Polishing & documenting, add compile script

2026-01-28 14:26:40 +01:00 · 2022-12-10 10:59:48 +01:00
7 changed files with 68 additions and 187 deletions
--- a/README.md
+++ b/README.md
@@ -19,9 +19,6 @@ Documents used for this implementation:
 - [KZG10-Ceremony-audit-report.pdf, section *3.1 Overview of PoT ceremonies*](https://github.com/ethereum/kzg-ceremony/blob/main/KZG10-Ceremony-audit-report.pdf)
 - [*Why and how zkSNARKs work*, by Maksym Petkus](https://arxiv.org/abs/1906.07221v1)

-
-**You can find more info on the logic behind the powers of tau computation & verification in these notes: http://arnaucube.com/blog/powersoftau.html**
-
 ### Usage
 Get the binary from the [releases](https://github.com/arnaucube/eth-kzg-ceremony-alt/releases) (alternative you can compile it from source), and run:
 ```
@@ -31,13 +28,13 @@ eth-kzg-ceremony-alt
 ====================

 Usage of ./kzgceremony:
-  -u, --url string       sequencer url (default "https://seq.ceremony.ethereum.org")
-  -r, --rand string      randomness, needs to be bigger than 64 bytes
-  -s, --sleeptime uint   time (seconds) sleeping before trying again to be the next contributor (default 30)
+  -u, --url string       sequencer url (default "https://kzg-ceremony-sequencer-dev.fly.dev")
+  -r, --rand string      randomness
+  -s, --sleeptime uint   time (seconds) sleeping before trying again to be the next contributor (default 10)
 ```

 So for example, run your contribution with:
 ```
-./kzgceremony -r "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod"
+./kzgceremony -r 1111111111111111111111111111111111111111111111111111111111111111
 ```
-(where the "Lorem ipsum..." is your source of randomness)
+(where the 111...111 is your source of randomness)
--- a/client/req.go
+++ b/client/req.go
@@ -7,7 +7,6 @@ import (
 	"io"
 	"io/ioutil"
 	"net/http"
-	"strings"

 	kzgceremony "github.com/arnaucube/eth-kzg-ceremony-alt"
 )
@@ -133,59 +132,38 @@ func (c *Client) PostAuthCallback() (*MsgRequestLink, error) {
 	return &msg, err
 }

-type Status int
-
-const (
-	StatusReauth = Status(iota)
-	StatusError
-	StatusWait
-	StatusProceed
-)
-
-func (c *Client) PostTryContribute(sessionID string) (*kzgceremony.BatchContribution, Status, error) {
+func (c *Client) PostTryContribute(sessionID string) (*kzgceremony.BatchContribution, bool, error) {
 	bearer := "Bearer " + sessionID
 	resp, err := c.postWithAuth(
 		c.url+"/lobby/try_contribute", "application/json", nil, bearer)
 	if err != nil {
-		return nil, StatusError, err
+		return nil, false, err
 	}

 	body, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
-		return nil, StatusError, err
+		return nil, false, err
 	}

 	if resp.StatusCode != http.StatusOK {
+		fmt.Println(string(body))
 		switch resp.StatusCode {
 		case http.StatusBadRequest:
-			return nil, StatusWait, fmt.Errorf("call came to early. rate limited")
+			return nil, true, fmt.Errorf("call came to early. rate limited")
 		case http.StatusUnauthorized:
-			return nil, StatusReauth, fmt.Errorf("unkown session id. unauthorized access")
+			return nil, false, fmt.Errorf("unkown session id. unauthorized access")
 		default:
-			return nil, StatusWait, fmt.Errorf("unexpected http code: %d", resp.StatusCode)
+			return nil, false, fmt.Errorf("unexpected http code: %d", resp.StatusCode)
 		}
 	}

