Trait winter_prover::Prover

source · 
pub trait Prover {
    type BaseField: StarkField + ExtensibleField<2> + ExtensibleField<3>;
    type Air: Air<BaseField = Self::BaseField>;
    type Trace: Trace<BaseField = Self::BaseField>;

    fn get_pub_inputs(
        &self,
        trace: &Self::Trace
    ) -> <<Self as Prover>::Air as Air>::PublicInputs;
    fn options(&self) -> &ProofOptions;

    fn prove(&self, trace: Self::Trace) -> Result<StarkProof, ProverError> { ... }
    fn build_trace_commitment<E, H>(
        &self,
        trace: &Matrix<E>,
        domain: &StarkDomain<Self::BaseField>
    ) -> (Matrix<E>, MerkleTree<H>, Matrix<E>)
    where
        E: FieldElement<BaseField = Self::BaseField>,
        H: ElementHasher<BaseField = Self::BaseField>,
    { ... }
    fn build_constraint_commitment<E, H>(
        &self,
        composition_poly: &CompositionPoly<E>,
        domain: &StarkDomain<Self::BaseField>
    ) -> ConstraintCommitment<E, H>
    where
        E: FieldElement<BaseField = Self::BaseField>,
        H: ElementHasher<BaseField = Self::BaseField>,
    { ... }
}
Expand description

Defines a STARK prover for a computation.

A STARK prover can be used to generate STARK proofs. The prover contains definitions of a computation’s AIR (specified via Air associated type) and execution trace (specified via Trace associated type), and exposes prove() method which can be used to build STARK proofs for provided execution traces.

Thus, once a prover is defined and instantiated, generating a STARK proof consists of two steps:

  1. Build an execution trace for a specific instance of the computation.
  2. Invoke Prover::prove() method generate a proof using the trace from the previous step as a witness.

The generated proof is built using protocol parameters defined by the ProofOptions struct return from Prover::options method.

Required Associated Types

Base field for the computation described by this prover.

Algebraic intermediate representation (AIR) for the computation described by this prover.

Execution trace of the computation described by this prover.

Required Methods

Returns a set of public inputs for an instance of the computation defined by the provided trace.

Public inputs need to be shared with the verifier in order for them to verify a proof.

Returns ProofOptions which this prover uses to generate STARK proofs.

Proof options defines basic protocol parameters such as: number of queries, blowup factor, grinding factor, hash function to be used in the protocol etc. These properties directly inform such metrics as proof generation time, proof size, and proof security level.

Provided Methods

Returns a STARK proof attesting to a correct execution of a computation defined by the provided trace.

The returned StarkProof attests that the specified trace is a valid execution trace of the computation described by Self::Air and generated using some set of secret and public inputs. Public inputs must match the value returned from Self::get_pub_inputs() for the provided trace.

Computes a low-degree extension (LDE) of the provided execution trace over the specified domain and build a commitment to the extended trace.

The extension is performed by interpolating each column of the execution trace into a polynomial of degree = trace_length - 1, and then evaluating the polynomial over the LDE domain.

Trace commitment is computed by hashing each row of the extended execution trace, and then building a Merkle tree from the resulting hashes.

Evaluates constraint composition polynomial over the LDE domain and builds a commitment to these evaluations.

The evaluation is done by evaluating each composition polynomial column over the LDE domain.

The commitment is computed by hashing each row in the evaluation matrix, and then building a Merkle tree from the resulting hashes.

Implementors