Trait winter_prover::Prover
source · pub trait Prover {
type BaseField: StarkField + ExtensibleField<2> + ExtensibleField<3>;
type Air: Air<BaseField = Self::BaseField>;
type Trace: Trace<BaseField = Self::BaseField>;
type HashFn: ElementHasher<BaseField = Self::BaseField>;
type RandomCoin: RandomCoin<BaseField = Self::BaseField, Hasher = Self::HashFn>;
// Required methods
fn get_pub_inputs(
&self,
trace: &Self::Trace
) -> <<Self as Prover>::Air as Air>::PublicInputs;
fn options(&self) -> &ProofOptions;
// Provided methods
fn prove(&self, trace: Self::Trace) -> Result<StarkProof, ProverError> { ... }
fn build_trace_commitment<E>(
&self,
trace: &ColMatrix<E>,
domain: &StarkDomain<Self::BaseField>
) -> (RowMatrix<E>, MerkleTree<Self::HashFn>, ColMatrix<E>)
where E: FieldElement<BaseField = Self::BaseField> { ... }
fn build_constraint_commitment<E>(
&self,
composition_poly: &CompositionPoly<E>,
domain: &StarkDomain<Self::BaseField>
) -> ConstraintCommitment<E, Self::HashFn>
where E: FieldElement<BaseField = Self::BaseField> { ... }
}Expand description
Defines a STARK prover for a computation.
A STARK prover can be used to generate STARK proofs. The prover contains definitions of a computation’s AIR (specified via Air associated type), execution trace (specified via Trace associated type) and hash function to be used (specified via HashFn associated type), and exposes prove() method which can be used to build STARK proofs for provided execution traces.
Thus, once a prover is defined and instantiated, generating a STARK proof consists of two steps:
- Build an execution trace for a specific instance of the computation.
- Invoke Prover::prove() method generate a proof using the trace from the previous step as a witness.
The generated proof is built using protocol parameters defined by the ProofOptions struct return from Prover::options method.
Required Associated Types§
sourcetype BaseField: StarkField + ExtensibleField<2> + ExtensibleField<3>
type BaseField: StarkField + ExtensibleField<2> + ExtensibleField<3>
Base field for the computation described by this prover.
sourcetype Air: Air<BaseField = Self::BaseField>
type Air: Air<BaseField = Self::BaseField>
Algebraic intermediate representation (AIR) for the computation described by this prover.
sourcetype Trace: Trace<BaseField = Self::BaseField>
type Trace: Trace<BaseField = Self::BaseField>
Execution trace of the computation described by this prover.
sourcetype HashFn: ElementHasher<BaseField = Self::BaseField>
type HashFn: ElementHasher<BaseField = Self::BaseField>
Hash function to be used.
sourcetype RandomCoin: RandomCoin<BaseField = Self::BaseField, Hasher = Self::HashFn>
type RandomCoin: RandomCoin<BaseField = Self::BaseField, Hasher = Self::HashFn>
PRNG to be used for generating random field elements.
Required Methods§
sourcefn get_pub_inputs(
&self,
trace: &Self::Trace
) -> <<Self as Prover>::Air as Air>::PublicInputs
fn get_pub_inputs( &self, trace: &Self::Trace ) -> <<Self as Prover>::Air as Air>::PublicInputs
Returns a set of public inputs for an instance of the computation defined by the provided trace.
Public inputs need to be shared with the verifier in order for them to verify a proof.
sourcefn options(&self) -> &ProofOptions
fn options(&self) -> &ProofOptions
Returns ProofOptions which this prover uses to generate STARK proofs.
Proof options defines basic protocol parameters such as: number of queries, blowup factor, grinding factor etc. These properties directly inform such metrics as proof generation time, proof size, and proof security level.
Provided Methods§
sourcefn prove(&self, trace: Self::Trace) -> Result<StarkProof, ProverError>
fn prove(&self, trace: Self::Trace) -> Result<StarkProof, ProverError>
Returns a STARK proof attesting to a correct execution of a computation defined by the provided trace.
The returned StarkProof attests that the specified trace is a valid execution trace of
the computation described by Self::Air and generated using some set of
secret and public inputs. Public inputs must match the value returned from
Self::get_pub_inputs() for the provided trace.
sourcefn build_trace_commitment<E>(
&self,
trace: &ColMatrix<E>,
domain: &StarkDomain<Self::BaseField>
) -> (RowMatrix<E>, MerkleTree<Self::HashFn>, ColMatrix<E>)where
E: FieldElement<BaseField = Self::BaseField>,
fn build_trace_commitment<E>( &self, trace: &ColMatrix<E>, domain: &StarkDomain<Self::BaseField> ) -> (RowMatrix<E>, MerkleTree<Self::HashFn>, ColMatrix<E>)where E: FieldElement<BaseField = Self::BaseField>,
Computes a low-degree extension (LDE) of the provided execution trace over the specified domain and build a commitment to the extended trace.
The extension is performed by interpolating each column of the execution trace into a polynomial of degree = trace_length - 1, and then evaluating the polynomial over the LDE domain.
Trace commitment is computed by hashing each row of the extended execution trace, and then building a Merkle tree from the resulting hashes.
sourcefn build_constraint_commitment<E>(
&self,
composition_poly: &CompositionPoly<E>,
domain: &StarkDomain<Self::BaseField>
) -> ConstraintCommitment<E, Self::HashFn>where
E: FieldElement<BaseField = Self::BaseField>,
fn build_constraint_commitment<E>( &self, composition_poly: &CompositionPoly<E>, domain: &StarkDomain<Self::BaseField> ) -> ConstraintCommitment<E, Self::HashFn>where E: FieldElement<BaseField = Self::BaseField>,
Evaluates constraint composition polynomial over the LDE domain and builds a commitment to these evaluations.
The evaluation is done by evaluating each composition polynomial column over the LDE domain.
The commitment is computed by hashing each row in the evaluation matrix, and then building a Merkle tree from the resulting hashes.