rsnark_provers_core/

circuit_prover.rs

use std::marker::PhantomData;

use anyhow::Result;
use rsnark_core::{CircuitPublicWitness, CircuitWitness, types};

use crate::Backend;

/// Circuit-specific prover for generating and verifying zero-knowledge proofs.
///
/// The `CircuitProver` is created by compiling a specific circuit with a [`crate::Prover`] and
/// contains the compiled circuit constraints. It provides methods for performing trusted
/// setup, generating proofs, and verifying proofs for the compiled circuit.
///
/// # Type Parameters
///
/// * `B` - The backend implementation that defines the underlying cryptographic operations
/// * `C` - The circuit witness type that this prover was compiled for
///
/// # Workflow
///
/// 1. Create via [`crate::Prover::compile_circuit()`]
/// 2. Perform trusted setup with [`CircuitProver::setup()`]
/// 3. Generate proofs with [`CircuitProver::prove()`]
/// 4. Verify proofs with [`CircuitProver::verify()`]
///
pub struct CircuitProver<B, C>
where
    B: Backend,
{
    pub(crate) backend: B,
    pub(crate) constraint: B::CircuitConstraint,
    pub(crate) marker: PhantomData<C>,
}

impl<B, C> CircuitProver<B, C>
where
    B: Backend,
    C: CircuitWitness,
{
    /// Performs the trusted setup phase for this compiled circuit.
    ///
    /// This generates the proving and verifying keys that are specific to the compiled
    /// circuit constraints. The setup must be performed before any proofs can be generated
    /// or verified.
    ///
    /// # Returns
    ///
    /// Returns a tuple containing the proving key and verifying key on success.
    /// The proving key is used for generating proofs, while the verifying key is used
    /// for verifying proofs.
    ///
    /// # Errors
    ///
    /// This function may return an error if the backend's setup operation fails,
    /// which could happen due to:
    /// - Cryptographic errors during key generation
    /// - Insufficient randomness for secure setup
    /// - Backend-specific setup failures
    ///
    /// # Security Note
    ///
    /// The security of all subsequent proofs depends on this setup being performed
    /// correctly and any setup randomness ("toxic waste") being properly discarded.
    ///
    pub fn setup(&self) -> Result<(B::ProvingKey, B::VerifyingKey)> {
        Ok(self.backend.setup(&self.constraint)?)
    }

    /// Generates a zero-knowledge proof for the given circuit witness.
    ///
    /// This method creates a proof that demonstrates knowledge of a valid witness
    /// satisfying the circuit constraints, without revealing the private components
    /// of the witness.
    ///
    /// # Arguments
    ///
    /// * `proving_key` - The proving key generated by [`CircuitProver::setup()`]
    /// * `circuit_witness` - The complete witness including both public and private values
    ///
    /// # Returns
    ///
    /// Returns the generated zero-knowledge proof on success.
    ///
    /// # Errors
    ///
    /// This function may return an error if:
    /// - The circuit witness does not satisfy the circuit constraints
    /// - The proving key is incompatible with the circuit
    /// - Cryptographic operations fail during proof generation
    /// - The witness values are malformed or invalid
    ///
    pub fn prove(&self, proving_key: &B::ProvingKey, circuit_witness: &C) -> Result<B::Proof> {
        let mut public = Vec::new();
        let mut private = Vec::new();

        circuit_witness.append_witness(&mut public, &mut private, false);

        let witness = types::Witness::from((public, private));
        let proof = self
            .backend
            .prove(&self.constraint, proving_key, &witness)?;

        Ok(proof)
    }

    /// Verifies a zero-knowledge proof against the given public witness.
    ///
    /// This method checks whether a proof is valid for the specified public inputs,
    /// without requiring knowledge of the private witness components that were used
    /// to generate the proof.
    ///
    /// # Arguments
    ///
    /// * `verifying_key` - The verifying key generated by [`CircuitProver::setup()`]
    /// * `proof` - The proof to verify
    /// * `public_witness` - The public inputs and outputs that should match the proof
    ///
    /// # Returns
    ///
    /// Returns `Ok(())` if the proof is valid, or an error if verification fails.
    ///
    /// # Errors
    ///
    /// This function may return an error if:
    /// - The proof is invalid or malformed
    /// - The public witness does not match the proof
    /// - The verifying key is incompatible with the circuit
    /// - Cryptographic verification operations fail
    ///
    /// # Type Constraints
    ///
    /// The public witness type must implement [`CircuitPublicWitness`] to ensure
    /// it can be properly converted to the internal witness format.
    ///
    pub fn verify(
        &self,
        verifying_key: &B::VerifyingKey,
        proof: &B::Proof,
        public_witness: C::PublicWitness,
    ) -> Result<()>
    where
        C::PublicWitness: CircuitPublicWitness,
    {
        let mut witness = types::PublicWitness::new();

        public_witness.append_public_witness(witness.public_mut(), false);

        self.backend.verify(verifying_key, proof, &witness)?;

        Ok(())
    }
}