Layr-Labs · litt3 · Dec 20, 2024
diff --git a/encoding/kzg/prover/gnark/commitments.go b/encoding/kzg/prover/gnark/commitments.go
@@ -10,9 +10,8 @@ import (
 )
 
 type KzgCommitmentsGnarkBackend struct {
-	KzgConfig  *kzg.KzgConfig
-	Srs        *kzg.SRS
-	G2Trailing []bn254.G2Affine
+	KzgConfig *kzg.KzgConfig
+	Srs       *kzg.SRS
 }
 
 func (p *KzgCommitmentsGnarkBackend) ComputeLengthProof(coeffs []fr.Element) (*bn254.G2Affine, error) {
@@ -26,7 +25,7 @@ func (p *KzgCommitmentsGnarkBackend) ComputeLengthProofForLength(coeffs []fr.Ele
 	}
 
 	start := p.KzgConfig.SRSNumberToLoad - length
-	shiftedSecret := p.G2Trailing[start : start+uint64(len(coeffs))]
+	shiftedSecret := p.Srs.G2Trailing[start : start+uint64(len(coeffs))]
 	config := ecc.MultiExpConfig{}
 
 	//The proof of low degree is commitment of the polynomial shifted to the largest srs degree

diff --git a/encoding/kzg/prover/prover.go b/encoding/kzg/prover/prover.go
@@ -40,49 +40,7 @@ func NewProver(kzgConfig *kzg.KzgConfig, encoderConfig *encoding.Config) (*Prove
 		encoderConfig = encoding.DefaultConfig()
 	}
 
-	if kzgConfig.SRSNumberToLoad > kzgConfig.SRSOrder {
-		return nil, errors.New("SRSOrder is less than srsNumberToLoad")
-	}
-
-	// read the whole order, and treat it as entire SRS for low degree proof
-	s1, err := kzg.ReadG1Points(kzgConfig.G1Path, kzgConfig.SRSNumberToLoad, kzgConfig.NumWorker)
-	if err != nil {
-		log.Println("failed to read G1 points", err)
-		return nil, err
-	}
-
-	s2 := make([]bn254.G2Affine, 0)
-	g2Trailing := make([]bn254.G2Affine, 0)
-
-	// PreloadEncoder is by default not used by operator node, PreloadEncoder
-	if kzgConfig.LoadG2Points {
-		if len(kzgConfig.G2Path) == 0 {
-			return nil, errors.New("G2Path is empty. However, object needs to load G2Points")
-		}
-
-		s2, err = kzg.ReadG2Points(kzgConfig.G2Path, kzgConfig.SRSNumberToLoad, kzgConfig.NumWorker)
-		if err != nil {
-			log.Println("failed to read G2 points", err)
-			return nil, err
-		}
-
-		g2Trailing, err = kzg.ReadG2PointSection(
-			kzgConfig.G2Path,
-			kzgConfig.SRSOrder-kzgConfig.SRSNumberToLoad,
-			kzgConfig.SRSOrder, // last exclusive
-			kzgConfig.NumWorker,
-		)
-		if err != nil {
-			return nil, err
-		}
-	} else {
-		// todo, there are better ways to handle it
-		if len(kzgConfig.G2PowerOf2Path) == 0 {
-			return nil, errors.New("G2PowerOf2Path is empty. However, object needs to load G2Points")
-		}
-	}
-
-	srs, err := kzg.NewSrs(s1, s2)
+	srs, err := kzg.NewSrs(kzgConfig)
 	if err != nil {
 		log.Println("Could not create srs", err)
 		return nil, err
@@ -102,7 +60,6 @@ func NewProver(kzgConfig *kzg.KzgConfig, encoderConfig *encoding.Config) (*Prove
 		encoder:             rsEncoder,
 		KzgConfig:           kzgConfig,
 		Srs:                 srs,
-		G2Trailing:          g2Trailing,
 		ParametrizedProvers: make(map[encoding.EncodingParams]*ParametrizedProver),
 	}
 
@@ -405,9 +362,8 @@ func (p *Prover) createGnarkBackendProver(params encoding.EncodingParams, fs *ff
 
