exochain-proofs 0.2.0-beta

EXOCHAIN zero-knowledge proof skeleton -- UNAUDITED, pedagogical only. See crate README.
Documentation

exo-proofs

⚠️ UNAUDITED — NOT PRODUCTION CRYPTOGRAPHY

This crate is a pedagogical / structural implementation of zero-knowledge proof primitives (SNARK, STARK, zkML, and a verifier facade). It exists to demonstrate the shape of the APIs EXOCHAIN will eventually require — it is not a cryptographically sound proof system.

Why this crate refuses to run by default

In the default build, every public proof entry point returns Err(ProofError::UnauditedImplementation { .. }). This is deliberate.

Doctrine: "Never stub." We do not ship code that claims a capability it does not have. Rather than leaving silently-passing placeholders, the proof functions gate themselves behind a Cargo feature whose very name is the warning label:

[dependencies]
exo-proofs = { path = "../exo-proofs", features = ["unaudited-pedagogical-proofs"] }

If a consumer of this crate forgets to enable the feature, their build compiles but every call to snark::prove / verify, stark::prove_stark / verify_stark, zkml::prove_inference / verify_inference, and verifier::verify_any returns a hard refusal error — not a fake "proof valid" boolean.

What is honest in this crate

  • API shape — the Circuit / ConstraintSystem / ProvingKey / VerifyingKey / Proof / StarkProof / InferenceProof types are reasonable first-cut shapes for when a real proof backend is wired in.
  • Domain separation on commitments — hashes are computed with domain-separated BLAKE3 prefixes ("mmr:leaf:", "snark:c:", etc.), so when the crate is replaced with a real backend, the commitment scheme around it carries no collision hazards from this skeleton.
  • ModelCommitment / HumanAttestation / Daubert checklist — these are ordinary structured-data types, not cryptographic claims. They remain usable even with the feature off.

What is not honest

Inside the proof routines themselves:

  • SNARK "curve points" (a, b, c) are 32-byte hash-based stand-ins.
  • STARK low-degree tests and FRI folding are structural, not a sound IOP.
  • zkML "proof" binds (model_hash, input_hash, output_hash) via a hash chain — it is a signed statement, not a zero-knowledge proof.

If you need to ship any user-facing or governance-relevant claim that depends on zero-knowledge soundness, replace this crate with a real proving backend (arkworks / halo2 / plonky2 / risc0 / etc.) before enabling the feature flag anywhere downstream.

Tests

  • Default build (feature OFF): cargo test -p exochain-proofs runs the refusal integration tests in tests/refusal.rs, verifying that every gated entry point errors out. Unit tests inside each module are #[cfg(feature = "unaudited-pedagogical-proofs")] and do not run.
  • Pedagogical build (feature ON): cargo test -p exochain-proofs --features unaudited-pedagogical-proofs runs the full 79-test suite exercising the skeleton's internal consistency.

Status

Module State Replace with
circuit OK structural (keep — shape is sound)
snark UNAUDITED arkworks / halo2 / plonky2
stark UNAUDITED winterfell / risc0 STARK
zkml UNAUDITED EZKL / jolt / specialized backend
verifier facade re-route to real backend

License

Apache-2.0 OR MIT, per workspace.