistent(void) { // Tests for evaluate_polynomial_in_evaluation_form /////////////////////////////////////////////////////////////////////////////// -static void test_evaluate_polynomial_in_evaluation_form__constant_polynomial( - void -) { +static void test_evaluate_polynomial_in_evaluation_form__constant_polynomial(void) { C_KZG_RET ret; Polynomial p; fr_t x, y, c; @@ -1035,9 +1021,7 @@ static void test_evaluate_polynomial_in_evaluation_form__constant_polynomial( ASSERT("evaluation matches constant", fr_equal(&y, &c)); } -static void -test_evaluate_polynomial_in_evaluation_form__constant_polynomial_in_range(void -) { +static void test_evaluate_polynomial_in_evaluation_form__constant_polynomial_in_range(void) { C_KZG_RET ret; Polynomial p; fr_t x, y, c; @@ -1055,8 +1039,7 @@ test_evaluate_polynomial_in_evaluation_form__constant_polynomial_in_range(void ASSERT("evaluation matches constant", fr_equal(&y, &c)); } -static void test_evaluate_polynomial_in_evaluation_form__random_polynomial(void -) { +static void test_evaluate_polynomial_in_evaluation_form__random_polynomial(void) { C_KZG_RET ret; fr_t poly_coefficients[FIELD_ELEMENTS_PER_BLOB]; Polynomial p; @@ -1135,12 +1118,10 @@ static void test_compute_kzg_proof__succeeds_expected_proof(void) { int diff; bytes32_from_hex( - &field_element, - "69386e69dbae0357b399b8d645a57a3062dfbe00bd8e97170b9bdd6bc6168a13" + &field_element, "69386e69dbae0357b399b8d645a57a3062dfbe00bd8e97170b9bdd6bc6168a13" ); bytes32_from_hex( - &input_value, - "03ea4fb841b4f9e01aa917c5e40dbd67efb4b8d4d9052069595f0647feba320d" + &input_value, "03ea4fb841b4f9e01aa917c5e40dbd67efb4b8d4d9052069595f0647feba320d" ); /* Initialize the blob with a single field element */ @@ -1174,9 +1155,7 @@ static void test_compute_kzg_proof__succeeds_expected_proof(void) { bytes_from_bls_field(&expected_output_value, &y_fr); /* Compare the computed y to the expected y */ - diff = memcmp( - output_value.bytes, expected_output_value.bytes, sizeof(Bytes32) - ); + diff = memcmp(output_value.bytes, expected_output_value.bytes, sizeof(Bytes32)); ASSERT_EQUALS(diff, 0); } @@ -1381,9 +1360,7 @@ static void test_verify_kzg_proof__fails_z_not_field_element(void) { bool ok; get_rand_g1_bytes(&c); - bytes32_from_hex( - &z, "73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001" - ); + bytes32_from_hex(&z, "73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001"); get_rand_field_element(&y); get_rand_g1_bytes(&proof); @@ -1400,9 +1377,7 @@ static void test_verify_kzg_proof__fails_y_not_field_element(void) { get_rand_g1_bytes(&c); get_rand_field_element(&z); - bytes32_from_hex( - &y, "73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001" - ); + bytes32_from_hex(&y, "73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001"); get_rand_g1_bytes(&proof); ret = verify_kzg_proof(&ok, &c, &z, &y, &proof, &s); @@ -1435,8 +1410,7 @@ static void test_compute_and_verify_blob_kzg_proof__succeeds_round_trip(void) { ASSERT_EQUALS(ok, true); } -static void test_compute_and_verify_blob_kzg_proof__fails_incorrect_proof(void -) { +static void test_compute_and_verify_blob_kzg_proof__fails_incorrect_proof(void) { C_KZG_RET ret; Bytes48 proof; g1_t proof_g1; @@ -1465,8 +1439,7 @@ static void test_compute_and_verify_blob_kzg_proof__fails_incorrect_proof(void ASSERT_EQUALS(ok, false); } -static void test_compute_and_verify_blob_kzg_proof__fails_proof_not_in_g1(void -) { +static void test_compute_and_verify_blob_kzg_proof__fails_proof_not_in_g1(void) { C_KZG_RET ret; Bytes48 proof; KZGCommitment c; @@ -1487,9 +1460,7 @@ static void test_compute_and_verify_blob_kzg_proof__fails_proof_not_in_g1(void ASSERT_EQUALS(ret, C_KZG_BADARGS); } -static void -test_compute_and_verify_blob_kzg_proof__fails_compute_commitment_not_in_g1(void -) { +static void test_compute_and_verify_blob_kzg_proof__fails_compute_commitment_not_in_g1(void) { C_KZG_RET ret; Bytes48 proof; KZGCommitment c; @@ -1508,9 +1479,7 @@ test_compute_and_verify_blob_kzg_proof__fails_compute_commitment_not_in_g1(void ASSERT_EQUALS(ret, C_KZG_BADARGS); } -static void -test_compute_and_verify_blob_kzg_proof__fails_verify_commitment_not_in_g1(void -) { +static void test_compute_and_verify_blob_kzg_proof__fails_verify_commitment_not_in_g1(void) { C_KZG_RET ret; Bytes48 proof; KZGCommitment c; @@ -1540,8 +1509,7 @@ static void test_compute_and_verify_blob_kzg_proof__fails_invalid_blob(void) { bool ok; bytes32_from_hex( - &field_element, - "73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001" + &field_element, "73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001" ); memset(&blob, 0, sizeof(blob)); memcpy(blob.bytes, field_element.bytes, BYTES_PER_FIELD_ELEMENT); @@ -1574,18 +1542,14 @@ static void test_verify_kzg_proof_batch__succeeds_round_trip(void) { get_rand_blob(&blobs[i]); ret = blob_to_kzg_commitment(&commitments[i], &blobs[i], &s); ASSERT_EQUALS(ret, C_KZG_OK); - ret = compute_blob_kzg_proof( - &proofs[i], &blobs[i], &commitments[i], &s - ); + ret = compute_blob_kzg_proof(&proofs[i], &blobs[i], &commitments[i], &s); ASSERT_EQUALS(ret, C_KZG_OK); } /* Verify batched proofs for 0,1,2..16 blobs */ /* This should still work with zero blobs */ for (int count = 0; count <= n_cells; count++) { - ret = verify_blob_kzg_proof_batch( - &ok, blobs, commitments, proofs, count, &s - ); + ret = verify_blob_kzg_proof_batch(&ok, blobs, commitments, proofs, count, &s); ASSERT_EQUALS(ret, C_KZG_OK); ASSERT_EQUALS(ok, true); } @@ -1607,18 +1571,14 @@ static void test_verify_kzg_proof_batch__fails_with_incorrect_proof(void) { get_rand_blob(&blobs[i]); ret = blob_to_kzg_commitment(&commitments[i], &blobs[i], &s); ASSERT_EQUALS(ret, C_KZG_OK); - ret = compute_blob_kzg_proof( - &proofs[i], &blobs[i], &commitments[i], &s - ); + ret = compute_blob_kzg_proof(&proofs[i], &blobs[i], &commitments[i], &s); ASSERT_EQUALS(ret, C_KZG_OK); } /* Overwrite second proof with an incorrect one */ proofs[1] = proofs[0]; - ret = verify_blob_kzg_proof_batch( - &ok, blobs, commitments, proofs, n_cells, &s - ); + ret = verify_blob_kzg_proof_batch(&ok, blobs, commitments, proofs, n_cells, &s); ASSERT_EQUALS(ret, C_KZG_OK); ASSERT_EQUALS(ok, false); } @@ -1636,9 +1596,7 @@ static void test_verify_kzg_proof_batch__fails_proof_not_in_g1(void) { get_rand_blob(&blobs[i]); ret = blob_to_kzg_commitment(&commitments[i], &blobs[i], &s); ASSERT_EQUALS(ret, C_KZG_OK); - ret = compute_blob_kzg_proof( - &proofs[i], &blobs[i], &commitments[i], &s - ); + ret = compute_blob_kzg_proof(&proofs[i], &blobs[i], &commitments[i], &s); ASSERT_EQUALS(ret, C_KZG_OK); } @@ -1649,9 +1607,7 @@ static void test_verify_kzg_proof_batch__fails_proof_not_in_g1(void) { "0123456789abcdef0123456789abcdef0123456789abcdef" ); - ret = verify_blob_kzg_proof_batch( - &ok, blobs, commitments, proofs, n_cells, &s - ); + ret = verify_blob_kzg_proof_batch(&ok, blobs, commitments, proofs, n_cells, &s); ASSERT_EQUALS(ret, C_KZG_BADARGS); } @@ -1668,9 +1624,7 @@ static void test_verify_kzg_proof_batch__fails_commitment_not_in_g1(void) { get_rand_blob(&blobs[i]); ret = blob_to_kzg_commitment(&commitments[i], &blobs[i], &s); ASSERT_EQUALS(ret, C_KZG_OK); - ret = compute_blob_kzg_proof( - &proofs[i], &blobs[i], &commitments[i], &s - ); + ret = compute_blob_kzg_proof(&proofs[i], &blobs[i], &commitments[i], &s); ASSERT_EQUALS(ret, C_KZG_OK); } @@ -1681,9 +1635,7 @@ static void test_verify_kzg_proof_batch__fails_commitment_not_in_g1(void) { "0123456789abcdef0123456789abcdef0123456789abcdef" ); - ret = verify_blob_kzg_proof_batch( - &ok, blobs, commitments, proofs, n_cells, &s - ); + ret = verify_blob_kzg_proof_batch(&ok, blobs, commitments, proofs, n_cells, &s); ASSERT_EQUALS(ret, C_KZG_BADARGS); } @@ -1701,22 +1653,17 @@ static void test_verify_kzg_proof_batch__fails_invalid_blob(void) { get_rand_blob(&blobs[i]); ret = blob_to_kzg_commitment(&commitments[i], &blobs[i], &s); ASSERT_EQUALS(ret, C_KZG_OK); - ret = compute_blob_kzg_proof( - &proofs[i], &blobs[i], &commitments[i], &s - ); + ret = compute_blob_kzg_proof(&proofs[i], &blobs[i], &commitments[i], &s); ASSERT_EQUALS(ret, C_KZG_OK); } /* Overwrite one field element in the blob with modulus */ bytes32_from_hex( - &field_element, - "73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001" + &field_element, "73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001" ); memcpy(blobs[1].bytes, field_element.bytes, BYTES_PER_FIELD_ELEMENT); - ret = verify_blob_kzg_proof_batch( - &ok, blobs, commitments, proofs, n_cells, &s - ); + ret = verify_blob_kzg_proof_batch(&ok, blobs, commitments, proofs, n_cells, &s); ASSERT_EQUALS(ret, C_KZG_BADARGS); } @@ -1778,9 +1725,7 @@ static void test_fft(void) { for (size_t i = 0; i < N; i++) { fr_t individual_evaluation; - eval_extended_poly( - &individual_evaluation, poly_coeff, &s.expanded_roots_of_unity[i] - ); + eval_extended_poly(&individual_evaluation, poly_coeff, &s.expanded_roots_of_unity[i]); bool ok = fr_equal(&individual_evaluation, &poly_eval[i]); ASSERT_EQUALS(ok, true); @@ -1817,9 +1762,7 @@ static void test_coset_fft(void) { fr_t shifted_w; fr_t individual_evaluation; - blst_fr_mul( - &shifted_w, &s.expanded_roots_of_unity[i], &RECOVERY_SHIFT_FACTOR - ); + blst_fr_mul(&shifted_w, &s.expanded_roots_of_unity[i], &RECOVERY_SHIFT_FACTOR); eval_extended_poly(&individual_evaluation, poly_coeff, &shifted_w); @@ -1952,12 +1895,7 @@ static void test_recover_cells_and_kzg_proofs__succeeds_random_blob(void) { /* Reconstruct with half of the cells */ ret = recover_cells_and_kzg_proofs( - recovered_cells, - recovered_proofs, - cell_indices, - partial_cells, - num_partial_cells, - &s + recovered_cells, recovered_proofs, cell_indices, partial_cells, num_partial_cells, &s ); ASSERT_EQUALS(ret, C_KZG_OK); @@ -2154,9 +2092,7 @@ static void profile_recover_cells_and_kzg_proofs(void) { compute_cells_and_kzg_proofs(cells, NULL, &blob, &s); /* Initialize cell indices */ - ret = c_kzg_calloc( - (void **)&cell_indices, CELLS_PER_EXT_BLOB / 2, sizeof(uint64_t) - ); + ret = c_kzg_calloc((void **)&cell_indices, CELLS_PER_EXT_BLOB / 2, sizeof(uint64_t)); ASSERT_EQUALS(ret, C_KZG_OK); for (size_t i = 0; i < CELLS_PER_EXT_BLOB / 2; i++) { cell_indices[i] = i; @@ -2164,9 +2100,7 @@ static void profile_recover_cells_and_kzg_proofs(void) { ProfilerStart("recover_cells_and_kzg_proofs.prof"); for (int i = 0; i < 5; i++) { - recover_cells_and_kzg_proofs( - cells, NULL, cell_indices, cells, CELLS_PER_EXT_BLOB / 2, &s - ); + recover_cells_and_kzg_proofs(cells, NULL, cell_indices, cells, CELLS_PER_EXT_BLOB / 2, &s); } ProfilerStop(); } @@ -2198,13 +2132,9 @@ static void profile_verify_cell_kzg_proof_batch(void) { ASSERT_EQUALS(ret, C_KZG_OK); /* Initialize indices */ - ret = c_kzg_calloc( - (void **)&commitments, CELLS_PER_EXT_BLOB, sizeof(uint64_t) - ); + ret = c_kzg_calloc((void **)&commitments, CELLS_PER_EXT_BLOB, sizeof(uint64_t)); ASSERT_EQUALS(ret, C_KZG_OK); - ret = c_kzg_calloc( - (void **)&cell_indices, CELLS_PER_EXT_BLOB, sizeof(uint64_t) - ); + ret = c_kzg_calloc((void **)&cell_indices, CELLS_PER_EXT_BLOB, sizeof(uint64_t)); ASSERT_EQUALS(ret, C_KZG_OK); for (size_t i = 0; i < CELLS_PER_EXT_BLOB; i++) { @@ -2215,13 +2145,7 @@ static void profile_verify_cell_kzg_proof_batch(void) { ProfilerStart("verify_cell_kzg_proof_batch.prof"); for (int i = 0; i < 100; i++) { verify_cell_kzg_proof_batch( - &ok, - &commitments, - cell_indices, - cells, - proofs, - CELLS_PER_EXT_BLOB, - &s + &ok, &commitments, cell_indices, cells, proofs, CELLS_PER_EXT_BLOB, &s ); } ProfilerStop(); @@ -2306,8 +2230,7 @@ int main(void) { RUN(test_compute_powers__succeeds_expected_powers); RUN(test_g1_lincomb__verify_consistent); RUN(test_evaluate_polynomial_in_evaluation_form__constant_polynomial); - RUN(test_evaluate_polynomial_in_evaluation_form__constant_polynomial_in_range - ); + RUN(test_evaluate_polynomial_in_evaluation_form__constant_polynomial_in_range); RUN(test_evaluate_polynomial_in_evaluation_form__random_polynomial); RUN(test_log2_pow2__succeeds_expected_values); RUN(test_is_power_of_two__succeeds_powers_of_two); @@ -2323,10 +2246,8 @@ int main(void) { RUN(test_compute_and_verify_blob_kzg_proof__succeeds_round_trip); RUN(test_compute_and_verify_blob_kzg_proof__fails_incorrect_proof); RUN(test_compute_and_verify_blob_kzg_proof__fails_proof_not_in_g1); - RUN(test_compute_and_verify_blob_kzg_proof__fails_compute_commitment_not_in_g1 - ); - RUN(test_compute_and_verify_blob_kzg_proof__fails_verify_commitment_not_in_g1 - ); + RUN(test_compute_and_verify_blob_kzg_proof__fails_compute_commitment_not_in_g1); + RUN(test_compute_and_verify_blob_kzg_proof__fails_verify_commitment_not_in_g1); RUN(test_compute_and_verify_blob_kzg_proof__fails_invalid_blob); RUN(test_verify_kzg_proof_batch__succeeds_round_trip); RUN(test_verify_kzg_proof_batch__fails_with_incorrect_proof); From 1c68feddc391e658e329bd847d78a75b2e2ad2b7 Mon Sep 17 00:00:00 2001 From: Justin Traglia Date: Thu, 18 Jul 2024 11:12:03 -0500 Subject: [PATCH 02/11] Update section dividers --- src/c_kzg_4844.c | 72 +++++++++++++------------- src/c_kzg_4844.h | 12 ++--- src/test_c_kzg_4844.c | 116 +++++++++++++++++++++--------------------- 3 files changed, 100 insertions(+), 100 deletions(-) diff --git a/src/c_kzg_4844.c b/src/c_kzg_4844.c index 03afe90c1..09e06b4dc 100644 --- a/src/c_kzg_4844.c +++ b/src/c_kzg_4844.c @@ -26,9 +26,9 @@ #include #include -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Macros -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// /** Returns the smaller value. */ #define MIN(a, b) ((a) < (b) ? (a) : (b)) @@ -46,18 +46,18 @@ (p) = NULL; \ } while (0) -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Types -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// /** Internal representation of a polynomial. */ typedef struct { fr_t evals[FIELD_ELEMENTS_PER_BLOB]; } Polynomial; -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Constants -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// /** The domain separator for the Fiat-Shamir protocol. */ static const char *FIAT_SHAMIR_PROTOCOL_DOMAIN = "FSBLOBVERIFY_V1_"; @@ -165,9 +165,9 @@ static const fr_t FR_NULL = { // clang-format on -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Memory Allocation Functions -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// /** * Wrapped malloc() that reports failures to allocate. @@ -248,9 +248,9 @@ static C_KZG_RET new_bool_array(bool **x, size_t n) { return c_kzg_calloc((void **)x, n, sizeof(bool)); } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Helper Functions -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// /** * Test whether the operand is one in the finite field. @@ -494,9 +494,9 @@ static bool pairings_verify(const g1_t *a1, const g2_t *a2, const g1_t *b1, cons return blst_fp12_is_one(>_point); } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Bytes Conversion Helper Functions -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// /** * Serialize a G1 group element into bytes. @@ -535,9 +535,9 @@ static void bytes_from_uint64(uint8_t out[8], uint64_t n) { } } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // BLS12-381 Helper Functions -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// /** * Map bytes to a BLS field element. @@ -812,9 +812,9 @@ static void compute_powers(fr_t *out, const fr_t *x, uint64_t n) { } } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Polynomials Functions -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// /** * Evaluate a polynomial in evaluation form at a given point. @@ -875,9 +875,9 @@ static C_KZG_RET evaluate_polynomial_in_evaluation_form( return ret; } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // KZG Functions -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// /** * Compute a KZG commitment from a polynomial. @@ -1452,9 +1452,9 @@ C_KZG_RET verify_blob_kzg_proof_batch( return ret; } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // FFT for G1 points -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// /** * Utility function to test whether the argument is a power of two. @@ -1564,9 +1564,9 @@ C_KZG_RET ifft_g1(g1_t *out, const g1_t *in, size_t n, const KZGSettings *s) { return C_KZG_OK; } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Trusted Setup Functions -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// /** * Reverse the bit order in a 32-bit integer. @@ -2175,9 +2175,9 @@ C_KZG_RET load_trusted_setup_file(KZGSettings *out, FILE *in, size_t precompute) return ret; } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Fast Fourier Transform -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// /** * Fast Fourier Transform. @@ -2261,9 +2261,9 @@ static C_KZG_RET ifft_fr(fr_t *out, const fr_t *in, size_t n, const KZGSettings return C_KZG_OK; } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Zero poly -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// typedef struct { fr_t *coeffs; @@ -2569,9 +2569,9 @@ static C_KZG_RET zero_polynomial_via_multiplication( return ret; } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Cell Recovery -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// /** * The coset shift factor for the cell recovery code. @@ -2820,9 +2820,9 @@ static C_KZG_RET recover_cells_impl( return ret; } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Polynomial Conversion Functions -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// /** * Convert a polynomial in monomial form to Lagrange form. @@ -2859,9 +2859,9 @@ static C_KZG_RET poly_lagrange_to_monomial( return ret; } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Cell Proofs -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// /** * Reorder and extend polynomial coefficients for the toeplitz method, strided @@ -3020,9 +3020,9 @@ static C_KZG_RET compute_fk20_proofs(g1_t *out, const fr_t *p, size_t n, const K return ret; } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Helper Functions for Batch Cell Verification -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// /** * Compute random linear combination challenge scalars for @@ -3195,9 +3195,9 @@ static void deduplicate_commitments( *count_out = new_count; } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Functions for EIP-7594 -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// /** * Given a blob, get all of its cells and proofs. diff --git a/src/c_kzg_4844.h b/src/c_kzg_4844.h index 08dd3f2f4..914bbb8fc 100644 --- a/src/c_kzg_4844.h +++ b/src/c_kzg_4844.h @@ -32,9 +32,9 @@ extern "C" { #endif -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Macros -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// /** The number of bytes in a KZG commitment. */ #define BYTES_PER_COMMITMENT 48 @@ -66,9 +66,9 @@ extern "C" { /** The number of bytes in a single cell. */ #define BYTES_PER_CELL (FIELD_ELEMENTS_PER_CELL * BYTES_PER_FIELD_ELEMENT) -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Types -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// typedef blst_p1 g1_t; /**< Internal G1 group element type. */ typedef blst_p2 g2_t; /**< Internal G2 group element type. */ @@ -157,9 +157,9 @@ typedef struct { size_t scratch_size; } KZGSettings; -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Interface functions -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// C_KZG_RET load_trusted_setup( KZGSettings *out, diff --git a/src/test_c_kzg_4844.c b/src/test_c_kzg_4844.c