-	// note: a 200 (Ok) code by the Sequencer on try_contribute doesn't
-	// mean that the contributor has been selected. It could mean that the
-	// Sequencer is returning the error AnotherContributionInProgress in a
-	// json msg (see
-	// https://github.com/ethereum/kzg-ceremony-sequencer/blob/2538f2f08d4db880d7f4608e964df0b695bc7d2f/src/api/v1/error_response.rs#L105
-	// )
-
-	// check if body contains the error message of "another contribution in
-	// progress" (despite http statuscode being 200 (Ok))
-	if strings.Contains(string(body), "another contribution in progress") {
-		return nil, StatusWait, fmt.Errorf("another contribution in progress")
-	}
-
 	err = ioutil.WriteFile("prevBatchContribution.json", body, 0600)
 	if err != nil {
-		return nil, StatusError, err
+		return nil, false, err
 	}
 	bc := &kzgceremony.BatchContribution{}
 	err = json.Unmarshal(body, bc)
-	return bc, StatusProceed, err
+	return bc, false, err
 }

 func (c *Client) PostAbortContribution(sessionID string) ([]byte, error) {
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@@ -15,29 +15,25 @@ import (
 	flag "github.com/spf13/pflag"
 )

-var (
-	red    = color.New(color.FgRed)
-	redB   = color.New(color.FgRed, color.Bold)
-	cyan   = color.New(color.FgCyan)
-	cyanB  = color.New(color.FgCyan, color.Bold)
-	green  = color.New(color.FgHiGreen)
-	greenB = color.New(color.FgHiGreen, color.Bold)
-)
-
 func main() {
 	fmt.Println("eth-kzg-ceremony-alt")
-	fmt.Printf("====================\n")
-	fmt.Printf("            https://github.com/arnaucube/eth-kzg-ceremony-alt\n\n")
+	fmt.Printf("====================\n\n")
+
+	redB := color.New(color.FgRed, color.Bold)
+	cyan := color.New(color.FgCyan)
+	cyanB := color.New(color.FgCyan, color.Bold)
+	green := color.New(color.FgHiGreen)
+	greenB := color.New(color.FgHiGreen, color.Bold)

 	var sequencerURL string
 	var randomness string
 	var sleepTime uint64
 	flag.StringVarP(&sequencerURL, "url", "u",
-		"https://seq.ceremony.ethereum.org", "sequencer url")
+		"https://kzg-ceremony-sequencer-dev.fly.dev", "sequencer url")
 	flag.StringVarP(&randomness, "rand", "r",
-		"", fmt.Sprintf("randomness, needs to be bigger than %d bytes", kzgceremony.MinRandomnessLen))
+		"", fmt.Sprintf("randomness, needs to be bigger than %d", kzgceremony.MinRandomnessLen))
 	flag.Uint64VarP(&sleepTime, "sleeptime", "s",
-		30, "time (seconds) sleeping before trying again to be the next contributor")
+		10, "time (seconds) sleeping before trying again to be the next contributor")

 	flag.CommandLine.SortFlags = false
 	flag.Parse()
@@ -64,8 +60,25 @@ func main() {
 	}

 	// Auth
-	fmt.Println("Github Authorization:")
-	authMsg := authGH(c)
+	msgReqLink, err := c.GetRequestLink()
+	if err != nil {
+		printErrAndExit(err)
+	}
+
+	_, _ = green.Printf("Please go to\n%s\n and authenticate with Github.\n", msgReqLink.GithubAuthURL)
+	fmt.Println("(currently only Github auth is supported)")
+
+	_, _ = greenB.Printf("Paste here the RawData from the auth answer:\n")
+	s, err := readInput()
+	if err != nil {
+		printErrAndExit(err)
+	}
+	var authMsg client.MsgAuthCallback
+	if err = json.Unmarshal([]byte(s), &authMsg); err != nil {
+		printErrAndExit(err)
+	}
+	fmt.Print("Parsed auth msg: ")
+	_, _ = cyan.Printf("%#v\n", authMsg)

