crypto/kzg4844: pull in the C and Go libs for KZG cryptography (ether…

…eum#27155) * cryto/kzg4844: pull in the C and Go libs for KZG cryptography * go.mod: pull in the KZG libraries * crypto/kzg4844: add basic becnhmarks for ballpark numbers * cmd, crypto: integrate both CKZG and GoKZG all the time, add flag * cmd/utils, crypto/kzg4844: run library init on startup * crypto/kzg4844: make linter happy * crypto/kzg4844: push missing file * crypto/kzg4844: fully disable CKZG but leave in the sources * build, crypto/kzg4844, internal: link CKZG by default and with portable mode * crypto/kzg4844: drop verifying the trusted setup in gokzg * internal/build: yolo until it works? * cmd/utils: make flag description friendlier Co-authored-by: Martin Holst Swende <martin@swende.se> * crypto/ckzg: no need for double availability check * build: tiny flag cleanup nitpick --------- Co-authored-by: Martin Holst Swende <martin@swende.se>
gballet · May 10, 2023 · 2169fa3 · 2169fa3
1 parent ae7db28
commit 2169fa3
Show file tree

Hide file tree

Showing 12 changed files with 8,890 additions and 39 deletions.
diff --git a/build/ci.go b/build/ci.go
@@ -207,9 +207,9 @@ func doInstall(cmdline []string) {
 		csdb := build.MustLoadChecksums("build/checksums.txt")
 		tc.Root = build.DownloadGo(csdb, dlgoVersion)
 	}
-
-	// Disable CLI markdown doc generation in release builds.
-	buildTags := []string{"urfave_cli_no_docs"}
+	// Disable CLI markdown doc generation in release builds and enable linking
+	// the CKZG library since we can make it portable here.
+	buildTags := []string{"urfave_cli_no_docs", "ckzg"}
 
 	// Configure the build.
 	env := build.Env()
@@ -221,7 +221,6 @@ func doInstall(cmdline []string) {
 	if env.CI && runtime.GOARCH == "arm64" {
 		gobuild.Args = append(gobuild.Args, "-p", "1")
 	}
-
 	// We use -trimpath to avoid leaking local paths into the built executables.
 	gobuild.Args = append(gobuild.Args, "-trimpath")
 
@@ -299,7 +298,7 @@ func doTest(cmdline []string) {
 		csdb := build.MustLoadChecksums("build/checksums.txt")
 		tc.Root = build.DownloadGo(csdb, dlgoVersion)
 	}
-	gotest := tc.Go("test")
+	gotest := tc.Go("test", "-tags=ckzg")
 
 	// Test a single package at a time. CI builders are slow
 	// and some tests run into timeouts under load.

diff --git a/cmd/geth/main.go b/cmd/geth/main.go
@@ -107,6 +107,7 @@ var (
 		utils.CachePreimagesFlag,
 		utils.CacheLogSizeFlag,
 		utils.FDLimitFlag,
+		utils.CryptoKZGFlag,
 		utils.ListenPortFlag,
 		utils.DiscoveryPortFlag,
 		utils.MaxPeersFlag,

diff --git a/cmd/utils/flags.go b/cmd/utils/flags.go
@@ -45,6 +45,7 @@ import (
 	"github.com/ethereum/go-ethereum/core/types"
 	"github.com/ethereum/go-ethereum/core/vm"
 	"github.com/ethereum/go-ethereum/crypto"
+	"github.com/ethereum/go-ethereum/crypto/kzg4844"
 	"github.com/ethereum/go-ethereum/eth"
 	ethcatalyst "github.com/ethereum/go-ethereum/eth/catalyst"
 	"github.com/ethereum/go-ethereum/eth/downloader"
@@ -454,6 +455,12 @@ var (
 		Usage:    "Raise the open file descriptor resource limit (default = system fd limit)",
 		Category: flags.PerfCategory,
 	}
+	CryptoKZGFlag = &cli.StringFlag{
+		Name:     "crypto.kzg",
+		Usage:    "KZG library implementation to use; gokzg (recommended) or ckzg",
+		Value:    "gokzg",
+		Category: flags.PerfCategory,
+	}
 