index f857e5f5c..0a3928bfe 100644 --- a/src/test_c_kzg_4844.c +++ b/src/test_c_kzg_4844.c @@ -12,15 +12,15 @@ #include #endif -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Globals -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// KZGSettings s; -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Debugging functions -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// void print_bytes32(const Bytes32 *bytes) { for (size_t i = 0; i < 32; i++) { @@ -64,9 +64,9 @@ void print_cell(const Cell *cell) { } } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Helper functions -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// static void get_rand_bytes32(Bytes32 *out) { static uint64_t seed = 0; @@ -167,9 +167,9 @@ static void eval_extended_poly(fr_t *out, fr_t *poly_coefficients, fr_t *x) { } } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Tests for memory allocation functions -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// static void test_c_kzg_malloc__succeeds_size_greater_than_zero(void) { C_KZG_RET ret; @@ -236,9 +236,9 @@ static void test_c_kzg_calloc__fails_too_big(void) { ASSERT_EQUALS(ptr, NULL); } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Tests for fr_div -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// static void test_fr_div__by_one_is_equal(void) { fr_t a, q; @@ -292,9 +292,9 @@ static void test_fr_div__succeeds_round_trip(void) { ASSERT_EQUALS(ok, true); } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Tests for fr_pow -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// static void test_fr_pow__test_power_of_two(void) { fr_t a, r, check; @@ -319,9 +319,9 @@ static void test_fr_pow__test_inverse_on_root_of_unity(void) { ASSERT_EQUALS(ok, true); } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Tests for fr_batch_inv -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// static void test_fr_batch_inv__test_consistent(void) { C_KZG_RET ret; @@ -356,9 +356,9 @@ static void test_fr_batch_inv__test_zero(void) { ASSERT_EQUALS(ret, C_KZG_BADARGS); } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Tests for g1_mul -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// static void test_g1_mul__test_consistent(void) { blst_scalar s; @@ -416,9 +416,9 @@ static void test_g1_mul__test_different_bit_lengths(void) { } } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Tests for pairings_verify -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// static void test_pairings_verify__good_pairing(void) { fr_t s; @@ -453,9 +453,9 @@ static void test_pairings_verify__bad_pairing(void) { ASSERT("pairings fail", !pairings_verify(&g1, &s1g2, &sg1, &g2)); } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Tests for blob_to_kzg_commitment -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// static void test_blob_to_kzg_commitment__succeeds_x_less_than_modulus(void) { C_KZG_RET ret; @@ -578,9 +578,9 @@ static void test_blob_to_kzg_commitment__succeeds_expected_commitment(void) { ASSERT_EQUALS(diff, 0); } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Tests for validate_kzg_g1 -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// static void test_validate_kzg_g1__succeeds_round_trip(void) { C_KZG_RET ret; @@ -793,9 +793,9 @@ static void test_validate_kzg_g1__fails_with_mask_bits_001(void) { ASSERT_EQUALS(ret, C_KZG_BADARGS); } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Tests for reverse_bits -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// static void test_reverse_bits__succeeds_round_trip(void) { uint32_t original; @@ -826,9 +826,9 @@ static void test_reverse_bits__succeeds_all_bits_are_one(void) { ASSERT_EQUALS(reverse_bits(original), reversed); } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Tests for bit_reversal_permutation -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// static void test_bit_reversal_permutation__succeeds_round_trip(void) { C_KZG_RET ret; @@ -924,9 +924,9 @@ static void test_bit_reversal_permutation__fails_n_is_one(void) { ASSERT_EQUALS(ret, C_KZG_BADARGS); } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Tests for compute_powers -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// static void test_compute_powers__succeeds_expected_powers(void) { C_KZG_RET ret; @@ -976,9 +976,9 @@ static void test_compute_powers__succeeds_expected_powers(void) { } } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Tests for g1_lincomb -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// static void test_g1_lincomb__verify_consistent(void) { C_KZG_RET ret; @@ -999,9 +999,9 @@ static void test_g1_lincomb__verify_consistent(void) { ASSERT("pippenger matches naive MSM", blst_p1_is_equal(&out, &check)); } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Tests for evaluate_polynomial_in_evaluation_form -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// static void test_evaluate_polynomial_in_evaluation_form__constant_polynomial(void) { C_KZG_RET ret; @@ -1071,9 +1071,9 @@ static void test_evaluate_polynomial_in_evaluation_form__random_polynomial(void) ASSERT("evaluation methods match", fr_equal(&y, &check)); } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Tests for log2_pow2 -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// static void test_log2_pow2__succeeds_expected_values(void) { uint32_t x = 1; @@ -1083,9 +1083,9 @@ static void test_log2_pow2__succeeds_expected_values(void) { } } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Tests for is_power_of_two -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// static void test_is_power_of_two__succeeds_powers_of_two(void) { uint64_t x = 1; @@ -1104,9 +1104,9 @@ static void test_is_power_of_two__fails_not_powers_of_two(void) { } } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Tests for compute_kzg_proof -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// static void test_compute_kzg_proof__succeeds_expected_proof(void) { C_KZG_RET ret; @@ -1308,9 +1308,9 @@ static void test_compute_and_verify_kzg_proof__fails_incorrect_proof(void) { ASSERT_EQUALS(ok, 0); } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Tests for verify_kzg_proof -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// static void test_verify_kzg_proof__fails_proof_not_in_g1(void) { C_KZG_RET ret; @@ -1384,9 +1384,9 @@ static void test_verify_kzg_proof__fails_y_not_field_element(void) { ASSERT_EQUALS(ret, C_KZG_BADARGS); } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Tests for compute_blob_kzg_proof -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// static void test_compute_and_verify_blob_kzg_proof__succeeds_round_trip(void) { C_KZG_RET ret; @@ -1521,9 +1521,9 @@ static void test_compute_and_verify_blob_kzg_proof__fails_invalid_blob(void) { ASSERT_EQUALS(ret, C_KZG_BADARGS); } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Tests for verify_kzg_proof_batch -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// static void test_verify_kzg_proof_batch__succeeds_round_trip(void) { C_KZG_RET ret; @@ -1667,9 +1667,9 @@ static void test_verify_kzg_proof_batch__fails_invalid_blob(void) { ASSERT_EQUALS(ret, C_KZG_BADARGS); } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Tests for expand_root_of_unity -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// static void test_expand_root_of_unity__succeeds_with_root(void) { C_KZG_RET ret; @@ -1701,9 +1701,9 @@ static void test_expand_root_of_unity__fails_wrong_root_of_unity(void) { ASSERT_EQUALS(ret, C_KZG_BADARGS); } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Tests for reconstruction -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// static void test_fft(void) { // TODO: Breaks with N=4096 or N=128 which are used in the protocol (see @@ -1780,9 +1780,9 @@ static void test_coset_fft(void) { } } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Tests for deduplicate_commitments -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// static void test_deduplicate_commitments__one_duplicate(void) { Bytes48 commitments[4]; @@ -1864,9 +1864,9 @@ static void test_deduplicate_commitments__one_commitment(void) { ASSERT_EQUALS(indices[0], 0); } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Tests for recover_cells_and_kzg_proofs -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// static void test_recover_cells_and_kzg_proofs__succeeds_random_blob(void) { C_KZG_RET ret; @@ -1908,9 +1908,9 @@ static void test_recover_cells_and_kzg_proofs__succeeds_random_blob(void) { } } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Tests for verify_cell_kzg_proof_batch -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// static void test_verify_cell_kzg_proof_batch__succeeds_random_blob(void) { C_KZG_RET ret; @@ -1946,9 +1946,9 @@ static void test_verify_cell_kzg_proof_batch__succeeds_random_blob(void) { ASSERT_EQUALS(ret, C_KZG_OK); } -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Profiling Functions -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// #ifdef PROFILE static void profile_blob_to_kzg_commitment(void) { @@ -2152,9 +2152,9 @@ static void profile_verify_cell_kzg_proof_batch(void) { } #endif /* PROFILE */ -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// // Main logic -/////////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// static void setup(void) { FILE *fp; From 619bf43827f302e4615e62a000155cc61358a144 Mon Sep 17 00:00:00 2001 From: Justin Traglia Date: Thu, 18 Jul 2024 11:14:09 -0500 Subject: [PATCH 03/11] Remove manual clangformat on/off lines & reformat --- src/c_kzg_4844.c | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/src/c_kzg_4844.c b/src/c_kzg_4844.c index 09e06b4dc..7fead05d2 100644 --- a/src/c_kzg_4844.c +++ b/src/c_kzg_4844.c @@ -83,13 +83,10 @@ static const char *RANDOM_CHALLENGE_DOMAIN_VERIFY_CELL_KZG_PROOF_BATCH = "RCKZGC /** The number of g2 points in a trusted setup. */ #define NUM_G2_POINTS 65 -// clang-format off - /** Deserialized form of the G1 identity/infinity point. */ static const g1_t G1_IDENTITY = { - {0L, 0L, 0L, 0L, 0L, 0L}, - {0L, 0L, 0L, 0L, 0L, 0L}, - {0L, 0L, 0L, 0L, 0L, 0L}}; + {0L, 0L, 0L, 0L, 0L, 0L}, {0L, 0L, 0L, 0L, 0L, 0L}, {0L, 0L, 0L, 0L, 0L, 0L} +}; /** * The first 32 roots of unity in the finite field F_r. @@ -148,22 +145,21 @@ static const uint64_t SCALE2_ROOT_OF_UNITY[][4] = { {0xd7b688830a4f2089L, 0x6558e9e3f6ac7b41L, 0x99e276b571905a7dL, 0x52dd465e2f094256L}, {0x474650359d8e211bL, 0x84d37b826214abc6L, 0x8da40c1ef2bb4598L, 0x0c83ea7744bf1beeL}, {0x694341f608c9dd56L, 0xed3a181fabb30adcL, 0x1339a815da8b398fL, 0x2c6d4e4511657e1eL}, - {0x63e7cb4906ffc93fL, 0xf070bb00e28a193dL, 0xad1715b02e5713b5L, 0x4b5371495990693fL}}; + {0x63e7cb4906ffc93fL, 0xf070bb00e28a193dL, 0xad1715b02e5713b5L, 0x4b5371495990693fL} +}; /** The zero field element. */ static const fr_t FR_ZERO = {0L, 0L, 0L, 0L}; /** This is 1 in blst's `blst_fr` limb representation. Crazy but true. */ static const fr_t FR_ONE = { - 0x00000001fffffffeL, 0x5884b7fa00034802L, - 0x998c4fefecbc4ff5L, 0x1824b159acc5056fL}; + 0x00000001fffffffeL, 0x5884b7fa00034802L, 0x998c4fefecbc4ff5L, 0x1824b159acc5056fL +}; /** This used to represent a missing element. It's a invalid value. */ static const fr_t FR_NULL = { - 0xffffffffffffffffL, 0xffffffffffffffffL, - 0xffffffffffffffffL, 0xffffffffffffffffL}; - -// clang-format on + 0xffffffffffffffffL, 0xffffffffffffffffL, 0xffffffffffffffffL, 0xffffffffffffffffL +}; //////////////////////////////////////////////////////////////////////////////////////////////////// // Memory Allocation Functions From 08b9b3c86c45dc648f5aa3215aab65f552df4300 Mon Sep 17 00:00:00 2001 From: Justin Traglia Date: Thu, 18 Jul 2024 11:53:39 -0500 Subject: [PATCH 04/11] Wrap comments to 100 chars --- src/c_kzg_4844.c | 279 +++++++++++++++++++++-------------------------- 1 file changed, 122 insertions(+), 157 deletions(-) diff --git a/src/c_kzg_4844.c b/src/c_kzg_4844.c index 7fead05d2..af5791782 100644 --- a/src/c_kzg_4844.c +++ b/src/c_kzg_4844.c @@ -37,8 +37,8 @@ #define NUM_ELEMENTS(a) (sizeof(a) / sizeof(a[0])) /** - * Helper macro to release memory allocated on the heap. Unlike free(), - * c_kzg_free() macro sets the pointer value to NULL after freeing it. + * Helper macro to release memory allocated on the heap. Unlike free(), c_kzg_free() macro sets the + * pointer value to NULL after freeing it. */ #define c_kzg_free(p) \ do { \ @@ -89,12 +89,11 @@ static const g1_t G1_IDENTITY = { }; /** - * The first 32 roots of unity in the finite field F_r. - * SCALE2_ROOT_OF_UNITY[i] is a 2^i'th root of unity. + * The first 32 roots of unity in the finite field F_r. SCALE2_ROOT_OF_UNITY[i] is a 2^i'th root of + * unity. * - * For element `{A, B, C, D}`, the field element value is - * `A + B * 2^64 + C * 2^128 + D * 2^192`. This format may be converted to - * an `fr_t` type via the blst_fr_from_uint64() function. + * For element `{A, B, C, D}`, the field element value is `A + B * 2^64 + C * 2^128 + D * 2^192`. + * This format may be converted to an `fr_t` type via the blst_fr_from_uint64() function. * * The decimal values may be calculated with the following Python code: * @code{.py} @@ -103,14 +102,13 @@ static const g1_t G1_IDENTITY = { * [pow(PRIMITIVE_ROOT, (MODULUS - 1) // (2**i), MODULUS) for i in range(32)] * @endcode * - * Note: Being a "primitive root" in this context means that `r^k != 1` for any - * `k < q-1` where q is the modulus. So powers of r generate the field. This is - * also known as being a "primitive element". + * Note: Being a "primitive root" in this context means that `r^k != 1` for any `k < q-1` where q is + * the modulus. So powers of r generate the field. This is also known as being a "primitive + * element". * - * In the formula above, the restriction can be slightly relaxed to `r` being a non-square. - * This is easy to check: We just require that r^((q-1)/2) == -1. Instead of - * 7, we could use 10, 13, 14, 15, 20... to create the 2^i'th roots of unity below. - * Generally, there are a lot of primitive roots: + * In the formula above, the restriction can be slightly relaxed to `r` being a non-square. This is + * easy to check: We just require that r^((q-1)/2) == -1. Instead of 7, we could use 10, 13, 14, 15, + * 20... to create the 2^i'th roots of unity below. Generally, there are a lot of primitive roots: * https://crypto.stanford.edu/pbc/notes/numbertheory/gen.html */ static const uint64_t SCALE2_ROOT_OF_UNITY[][4] = { @@ -548,8 +546,7 @@ static void hash_to_bls_field(fr_t *out, const Bytes32 *b) { } /** - * Convert untrusted bytes to a trusted and validated BLS scalar field - * element. + * Convert untrusted bytes to a trusted and validated BLS scalar field element. * * @param[out] out The field element to store the deserialized data * @param[in] b A 32-byte array containing the serialized field element @@ -568,9 +565,8 @@ static C_KZG_RET bytes_to_bls_field(fr_t *out, const Bytes32 *b) { * @param[out] out The output g1 point * @param[in] b The proof/commitment bytes * - * @remark This function deviates from the spec because it returns (via an - * output argument) the g1 point. This way is more efficient (faster) - * but the function name is a bit misleading. + * @remark This function deviates from the spec because it returns (via an output argument) the g1 + * point. This way is more efficient (faster) but the function name is a bit misleading. */ static C_KZG_RET validate_kzg_g1(g1_t *out, const Bytes48 *b) { blst_p1_affine p1_affine; @@ -609,8 +605,7 @@ static C_KZG_RET bytes_to_kzg_proof(g1_t *out, const Bytes48 *b) { } /** - * Deserialize a Blob (array of bytes) into a Polynomial (array of field - * elements). + * Deserialize a blob (array of bytes) into a polynomial (array of field elements). * * @param[out] p The output polynomial (array of field elements) * @param[in] blob The blob (an array of bytes) @@ -677,8 +672,7 @@ static void compute_challenge(fr_t *eval_challenge_out, const Blob *blob, const * Calculates `[coeffs_0]p_0 + [coeffs_1]p_1 + ... + [coeffs_n]p_n` * where `n` is `len - 1`. * - * This function computes the result naively without using Pippenger's - * algorithm. + * This function computes the result naively without using Pippenger's algorithm. */ static void g1_lincomb_naive(g1_t *out, const g1_t *p, const fr_t *coeffs, uint64_t len) { g1_t tmp; @@ -692,8 +686,7 @@ static void g1_lincomb_naive(g1_t *out, const g1_t *p, const fr_t *coeffs, uint6 /** * Calculate a linear combination of G1 group elements. * - * Calculates `[coeffs_0]p_0 + [coeffs_1]p_1 + ... + [coeffs_n]p_n` - * where `n` is `len - 1`. + * Calculates `[coeffs_0]p_0 + [coeffs_1]p_1 + ... + [coeffs_n]p_n` where `n` is `len - 1`. * * @param[out] out The resulting sum-product * @param[in] p Array of G1 group elements, length `len` @@ -701,20 +694,17 @@ static void g1_lincomb_naive(g1_t *out, const g1_t *p, const fr_t *coeffs, uint6 * @param[in] len The number of group/field elements * * @remark This function CAN be called with the point at infinity in `p`. - * @remark While this function is significantly faster than - * g1_lincomb_naive(), we refrain from using it in security-critical - * places (like verification) because the blst Pippenger code has not - * been audited. In those critical places, we prefer using - * g1_lincomb_naive() which is much simpler. + * @remark While this function is significantly faster than g1_lincomb_naive(), we refrain from + * using it in security-critical places (like verification) because the blst Pippenger code has not + * been audited. In those critical places, we prefer using g1_lincomb_naive() which is much simpler. * - * For the benefit of future generations (since blst has no documentation to - * speak of), there are two ways to pass the arrays of scalars and points - * into blst_p1s_mult_pippenger(). + * For the benefit of future generations (since blst has no documentation to speak of), there are + * two ways to pass the arrays of scalars and points into blst_p1s_mult_pippenger(). * - * 1. Pass `points` as an array of pointers to the points, and pass - * `scalars` as an array of pointers to the scalars, each of length `len`. - * 2. Pass an array where the first element is a pointer to the contiguous - * array of points and the second is null, and similarly for scalars. + * 1. Pass `points` as an array of pointers to the points, and pass `scalars` as an array of + * pointers to the scalars, each of length `len`. + * 2. Pass an array where the first element is a pointer to the contiguous array of points and the + * second is null, and similarly for scalars. * * We do the second of these to save memory here. */ @@ -753,8 +743,7 @@ static C_KZG_RET g1_lincomb_fast(g1_t *out, const g1_t *p, const fr_t *coeffs, s blst_scalar_from_fr(&scalars[i], &coeffs[i]); } - /* Filter out zero points: - * make a new list p_filtered that contains only non-zero points */ + /* Filter out zero points: make a new list p_filtered that contains only non-zero points */ size_t new_len = 0; for (size_t i = 0; i < len; i++) { if (!blst_p1_is_inf(&p[i])) { @@ -837,10 +826,9 @@ static C_KZG_RET evaluate_polynomial_in_evaluation_form( for (i = 0; i < FIELD_ELEMENTS_PER_BLOB; i++) { /* - * If the point to evaluate at is one of the evaluation points by which - * the polynomial is given, we can just return the result directly. - * Note that special-casing this is necessary, as the formula below - * would divide by zero otherwise. + * If the point to evaluate at is one of the evaluation points by which the polynomial is + * given, we can just return the result directly. Note that special-casing this is + * necessary, as the formula below would divide by zero otherwise. */ if (fr_equal(x, &roots_of_unity[i])) { *out = p->evals[i]; @@ -959,8 +947,8 @@ C_KZG_RET verify_kzg_proof( /** * Helper function: Verify KZG proof claiming that `p(z) == y`. * - * Given a `commitment` to a polynomial, a `proof` for `z`, and the - * claimed value `y` at `z`, verify the claim. + * Given a `commitment` to a polynomial, a `proof` for `z`, and the claimed value `y` at `z`, verify + * the claim. * * @param[out] ok True if the proof is valid, otherwise false * @param[in] commitment The commitment to a polynomial @@ -1007,8 +995,7 @@ static C_KZG_RET compute_kzg_proof_impl( * Compute KZG proof for polynomial in Lagrange form at position z. * * @param[out] proof_out The combined proof as a single G1 element - * @param[out] y_out The evaluation of the polynomial at the evaluation - * point z + * @param[out] y_out The evaluation of the polynomial at the evaluation point z * @param[in] blob The blob (polynomial) to generate a proof for * @param[in] z The generator z-value for the evaluation points * @param[in] s The trusted setup @@ -1037,12 +1024,10 @@ C_KZG_RET compute_kzg_proof( } /** - * Helper function for compute_kzg_proof() and - * compute_blob_kzg_proof(). + * Helper function for compute_kzg_proof() and compute_blob_kzg_proof(). * * @param[out] proof_out The combined proof as a single G1 element - * @param[out] y_out The evaluation of the polynomial at the evaluation - * point z + * @param[out] y_out The evaluation of the polynomial at the evaluation point z * @param[in] polynomial The polynomial in Lagrange form * @param[in] z The evaluation point * @param[in] s The trusted setup @@ -1130,9 +1115,9 @@ static C_KZG_RET compute_kzg_proof_impl( } /** - * Given a blob and a commitment, return the KZG proof that is used to verify - * it against the commitment. This function does not verify that the commitment - * is correct with respect to the blob. + * Given a blob and a commitment, return the KZG proof that is used to verify it against the + * commitment. This function does not verify that the commitment is correct with respect to the + * blob. * * @param[out] out The resulting proof * @param[in] blob A blob @@ -1166,8 +1151,7 @@ C_KZG_RET compute_blob_kzg_proof( } /** - * Given a blob and its proof, verify that it corresponds to the provided - * commitment. + * Given a blob and its proof, verify that it corresponds to the provided commitment. * * @param[out] ok True if the proofs are valid, otherwise false * @param[in] blob Blob to verify @@ -1284,8 +1268,7 @@ static C_KZG_RET compute_r_powers_for_verify_kzg_proof_batch( } /** - * Helper function for verify_blob_kzg_proof_batch(): actually perform the - * verification. + * Helper function for verify_blob_kzg_proof_batch(): actually perform the verification. * * @param[out] ok True if the proofs are valid, otherwise false * @param[in] commitments_g1 Array of commitments to verify @@ -1296,9 +1279,8 @@ static C_KZG_RET compute_r_powers_for_verify_kzg_proof_batch( * @param[in] s The trusted setup * * @remark This function only works for `n > 0`. - * @remark This function assumes that `n` is trusted and that all input arrays - * contain `n` elements. `n` should be the actual size of the arrays and - * not read off a length field in the protocol. + * @remark This function assumes that `n` is trusted and that all input arrays contain `n` elements. + * `n` should be the actual size of the arrays and not read off a length field in the protocol. */ static C_KZG_RET verify_kzg_proof_batch( bool *ok, @@ -1364,8 +1346,8 @@ static C_KZG_RET verify_kzg_proof_batch( } /** - * Given a list of blobs and blob KZG proofs, verify that they correspond to the - * provided commitments. + * Given a list of blobs and blob KZG proofs, verify that they correspond to the provided + * commitments. * * @param[out] ok True if the proofs are valid, otherwise false * @param[in] blobs Array of blobs to verify @@ -1375,9 +1357,8 @@ static C_KZG_RET verify_kzg_proof_batch( * @param[in] s The trusted setup * * @remark This function accepts if called with `n==0`. - * @remark This function assumes that `n` is trusted and that all input arrays - * contain `n` elements. `n` should be the actual size of the arrays and - * not read off a length field in the protocol. + * @remark This function assumes that `n` is trusted and that all input arrays contain `n` elements. + * `n` should be the actual size of the arrays and not read off a length field in the protocol. */ C_KZG_RET verify_blob_kzg_proof_batch( bool *ok, @@ -1459,8 +1440,8 @@ C_KZG_RET verify_blob_kzg_proof_batch( * * @return True if `n` is zero or a power of two, otherwise false. * - * @remark This method returns true for is_power_of_two(0) which is a bit - * weird, but not an issue in the contexts in which we use it. + * @remark This method returns true for is_power_of_two(0) which is a bit weird, but not an issue in + * the contexts in which we use it. * */ static bool is_power_of_two(uint64_t n) { @@ -1624,10 +1605,9 @@ static uint32_t reverse_bits_limited(uint32_t n, uint32_t value) { * * @remark Operates in-place on the array. * @remark Can handle arrays of any type: provide the element size in `size`. - * @remark This means that `input[n] == output[n']`, where input and output - * denote the input and output array and n' is obtained from n by - * bit-reversing n. As opposed to reverse_bits, this bit-reversal - * operates on log2(n)-bit numbers. + * @remark This means that `input[n] == output[n']`, where input and output denote the input and + * output array and n' is obtained from n by bit-reversing n. As opposed to reverse_bits, this + * bit-reversal operates on log2(n)-bit numbers. */ static C_KZG_RET bit_reversal_permutation(void *values, size_t size, uint64_t n) { C_KZG_RET ret; @@ -1668,8 +1648,8 @@ static C_KZG_RET bit_reversal_permutation(void *values, size_t size, uint64_t n) * @param[in] root A root of unity * @param[in] width One less than the size of `out` * - * @remark `root` must be such that `root ^ width` is equal to one, but - * no smaller power of `root` is equal to one. + * @remark `root` must be such that `root ^ width` is equal to one, but no smaller power of `root` + * is equal to one. */ static C_KZG_RET expand_root_of_unity(fr_t *out, const fr_t *root, uint64_t width) { uint64_t i; @@ -1756,10 +1736,9 @@ void free_trusted_setup(KZGSettings *s) { c_kzg_free(s->g2_values_monomial); /* - * If for whatever reason we accidentally call free_trusted_setup() on an - * uninitialized structure, we don't want to deference these 2d arrays. - * Without these NULL checks, it's possible for there to be a segmentation - * fault via null pointer dereference. + * If for whatever reason we accidentally call free_trusted_setup() on an uninitialized + * structure, we don't want to deference these 2d arrays. Without these NULL checks, it's + * possible for there to be a segmentation fault via null pointer dereference. */ if (s->x_ext_fft_columns != NULL) { for (size_t i = 0; i < CELLS_PER_EXT_BLOB; i++) { @@ -1778,8 +1757,8 @@ void free_trusted_setup(KZGSettings *s) { } /** - * The first part of the Toeplitz matrix multiplication algorithm: the Fourier - * transform of the vector x extended. + * The first part of the Toeplitz matrix multiplication algorithm: the Fourier transform of the + * vector x extended. * * @param[out] out The FFT of the extension of x, size n * 2 * @param[in] x The input vector, size n @@ -1979,11 +1958,10 @@ C_KZG_RET load_trusted_setup( } /* - * This is the window size for the windowed multiplication in proof - * generation. The larger wbits is, the faster the MSM will be, but the - * size of the precomputed table will grow exponentially. With 8 bits, the - * tables are 96 MiB; with 9 bits, the tables are 192 MiB and so forth. - * From our testing, there are diminishing returns after 8 bits. + * This is the window size for the windowed multiplication in proof generation. The larger wbits + * is, the faster the MSM will be, but the size of the precomputed table will grow + * exponentially. With 8 bits, the tables are 96 MiB; with 9 bits, the tables are 192 MiB and so + * forth. From our testing, there are diminishing returns after 8 bits. */ out->wbits = precompute; @@ -2073,9 +2051,8 @@ C_KZG_RET load_trusted_setup( out_error: /* - * Note: this only frees the fields in the KZGSettings structure. It does - * not free the KZGSettings structure memory. If necessary, that must be - * done by the caller. + * Note: this only frees the fields in the KZGSettings structure. It does not free the + * KZGSettings structure memory. If necessary, that must be done by the caller. */ free_trusted_setup(out); out_success: @@ -2091,9 +2068,8 @@ C_KZG_RET load_trusted_setup( * * @remark See also load_trusted_setup(). * @remark The input file will not be closed. - * @remark The file format is `n1 n2 g1_1 g1_2 ... g1_n1 g2_1 ... g2_n2` where - * the first two numbers are in decimal and the remainder are hexstrings - * and any whitespace can be used as separators. + * @remark The file format is `n1 n2 g1_1 g1_2 ... g1_n1 g2_1 ... g2_n2` where the first two numbers + * are in decimal and the remainder are hexstrings and any whitespace can be used as separators. */ C_KZG_RET load_trusted_setup_file(KZGSettings *out, FILE *in, size_t precompute) { C_KZG_RET ret; @@ -2289,12 +2265,12 @@ static inline uint64_t next_power_of_two(uint64_t v) { } /** - * Calculates