 	// TODO this will be only triggered by a flag
 	// msg, err := c.PostAbortContribution(authMsg.SessionID)
@@ -80,27 +93,16 @@ func main() {
 	var prevBatchContribution *kzgceremony.BatchContribution
 	for {
 		fmt.Printf("%s sending try_contribute\n", time.Now().Format("2006-01-02 15:04:05"))
-		var status client.Status
-		prevBatchContribution, status, err = c.PostTryContribute(authMsg.SessionID)
+		var retry bool
+		prevBatchContribution, retry, err = c.PostTryContribute(authMsg.SessionID)
 		if err != nil {
 			_, _ = cyan.Println(err)
 		}
-		if status == client.StatusProceed {
+		if !retry {
 			break
 		}
-		if status == client.StatusReauth {
-			fmt.Println("SessionID has expired, authenticate again with Github:")
-			authMsg = authGH(c)
-		}
-		msgStatus, err := c.GetCurrentStatus()
-		if err != nil {
-			printErrAndExit(err)
-		}
-		fmt.Printf("%s try_contribute unsuccessful, lobby size %d, num contrib %d,"+
-			"\n    going to sleep %d seconds\n",
-			time.Now().Format("2006-01-02 15:04:05"),
-			msgStatus.LobbySize, msgStatus.NumContributions,
-			sleepTime)
+		fmt.Printf("%s try_contribute unsuccessful, going to sleep %d seconds\n",
+			time.Now().Format("2006-01-02 15:04:05"), sleepTime)
 		time.Sleep(time.Duration(sleepTime) * time.Second)
 	}

@@ -112,25 +114,19 @@ func main() {
 	// }

 	fmt.Println("starting to compute new contribution")
-	t0 := time.Now()
 	newBatchContribution, err := prevBatchContribution.Contribute([]byte(randomness))
 	if err != nil {
-		fmt.Println("error on prevBatchContribution.Contribute")
 		printErrAndExit(err)
 	}
-	fmt.Println("Contribution computed in", time.Since(t0))
-
 	// store contribution
 	fmt.Println("storing contribution.json")
 	b, err := json.Marshal(newBatchContribution)
 	if err != nil {
-		// print error but do not exit
-		_, _ = red.Println(err)
+		printErrAndExit(err)
 	}
 	err = ioutil.WriteFile("contribution.json", b, 0600)
 	if err != nil {
-		// print error but do not exit
-		_, _ = red.Println(err)
+		printErrAndExit(err)
 	}

 	// send contribution
@@ -154,30 +150,8 @@ func main() {
 	}
 }

-func authGH(c *client.Client) client.MsgAuthCallback {
-	msgReqLink, err := c.GetRequestLink()
-	if err != nil {
-		printErrAndExit(err)
-	}
-
-	_, _ = green.Printf("Please go to\n%s\n and authenticate with Github.\n", msgReqLink.GithubAuthURL)
-	fmt.Println("(currently only Github auth is supported)")
-
-	_, _ = greenB.Printf("Paste here the RawData from the auth answer:\n")
-	s, err := readInput()
-	if err != nil {
-		printErrAndExit(err)
-	}
-	var authMsg client.MsgAuthCallback
-	if err = json.Unmarshal([]byte(s), &authMsg); err != nil {
-		printErrAndExit(err)
-	}
-	fmt.Print("Parsed auth msg: ")
-	_, _ = cyan.Printf("%#v\n", authMsg)
-	return authMsg
-}
-
 func printErrAndExit(err error) {
+	red := color.New(color.FgRed)
 	_, _ = red.Println(err)
 	os.Exit(1)
 }
--- a/go.mod
+++ b/go.mod
@@ -7,7 +7,6 @@ require (
 	github.com/frankban/quicktest v1.14.4
 	github.com/kilic/bls12-381 v0.1.0
 	github.com/spf13/pflag v1.0.5
-	golang.org/x/crypto v0.4.0
 )

 require (
@@ -17,5 +16,5 @@ require (
 	github.com/mattn/go-colorable v0.1.12 // indirect
 	github.com/mattn/go-isatty v0.0.14 // indirect
 	github.com/rogpeppe/go-internal v1.9.0 // indirect
-	golang.org/x/sys v0.3.0 // indirect
+	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -22,12 +22,10 @@ github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZV
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8=
-golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201101102859-da207088b7d1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ=
-golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
--- a/powersoftau.go
+++ b/powersoftau.go
@@ -4,8 +4,6 @@ import (
 	"fmt"
 	"math/big"

-	"golang.org/x/crypto/blake2b"
-
 	bls12381 "github.com/kilic/bls12-381"
 )

