Crate winter_prover

Expand description

This crate contains Winterfell STARK prover.

This prover can be used to generate proofs of computational integrity using the STARK (Scalable Transparent ARguments of Knowledge) protocol.

When the crate is compiled with concurrent feature enabled, proof generation will be performed in multiple threads (usually, as many threads as there are logical cores on the machine). The number of threads can be configured via RAYON_NUM_THREADS environment variable.

§Usage

To generate a proof that a computation was executed correctly, you’ll need to do the following:

Define an algebraic intermediate representation (AIR) for your computation. This can be done by implementing Air trait.
Define an execution trace for your computation. This can be done by implementing Trace trait. Alternatively, you can use TraceTable struct which already implements Trace trait in cases when this generic implementation works for your use case.
Execute your computation and record its execution trace.
Define your prover by implementing Prover trait. Then execute Prover::prove() function passing the trace generated in the previous step into it as a parameter. The function will return a instance of Proof.

This Proof can be serialized and sent to a STARK verifier for verification. The size of proof depends on the specifics of a given computation, but for most computations it should be in the range between 15 KB (for very small computations) and 300 KB (for very large computations).

Proof generation time is also highly dependent on the specifics of a given computation, but also depends on the capabilities of the machine used to generate the proofs (i.e. on number of CPU cores and memory bandwidth).

Re-exports§

pub use crypto;
pub use math;

Modules§

iterators: Components needed for parallel iterators.
matrix: Two-dimensional data structures used to represent polynomials and polynomial evaluations.
proof: Contains STARK proof struct and associated components.

Structs§

AirContext: STARK parameters and trace properties for a specific execution of a computation.
Assertion: An assertion made against an execution trace.
AuxTraceWithMetadata: Holds the auxiliary trace, the random elements used when generating the auxiliary trace.
BoundaryConstraint: The numerator portion of a boundary constraint.
BoundaryConstraintGroup: A group of boundary constraints all having the same divisor.
CompositionPoly: A composition polynomial split into columns with each column being of length equal to trace_length.
CompositionPolyTrace: Represents merged evaluations of all constraint evaluations.
ConstraintCompositionCoefficients: Coefficients used in construction of constraint composition polynomial.
ConstraintDivisor: The denominator portion of boundary and transition constraints.
DeepCompositionCoefficients: Coefficients used in construction of DEEP composition polynomial.
DefaultConstraintCommitment: Constraint evaluation commitment.
DefaultConstraintEvaluator: Default implementation of the ConstraintEvaluator trait.
DefaultTraceLde: Contains all segments of the extended execution trace, the commitments to these segments, the LDE blowup factor, and the TraceInfo.
EvaluationFrame: A set of execution trace rows required for evaluation of transition constraints.
Proof: A proof generated by Winterfell prover.
ProofOptions: STARK protocol parameters.
SliceReader: Implements ByteReader trait for a slice of bytes.
StarkDomain: Info about domains related to specific instance of proof generation.
TraceInfo: Information about a specific execution trace.
TracePolyTable: Trace polynomials in coefficient from for all segments of the execution trace.
TraceTable: A concrete implementation of the Trace trait.
TraceTableFragment: A set of consecutive rows of an execution trace.
TransitionConstraintDegree: Degree descriptor of a transition constraint.

Enums§

DeserializationError: Defines errors which can occur during deserialization.
FieldExtension: Defines an extension field for the composition polynomial.
ProverError: Represents an error returned by the prover during an execution of the protocol.

Traits§

Air: Describes algebraic intermediate representation of a computation.
ByteReader: Defines how primitive values are to be read from Self.
ByteWriter: Defines how primitive values are to be written into Self.
ConstraintCommitment: Constraint evaluation commitment.
ConstraintEvaluator: Contains logic for evaluating AIR constraints over an extended execution trace.
Deserializable: Defines how to deserialize Self from bytes.
Prover: Defines a STARK prover for a computation.
Serializable: Defines how to serialize Self into bytes.
Trace: Defines an execution trace of a computation.
TraceLde: Contains all segments of the extended execution trace and their commitments.