Skip to main content

proof_cat/
lib.rs

1//! proof-cat: PLONKish bridge to sumcheck proving.
2//!
3//! Given a [`ConstraintSet`](plonkish_cat::ConstraintSet) (the output of
4//! `plonkish_cat::compile`) and a satisfying [`Witness`](prove::Witness),
5//! this crate produces a cryptographic [`Proof`](prove::Proof) that the
6//! witness is valid, without the verifier needing to know the witness.
7//!
8//! # Architecture
9//!
10//! ```text
11//! plonkish_cat::compile(graph, path) -> ConstraintSet<F>
12//!                                            |
13//!                            proof_cat::prove(constraints, witness)
14//!                                            |
15//!                                        Proof<F>
16//!                                            |
17//!                            proof_cat::verify(constraints, proof)
18//!                                            |
19//!                                       Ok(true)
20//! ```
21//!
22//! Internally the proof uses the **sumcheck protocol** over
23//! multilinear polynomials, with a **Merkle tree** commitment to
24//! the witness.  The sumcheck protocol, Merkle commitment,
25//! multilinear polynomial type, and Fiat-Shamir transcript all
26//! live in [`proof_cat_core`] so they can be shared with
27//! STARK-flavored downstreams.
28//!
29//! # Modules
30//!
31//! - [`prove`] -- End-to-end proof generation and verification.
32//! - [`error`] -- The hand-rolled [`Error`] enum.
33//!
34//! Field types live in [`field_cat`].  Sumcheck, multilinear
35//! polynomial, Merkle tree, and transcript primitives live in
36//! [`proof_cat_core`].
37
38pub mod error;
39pub mod prove;
40
41pub use error::Error;
42pub use prove::{Proof, Witness, prove, verify};