@@ -83,7 +81,7 @@ func (cs *State) Contribute(randomness []byte) (*State, error) {
 		ns.Transcripts[i].NumG1Powers = cs.Transcripts[i].NumG1Powers
 		ns.Transcripts[i].NumG2Powers = cs.Transcripts[i].NumG2Powers

-		newSRS, proof, err := Contribute(cs.Transcripts[i].PowersOfTau, i, randomness)
+		newSRS, proof, err := Contribute(cs.Transcripts[i].PowersOfTau, randomness)
 		if err != nil {
 			return nil, err
 		}
@@ -111,7 +109,7 @@ func (pb *BatchContribution) Contribute(randomness []byte) (*BatchContribution,
 		nb.Contributions[i].NumG1Powers = pb.Contributions[i].NumG1Powers
 		nb.Contributions[i].NumG2Powers = pb.Contributions[i].NumG2Powers

-		newSRS, proof, err := Contribute(pb.Contributions[i].PowersOfTau, i, randomness)
+		newSRS, proof, err := Contribute(pb.Contributions[i].PowersOfTau, randomness)
 		if err != nil {
 			return nil, err
 		}
@@ -137,10 +135,9 @@ func newEmptySRS(nG1, nG2 int) *SRS {
 	return &SRS{g1s, g2s}
 }

-func tau(round int, randomness []byte) *toxicWaste {
-	val := blake2b.Sum256(append(randomness, byte(round)))
+func tau(randomness []byte) *toxicWaste {
 	tau := new(big.Int).Mod(
-		new(big.Int).SetBytes(val[:]),
+		new(big.Int).SetBytes(randomness),
 		g2.Q())
 	tau_Fr := bls12381.NewFr().FromBytes(tau.Bytes())
 	TauG2 := g2.New()
@@ -179,13 +176,12 @@ func genProof(toxicWaste *toxicWaste, prevSRS, newSRS *SRS) *Proof {

 // Contribute takes as input the previous SRS and a random
 // byte slice, and returns the new SRS together with the Proof
-func Contribute(prevSRS *SRS, round int, randomness []byte) (*SRS, *Proof, error) {
+func Contribute(prevSRS *SRS, randomness []byte) (*SRS, *Proof, error) {
 	if len(randomness) < MinRandomnessLen {
-		return nil, nil, fmt.Errorf("err: randomness length < %d",
-			MinRandomnessLen)
+		return nil, nil, fmt.Errorf("err randomness") // WIP
 	}
 	// set tau from randomness
-	tw := tau(round, randomness)
+	tw := tau(randomness)

 	newSRS := computeContribution(tw, prevSRS)

@@ -232,10 +228,9 @@ func checkG2PointCorrectness(p *bls12381.PointG2) error {
 	return nil
 }

-// VerifyNewSRSFromPrevSRS checks the correct computation of the new SRS
-// respectively from the previous SRS. These are the checks that the Sequencer
-// would do.
-func VerifyNewSRSFromPrevSRS(prevSRS, newSRS *SRS, proof *Proof) bool {
+// Verify checks the correct computation of the new SRS respectively from the
+// previous SRS
+func Verify(prevSRS, newSRS *SRS, proof *Proof) bool {
 	pairing := bls12381.NewEngine()

 	// 1. check that elements of the newSRS are valid points
@@ -284,58 +279,3 @@ func VerifyNewSRSFromPrevSRS(prevSRS, newSRS *SRS, proof *Proof) bool {

