Try   HackMD

Airdrop with KZG

Solution from https://twitter.com/developeruche

The Goal is to release merkle proof system used for airdrop verification with KZG commitment.

This is how I implemented it and got stuck when trying to implement the solidity verifier.

  1. I get all the address of the valid address and amount, concat it and obtain the hash of the concat.
  2. I map each of these hashes to a field element giving me a vector of field element.
  3. I interpolated each of this field elements to get a polynomial. (this polynomial's degree is very huge, for the Optimism Airdrop I used as a case study, I was a 268K degree polynomial.
  4. Commit to the polynomial
  5. Push the polynomial commitment onchain
  6. Generate proof function to be used by users
  7. User can now call the contract and the contract verification logic would carry out the validity assations
  • BN256's order:
    r
  • U=[(addri,vi)], i{0,,n1}
  • hi=h(addri|vi)modr
  • H={(wi,hi)}
    ,
    w
    is the root of unity
  • f(x)=R.lagrange_polynomial(H)=a0+a1x++an1xn1
  • C=Cf(x)=f(τ)G1=a0G1+a1τG1+a2τ2G1+an1τn1G1

The contract need to prove point

(wi,hi) is in
y=f(x)

  1. Setup:
    • Owner generates the
      U
      with order, and compute
      f(x),w,C
    • Owner set the
      C
      in the contract.
  2. User generate the proof in frontend:
    • User login
      addri
      with wallet
    • Server computes
      q(x)=f(x)hixwi
      ,
      P=Cq(x)=q(τ)G1
      , return the
      (wi,vi,P)
      according to
      addri
  3. User call contract's verify with
    i,vi,P
    :
    • Contract compute
      hi=h(msg.sender|vi)modr
      , and check
      e(ChiG1+wiP,G2)=e(P,τG2)