proof_cat/lib.rs
1//! proof-cat: sumcheck-based proving backend for plonkish-cat.
2//!
3//! Given a [`ConstraintSet`](plonkish_cat::ConstraintSet) (the
4//! output of `plonkish_cat::compile`) and a satisfying
5//! [`Witness`](prove::Witness), this crate produces a
6//! cryptographic [`Proof`](prove::Proof) that the witness is
7//! valid, without the verifier needing to know the witness.
8//!
9//! # Architecture
10//!
11//! ```text
12//! plonkish_cat::compile(graph, path) -> ConstraintSet<F>
13//! |
14//! proof_cat::prove(constraints, witness)
15//! |
16//! Proof<F>
17//! |
18//! proof_cat::verify(constraints, proof)
19//! |
20//! Ok(true)
21//! ```
22//!
23//! Internally the proof uses the **sumcheck protocol** over
24//! multilinear polynomials, with a **Merkle tree** commitment
25//! for the witness values.
26//!
27//! # Modules
28//!
29//! - [`field`] -- `BabyBear` prime field and serialization trait.
30//! - [`poly`] -- Multilinear polynomial evaluation tables.
31//! - [`transcript`] -- Fiat-Shamir non-interactive transcript.
32//! - [`commit`] -- Merkle tree commitment scheme.
33//! - [`sumcheck`] -- Sumcheck prover and verifier.
34//! - [`prove`] -- End-to-end proof generation and verification.
35
36pub mod commit;
37pub mod error;
38pub mod field;
39pub mod poly;
40pub mod prove;
41pub mod sumcheck;
42pub mod transcript;
43
44pub use error::Error;
45pub use field::{BabyBear, FieldBytes};
46pub use poly::{MultilinearPoly, NumVars};
47pub use prove::{Proof, Witness, prove, verify};
48pub use sumcheck::{SumcheckClaim, SumcheckProof, sumcheck_prove, sumcheck_verify};
49pub use transcript::Transcript;