 	return true
 }
-
-// VerifyState acts similarly to VerifyNewSRSFromPrevSRS, but verifying the
-// given State (which can be obtained from the Sequencer)
-func VerifyState(s *State) bool {
-	pairing := bls12381.NewEngine()
-
-	for _, t := range s.Transcripts {
-		// 1. check that elements of the SRS are valid points
-		for i := 0; i < len(t.PowersOfTau.G1Powers); i++ {
-			if err := checkG1PointCorrectness(t.PowersOfTau.G1Powers[i]); err != nil {
-				return false
-			}
-		}
-		for i := 0; i < len(t.PowersOfTau.G2Powers); i++ {
-			if err := checkG2PointCorrectness(t.PowersOfTau.G2Powers[i]); err != nil {
-				return false
-			}
-		}
-
-		// 2. check t.Witness.RunningProducts[last] == t.PowersOfTau.G1Powers[1]
-		if !g1.Equal(t.Witness.RunningProducts[len(t.Witness.RunningProducts)-1],
-			t.PowersOfTau.G1Powers[1]) {
-			return false
-		}
-
-		// 3. check newSRS.G1s[1] (g₁^τ'), is correctly related to prevSRS.G1s[1] (g₁^τ)
-		//   e([τ]₁, [p]₂) == e([τ']₁, [1]₂)
-		eL := pairing.AddPair(t.Witness.RunningProducts[len(t.Witness.RunningProducts)-2], t.Witness.PotPubKeys[len(t.Witness.PotPubKeys)-1]).Result()
-		eR := pairing.AddPair(t.Witness.RunningProducts[len(t.Witness.RunningProducts)-1], g2.One()).Result()
-		if !eL.Equal(eR) {
-			return false
-		}
-
-		// 4. check newSRS following the powers of tau structure
-		for i := 0; i < len(t.PowersOfTau.G1Powers)-1; i++ {
-			// i) e([τ'ⁱ]₁, [τ']₂) == e([τ'ⁱ⁺¹]₁, [1]₂), for i ∈ [1, n−1]
-			eL := pairing.AddPair(t.PowersOfTau.G1Powers[i], t.PowersOfTau.G2Powers[1]).Result()
-			eR := pairing.AddPair(t.PowersOfTau.G1Powers[i+1], g2.One()).Result()
-			if !eL.Equal(eR) {
-				return false
-			}
-		}
-
-		for i := 0; i < len(t.PowersOfTau.G2Powers)-1; i++ {
-			// ii) e([τ']₁, [τ'ʲ]₂) == e([1]₁, [τ'ʲ⁺¹]₂), for j ∈ [1, m−1]
-			eL := pairing.AddPair(t.PowersOfTau.G1Powers[1], t.PowersOfTau.G2Powers[i]).Result()
-			eR := pairing.AddPair(g1.One(), t.PowersOfTau.G2Powers[i+1]).Result()
-			if !eL.Equal(eR) {
-				return false
-			}
-		}
-	}
-
-	return true
-}
--- a/powersoftau_test.go
+++ b/powersoftau_test.go
@@ -13,16 +13,16 @@ func TestContribution(t *testing.T) {

 	srs_0 := newEmptySRS(10, 10)

-	srs_1, proof_1, err := Contribute(srs_0, 0,
+	srs_1, proof_1, err := Contribute(srs_0,
 		[]byte("1111111111111111111111111111111111111111111111111111111111111111"))
 	c.Assert(err, qt.IsNil)

-	c.Assert(VerifyNewSRSFromPrevSRS(srs_0, srs_1, proof_1), qt.IsTrue)
+	c.Assert(Verify(srs_0, srs_1, proof_1), qt.IsTrue)

-	srs_2, proof_2, err := Contribute(srs_1, 0,
+	srs_2, proof_2, err := Contribute(srs_1,
 		[]byte("2222222222222222222222222222222222222222222222222222222222222222"))
 	c.Assert(err, qt.IsNil)
-	c.Assert(VerifyNewSRSFromPrevSRS(srs_1, srs_2, proof_2), qt.IsTrue)
+	c.Assert(Verify(srs_1, srs_2, proof_2), qt.IsTrue)
 }

 func TestComputeNewState(t *testing.T) {
@@ -57,11 +57,6 @@ func TestBatchContribution(t *testing.T) {
 		bc.Contribute([]byte("1111111111111111111111111111111111111111111111111111111111111111"))
 	c.Assert(err, qt.IsNil)

-	c.Assert(len(nb.Contributions), qt.Equals, 4)
-	c.Assert(g2.Equal(nb.Contributions[0].PotPubKey, nb.Contributions[1].PotPubKey), qt.IsFalse)
-	c.Assert(g2.Equal(nb.Contributions[0].PotPubKey, nb.Contributions[2].PotPubKey), qt.IsFalse)
-	c.Assert(g2.Equal(nb.Contributions[0].PotPubKey, nb.Contributions[3].PotPubKey), qt.IsFalse)
-
 	_, err = json.Marshal(nb)
 	c.Assert(err, qt.IsNil)
 }