1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
//! proof-cat: sumcheck-based proving backend for plonkish-cat.
//!
//! Given a [`ConstraintSet`](plonkish_cat::ConstraintSet) (the
//! output of `plonkish_cat::compile`) and a satisfying
//! [`Witness`](prove::Witness), this crate produces a
//! cryptographic [`Proof`](prove::Proof) that the witness is
//! valid, without the verifier needing to know the witness.
//!
//! # Architecture
//!
//! ```text
//! plonkish_cat::compile(graph, path) -> ConstraintSet<F>
//! |
//! proof_cat::prove(constraints, witness)
//! |
//! Proof<F>
//! |
//! proof_cat::verify(constraints, proof)
//! |
//! Ok(true)
//! ```
//!
//! Internally the proof uses the **sumcheck protocol** over
//! multilinear polynomials, with a **Merkle tree** commitment
//! for the witness values.
//!
//! # Modules
//!
//! - [`poly`] -- Multilinear polynomial evaluation tables.
//! - [`transcript`] -- Fiat-Shamir non-interactive transcript.
//! - [`commit`] -- Merkle tree commitment scheme.
//! - [`sumcheck`] -- Sumcheck prover and verifier.
//! - [`prove`] -- End-to-end proof generation and verification.
//!
//! Field types (the [`Field`](field_cat::Field) trait, the
//! [`FieldBytes`](field_cat::FieldBytes) transcript-serialization
//! trait, and concrete fields like [`BabyBear`](field_cat::BabyBear)
//! and [`BFieldElement`](field_cat::BFieldElement)) live in the
//! sibling [`field_cat`] crate so they can be shared with
//! STARK-flavored downstreams without inheriting the `PLONKish`
//! constraint vocabulary.
pub use Error;
pub use ;
pub use ;
pub use ;
pub use Transcript;