chore: Use monomial form when computing the quotient

internal/kzg/kzg_prove.go

@@ -3,15 +3,34 @@
 import (
 	"github.com/consensys/gnark-crypto/ecc/bls12-381/fr"
 	"github.com/crate-crypto/go-eth-kzg/internal/domain"
+	"github.com/crate-crypto/go-eth-kzg/internal/poly"
 )
 
+func Open(domain *domain.Domain, polyCoeff []fr.Element, evaluationPoint fr.Element, ck *CommitKey, numGoRoutines int) (OpeningProof, error) {
+
+	outputPoint := poly.PolyEval(polyCoeff, evaluationPoint)
+
+	quotient := poly.DividePolyByXminusA(polyCoeff, evaluationPoint)
+
+	comm, err := ck.Commit(quotient, 0)
+	if err != nil {
+		return OpeningProof{}, nil
+	}
+
+	return OpeningProof{
+		QuotientCommitment: *comm,
+		InputPoint:         evaluationPoint,
+		ClaimedValue:       outputPoint,
+	}, nil
+}
+
 // Open verifies that a polynomial f(x) when evaluated at a point `z` is equal to `f(z)`
 //
 // numGoRoutines is used to configure the amount of concurrency needed. Setting this
 // value to a negative number or 0 will make it default to the number of CPUs.
 //
 // [compute_kzg_proof_impl]: https://github.com/ethereum/consensus-specs/blob/017a8495f7671f5fff2075a9bfc9238c1a0982f8/specs/deneb/polynomial-commitments.md#compute_kzg_proof_impl
-func Open(domain *domain.Domain, p Polynomial, evaluationPoint fr.Element, ck *CommitKey, numGoRoutines int) (OpeningProof, error) {
+func Open_(domain *domain.Domain, p Polynomial, evaluationPoint fr.Element, ck *CommitKey, numGoRoutines int) (OpeningProof, error) {
 	if len(p) == 0 || len(p) > len(ck.G1) {
 		return OpeningProof{}, ErrInvalidPolynomialSize
 	}

internal/kzg/kzg_test.go

@@ -12,9 +12,9 @@ import (
 
 func TestProofVerifySmoke(t *testing.T) {
 	domain := domain.NewDomain(4)
-	srs, _ := newLagrangeSRSInsecure(*domain, big.NewInt(1234))
+	srs, _ := newMonomialSRSInsecure(*domain, big.NewInt(1234))
 
-	// polynomial in lagrange form
+	// polynomial in monomial form
 	poly := Polynomial{fr.NewElement(2), fr.NewElement(3), fr.NewElement(4), fr.NewElement(5)}
 
 	comm, _ := srs.CommitKey.Commit(poly, 0)
@@ -29,7 +29,7 @@ func TestProofVerifySmoke(t *testing.T) {
 
 func TestBatchVerifySmoke(t *testing.T) {
 	domain := domain.NewDomain(4)
-	srs, _ := newLagrangeSRSInsecure(*domain, big.NewInt(1234))
+	srs, _ := newMonomialSRSInsecure(*domain, big.NewInt(1234))
 
 	numProofs := 10
 	commitments := make([]Commitment, 0, numProofs)

prove.go

@@ -1,6 +1,7 @@
 package goethkzg
 
 import (
+	"github.com/crate-crypto/go-eth-kzg/internal/domain"
 	"github.com/crate-crypto/go-eth-kzg/internal/kzg"
 )
 
@@ -62,8 +63,11 @@ func (c *Context) ComputeBlobKZGProof(blob *Blob, blobCommitment KZGCommitment,
 	// 2. Compute Fiat-Shamir challenge
 	evaluationChallenge := computeChallenge(blob, blobCommitment)
 
+	domain.BitReverse(polynomial)
+	polyCoeff := c.domain.IfftFr(polynomial)
+
 	// 3. Create opening proof
-	openingProof, err := kzg.Open(c.domain, polynomial, evaluationChallenge, c.commitKeyLagrange, numGoRoutines)
+	openingProof, err := kzg.Open(c.domain, polyCoeff, evaluationChallenge, c.commitKeyMonomial, numGoRoutines)
 	if err != nil {
 		return KZGProof{}, err
 	}
@@ -95,8 +99,11 @@ func (c *Context) ComputeKZGProof(blob *Blob, inputPointBytes Scalar, numGoRouti
 		return KZGProof{}, [32]byte{}, err
 	}
 
+	domain.BitReverse(polynomial)
+	polyCoeff := c.domain.IfftFr(polynomial)
+
 	// 2. Create opening proof
-	openingProof, err := kzg.Open(c.domain, polynomial, inputPoint, c.commitKeyLagrange, numGoRoutines)
+	openingProof, err := kzg.Open(c.domain, polyCoeff, inputPoint, c.commitKeyMonomial, numGoRoutines)
 	if err != nil {
 		return KZGProof{}, [32]byte{}, err
 	}