proof_cat/lib.rs
1//! proof-cat: sumcheck-based proving backend for plonkish-cat.
2//!
3//! Given a [`ConstraintSet`](plonkish_cat::ConstraintSet) (the
4//! output of `plonkish_cat::compile`) and a satisfying
5//! [`Witness`](prove::Witness), this crate produces a
6//! cryptographic [`Proof`](prove::Proof) that the witness is
7//! valid, without the verifier needing to know the witness.
8//!
9//! # Architecture
10//!
11//! ```text
12//! plonkish_cat::compile(graph, path) -> ConstraintSet<F>
13//! |
14//! proof_cat::prove(constraints, witness)
15//! |
16//! Proof<F>
17//! |
18//! proof_cat::verify(constraints, proof)
19//! |
20//! Ok(true)
21//! ```
22//!
23//! Internally the proof uses the **sumcheck protocol** over
24//! multilinear polynomials, with a **Merkle tree** commitment
25//! for the witness values.
26//!
27//! # Modules
28//!
29//! - [`poly`] -- Multilinear polynomial evaluation tables.
30//! - [`transcript`] -- Fiat-Shamir non-interactive transcript.
31//! - [`commit`] -- Merkle tree commitment scheme.
32//! - [`sumcheck`] -- Sumcheck prover and verifier.
33//! - [`prove`] -- End-to-end proof generation and verification.
34//!
35//! Field types (the [`Field`](field_cat::Field) trait, the
36//! [`FieldBytes`](field_cat::FieldBytes) transcript-serialization
37//! trait, and concrete fields like [`BabyBear`](field_cat::BabyBear)
38//! and [`BFieldElement`](field_cat::BFieldElement)) live in the
39//! sibling [`field_cat`] crate so they can be shared with
40//! STARK-flavored downstreams without inheriting the `PLONKish`
41//! constraint vocabulary.
42
43pub mod commit;
44pub mod error;
45pub mod poly;
46pub mod prove;
47pub mod sumcheck;
48pub mod transcript;
49
50pub use error::Error;
51pub use poly::{MultilinearPoly, NumVars};
52pub use prove::{Proof, Witness, prove, verify};
53pub use sumcheck::{SumcheckClaim, SumcheckProof, sumcheck_prove, sumcheck_verify};
54pub use transcript::Transcript;