the minimal polynomial that evaluates to zero for powers of roots - * of unity at the given indices. + * Calculates the minimal polynomial that evaluates to zero for powers of roots of unity at the + * given indices. * - * Uses straightforward long multiplication to calculate the product of - * `(x - * r^i)` where `r` is a root of unity and the `i`s are the indices at - * which it must evaluate to zero. This results in a poly of degree indices_len. + * Uses straightforward long multiplication to calculate the product of `(x - * r^i)` where `r` is a + * root of unity and the `i`s are the indices at which it must evaluate to zero. This results in a + * poly of degree indices_len. * * @param[in,out] dst The zero polynomial for indices * @param[in,out] dst_len The length of dst @@ -2372,8 +2348,8 @@ static C_KZG_RET pad_p(fr_t *out, size_t out_len, const fr_t *in, size_t in_len) * @param[in] partial_count The number of polys to be multiplied together * @param[in] s The trusted setup * - * @remark This will pad the polynomials, perform FFTs, point-wise multiply the - * results together, and apply an inverse FFT to the result. + * @remark This will pad the polynomials, perform FFTs, point-wise multiply the results together, + * and apply an inverse FFT to the result. */ static C_KZG_RET reduce_partials( poly_t *out, @@ -2400,10 +2376,7 @@ static C_KZG_RET reduce_partials( goto out; } - /* - * The degree of the output polynomial is the sum of the degrees of the - * input polynomials. - */ + /* The degree of the output polynomial is the sum of the degrees of the input polynomials */ size_t out_degree = 0; for (size_t i = 0; i < partial_count; i++) { out_degree += partials[i].length - 1; @@ -2419,8 +2392,8 @@ static C_KZG_RET reduce_partials( fr_t *p_eval = scratch + len_out * 2; /* - * Do the last partial first: it is no longer than the others and the - * padding can remain in place for the rest. + * Do the last partial first: it is no longer than the others and the padding can remain in + * place for the rest. */ ret = pad_p( p_padded, len_out, partials[partial_count - 1].coeffs, partials[partial_count - 1].length @@ -2450,13 +2423,12 @@ static C_KZG_RET reduce_partials( } /** - * Calculate the minimal polynomial that evaluates to zero for the powers of - * roots of unity that correspond to missing indices. + * Calculate the minimal polynomial that evaluates to zero for the powers of roots of unity that + * correspond to missing indices. * - * This is done simply by multiplying together `(x - r^i)` for all the `i` that - * are missing indices, using a combination of direct multiplication - * (#do_zero_poly_mul_partial) and iterated multiplication via convolution - * (#reduce_partials). + * This is done simply by multiplying together `(x - r^i)` for all the `i` that are missing indices, + * using a combination of direct multiplication (#do_zero_poly_mul_partial) and iterated + * multiplication via convolution (#reduce_partials). * * @param[out] zero_poly The zero polynomial * @param[out] zero_poly_len The zero polynomial length @@ -2603,8 +2575,8 @@ static const fr_t INV_RECOVERY_SHIFT_FACTOR = { /** * Shift a polynomial in place. * - * Multiplies each coefficient by `shift_factor ^ i`. Equivalent to - * creating a polynomial that evaluates at `x * shift_factor` rather than `x`. + * Multiplies each coefficient by `shift_factor ^ i`. Equivalent to creating a polynomial that + * evaluates at `x * shift_factor` rather than `x`. * * @param[in,out] p The polynomial coefficients to be scaled * @param[in] len Length of the polynomial coefficients @@ -2656,8 +2628,8 @@ static C_KZG_RET coset_fft_fr(fr_t *out, const fr_t *in, size_t n, const KZGSett * @param[in] n Length of the arrays * @param[in] s The trusted setup * - * @remark The coset shift factor is RECOVERY_SHIFT_FACTOR. In this function we - * use its inverse to implement the IFFT. + * @remark The coset shift factor is RECOVERY_SHIFT_FACTOR. In this function we use its inverse to + * implement the IFFT. */ static C_KZG_RET coset_ifft_fr(fr_t *out, const fr_t *in, size_t n, const KZGSettings *s) { C_KZG_RET ret; @@ -2672,9 +2644,8 @@ static C_KZG_RET coset_ifft_fr(fr_t *out, const fr_t *in, size_t n, const KZGSet } /** - * Given a dataset with up to half the entries missing, return the - * reconstructed original. Assumes that the inverse FFT of the original data - * has the upper half of its values equal to zero. + * Given a dataset with up to half the entries missing, return the reconstructed original. Assumes + * that the inverse FFT of the original data has the upper half of its values equal to zero. * * @param[out] reconstructed_data_out Preallocated array for recovered cells * @param[in] cells The cells that you have @@ -2784,17 +2755,18 @@ static C_KZG_RET recover_cells_impl( ); } - /* After the above polynomial division, extended_evaluations_over_coset is - * the same polynomial as reconstructed_poly_over_coset in the spec */ + /* + * Note: After the above polynomial division, extended_evaluations_over_coset is the same + * polynomial as reconstructed_poly_over_coset in the spec. + */ /* Convert the evaluations back to coefficents */ ret = coset_ifft_fr(reconstructed_poly_coeff, extended_evaluations_over_coset, s->max_width, s); if (ret != C_KZG_OK) goto out; /* - * After unscaling the reconstructed polynomial, we have D(x) which - * evaluates to our original data at the roots of unity. Next, we evaluate - * the polynomial to get the original data. + * After unscaling the reconstructed polynomial, we have D(x) which evaluates to our original + * data at the roots of unity. Next, we evaluate the polynomial to get the original data. */ ret = fft_fr(reconstructed_data_out, reconstructed_poly_coeff, s->max_width, s); if (ret != C_KZG_OK) goto out; @@ -2828,8 +2800,8 @@ static C_KZG_RET recover_cells_impl( * @param[in] len The length of both polynomials * @param[in] s The trusted setup * - * @remark To convert a monomial-form polynomial to a Lagrange-form polynomial, - * you must inverse FFT the bit-reverse-permuated monomial polynomial. + * @remark To convert a monomial-form polynomial to a Lagrange-form polynomial, you must inverse FFT + * the bit-reverse-permuated monomial polynomial. */ static C_KZG_RET poly_lagrange_to_monomial( fr_t *lagrange, const fr_t *monomial, size_t len, const KZGSettings *s @@ -2860,8 +2832,7 @@ static C_KZG_RET poly_lagrange_to_monomial( //////////////////////////////////////////////////////////////////////////////////////////////////// /** - * Reorder and extend polynomial coefficients for the toeplitz method, strided - * version. + * Reorder and extend polynomial coefficients for the toeplitz method, strided version. * * @param[out] out The reordered polynomial, size `n * 2 / stride` * @param[in] in The input polynomial, size `n` @@ -2898,9 +2869,8 @@ static C_KZG_RET toeplitz_coeffs_stride( * @param[in] n The length of the polynomial * @param[in] s The trusted setup * - * @remark The polynomial should have FIELD_ELEMENTS_PER_BLOB coefficients. Only - * the lower half of the extended polynomial is supplied because the - * upper half is assumed to be zero. + * @remark The polynomial should have FIELD_ELEMENTS_PER_BLOB coefficients. Only the lower half of + * the extended polynomial is supplied because the upper half is assumed to be zero. */ static C_KZG_RET compute_fk20_proofs(g1_t *out, const fr_t *p, size_t n, const KZGSettings *s) { C_KZG_RET ret; @@ -3021,9 +2991,8 @@ static C_KZG_RET compute_fk20_proofs(g1_t *out, const fr_t *p, size_t n, const K //////////////////////////////////////////////////////////////////////////////////////////////////// /** - * Compute random linear combination challenge scalars for - * verify_cell_kzg_proof_batch. In this, we must hash EVERYTHING that the prover - * can control. + * Compute random linear combination challenge scalars for verify_cell_kzg_proof_batch. In this, we + * must hash EVERYTHING that the prover can control. * * @param[out] r_powers_out The output challenges * @param[in] commitments_bytes The input commitments @@ -3145,9 +3114,8 @@ static void commitments_copy(Bytes48 *dst, const Bytes48 *src) { } /** - * Convert a list of commitments with potential duplicates to a list of unique - * commitments. Also returns a list of indices which point to those new unique - * commitments. + * Convert a list of commitments with potential duplicates to a list of unique commitments. Also + * returns a list of indices which point to those new unique commitments. * * @param[in,out] commitments_out Updated to only contain unique commitments * @param[out] indices_out Used as map between old/new commitments @@ -3234,10 +3202,9 @@ C_KZG_RET compute_cells_and_kzg_proofs( memset(poly_lagrange, 0, sizeof(fr_t) * FIELD_ELEMENTS_PER_EXT_BLOB); /* - * Convert the blob to a polynomial. Note that only the first 4096 fields - * of the polynomial will be set. The upper 4096 fields will remain zero. - * This is required because the polynomial will be evaluated with 8192 - * roots of unity. + * Convert the blob to a polynomial. Note that only the first 4096 fields of the polynomial will + * be set. The upper 4096 fields will remain zero. This is required because the polynomial will + * be evaluated with 8192 roots of unity. */ ret = blob_to_polynomial((Polynomial *)poly_lagrange, blob); if (ret != C_KZG_OK) goto out; @@ -3362,9 +3329,9 @@ C_KZG_RET recover_cells_and_kzg_proofs( fr_t *field = &recovered_cells_fr[index + j]; /* - * Check if the field has already been set. If it has, there was a - * duplicate cell index and we can return an error. The compiler - * will optimize this and the overhead is practically