 	// Miner settings
 	MiningEnabledFlag = &cli.BoolFlag{
@@ -1747,7 +1754,6 @@ func SetEthConfig(ctx *cli.Context, stack *node.Node, cfg *ethconfig.Config) {
 			cfg.EthDiscoveryURLs = SplitAndTrim(urls)
 		}
 	}
-
 	// Override any default configs for hard coded networks.
 	switch {
 	case ctx.Bool(MainnetFlag.Name):
@@ -1857,6 +1863,14 @@ func SetEthConfig(ctx *cli.Context, stack *node.Node, cfg *ethconfig.Config) {
 			SetDNSDiscoveryDefaults(cfg, params.MainnetGenesisHash)
 		}
 	}
+	// Set any dangling config values
+	if ctx.String(CryptoKZGFlag.Name) != "gokzg" && ctx.String(CryptoKZGFlag.Name) != "ckzg" {
+		Fatalf("--%s flag must be 'gokzg' or 'ckzg'", CryptoKZGFlag.Name)
+	}
+	log.Info("Initializing the KZG library", "backend", ctx.String(CryptoKZGFlag.Name))
+	if err := kzg4844.UseCKZG(ctx.String(CryptoKZGFlag.Name) == "ckzg"); err != nil {
+		Fatalf("Failed to set KZG library implementation to %s: %v", ctx.String(CryptoKZGFlag.Name), err)
+	}
 }
 
