rename opening_key to verification_key (#285)

Author: kevaundray

cryptography/kzg_multi_open/benches/benchmark.rs

@@ -3,14 +3,14 @@ use bls12_381::{ff::Field, G1Projective};
 use bls12_381::{g1_batch_normalize, g2_batch_normalize, G2Projective, Scalar};
 use crate_crypto_kzg_multi_open_fk20::Verifier;
 use crate_crypto_kzg_multi_open_fk20::{
-    commit_key::CommitKey, opening_key::OpeningKey, Prover, ProverInput,
+    commit_key::CommitKey, verification_key::VerificationKey, Prover, ProverInput,
 };
 use criterion::{criterion_group, criterion_main, Criterion};
 
 pub fn bench_compute_proof_fk20(c: &mut Criterion) {
     const POLYNOMIAL_LEN: usize = 4096;
     let polynomial_4096 = random_scalars(POLYNOMIAL_LEN);
-    let (ck, _) = create_insecure_commit_opening_keys();
+    let (ck, _) = create_insecure_commit_verification_keys();
     const NUMBER_OF_POINTS_TO_EVALUATE: usize = 2 * POLYNOMIAL_LEN;
 
     const NUMBER_OF_POINTS_PER_PROOF: usize = 64;
@@ -40,7 +40,7 @@ pub fn bench_compute_proof_fk20(c: &mut Criterion) {
 pub fn bench_verify_proof_fk20(c: &mut Criterion) {
     const POLYNOMIAL_LEN: usize = 4096;
     let polynomial_4096 = random_scalars(POLYNOMIAL_LEN);
-    let (ck, vk) = create_insecure_commit_opening_keys();
+    let (ck, vk) = create_insecure_commit_verification_keys();
     const NUMBER_OF_POINTS_TO_EVALUATE: usize = 2 * POLYNOMIAL_LEN;
 
     const NUMBER_OF_POINTS_PER_PROOF: usize = 64;
@@ -89,7 +89,7 @@ fn random_scalars(size: usize) -> Vec<Scalar> {
 // We duplicate this to ensure that the version in the src code is only ever compiled with the test feature.
 //
 // This code should never be used outside of benchmarks and tests.
-pub fn create_insecure_commit_opening_keys() -> (CommitKey, OpeningKey) {
+pub fn create_insecure_commit_verification_keys() -> (CommitKey, VerificationKey) {
     // A single proof will attest to the opening of 64 points.
     let multi_opening_size = 64;
 
@@ -115,15 +115,15 @@ pub fn create_insecure_commit_opening_keys() -> (CommitKey, OpeningKey) {
     let secret = -Scalar::ONE;
     let mut current_secret_pow = Scalar::ONE;
     let g2_gen = G2Projective::generator();
-    // The setup needs 65 g1 elements for the opening key, in order
+    // The setup needs 65 g1 elements for the verification key, in order
     // to commit to the remainder polynomial.
     for _ in 0..multi_opening_size + 1 {
         g2_points.push(g2_gen * current_secret_pow);
         current_secret_pow *= secret;
     }
     let g2_points = g2_batch_normalize(&g2_points);
 
-    let vk = OpeningKey::new(
+    let vk = VerificationKey::new(
         g1_points[0..multi_opening_size + 1].to_vec(),
         g2_points,
         multi_opening_size,

cryptography/kzg_multi_open/src/fk20/h_poly.rs

@@ -71,7 +71,7 @@ pub(crate) fn take_every_nth<T: Clone + Copy>(list: &[T], n: usize) -> Vec<Vec<T
 #[cfg(test)]
 mod tests {
     use crate::{
-        create_insecure_commit_opening_keys,
+        create_insecure_commit_verification_keys,
         fk20::{
             h_poly::{compute_h_poly_commitments, take_every_nth},
             naive,
@@ -92,7 +92,7 @@ mod tests {
     fn check_consistency_of_toeplitz_h_polys() {
         let poly: Vec<_> = (0..4096).map(|i| -Scalar::from(i)).collect();
         let coset_size: usize = 64;
-        let (commit_key, _) = create_insecure_commit_opening_keys();
+        let (commit_key, _) = create_insecure_commit_verification_keys();
 
         // Compute the commitment to the h_polynomials naively
         //

cryptography/kzg_multi_open/src/fk20/prover.rs

@@ -218,7 +218,7 @@ mod tests {
 
     use super::{FK20Prover, Input};
     use crate::{
-        create_insecure_commit_opening_keys,
+        create_insecure_commit_verification_keys,
         fk20::{cosets::generate_cosets, naive as fk20naive, verifier::FK20Verifier},
         naive as kzgnaive,
     };
@@ -229,7 +229,7 @@ mod tests {
         // This tests that if we create proofs over Input::Data
         // then the first set of cells will contain the data.
 