 	// Set KZG Commitments gnark backend
 	commitmentsBackend := &gnarkprover.KzgCommitmentsGnarkBackend{
-		Srs:        p.Srs,
-		G2Trailing: p.G2Trailing,
-		KzgConfig:  p.KzgConfig,
+		Srs:       p.Srs,
+		KzgConfig: p.KzgConfig,
 	}
 
 	return &ParametrizedProver{

diff --git a/encoding/kzg/srs.go b/encoding/kzg/srs.go
@@ -25,21 +25,83 @@
 package kzg
 
 import (
+	"errors"
+	"fmt"
+	"math"
+
 	"github.com/consensys/gnark-crypto/ecc/bn254"
 )
 
 type SRS struct {
-
 	// [b.multiply(b.G1, pow(s, i, MODULUS)) for i in range(WIDTH+1)],
 	G1 []bn254.G1Affine
 	// [b.multiply(b.G2, pow(s, i, MODULUS)) for i in range(WIDTH+1)],
 	G2 []bn254.G2Affine
+	// TODO: is there a nice way to represent this field mathematically, as above?
+	G2Trailing []bn254.G2Affine
 }
 
-func NewSrs(G1 []bn254.G1Affine, G2 []bn254.G2Affine) (*SRS, error) {
+// NewSrs initializes the SRS struct using the configuration specified in a KzgConfig
+func NewSrs(kzgConfig *KzgConfig) (*SRS, error) {
+	if kzgConfig.SRSNumberToLoad > kzgConfig.SRSOrder {
+		return nil, fmt.Errorf(
+			"SRSOrder (%d) is less than srsNumberToLoad (%d)",
+			kzgConfig.SRSOrder,
+			kzgConfig.SRSNumberToLoad)
+	}
+
+	// read the whole order, and treat it as entire SRS for low degree proof
+	s1, err := ReadG1Points(kzgConfig.G1Path, kzgConfig.SRSNumberToLoad, kzgConfig.NumWorker)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read %d G1 points from %s: %v", kzgConfig.SRSNumberToLoad, kzgConfig.G1Path, err)
+	}
+
+	s2 := make([]bn254.G2Affine, 0)
+	g2Trailing := make([]bn254.G2Affine, 0)
+
+	if kzgConfig.LoadG2Points {
+		if len(kzgConfig.G2Path) == 0 {
+			return nil, errors.New("G2Path is empty. However, object needs to load G2Points")
+		}
+
+		s2, err = ReadG2Points(kzgConfig.G2Path, kzgConfig.SRSNumberToLoad, kzgConfig.NumWorker)
+		if err != nil {
+			return nil, fmt.Errorf("failed to read %d G2 points from %s: %v", kzgConfig.SRSNumberToLoad, kzgConfig.G2Path, err)
+		}
+
+		g2Trailing, err = ReadG2PointSection(
+			kzgConfig.G2Path,
+			kzgConfig.SRSOrder-kzgConfig.SRSNumberToLoad,
+			kzgConfig.SRSOrder, // last exclusive
+			kzgConfig.NumWorker,
+		)
+		if err != nil {
+			return nil, fmt.Errorf("failed to read trailing G2 points from %s: %v", kzgConfig.G2Path, err)
+		}
+	} else {
+		if len(kzgConfig.G2PowerOf2Path) == 0 && len(kzgConfig.G2Path) == 0 {
+			return nil, errors.New("both G2Path and G2PowerOf2Path are empty. However, object needs to load G2Points")
+		}
+
+		if len(kzgConfig.G2PowerOf2Path) != 0 {
+			if kzgConfig.SRSOrder == 0 {
+				return nil, errors.New("SRS order cannot be 0")
+			}
+
+			maxPower := uint64(math.Log2(float64(kzgConfig.SRSOrder)))
+			_, err := ReadG2PointSection(kzgConfig.G2PowerOf2Path, 0, maxPower, 1)
+			if err != nil {
+				return nil, fmt.Errorf("file located at %v is invalid", kzgConfig.G2PowerOf2Path)
+			}
+		} else {
+			return nil, fmt.Errorf(`G2PowerOf2Path is empty. However, object needs to load G2Points.
+						For most operators, this likely indicates that G2_POWER_OF_2_PATH is improperly configured.`)
+		}
+	}
 