 // SetDNSDiscoveryDefaults configures DNS discovery with the given URL if

diff --git a/crypto/kzg4844/kzg4844.go b/crypto/kzg4844/kzg4844.go
@@ -0,0 +1,110 @@
+// Copyright 2023 The go-ethereum Authors
+// This file is part of the go-ethereum library.
+//
+// The go-ethereum library is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Lesser General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// The go-ethereum library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
+
+// Package kzg4844 implements the KZG crypto for EIP-4844.
+package kzg4844
+
+import (
+	"embed"
+	"errors"
+	"sync/atomic"
+)
+
+//go:embed trusted_setup.json
+var content embed.FS
+
+// Blob represents a 4844 data blob.
+type Blob [131072]byte
+
+// Commitment is a serialized commitment to a polynomial.
+type Commitment [48]byte
+
+// Proof is a serialized commitment to the quotient polynomial.
+type Proof [48]byte
+
+// Point is a BLS field element.
+type Point [32]byte
+
+// Claim is a claimed evaluation value in a specific point.
+type Claim [32]byte
+
+// useCKZG controls whether the cryptography should use the Go or C backend.
+var useCKZG atomic.Bool
+
+// UseCKZG can be called to switch the default Go implementation of KZG to the C
+// library if fo some reason the user wishes to do so (e.g. consensus bug in one
+// or the other).
+func UseCKZG(use bool) error {
+	if use && !ckzgAvailable {
+		return errors.New("CKZG unavailable on your platform")
+	}
+	useCKZG.Store(use)
+
+	// Initializing the library can take 2-4 seconds - and can potentially crash
+	// on CKZG and non-ADX CPUs - so might as well so it now and don't wait until
+	// a crpyto operation is actually needed live.
+	if use {
+		ckzgIniter.Do(ckzgInit)
+	} else {
+		gokzgIniter.Do(gokzgInit)
+	}
+	return nil
+}
+
+// BlobToCommitment creates a small commitment out of a data blob.
+func BlobToCommitment(blob Blob) (Commitment, error) {
+	if useCKZG.Load() {
+		return ckzgBlobToCommitment(blob)
+	}
+	return gokzgBlobToCommitment(blob)
+}
+
+// ComputeProof computes the KZG proof at the given point for the polynomial
+// represented by the blob.
+func ComputeProof(blob Blob, point Point) (Proof, Claim, error) {
+	if useCKZG.Load() {
+		return ckzgComputeProof(blob, point)
+	}
+	return gokzgComputeProof(blob, point)
+}
+
+// VerifyProof verifies the KZG proof that the polynomial represented by the blob
+// evaluated at the given point is the claimed value.
+func VerifyProof(commitment Commitment, point Point, claim Claim, proof Proof) error {
+	if useCKZG.Load() {
+		return ckzgVerifyProof(commitment, point, claim, proof)
+	}
+	return gokzgVerifyProof(commitment, point, claim, proof)
+}
+
+// ComputeBlobProof returns the KZG proof that is used to verify the blob against
+// the commitment.
+//
+// This method does not verify that the commitment is correct with respect to blob.
+func ComputeBlobProof(blob Blob, commitment Commitment) (Proof, error) {
+	if useCKZG.Load() {
+		return ckzgComputeBlobProof(blob, commitment)
+	}
+	return gokzgComputeBlobProof(blob, commitment)
+}
+
+// VerifyBlobProof verifies that the blob data corresponds to the provided commitment.
+func VerifyBlobProof(blob Blob, commitment Commitment, proof Proof) error {
+	if useCKZG.Load() {
+		return ckzgVerifyBlobProof(blob, commitment, proof)
+	}
+	return gokzgVerifyBlobProof(blob, commitment, proof)
+}
diff --git a/crypto/kzg4844/kzg4844_ckzg_cgo.go b/crypto/kzg4844/kzg4844_ckzg_cgo.go
@@ -0,0 +1,119 @@
+// Copyright 2023 The go-ethereum Authors
+// This file is part of the go-ethereum library.
+//
+// The go-ethereum library is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Lesser General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// The go-ethereum library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
+
+//go:build ckzg && !nacl && !js && cgo && !gofuzz
+
+package kzg4844
+
+import (
+	"encoding/json"
+	"errors"
+	"sync"
+
+	gokzg4844 "github.com/crate-crypto/go-kzg-4844"
+	ckzg4844 "github.com/ethereum/c-kzg-4844/bindings/go"
+	"github.com/ethereum/go-ethereum/common/hexutil"
+)
+
+// ckzgAvailable signals whether the library was compiled into Geth.
+const ckzgAvailable = true
+
+// ckzgIniter ensures that we initialize the KZG library once before using it.
+var ckzgIniter sync.Once
+
+// ckzgInit initializes the KZG library with the provided trusted setup.
+func ckzgInit() {
+	config, err := content.ReadFile("trusted_setup.json")
+	if err != nil {
+		panic(err)
+	}
+	params := new(gokzg4844.JSONTrustedSetup)
+	if err = json.Unmarshal(config, params); err != nil {
+		panic(err)
+	}