-        let (commit_key, _) = create_insecure_commit_opening_keys();
+        let (commit_key, _) = create_insecure_commit_verification_keys();
 
         let poly_len = 4096;
         let num_points_to_open = 2 * poly_len;
@@ -253,7 +253,7 @@ mod tests {
 
     #[test]
     fn smoke_test_prove_verify() {
-        let (commit_key, opening_key) = create_insecure_commit_opening_keys();
+        let (commit_key, verification_key) = create_insecure_commit_verification_keys();
 
         let poly_len = 4096;
         let num_points_to_open = 2 * poly_len;
@@ -267,7 +267,7 @@ mod tests {
             num_points_to_open,
             UsePrecomp::No,
         );
-        let fk20_verifier = FK20Verifier::new(opening_key, num_points_to_open, num_cosets);
+        let fk20_verifier = FK20Verifier::new(verification_key, num_points_to_open, num_cosets);
 
         let data: Vec<_> = (0..poly_len).map(|i| Scalar::from(i as u64)).collect();
         let (proofs, cells) = fk20.compute_multi_opening_proofs(Input::Data(data.clone()));
@@ -291,7 +291,7 @@ mod tests {
         let poly_len = 4096;
         let poly: Vec<_> = (0..poly_len).map(|i| -Scalar::from(i as u64)).collect();
         let coset_size = 64;
-        let (commit_key, _) = create_insecure_commit_opening_keys();
+        let (commit_key, _) = create_insecure_commit_verification_keys();
 
         // Compute the proofs and evaluations using naive fk20
         let (expected_proofs, expected_evaluations) =
@@ -319,7 +319,7 @@ mod tests {
     fn test_consistency_between_naive_kzg_naive_fk20() {
         // Setup
         //
-        let (ck, _) = create_insecure_commit_opening_keys();
+        let (ck, _) = create_insecure_commit_verification_keys();
 
         const POLYNOMIAL_LEN: usize = 4096;
         const NUMBER_OF_POINTS_TO_EVALUATE: usize = 2 * POLYNOMIAL_LEN;

cryptography/kzg_multi_open/src/fk20/verifier.rs

@@ -1,6 +1,6 @@
 use crate::{
     fk20::cosets::{coset_gens, reverse_bit_order},
-    opening_key::OpeningKey,
+    verification_key::VerificationKey,
 };
 use bls12_381::{
     batch_inversion::batch_inverse, ff::Field, g1_batch_normalize, lincomb::g1_lincomb,
@@ -36,7 +36,7 @@ pub type CommitmentIndex = u64;
 ///  - We only use FK20 to create proofs
 #[derive(Debug)]
 pub struct FK20Verifier {
-    pub opening_key: OpeningKey,
+    pub verification_key: VerificationKey,
     pub coset_gens_bit_reversed: Vec<Scalar>,
     coset_domain: Domain,
     // Pre-computations for the verification algorithm
@@ -52,22 +52,26 @@ pub struct FK20Verifier {
 }
 
 impl FK20Verifier {
-    pub fn new(opening_key: OpeningKey, num_points_to_open: usize, num_cosets: usize) -> Self {
+    pub fn new(
+        verification_key: VerificationKey,
+        num_points_to_open: usize,
+        num_cosets: usize,
+    ) -> Self {
         const BIT_REVERSED: bool = true;
         let coset_gens = coset_gens(num_points_to_open, num_cosets, BIT_REVERSED);
 
         let coset_size = num_points_to_open / num_cosets;
         assert!(
-            opening_key.g2s.len() >= coset_size,
+            verification_key.g2s.len() >= coset_size,
             "need as many g2 points as coset size"
         );
-        let coset_domain = polynomial::domain::Domain::new(opening_key.coset_size);
+        let coset_domain = polynomial::domain::Domain::new(verification_key.coset_size);
 
-        let n = opening_key.coset_size;
+        let n = verification_key.coset_size;
         // [s^n]_2
-        let s_pow_n = G2Prepared::from(G2Point::from(opening_key.g2s[n]));
+        let s_pow_n = G2Prepared::from(G2Point::from(verification_key.g2s[n]));
         // [-1]_2
-        let neg_g2_gen = G2Prepared::from(-opening_key.g2_gen());
+        let neg_g2_gen = G2Prepared::from(-verification_key.g2_gen());
 
         let coset_gens_pow_n = coset_gens
             .iter()
@@ -84,7 +88,7 @@ impl FK20Verifier {
             .collect();
 
