Crate winter_prover

This crate contains Winterfell STARK prover.

This prover can be used to generate proofs of computational integrity using the STARK (Scalable Transparent ARguments of Knowledge) protocol.

When the crate is compiled with concurrent feature enabled, proof generation will be performed in multiple threads (usually, as many threads as there are logical cores on the machine). The number of threads can be configured via RAYON_NUM_THREADS environment variable.

Usage

To generate a proof that a computation was executed correctly, you’ll need to do the following:

1. Define an algebraic intermediate representation (AIR) for your computation. This can be done by implementing Air trait.
2. Define an execution trace for your computation. This can be done by implementing Trace trait. Alternatively, you can use TraceTable struct which already implements Trace trait in cases when this generic implementation works for your use case.
3. Execute your computation and record its execution trace.
4. Define your prover by implementing Prover trait. Then execute Prover::prove() function passing the trace generated in the previous step into it as a parameter. The function will return a instance of StarkProof.

This StarkProof can be serialized and sent to a STARK verifier for verification. The size of proof depends on the specifics of a given computation, but for most computations it should be in the range between 15 KB (for very small computations) and 300 KB (for very large computations).

Proof generation time is also highly dependent on the specifics of a given computation, but also depends on the capabilities of the machine used to generate the proofs (i.e. on number of CPU cores and memory bandwidth).

Re-exports

• pub use math;
• pub use crypto;

Modules

• iterators
  Components needed for parallel iterators.
• matrix
  Two-dimensional data structures used to represent polynomials and polynomial evaluations.
• proof
  Contains STARK proof struct and associated components.

Structs

• AirContext
  STARK parameters and trace properties for a specific execution of a computation.
• Assertion
  An assertion made against an execution trace.
• AuxTraceRandElements
  Random elements used in construction of auxiliary trace segments.
• BoundaryConstraint
  The numerator portion of a boundary constraint.
• BoundaryConstraintGroup
  A group of boundary constraints all having the same divisor.
• CompositionPoly
  A composition polynomial split into columns with each column being of length equal to trace_length.
• CompositionPolyTrace
  Represents merged evaluations of all constraint evaluations.
• ConstraintCommitment
  Constraint evaluation commitment.
• ConstraintCompositionCoefficients
  Coefficients used in construction of constraint composition polynomial.
• ConstraintDivisor
  The denominator portion of boundary and transition constraints.
• DeepCompositionCoefficients
  Coefficients used in construction of DEEP composition polynomial.
• DefaultConstraintEvaluator
  Default implementation of the ConstraintEvaluator trait.
• DefaultTraceLde
  Contains all segments of the extended execution trace, the commitments to these segments, the LDE blowup factor, and the TraceInfo.
• EvaluationFrame
  A set of execution trace rows required for evaluation of transition constraints.
• ProofOptions
  STARK protocol parameters.
• SliceReader
  Implements ByteReader trait for a slice of bytes.
• StarkDomain
  Info about domains related to specific instance of proof generation.
• StarkProof
  A proof generated by Winterfell prover.
• TraceInfo
  Information about a specific execution trace.
• TraceLayout
  Layout of columns within an execution trace.
• TracePolyTable
  Trace polynomials in coefficient from for all segments of the execution trace.
• TraceTable
  A concrete implementation of the Trace trait.
• TraceTableFragment
  A set of consecutive rows of an execution trace.
• TransitionConstraintDegree
  Degree descriptor of a transition constraint.

Enums

• DeserializationError
  Defines errors which can occur during deserialization.
• FieldExtension
  Defines an extension field for the composition polynomial.
• ProverError
  Represents an error returned by the prover during an execution of the protocol.

Traits

• Air
  Describes algebraic intermediate representation of a computation.
• ByteReader
  Defines how primitive values are to be read from Self.
• ByteWriter
  Defines how primitive values are to be written into Self.
• ConstraintEvaluator
  Contains logic for evaluating AIR constraints over an extended execution trace.
• Deserializable
  Defines how to deserialize Self from bytes.
• Prover
  Defines a STARK prover for a computation.
• Serializable
  Defines how to serialize Self into bytes.
• Trace
  Defines an execution trace of a computation.
• TraceLde
  Contains all segments of the extended execution trace and their commitments.