Airdrop with KZG

Solution from https://twitter.com/developeruche

The Goal is to release merkle proof system used for airdrop verification with KZG commitment.

This is how I implemented it and got stuck when trying to implement the solidity verifier.

I get all the address of the valid address and amount, concat it and obtain the hash of the concat.

I map each of these hashes to a field element… giving me a vector of field element.

I interpolated each of this field elements to get a polynomial. (this polynomial's degree is very huge, for the Optimism Airdrop I used as a case study, I was a 268K degree polynomial.

Commit to the polynomial

Push the polynomial commitment onchain

Generate proof function to be used by users

User can now call the contract and the contract verification logic would carry out the validity assations

BN256's order:
$r$
$U = [({addr}_{i}, v_{i})], i \in {0, \dots, n - 1}$
$h_{i} = h ({addr}_{i} | v_{i}) \mod r$
$H = {(w^{i}, h_{i})}$ ,
$w$ is the root of unity
$f (x) = R . lagrange_polynomial (H) = a_{0} + a_{1} x + \dots + a_{n - 1} x^{n - 1}$
$C = C_{f (x)} = f (τ) G_{1} = a_{0} G_{1} + a_{1} τ G_{1} + a_{2} τ^{2} G_{1} + \dots a_{n - 1} τ^{n - 1} G_{1}$

The contract need to prove point

(w^{i}, h_{i})

is in

y = f (x)

Setup:
- Owner generates the
  $U$ with order, and compute
  $f (x), w, C$
- Owner set the
  $C$ in the contract.
User generate the proof in frontend:
- User login
  ${addr}_{i}$ with wallet
- Server computes
  $q (x) = \frac{f (x) - h_{i}}{x - w^{i}}$ ,
  $P = C_{q (x)} = q (τ) G_{1}$ , return the
  $(w^{i}, v_{i}, P)$ according to
  ${addr}_{i}$
User call contract's verify with
$i, v_{i}, P$ :
- Contract compute
  $h_{i} = h (msg.sender | v_{i}) \mod r$ , and check
  $e (C - h_{i} G_{1} + w^{i} P, G_{2}) = e (P, τ G_{2})$

Airdrop with KZG

Read more

Rust-Verkle [in progress]

LeRobot by hand

Inner Product Argument

What is the KZG PCS