         Self {
-            opening_key,
+            verification_key,
             coset_gens_bit_reversed: coset_gens,
             coset_domain,
             s_pow_n,
@@ -146,7 +150,7 @@ impl FK20Verifier {
         // We compute one challenge `r` using fiat-shamir and the rest are powers of `r`
         // This is safe because of the Schwartz-Zippel Lemma.
         let r = compute_fiat_shamir_challenge(
-            &self.opening_key,
+            &self.verification_key,
             deduplicated_commitments,
             commitment_indices,
             bit_reversed_coset_indices,
@@ -215,8 +219,9 @@ impl FK20Verifier {
             random_sum_interpolation_poly =
                 poly_add(random_sum_interpolation_poly, scaled_interpolation_poly);
         }
-        let comm_random_sum_interpolation_poly =
-            self.opening_key.commit_g1(&random_sum_interpolation_poly);
+        let comm_random_sum_interpolation_poly = self
+            .verification_key
+            .commit_g1(&random_sum_interpolation_poly);
 
         let mut weighted_r_powers = Vec::with_capacity(batch_size);
         for (coset_index, r_power) in bit_reversed_coset_indices.iter().zip(r_powers) {
@@ -255,7 +260,7 @@ impl FK20Verifier {
 /// The matching function in the spec is: https://github.com/ethereum/consensus-specs/blob/13ac373a2c284dc66b48ddd2ef0a10537e4e0de6/specs/_features/eip7594/polynomial-commitments-sampling.md#compute_verify_cell_kzg_proof_batch_challenge
 #[allow(clippy::manual_slice_size_calculation)]
 fn compute_fiat_shamir_challenge(
-    opening_key: &OpeningKey,
+    verification_key: &VerificationKey,
     row_commitments: &[G1Point],
     row_indices: &[u64],
     coset_indices: &[u64],
@@ -271,14 +276,14 @@ fn compute_fiat_shamir_challenge(
             + row_commitments.len() * G1Point::compressed_size()
             + row_indices.len() * size_of::<u64>()
             + coset_indices.len() * size_of::<u64>()
-            + coset_evals.len() * opening_key.coset_size * size_of::<Scalar>()
+            + coset_evals.len() * verification_key.coset_size * size_of::<Scalar>()
             + proofs.len() * G1Point::compressed_size();
 
     let mut hash_input: Vec<u8> = Vec::with_capacity(hash_input_size);
 
     hash_input.extend(DOMAIN_SEP.as_bytes());
-    hash_input.extend((opening_key.num_coefficients_in_polynomial as u64).to_be_bytes());
-    hash_input.extend((opening_key.coset_size as u64).to_be_bytes());
+    hash_input.extend((verification_key.num_coefficients_in_polynomial as u64).to_be_bytes());
+    hash_input.extend((verification_key.coset_size as u64).to_be_bytes());
 
     let num_commitments = row_commitments.len() as u64;
     hash_input.extend(num_commitments.to_be_bytes());

cryptography/kzg_multi_open/src/lib.rs

@@ -1,6 +1,6 @@
 pub mod commit_key;
 mod fk20;
-pub mod opening_key;
+pub mod verification_key;
 
 pub use fk20::{
     recover_evaluations_in_domain_order, CommitmentIndex, CosetIndex, Prover, ProverInput,
@@ -11,11 +11,11 @@ pub use fk20::{
 mod naive;
 
 #[cfg(test)]
-pub(crate) fn create_insecure_commit_opening_keys(
-) -> (commit_key::CommitKey, opening_key::OpeningKey) {
+pub(crate) fn create_insecure_commit_verification_keys(
+) -> (commit_key::CommitKey, verification_key::VerificationKey) {
     use bls12_381::{g1_batch_normalize, g2_batch_normalize, G1Projective, G2Projective, Scalar};
     use commit_key::CommitKey;
-    use opening_key::OpeningKey;
+    use verification_key::VerificationKey;
 
     // A single proof will attest to the opening of 64 points.
     let multi_opening_size = 64;
@@ -42,15 +42,15 @@ pub(crate) fn create_insecure_commit_opening_keys(
     let secret = -Scalar::ONE;
     let mut current_secret_pow = Scalar::ONE;
     let g2_gen = G2Projective::generator();
-    // The setup needs 65 g1 elements for the opening key, in order
+    // The setup needs 65 g1 elements for the verification key, in order
     // to commit to the remainder polynomial.
     for _ in 0..multi_opening_size + 1 {
         g2_points.push(g2_gen * current_secret_pow);
         current_secret_pow *= secret;
     }
     let g2_points = g2_batch_normalize(&g2_points);
 