zero. + * Check if the field has already been set. If it has, there was a duplicate cell index + * and we can return an error. The compiler will optimize this and the overhead is + * practically zero. */ if (!fr_is_null(field)) { ret = C_KZG_BADARGS; @@ -3400,9 +3367,9 @@ C_KZG_RET recover_cells_and_kzg_proofs( if (recovered_proofs != NULL) { /* - * Instead of converting the cells to a blob and back, we can just treat - * the cells as a polynomial. We are done with the fr-form recovered - * cells and we can safely mutate the array. + * Instead of converting the cells to a blob and back, we can just treat the cells as a + * polynomial. We are done with the fr-form recovered cells and we can safely mutate the + * array. */ ret = poly_lagrange_to_monomial( recovered_cells_fr, recovered_cells_fr, FIELD_ELEMENTS_PER_EXT_BLOB, s @@ -3503,10 +3470,9 @@ C_KZG_RET verify_cell_kzg_proof_batch( if (ret != C_KZG_OK) goto out; /* - * Convert the array of cell commitments to an array of unique commitments - * and an array of indices to those unique commitments. We do this before - * the array allocations section below because we need to know how many - * commitment weights there will be. + * Convert the array of cell commitments to an array of unique commitments and an array of + * indices to those unique commitments. We do this before the array allocations section below + * because we need to know how many commitment weights there will be. */ num_commitments = num_cells; memcpy(unique_commitments, commitments_bytes, num_cells * sizeof(Bytes48)); @@ -3542,8 +3508,8 @@ C_KZG_RET verify_cell_kzg_proof_batch( /////////////////////////////////////////////////////////////////////////// /* - * Derive random factors for the linear combination. The exponents start - * with 0. That is, they are r^0, r^1, r^2, r^3, and so on. + * Derive random factors for the linear combination. The exponents start with 0. That is, they + * are r^0, r^1, r^2, r^3, and so on. */ ret = compute_r_powers_for_verify_cell_kzg_proof_batch( r_powers, @@ -3645,10 +3611,9 @@ C_KZG_RET verify_cell_kzg_proof_batch( if (ret != C_KZG_OK) goto out; /* - * Get interpolation polynomial for this column. To do so we first do an - * IDFT over the roots of unity and then we scale by the coset factor. - * We can't do an IDFT directly over the coset because it's not a - * subgroup. + * Get interpolation polynomial for this column. To do so we first do an IDFT over the roots + * of unity and then we scale by the coset factor. We can't do an IDFT directly over the + * coset because it's not a subgroup. */ ret = ifft_fr( column_interpolation_poly, &aggregated_column_cells[index], FIELD_ELEMENTS_PER_CELL, s @@ -3656,8 +3621,8 @@ C_KZG_RET verify_cell_kzg_proof_batch( if (ret != C_KZG_OK) goto out; /* - * To unscale, divide by the coset. It's faster to multiply with the - * inverse. We can skip the first iteration because its dividing by one. + * To unscale, divide by the coset. It's faster to multiply with the inverse. We can skip + * the first iteration because its dividing by one. */ uint32_t pos = reverse_bits_limited(CELLS_PER_EXT_BLOB, i); fr_t inv_coset_factor; From 32f2b5096ca6a4a2fa7c0b110d63e73606dc8a35 Mon Sep 17 00:00:00 2001 From: Justin Traglia Date: Thu, 18 Jul 2024 11:54:39 -0500 Subject: [PATCH 05/11] Update dividers in batch cell verification --- src/c_kzg_4844.c | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/src/c_kzg_4844.c b/src/c_kzg_4844.c index af5791782..a2eac7389 100644 --- a/src/c_kzg_4844.c +++ b/src/c_kzg_4844.c @@ -3451,18 +3451,18 @@ C_KZG_RET verify_cell_kzg_proof_batch( return C_KZG_OK; } - /////////////////////////////////////////////////////////////////////////// + //////////////////////////////////////////////////////////////////////////////////////////////// // Sanity checks - /////////////////////////////////////////////////////////////////////////// + //////////////////////////////////////////////////////////////////////////////////////////////// for (size_t i = 0; i < num_cells; i++) { /* Make sure column index is valid */ if (cell_indices[i] >= CELLS_PER_EXT_BLOB) return C_KZG_BADARGS; } - /////////////////////////////////////////////////////////////////////////// + //////////////////////////////////////////////////////////////////////////////////////////////// // Deduplicate Commitments - /////////////////////////////////////////////////////////////////////////// + //////////////////////////////////////////////////////////////////////////////////////////////// ret = c_kzg_calloc((void **)&unique_commitments, num_cells, sizeof(Bytes48)); if (ret != C_KZG_OK) goto out; @@ -3478,9 +3478,9 @@ C_KZG_RET verify_cell_kzg_proof_batch( memcpy(unique_commitments, commitments_bytes, num_cells * sizeof(Bytes48)); deduplicate_commitments(unique_commitments, commitment_indices, &num_commitments); - /////////////////////////////////////////////////////////////////////////// + //////////////////////////////////////////////////////////////////////////////////////////////// // Array allocations - /////////////////////////////////////////////////////////////////////////// + //////////////////////////////////////////////////////////////////////////////////////////////// ret = new_bool_array(&is_cell_used, FIELD_ELEMENTS_PER_EXT_BLOB); if (ret != C_KZG_OK) goto out; @@ -3503,9 +3503,9 @@ C_KZG_RET verify_cell_kzg_proof_batch( ret = new_g1_array(&proofs_g1, num_cells); if (ret != C_KZG_OK) goto out; - /////////////////////////////////////////////////////////////////////////// + //////////////////////////////////////////////////////////////////////////////////////////////// // Compute random linear combination of the proofs - /////////////////////////////////////////////////////////////////////////// + //////////////////////////////////////////////////////////////////////////////////////////////// /* * Derive random factors for the linear combination. The exponents start with 0. That is, they @@ -3533,9 +3533,9 @@ C_KZG_RET verify_cell_kzg_proof_batch( ret = g1_lincomb_fast(&proof_lincomb, proofs_g1, r_powers, num_cells); if (ret != C_KZG_OK) goto out; - /////////////////////////////////////////////////////////////////////////// + //////////////////////////////////////////////////////////////////////////////////////////////// // Compute sum of the commitments - /////////////////////////////////////////////////////////////////////////// + //////////////////////////////////////////////////////////////////////////////////////////////// for (size_t i = 0; i < num_commitments; i++) { /* Convert & validate commitment */ @@ -3559,9 +3559,9 @@ C_KZG_RET verify_cell_kzg_proof_batch( ret = g1_lincomb_fast(&final_g1_sum, commitments_g1, commitment_weights, num_commitments); if (ret != C_KZG_OK) goto out; - /////////////////////////////////////////////////////////////////////////// + //////////////////////////////////////////////////////////////////////////////////////////////// // Compute aggregated columns - /////////////////////////////////////////////////////////////////////////// + //////////////////////////////////////////////////////////////////////////////////////////////// /* Start with zeroed out columns */ for (size_t i = 0; i < CELLS_PER_EXT_BLOB; i++) { @@ -3587,9 +3587,9 @@ C_KZG_RET verify_cell_kzg_proof_batch( } } - /////////////////////////////////////////////////////////////////////////// + //////////////////////////////////////////////////////////////////////////////////////////////// // Compute sum of the interpolation polynomials - /////////////////////////////////////////////////////////////////////////// + //////////////////////////////////////////////////////////////////////////////////////////////// /* Start with a zeroed out poly */ for (size_t i = 0; i < FIELD_ELEMENTS_PER_CELL; i++) { @@ -3648,9 +3648,9 @@ C_KZG_RET verify_cell_kzg_proof_batch( blst_p1_cneg(&evaluation, true); blst_p1_add(&final_g1_sum, &final_g1_sum, &evaluation); - /////////////////////////////////////////////////////////////////////////// + //////////////////////////////////////////////////////////////////////////////////////////////// // Compute sum of the proofs scaled by the coset factors - /////////////////////////////////////////////////////////////////////////// + //////////////////////////////////////////////////////////////////////////////////////////////// for (size_t i = 0; i < num_cells; i++) { uint32_t pos = reverse_bits_limited(CELLS_PER_EXT_BLOB, cell_indices[i]); @@ -3664,9 +3664,9 @@ C_KZG_RET verify_cell_kzg_proof_batch( blst_p1_add(&final_g1_sum, &final_g1_sum, &weighted_proof_lincomb); - /////////////////////////////////////////////////////////////////////////// + //////////////////////////////////////////////////////////////////////////////////////////////// // Do the final pairing check - /////////////////////////////////////////////////////////////////////////// + //////////////////////////////////////////////////////////////////////////////////////////////// *ok = pairings_verify(&final_g1_sum, blst_p2_generator(), &proof_lincomb, &power_of_s); From 30b5f2b9f44957a0441734cb5e92bf5a6c1d130c Mon Sep 17 00:00:00 2001 From: Justin Traglia Date: Thu, 18 Jul 2024 12:50:17 -0500 Subject: [PATCH 06/11] Update comments in the test file too --- src/test_c_kzg_4844.