Struct StarkVerifier 

pub struct StarkVerifier<C>
where
    C: StarkGenericConfig,
{ /* private fields */ }

zk-STARK verifier

This is a high-level wrapper around the STARK verification functionality. It provides a convenient interface for verifying STARK proofs with a given configuration.

Example

use lib_q_zkp::stark::{StarkVerifier, default_config};
use Complex;
use Mersenne31;

type Val = Complex<Mersenne31>;

let config = default_config();
let verifier = StarkVerifier::new(config);
// air: implements Air trait (same as used in proof generation)
// proof: StarkProof<Config>
// public_values: &[Val]
verifier.verify(&air, &proof, &public_values)?;

Implementations

impl<C> StarkVerifier<C>

where C: StarkGenericConfig,

pub fn new(config: C) -> StarkVerifier<C>

Create a new zk-STARK verifier with the given configuration

pub fn verify<A>( &self, air: &A, proof: &Proof<C>, public_values: &[<<<C as StarkGenericConfig>::Pcs as Pcs<<C as StarkGenericConfig>::Challenge, <C as StarkGenericConfig>::Challenger>>::Domain as PolynomialSpace>::Val], ) -> Result<(), VerificationError<<<C as StarkGenericConfig>::Pcs as Pcs<<C as StarkGenericConfig>::Challenge, <C as StarkGenericConfig>::Challenger>>::Error>>

where A: Air<SymbolicAirBuilder<<<<C as StarkGenericConfig>::Pcs as Pcs<<C as StarkGenericConfig>::Challenge, <C as StarkGenericConfig>::Challenger>>::Domain as PolynomialSpace>::Val>> + for<'a> Air<VerifierConstraintFolder<'a, C>>,

Verify a STARK proof for the given AIR and public values

Arguments

• air - The Algebraic Intermediate Representation that was used to generate the proof
• proof - The STARK proof to verify
• public_values - Public values that were used during proof generation

Returns

Ok(()) if the proof is valid, Err(VerificationError) otherwise

pub fn derive_challenges<A>( &self, air: &A, proof: &Proof<C>, public_values: &[<<<C as StarkGenericConfig>::Pcs as Pcs<<C as StarkGenericConfig>::Challenge, <C as StarkGenericConfig>::Challenger>>::Domain as PolynomialSpace>::Val], ) -> Result<(<C as StarkGenericConfig>::Challenge, <C as StarkGenericConfig>::Challenge, <C as StarkGenericConfig>::Challenge, Vec<<C as StarkGenericConfig>::Challenge>), VerificationError<<<C as StarkGenericConfig>::Pcs as Pcs<<C as StarkGenericConfig>::Challenge, <C as StarkGenericConfig>::Challenger>>::Error>>

where A: Air<SymbolicAirBuilder<<<<C as StarkGenericConfig>::Pcs as Pcs<<C as StarkGenericConfig>::Challenge, <C as StarkGenericConfig>::Challenger>>::Domain as PolynomialSpace>::Val>> + for<'a> Air<VerifierConstraintFolder<'a, C>>, <<C as StarkGenericConfig>::Pcs as Pcs<<C as StarkGenericConfig>::Challenge, <C as StarkGenericConfig>::Challenger>>::Proof: FriDataExtractor<Challenge = <C as StarkGenericConfig>::Challenge>, <C as StarkGenericConfig>::Challenger: CanObserve<<<<C as StarkGenericConfig>::Pcs as Pcs<<C as StarkGenericConfig>::Challenge, <C as StarkGenericConfig>::Challenger>>::Domain as PolynomialSpace>::Val> + CanObserve<<<C as StarkGenericConfig>::Pcs as Pcs<<C as StarkGenericConfig>::Challenge, <C as StarkGenericConfig>::Challenger>>::Commitment> + CanObserve<<<<C as StarkGenericConfig>::Pcs as Pcs<<C as StarkGenericConfig>::Challenge, <C as StarkGenericConfig>::Challenger>>::Proof as FriDataExtractor>::Commitment>,

Derive Fiat–Shamir challenges by replaying the verifier transcript.

Returns (zeta, zeta_next, alpha, betas) so that callers (e.g. aggregation) can serialize proofs with real challenges. Only supports proofs without preprocessed trace (preprocessed_width == 0).

pub fn derive_query_positions<A>( &self, air: &A, proof: &Proof<C>, public_values: &[<<<C as StarkGenericConfig>::Pcs as Pcs<<C as StarkGenericConfig>::Challenge, <C as StarkGenericConfig>::Challenger>>::Domain as PolynomialSpace>::Val], fri_params: &FriQueryParams, ) -> Result<Vec<usize>, VerificationError<<<C as StarkGenericConfig>::Pcs as Pcs<<C as StarkGenericConfig>::Challenge, <C as StarkGenericConfig>::Challenger>>::Error>>

where A: Air<SymbolicAirBuilder<<<<C as StarkGenericConfig>::Pcs as Pcs<<C as StarkGenericConfig>::Challenge, <C as StarkGenericConfig>::Challenger>>::Domain as PolynomialSpace>::Val>> + for<'a> Air<VerifierConstraintFolder<'a, C>>, <<C as StarkGenericConfig>::Pcs as Pcs<<C as StarkGenericConfig>::Challenge, <C as StarkGenericConfig>::Challenger>>::Proof: FriDataExtractor<Challenge = <C as StarkGenericConfig>::Challenge>, <C as StarkGenericConfig>::Challenger: CanObserve<<<<C as StarkGenericConfig>::Pcs as Pcs<<C as StarkGenericConfig>::Challenge, <C as StarkGenericConfig>::Challenger>>::Domain as PolynomialSpace>::Val> + CanObserve<<<C as StarkGenericConfig>::Pcs as Pcs<<C as StarkGenericConfig>::Challenge, <C as StarkGenericConfig>::Challenger>>::Commitment> + CanObserve<<<<C as StarkGenericConfig>::Pcs as Pcs<<C as StarkGenericConfig>::Challenge, <C as StarkGenericConfig>::Challenger>>::Proof as FriDataExtractor>::Commitment> + GrindingChallenger<Witness = <<<C as StarkGenericConfig>::Pcs as Pcs<<C as StarkGenericConfig>::Challenge, <C as StarkGenericConfig>::Challenger>>::Proof as FriDataExtractor>::Witness>, <<<C as StarkGenericConfig>::Pcs as Pcs<<C as StarkGenericConfig>::Challenge, <C as StarkGenericConfig>::Challenger>>::Proof as FriDataExtractor>::Witness: Clone,

Derive FRI query positions by replaying the Fiat–Shamir challenger through commitments, FRI betas, final polynomial, and PoW, then sampling num_queries indices.

Returns the same query indices the verifier would use when verifying the proof. Call with the same FRI params used to produce the proof (e.g. from config).

pub fn config(&self) -> &C

Get a reference to the underlying configuration