-    let vk = OpeningKey::new(
+    let vk = VerificationKey::new(
         g1_points[0..multi_opening_size + 1].to_vec(),
         g2_points,
         multi_opening_size,

cryptography/kzg_multi_open/src/naive.rs

@@ -1,4 +1,4 @@
-use crate::{commit_key::CommitKey, opening_key::OpeningKey};
+use crate::{commit_key::CommitKey, verification_key::VerificationKey};
 use bls12_381::{ff::Field, multi_pairings, G1Point, G1Projective, G2Point, G2Prepared, Scalar};
 use polynomial::poly_coeff::{
     lagrange_interpolate, poly_eval, poly_sub, vanishing_poly, PolyCoeff,
@@ -37,13 +37,13 @@ pub(crate) fn compute_multi_opening(
 /// Naively Verifies a multi-point opening proof.
 pub(crate) fn verify_multi_opening(
     quotient_commitment: G1Point,
-    opening_key: &OpeningKey,
+    verification_key: &VerificationKey,
     commitment: G1Point,
     input_points: &[Scalar],
     output_points: &[Scalar],
 ) -> bool {
     _verify_multi_opening_naive(
-        opening_key,
+        verification_key,
         commitment,
         quotient_commitment,
         input_points,
@@ -135,7 +135,7 @@ fn _compute_multi_opening_naive(
 /// holds by using the following pairing equation:
 ///     e([Q(X)]_1, [Z(X)]_2) == e([f(X)]_1 - [I(X)]_1, [1]_2)
 fn _verify_multi_opening_naive(
-    opening_key: &OpeningKey,
+    verification_key: &VerificationKey,
     commitment: G1Point,
     proof: G1Point,
     input_points: &[Scalar],
@@ -149,30 +149,33 @@ fn _verify_multi_opening_naive(
     let r_x = lagrange_interpolate(&coordinates).unwrap();
 
     let vanishing_poly = vanishing_poly(input_points);
-    let comm_vanishing_poly: G2Point = opening_key.commit_g2(&vanishing_poly).into();
+    let comm_vanishing_poly: G2Point = verification_key.commit_g2(&vanishing_poly).into();
 
-    let comm_r_x = opening_key.commit_g1(&r_x);
+    let comm_r_x = verification_key.commit_g1(&r_x);
     let comm_minus_r_x: G1Point = (G1Projective::from(commitment) - comm_r_x).into();
     multi_pairings(&[
         (&proof, &G2Prepared::from(comm_vanishing_poly)),
-        (&comm_minus_r_x, &G2Prepared::from(-opening_key.g2_gen())),
+        (
+            &comm_minus_r_x,
+            &G2Prepared::from(-verification_key.g2_gen()),
+        ),
     ])
 }
 
 #[cfg(test)]
 mod tests {
     use bls12_381::Scalar;
 
-    use crate::create_insecure_commit_opening_keys;
+    use crate::create_insecure_commit_verification_keys;
 
     #[test]
     fn smoke_test_naive_multi_opening() {
-        let (ck, opening_key) = create_insecure_commit_opening_keys();
+        let (ck, verification_key) = create_insecure_commit_verification_keys();
 
         let num_points_to_open = 16;
         let input_points: Vec<_> = (0..num_points_to_open).map(|i| Scalar::from(i)).collect();
 
-        let polynomial: Vec<_> = (0..opening_key.num_coefficients_in_polynomial)
+        let polynomial: Vec<_> = (0..verification_key.num_coefficients_in_polynomial)
             .map(|i| -Scalar::from(i as u64))
             .collect();
         let commitment = ck.commit_g1(&polynomial).into();
@@ -181,7 +184,7 @@ mod tests {
             super::compute_multi_opening(&ck, &polynomial, &input_points);
         let proof_valid = super::verify_multi_opening(
             quotient_commitment,
-            &opening_key,
+            &verification_key,
             commitment,
             &input_points,
             &output_points,
@@ -194,7 +197,7 @@ mod tests {
             .collect();
         let proof_valid = super::verify_multi_opening(
             quotient_commitment,
-            &opening_key,
+            &verification_key,
             commitment,
             &input_points,
             &output_points,

cryptography/kzg_multi_open/src/opening_key.rs cryptography/kzg_multi_open/src/verification_key.rs

@@ -3,9 +3,9 @@ use bls12_381::{
     G1Point, G1Projective, G2Point, G2Projective, Scalar,
 };
 
-/// Opening Key is used to verify opening proofs made about a committed polynomial.
+/// Verification Key is used to verify opening proofs made about a committed polynomial.
 #[derive(Clone, Debug)]
-pub struct OpeningKey {
+pub struct VerificationKey {
     /// The powers of tau G1 used in the setup
     ///
     /// ie group elements of the form `{ \tau^i G }`
@@ -32,7 +32,7 @@ pub struct OpeningKey {
     pub num_coefficients_in_polynomial: usize,
 }
 
-impl OpeningKey {
+impl VerificationKey {
     pub fn new(
         g1s: Vec<G1Point>,
         g2s: Vec<G2Point>,