Module precompile

Expand description

Precompile framework for deferred verification in the Miden VM.

This module provides the infrastructure for executing computationally expensive operations (precompiles) during VM execution while deferring their verification until proof generation.

§Overview

Precompiles enable the Miden VM to efficiently handle operations like cryptographic hashing (e.g., Keccak256) that would be prohibitively expensive to prove directly in the VM. Instead of proving every step of these computations, the VM uses a deferred verification approach.

§Workflow

The precompile system follows a four-stage lifecycle:

VM Execution: When a program calls a precompile (via an event handler), the VM:
- Computes the result non-deterministically using the host
- Creates a PrecompileCommitment binding inputs and outputs together
- Stores a PrecompileRequest containing the raw input data for later verification
- Records the commitment into a PrecompileTranscript
Request Storage: All precompile requests are collected and included in the execution proof.
Proof Generation: The prover generates a STARK proof of the VM execution. The final PrecompileTranscript state (sponge capacity) is a public input. The verifier enforces the initial (empty) and final state via variable‑length public inputs.
Verification: The verifier:
- Recomputes each precompile commitment using the stored requests via PrecompileVerifier
- Reconstructs the PrecompileTranscript by recording all commitments in order
- Verifies the STARK proof with the final transcript state as public input.
- Accepts the proof only if precompile verification succeeds and the STARK proof is valid

§Key Types

PrecompileRequest: Stores the event ID and raw input bytes for a precompile call
PrecompileCommitment: A cryptographic commitment to both inputs and outputs, consisting of a tag (with event ID and metadata) and a commitment to the request’s calldata.
PrecompileVerifier: Trait for implementing verification logic for specific precompiles
PrecompileVerifierRegistry: Registry mapping event IDs to their verifier implementations
PrecompileTranscript: A transcript (implemented via an RPO256 sponge) that creates a sequential commitment to all precompile requests.

§Example Implementation

See the Keccak256 precompile in miden_core_lib::handlers::keccak256 for a complete reference implementation demonstrating both execution-time event handling and verification-time commitment recomputation.

§Security Considerations

⚠️ Alpha Status: This framework is under active development and subject to change. The security model assumes a fixed set of precompiles supported by the network. User-defined precompiles cannot be verified in the current architecture.

Structs§

PrecompileCommitment: A commitment to the evaluation of PrecompileRequest, representing both the input and result of the request.
PrecompileRequest: Represents a single precompile request consisting of an event ID and byte data.
PrecompileTranscript: Precompile transcript implemented with an RPO256 sponge.
PrecompileVerifierRegistry: Registry of precompile verifiers.

Enums§

PrecompileVerificationError

Traits§

PrecompileVerifier: Trait for verifying precompile computations.

Type Aliases§

PrecompileError: Type alias for precompile errors.
PrecompileTranscriptDigest: Type alias representing the finalized transcript digest.
PrecompileTranscriptState: Type alias representing the precompile transcript state (sponge capacity word).