sp1-verifier 6.1.0

Verifier for SP1 Groth16 and Plonk proofs.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133

// TODO: After finalizing vkeys, decide on a vkey verification solution. Then, clean up the
// constants and error enum in this file and update sp1_prover::tests::sp1_verifier_valid.

use alloc::boxed::Box;

use sp1_hypercube::{MachineVerifierConfigError, SP1InnerPcs, VcsError};
use sp1_primitives::{SP1Field, SP1GlobalContext};
use strum::IntoDiscriminant;
use thiserror::Error;

// NOTE: that all these constants and types are checked by sp1_prover::tests::sp1_verifier_valid.
// If you add a new proof, you MUST add to the test in that crate.

mod config;
mod internal;

use crate::{SP1Proof, SP1ProofMode};

pub use self::internal::SP1CompressedVerifier;
pub use config::{RECURSION_LOG_STACKING_HEIGHT, RECURSION_MAX_LOG_ROW_COUNT};

/// A reason why the verifier rejects a given proof.
#[derive(Debug, Error)]
#[non_exhaustive]
pub enum CompressedError {
    #[error("invalid proof type")]
    InvalidProofType(SP1ProofMode),
    #[error("failed to deserialize proof: {0}")]
    DeserializeProof(Box<bincode::ErrorKind>),
    #[error("failed to deserialize vkey hash: {0}")]
    DeserializeVkeyHash(Box<bincode::ErrorKind>),
    #[error("failed to verify proof: {0}")]
    ProofRejected(#[from] MachineVerifierConfigError<SP1GlobalContext, SP1InnerPcs>),
    #[error("given public values do not match the commitment in the proof")]
    PublicValuesMismatch,
    #[error("incorrect vkey")]
    InvalidVkey(VcsError),
}

/// A verifier for SP1 "compressed" proofs given as raw bytes.
///
/// This struct priovides a convenient interface for verifying compressed proofs given as raw bytes.
/// If possible, it's usually better to use the [SP1CompressedVerifier] struct instead.
#[derive(Debug)]
pub struct SP1CompressedVerifierRaw;

impl SP1CompressedVerifierRaw {
    /// Attempts to verify an SP1 "compressed" proof, as generated by the SP1 SDK.
    /// Returns `Ok` if the proof verifies or `Err` with the reason that verification failed.
    ///
    /// Due to technical limitations, this verifier rejects single-shard proofs, which roughly means
    /// proofs that come from very short programs. In this case, the verifier returns
    /// `Err(CompressedError::SingleShard)`.
    ///
    /// # Arguments
    ///
    /// * `proof` - The proof bytes.
    /// * `sp1_vkey_hash` - The SP1 vkey hash.
    ///
    /// The arguments may be generated in the following manner:
    ///
    /// ```ignore
    /// use sp1_sdk::{HashableKey, ProverClient, SP1Proof};
    /// let client = ProverClient::builder().cpu().build();
    /// let (pk, vk) = client.setup(ELF);
    /// let sp1_vkey_hash = bincode::serialize(&vk.hash_babybear()).unwrap();
    /// let proof = match client.prove(&pk, &stdin).compressed().run().unwrap().proof {
    ///     SP1Proof::Compressed(proof) => bincode::serialize(&proof),
    ///     _ => unreachable!("expected compressed proof"),
    /// };
    /// ```
    pub fn verify_with_public_values(
        proof: &[u8],
        sp1_public_inputs: &[u8],
        sp1_vkey_hash: &[u8],
    ) -> Result<(), CompressedError> {
        let recursion_proof: SP1Proof =
            bincode::deserialize(proof).map_err(CompressedError::DeserializeProof)?;
        let vkey_hash: [SP1Field; 8] =
            bincode::deserialize(sp1_vkey_hash).map_err(CompressedError::DeserializeVkeyHash)?;

        let verifier = SP1CompressedVerifier::new();

        if let SP1Proof::Compressed(proof) = recursion_proof {
            verifier.verify_compressed_with_public_values(&proof, sp1_public_inputs, &vkey_hash)?;
        } else {
            return Err(CompressedError::InvalidProofType(recursion_proof.discriminant()));
        }

        Ok(())
    }

    /// Attempts to verify an SP1 "compressed" proof, as generated by the SP1 SDK.
    /// Returns `Ok` if the proof verifies or `Err` with the reason that verification failed.
    ///
    /// Due to technical limitations, this verifier rejects single-shard proofs, which roughly means
    /// proofs that come from very short programs. In this case, the verifier returns
    /// `Err(CompressedError::SingleShard)`.
    ///
    /// # Arguments
    ///
    /// * `proof` - The proof bytes.
    /// * `sp1_vkey_hash` - The SP1 vkey hash.
    ///
    /// The arguments may be generated in the following manner:
    ///
    /// ```ignore
    /// use sp1_sdk::{HashableKey, ProverClient, SP1Proof};
    /// let client = ProverClient::builder().cpu().build();
    /// let (pk, vk) = client.setup(ELF);
    /// let sp1_vkey_hash = bincode::serialize(&vk.hash_babybear()).unwrap();
    /// let proof = match client.prove(&pk, &stdin).compressed().run().unwrap().proof {
    ///     SP1Proof::Compressed(proof) => bincode::serialize(&proof),
    ///     _ => unreachable!("expected compressed proof"),
    /// };
    /// ```
    pub fn verify(proof: &[u8], sp1_vkey_hash: &[u8]) -> Result<(), CompressedError> {
        let recursion_proof: SP1Proof =
            bincode::deserialize(proof).map_err(CompressedError::DeserializeProof)?;
        let vkey_hash: [SP1Field; 8] =
            bincode::deserialize(sp1_vkey_hash).map_err(CompressedError::DeserializeVkeyHash)?;

        let verifier = SP1CompressedVerifier::new();

        if let SP1Proof::Compressed(proof) = recursion_proof {
            verifier.verify_compressed(&proof, &vkey_hash)?;
        } else {
            return Err(CompressedError::InvalidProofType(recursion_proof.discriminant()));
        }

        Ok(())
    }
}