This repo is super experimental.
This is an implementation in Go, initially aimed at chunkification and extension of data, and building/verifying KZG proofs for the output data. The KZG proofs, or Kate proofs, are built on top of BLS12-381.
Part of a low-latency data-availability sampling network prototype for Eth2 Phase 1. See https://github.com/protolambda/eth2-das
Code is based on:
- KZG Data availability code by Dankrad
- Verkle and FFT code by Dankrad and Vitalik
- Reed solomon erasure code recovery with FFTs by Vitalik
- FFT explainer by Vitalik
- Kate explainer by Dankrad
- Kate amortized paper by Dankrad and Dmitry
Features:
- (I)FFT on
F_r - (I)FFT on
G1 - Specialized FFT for extension of
F_rdata - KZG
- commitments
- generate/verify proof for single point
- generate/verify proofs for multiple points
- generate/verify proofs for all points, using FK20
- generate/verify proofs for ranges (cosets) of points, using FK20
- Data recovery: given an arbitrary subset of data (at least half), recover the rest
- Optimized for Data-availability usage
- Change Bignum / BLS with build tags.
Currently supported BLS implementations: Herumi BLS and Kilic BLS (default).
The BLS curve order is used for the modulo math, different libraries could be used to provide this functionality. Note: some of these libraries do not have full BLS functionality, only Bignum / uint256. The KZG code will be excluded when compiling with a non-BLS build tag.
Build tag options:
- (no build tags, default): Use Kilic BLS library. Previously used by
bignum_kilicbuild tag.kilic/bls12-381 -tags bignum_hbls: use Herumi BLS library.herumi/bls-eth-go-binary-tags bignum_hol256: Use the uint256 code that Geth uses,holiman/uint256-tags bignum_pure: Use the native Go Bignum implementation.
See BENCH.md for benchmarks of FFT, FFT in G1, FFT-extension, zero polynomials, and sample recovery.
MIT, see LICENSE file.