Proving/Verifying Subsections of Blob(s)

[mattdesl]

So as I understand, one benefit of KZG is that you can use them to "prove values at specific points" rather than always verify the entire polynomial. I'm trying to understand how I can use this practically, and wonder if its possible with this library, or out of scope?

For example:
I have a blob of bytes and its commitment + proof as generated by this library. I want to reveal to the verifier only a small slice of the blob, say from bytes [5...25], and allow them to use the commitments/proofs I've given them to verify that slice belongs to the blob (however, I don't want to reveal the entire blob yet).

Is something like that possible?

[asn-d6]

So as I understand, one benefit of KZG is that you can use them to "prove values at specific points" rather than always verify the entire polynomial. I'm trying to understand how I can use this practically, and wonder if its possible with this library, or out of scope?

For example: I have a blob of bytes and its commitment + proof as generated by this library. I want to reveal to the verifier only a small slice of the blob, say from bytes [5...25], and allow them to use the commitments/proofs I've given them to verify that slice belongs to the blob (however, I don't want to reveal the entire blob yet).

Is something like that possible?

That should be possible with KZG by having the prover create the appropriate KZG proofs (that prove the values of the bytes [5..25]). You can use the compute_kzg_proof() and the verify_kzg_proof() functions for that.

Ideally you would be using KZG multiproofs (which we don't currently support) so that with a single proof you can cover the entire range of bytes you want, whereas with basic KZG you will need to create multiple proofs.

Finally, this library is meant to cover the tailored needs of Ethereum use cases for 4844 and it's not a generic KZG library, so you might have better luck with a more generic KZG implementation.