+	if err = gokzg4844.CheckTrustedSetupIsWellFormed(params); err != nil {
+		panic(err)
+	}
+	g1s := make([]byte, len(params.SetupG1)*(len(params.SetupG1[0])-2)/2)
+	for i, g1 := range params.SetupG1 {
+		copy(g1s[i*(len(g1)-2)/2:], hexutil.MustDecode(g1))
+	}
+	g2s := make([]byte, len(params.SetupG2)*(len(params.SetupG2[0])-2)/2)
+	for i, g2 := range params.SetupG2 {
+		copy(g2s[i*(len(g2)-2)/2:], hexutil.MustDecode(g2))
+	}
+	if err = ckzg4844.LoadTrustedSetup(g1s, g2s); err != nil {
+		panic(err)
+	}
+}
+
+// ckzgBlobToCommitment creates a small commitment out of a data blob.
+func ckzgBlobToCommitment(blob Blob) (Commitment, error) {
+	ckzgIniter.Do(ckzgInit)
+
+	commitment, err := ckzg4844.BlobToKZGCommitment((ckzg4844.Blob)(blob))
+	if err != nil {
+		return Commitment{}, err
+	}
+	return (Commitment)(commitment), nil
+}
+
+// ckzgComputeProof computes the KZG proof at the given point for the polynomial
+// represented by the blob.
+func ckzgComputeProof(blob Blob, point Point) (Proof, Claim, error) {
+	proof, claim, err := ckzg4844.ComputeKZGProof((ckzg4844.Blob)(blob), (ckzg4844.Bytes32)(point))
+	if err != nil {
+		return Proof{}, Claim{}, err
+	}
+	return (Proof)(proof), (Claim)(claim), nil
+}
+
+// ckzgVerifyProof verifies the KZG proof that the polynomial represented by the blob
+// evaluated at the given point is the claimed value.
+func ckzgVerifyProof(commitment Commitment, point Point, claim Claim, proof Proof) error {
+	valid, err := ckzg4844.VerifyKZGProof((ckzg4844.Bytes48)(commitment), (ckzg4844.Bytes32)(point), (ckzg4844.Bytes32)(claim), (ckzg4844.Bytes48)(proof))
+	if err != nil {
+		return err
+	}
+	if !valid {
+		return errors.New("invalid proof")
+	}
+	return nil
+}
+
+// ckzgComputeBlobProof returns the KZG proof that is used to verify the blob against
+// the commitment.
+//
+// This method does not verify that the commitment is correct with respect to blob.
+func ckzgComputeBlobProof(blob Blob, commitment Commitment) (Proof, error) {
+	proof, err := ckzg4844.ComputeBlobKZGProof((ckzg4844.Blob)(blob), (ckzg4844.Bytes48)(commitment))
+	if err != nil {
+		return Proof{}, err
+	}
+	return (Proof)(proof), nil
+}
+
+// ckzgVerifyBlobProof verifies that the blob data corresponds to the provided commitment.
+func ckzgVerifyBlobProof(blob Blob, commitment Commitment, proof Proof) error {
+	valid, err := ckzg4844.VerifyBlobKZGProof((ckzg4844.Blob)(blob), (ckzg4844.Bytes48)(commitment), (ckzg4844.Bytes48)(proof))
+	if err != nil {
+		return err
+	}
+	if !valid {
+		return errors.New("invalid proof")
+	}
+	return nil
+}
diff --git a/crypto/kzg4844/kzg4844_ckzg_nocgo.go b/crypto/kzg4844/kzg4844_ckzg_nocgo.go
@@ -0,0 +1,62 @@
+// Copyright 2023 The go-ethereum Authors
+// This file is part of the go-ethereum library.
+//
+// The go-ethereum library is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Lesser General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// The go-ethereum library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
+
+//go:build !ckzg || nacl || js || !cgo || gofuzz
+
+package kzg4844
+
+import "sync"
+
+// ckzgAvailable signals whether the library was compiled into Geth.
+const ckzgAvailable = false
+
+// ckzgIniter ensures that we initialize the KZG library once before using it.
+var ckzgIniter sync.Once
+
+// ckzgInit initializes the KZG library with the provided trusted setup.
+func ckzgInit() {
+	panic("unsupported platform")
+}
+
+// ckzgBlobToCommitment creates a small commitment out of a data blob.
+func ckzgBlobToCommitment(blob Blob) (Commitment, error) {
+	panic("unsupported platform")
+}
+
+// ckzgComputeProof computes the KZG proof at the given point for the polynomial
+// represented by the blob.
+func ckzgComputeProof(blob Blob, point Point) (Proof, Claim, error) {
+	panic("unsupported platform")
+}
+
+// ckzgVerifyProof verifies the KZG proof that the polynomial represented by the blob
+// evaluated at the given point is the claimed value.
+func ckzgVerifyProof(commitment Commitment, point Point, claim Claim, proof Proof) error {
+	panic("unsupported platform")
+}
+
+// ckzgComputeBlobProof returns the KZG proof that is used to verify the blob against
+// the commitment.
+//
+// This method does not verify that the commitment is correct with respect to blob.
+func ckzgComputeBlobProof(blob Blob, commitment Commitment) (Proof, error) {
+	panic("unsupported platform")
+}
+
+// ckzgVerifyBlobProof verifies that the blob data corresponds to the provided commitment.
+func ckzgVerifyBlobProof(blob Blob, commitment Commitment, proof Proof) error {
+	panic("unsupported platform")
+}