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/src/test_c_kzg_4844.c b/src/test_c_kzg_4844.c index 0a3928bfe..1fe7a3505 100644 --- a/src/test_c_kzg_4844.c +++ b/src/test_c_kzg_4844.c @@ -2076,9 +2076,8 @@ static void profile_recover_cells_and_kzg_proofs(void) { Cell *cells = NULL; /* - * NOTE: this profiling function only cares about cell recovery since the - * proofs will always be recomputed. If we included proof computation, it - * would drown out cell recovery. + * NOTE: this profiling function only cares about cell recovery since the proofs will always be + * recomputed. If we included proof computation, it would drown out cell recovery. */ /* Get a random blob */ @@ -2268,10 +2267,9 @@ int main(void) { RUN(test_verify_cell_kzg_proof_batch__succeeds_random_blob); /* - * These functions are only executed if we're profiling. To me, it makes - * sense to put these in the testing file so we can re-use the helper - * functions. Additionally, it checks that whatever performance changes - * haven't broken the library. + * These functions are only executed if we're profiling. To me, it makes sense to put these in + * the testing file so we can re-use the helper functions. Additionally, it checks that whatever + * performance changes haven't broken the library. */ #ifdef PROFILE profile_blob_to_kzg_commitment(); From 40a6945f9aaa22f09da22fc83193fc3e4e9fb0ad Mon Sep 17 00:00:00 2001 From: Justin Traglia Date: Thu, 18 Jul 2024 14:40:29 -0500 Subject: [PATCH 07/11] Use clang-format-18 --- .github/workflows/c-tests.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/c-tests.yml b/.github/workflows/c-tests.yml index a190e52a8..819e4dec4 100644 --- a/.github/workflows/c-tests.yml +++ b/.github/workflows/c-tests.yml @@ -29,11 +29,11 @@ jobs: # Check formatting. # Only need to check this once. - - name: Check formatting - if: matrix.os == 'ubuntu-latest' - run: | - make format - git diff --exit-code + - name: Run clang-format + uses: jidicula/clang-format-action@v4.13.0 + with: + clang-format-version: '18' + check-path: 'src' # Build and test. - name: Build From 8f90bb5cc98f60aa9894cc01cde6a04d6a69bd12 Mon Sep 17 00:00:00 2001 From: Justin Traglia Date: Thu, 18 Jul 2024 14:46:24 -0500 Subject: [PATCH 08/11] Exclude tinytest.h --- .github/workflows/c-tests.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/c-tests.yml b/.github/workflows/c-tests.yml index 819e4dec4..aff05f200 100644 --- a/.github/workflows/c-tests.yml +++ b/.github/workflows/c-tests.yml @@ -34,6 +34,7 @@ jobs: with: clang-format-version: '18' check-path: 'src' + exclude-regex: 'tinytest.h' # Build and test. - name: Build From aa3b5f305ca97c92707d9f89030e53e2248a0016 Mon Sep 17 00:00:00 2001 From: Justin Traglia Date: Thu, 18 Jul 2024 14:57:34 -0500 Subject: [PATCH 09/11] Update comments in header file --- src/c_kzg_4844.h | 57 +++++++++++------------------------------------- 1 file changed, 13 insertions(+), 44 deletions(-) diff --git a/src/c_kzg_4844.h b/src/c_kzg_4844.h index 914bbb8fc..454a56e12 100644 --- a/src/c_kzg_4844.h +++ b/src/c_kzg_4844.h @@ -38,31 +38,22 @@ extern "C" { /** The number of bytes in a KZG commitment. */ #define BYTES_PER_COMMITMENT 48 - /** The number of bytes in a KZG proof. */ #define BYTES_PER_PROOF 48 - /** The number of bytes in a BLS scalar field element. */ #define BYTES_PER_FIELD_ELEMENT 32 - /** The number of bits in a BLS scalar field element. */ #define BITS_PER_FIELD_ELEMENT 255 - /** The number of field elements in a blob. */ #define FIELD_ELEMENTS_PER_BLOB 4096 - /** The number of bytes in a blob. */ #define BYTES_PER_BLOB (FIELD_ELEMENTS_PER_BLOB * BYTES_PER_FIELD_ELEMENT) - /** The number of field elements in an extended blob */ #define FIELD_ELEMENTS_PER_EXT_BLOB (FIELD_ELEMENTS_PER_BLOB * 2) - /** The number of field elements in a cell. */ #define FIELD_ELEMENTS_PER_CELL 64 - /** The number of cells in an extended blob. */ #define CELLS_PER_EXT_BLOB (FIELD_ELEMENTS_PER_EXT_BLOB / FIELD_ELEMENTS_PER_CELL) - /** The number of bytes in a single cell. */ #define BYTES_PER_CELL (FIELD_ELEMENTS_PER_CELL * BYTES_PER_FIELD_ELEMENT) @@ -74,49 +65,33 @@ typedef blst_p1 g1_t; /**< Internal G1 group element type. */ typedef blst_p2 g2_t; /**< Internal G2 group element type. */ typedef blst_fr fr_t; /**< Internal Fr field element type. */ -/** - * An array of 32 bytes. Represents an untrusted - * (potentially invalid) field element. - */ +/** An array of 32 bytes. Represents an untrusted (potentially invalid) field element. */ typedef struct { uint8_t bytes[32]; } Bytes32; -/** - * An array of 48 bytes. Represents an untrusted - * (potentially invalid) commitment/proof. - */ +/** An array of 48 bytes. Represents an untrusted (potentially invalid) commitment/proof. */ typedef struct { uint8_t bytes[48]; } Bytes48; -/** - * A basic blob data. - */ +/** A basic blob data. */ typedef struct { uint8_t bytes[BYTES_PER_BLOB]; } Blob; -/** - * A trusted (valid) KZG commitment. - */ +/** A trusted (valid) KZG commitment. */ typedef Bytes48 KZGCommitment; -/** - * A trusted (valid) KZG proof. - */ +/** A trusted (valid) KZG proof. */ typedef Bytes48 KZGProof; -/** - * A single cell for a blob. - */ +/** A single cell for a blob. */ typedef struct { uint8_t bytes[BYTES_PER_CELL]; } Cell; -/** - * The common return type for all routines in which something can go wrong. - */ +/** The common return type for all routines in which something can go wrong. */ typedef enum { C_KZG_OK = 0, /**< Success! */ C_KZG_BADARGS, /**< The supplied data is invalid in some way. */ @@ -124,28 +99,22 @@ typedef enum { C_KZG_MALLOC, /**< Could not allocate memory. */ } C_KZG_RET; -/** - * Stores the setup and parameters needed for computing KZG proofs. - */ +/** Stores the setup and parameters needed for computing KZG proofs. */ typedef struct { /** The length of `roots_of_unity`, a power of 2. */ uint64_t max_width; - /** Powers of the primitive root of unity determined by - * `SCALE2_ROOT_OF_UNITY` in bit-reversal permutation order, - * length `max_width`. */ + /** Powers of the primitive root of unity determined by `SCALE2_ROOT_OF_UNITY` in bit-reversal + * permutation order, length `max_width`. */ fr_t *roots_of_unity; /** The expanded roots of unity. */ fr_t *expanded_roots_of_unity; /** The bit-reversal permuted roots of unity. */ fr_t *reverse_roots_of_unity; - /** G1 group elements from the trusted setup, - * in monomial form. */ + /** G1 group elements from the trusted setup in monomial form. */ g1_t *g1_values_monomial; - /** G1 group elements from the trusted setup, - * in Lagrange form bit-reversal permutation. */ + /** G1 group elements from the trusted setup in Lagrange form and bit-reversed order. */ g1_t *g1_values_lagrange_brp; - /** G2 group elements from the trusted setup, - * in monomial form. */ + /** G2 group elements from the trusted setup in monomial form. */ g2_t *g2_values_monomial; /** Data used during FK20 proof generation. */ g1_t **x_ext_fft_columns; From 95a062169a187782eaa32285fc5ef508cf4d5e7e Mon Sep 17 00:00:00 2001 From: Justin Traglia Date: Thu, 18 Jul 2024 14:59:19 -0500 Subject: [PATCH 10/11] Only run clang-format on ubuntu --- .github/workflows/c-tests.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/c-tests.yml b/.github/workflows/c-tests.yml index aff05f200..cecb92702 100644 --- a/.github/workflows/c-tests.yml +++ b/.github/workflows/c-tests.yml @@ -30,6 +30,7 @@ jobs: # Check formatting. # Only need to check this once. - name: Run clang-format + if: matrix.os == 'ubuntu-latest' uses: jidicula/clang-format-action@v4.13.0 with: clang-format-version: '18' From 1e5cad248303e05b4d0923805c025f3276d73f3e Mon Sep 17 00:00:00 2001 From: Justin Traglia Date: Thu, 18 Jul 2024 22:20:03 -0500 Subject: [PATCH 11/11] Update Rust binding's generated file --- bindings/rust/src/bindings/generated.rs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/bindings/rust/src/bindings/generated.rs b/bindings/rust/src/bindings/generated.rs index 670486381..ff00b0772 100644 --- a/bindings/rust/src/bindings/generated.rs +++ b/bindings/rust/src/bindings/generated.rs @@ -51,13 +51,13 @@ pub struct blst_p2 { pub type g1_t = blst_p1; pub type g2_t = blst_p2; pub type fr_t = blst_fr; -#[doc = " An array of 32 bytes. Represents an untrusted\n (potentially invalid) field element."] +#[doc = " An array of 32 bytes. Represents an untrusted (potentially invalid) field element."] #[repr(C)] #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] pub struct Bytes32 { bytes: [u8; 32usize], } -#[doc = " An array of 48 bytes. Represents an untrusted\n (potentially invalid) commitment/proof."] +#[doc = " An array of 48 bytes. Represents an untrusted (potentially invalid) commitment/proof."] #[repr(C)] #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] pub struct Bytes48 { @@ -94,17 +94,17 @@ pub enum C_KZG_RET { pub struct KZGSettings { #[doc = " The length of `roots_of_unity`, a power of 2."] max_width: u64, - #[doc = " Powers of the primitive root of unity determined by\n `SCALE2_ROOT_OF_UNITY` in bit-reversal permutation order,\n length `max_width`."] + #[doc = " Powers of the primitive root of unity determined by `SCALE2_ROOT_OF_UNITY` in bit-reversal\n permutation order, length `max_width`."] roots_of_unity: *mut fr_t, #[doc = " The expanded roots of unity."] expanded_roots_of_unity: *mut fr_t, #[doc = " The bit-reversal permuted roots of unity."] reverse_roots_of_unity: *mut fr_t, - #[doc = " G1 group elements from the trusted setup,\n in monomial form."] + #[doc = " G1 group elements from the trusted setup in monomial form."] g1_values_monomial: *mut g1_t, - #[doc = " G1 group elements from the trusted setup,\n in Lagrange form bit-reversal permutation."] + #[doc = " G1 group elements from the trusted setup in Lagrange form and bit-reversed order."] g1_values_lagrange_brp: *mut g1_t, - #[doc = " G2 group elements from the trusted setup,\n in monomial form."] + #[doc = " G2 group elements from the trusted setup in monomial form."] g2_values_monomial: *mut g2_t, #[doc = " Data used during FK20 proof generation."] x_ext_fft_columns: *mut *mut g1_t,