This repo is super experimental.

This is an implementation in Go, initially aimed at chunkification and extension of data, and building/verifying KZG proofs for the output data. The KZG proofs, or Kate proofs, are built on top of BLS12-381.

Part of a low-latency data-availability sampling network prototype for Eth2 Phase 1. See https://github.com/protolambda/eth2-das

Code is based on:

• KZG Data availability code by Dankrad
• Verkle and FFT code by Dankrad and Vitalik
• Reed solomon erasure code recovery with FFTs by Vitalik
• FFT explainer by Vitalik
• Kate explainer by Dankrad
• Kate amortized paper by Dankrad and Dmitry

Features:

• (I)FFT on F_r
• (I)FFT on G1
• Specialized FFT for extension of F_r data
• KZG
  • commitments
  • generate/verify proof for single point
  • generate/verify proofs for multiple points
  • generate/verify proofs for all points, using FK20
  • generate/verify proofs for ranges (cosets) of points, using FK20
• Data recovery: given an arbitrary subset of data (at least half), recover the rest
• Optimized for Data-availability usage
• Change Bignum / BLS with build tags.

Currently supported BLS implementations: Herumi BLS and Kilic BLS (default).

The BLS curve order is used for the modulo math, different libraries could be used to provide this functionality. Note: some of these libraries do not have full BLS functionality, only Bignum / uint256. The KZG code will be excluded when compiling with a non-BLS build tag.

Build tag options:

• (no build tags, default): Use Kilic BLS library. Previously used by bignum_kilic build tag. kilic/bls12-381
• -tags bignum_hbls: use Herumi BLS library. herumi/bls-eth-go-binary
• -tags bignum_hol256: Use the uint256 code that Geth uses, holiman/uint256
• -tags bignum_pure: Use the native Go Bignum implementation.

See BENCH.md for benchmarks of FFT, FFT in G1, FFT-extension, zero polynomials, and sample recovery.

MIT, see LICENSE file.