 	return &SRS{
-		G1: G1,
-		G2: G2,
+		G1:         s1,
+		G2:         s2,
+		G2Trailing: g2Trailing,
 	}, nil
 }
diff --git a/encoding/kzg/verifier/verifier.go b/encoding/kzg/verifier/verifier.go
@@ -3,7 +3,6 @@ package verifier
 import (
 	"errors"
 	"fmt"
-	"log"
 	"math"
 	"math/big"
 	"runtime"
@@ -25,69 +24,16 @@ type Verifier struct {
 	kzgConfig *kzg.KzgConfig
 	encoder   *rs.Encoder
 
-	Srs        *kzg.SRS
-	G2Trailing []bn254.G2Affine
-	mu         sync.Mutex
+	Srs *kzg.SRS
+	mu  sync.Mutex
 
 	ParametrizedVerifiers map[encoding.EncodingParams]*ParametrizedVerifier
 }
 
 var _ encoding.Verifier = &Verifier{}
 
 func NewVerifier(config *kzg.KzgConfig, encoderConfig *encoding.Config) (*Verifier, error) {
-	if config.SRSNumberToLoad > config.SRSOrder {
-		return nil, errors.New("SRSOrder is less than srsNumberToLoad")
-	}
-
-	// read the whole order, and treat it as entire SRS for low degree proof
-	s1, err := kzg.ReadG1Points(config.G1Path, config.SRSNumberToLoad, config.NumWorker)
-	if err != nil {
-		return nil, fmt.Errorf("failed to read %d G1 points from %s: %v", config.SRSNumberToLoad, config.G1Path, err)
-	}
-
-	s2 := make([]bn254.G2Affine, 0)
-	g2Trailing := make([]bn254.G2Affine, 0)
-
-	// PreloadEncoder is by default not used by operator node, PreloadEncoder
-	if config.LoadG2Points {
-		if len(config.G2Path) == 0 {
-			return nil, errors.New("G2Path is empty. However, object needs to load G2Points")
-		}
-
-		s2, err = kzg.ReadG2Points(config.G2Path, config.SRSNumberToLoad, config.NumWorker)
-		if err != nil {
-			return nil, fmt.Errorf("failed to read %d G2 points from %s: %v", config.SRSNumberToLoad, config.G2Path, err)
-		}
-
-		g2Trailing, err = kzg.ReadG2PointSection(
-			config.G2Path,
-			config.SRSOrder-config.SRSNumberToLoad,
-			config.SRSOrder, // last exclusive
-			config.NumWorker,
-		)
-		if err != nil {
-			return nil, fmt.Errorf("failed to read trailing G2 points from %s: %v", config.G2Path, err)
-		}
-	} else {
-		if len(config.G2PowerOf2Path) == 0 && len(config.G2Path) == 0 {
-			return nil, errors.New("both G2Path and G2PowerOf2Path are empty. However, object needs to load G2Points")
-		}
-
-		if len(config.G2PowerOf2Path) != 0 {
-			if config.SRSOrder == 0 {
-				return nil, errors.New("SRS order cannot be 0")
-			}
-
-			maxPower := uint64(math.Log2(float64(config.SRSOrder)))
-			_, err := kzg.ReadG2PointSection(config.G2PowerOf2Path, 0, maxPower, 1)
-			if err != nil {
-				return nil, fmt.Errorf("file located at %v is invalid", config.G2PowerOf2Path)
-			}
-		} else {
-			log.Println("verifier requires accesses to entire g2 points. It is a legacy usage. For most operators, it is likely because G2_POWER_OF_2_PATH is improperly configured.")
-		}
-	}
-	srs, err := kzg.NewSrs(s1, s2)
+	srs, err := kzg.NewSrs(config)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create SRS: %v", err)
 	}
@@ -103,7 +49,6 @@ func NewVerifier(config *kzg.KzgConfig, encoderConfig *encoding.Config) (*Verifi
 		kzgConfig:             config,
 		encoder:               encoder,
 		Srs:                   srs,
-		G2Trailing:            g2Trailing,
 		ParametrizedVerifiers: make(map[encoding.EncodingParams]*ParametrizedVerifier),
 	}