Struct winter_prover::ProofOptions

source · 
pub struct ProofOptions { /* private fields */ }
Expand description

STARK protocol parameters.

These parameters have a direct impact on proof soundness, proof generation time, and proof size. Specifically:

  1. Finite field - proof soundness depends on the size of finite field used by the protocol. This means, that for small fields (e.g. smaller than ~128 bits), field extensions must be used to achieve adequate security. And even for ~128 bit fields, to achieve security over 100 bits, a field extension may be required.
  2. Number of queries - higher values increase proof soundness, but also increase proof size.
  3. Blowup factor - higher values increase proof soundness, but also increase proof generation time and proof size. However, higher blowup factors require fewer queries for the same security level. Thus, it is frequently possible to increase blowup factor and at the same time decrease the number of queries in such a way that the proofs become smaller.
  4. Grinding factor - higher values increase proof soundness, but also may increase proof generation time. More precisely, conjectured proof soundness is bounded by num_queries * log2(blowup_factor) + grinding_factor.

Another important parameter in defining STARK security level, which is not a part of ProofOptions is the hash function used in the protocol. The soundness of a STARK proof is limited by the collision resistance of the hash function used by the protocol. For example, if a hash function with 128-bit collision resistance is used, soundness of a STARK proof cannot exceed 128 bits.

Implementations§

source§

impl ProofOptions

source

pub const MIN_BLOWUP_FACTOR: usize = 2usize

Smallest allowed blowup factor which is currently set to 2.

The smallest allowed blowup factor for a given computation is derived from degrees of constraints defined for that computation and may be greater than 2. But no computation may have a blowup factor smaller than 2.

source

pub const fn new( num_queries: usize, blowup_factor: usize, grinding_factor: u32, field_extension: FieldExtension, fri_folding_factor: usize, fri_remainder_max_degree: usize ) -> ProofOptions

Returns a new instance of ProofOptions struct constructed from the specified parameters.

Panics

Panics if:

  • num_queries is zero or greater than 255.
  • blowup_factor is smaller than 2, greater than 128, or is not a power of two.
  • grinding_factor is greater than 32.
  • fri_folding_factor is not 2, 4, 8, or 16.
  • fri_remainder_max_degree is greater than 255 or is not a power of two minus 1.
source

pub const fn num_queries(&self) -> usize

Returns number of queries for a STARK proof.

This directly impacts proof soundness as each additional query adds roughly log2(blowup_factor) bits of security to a proof. However, each additional query also increases proof size.

source

pub const fn blowup_factor(&self) -> usize

Returns trace blowup factor for a STARK proof.

This is the factor by which the execution trace is extended during low-degree extension. It has a direct impact on proof soundness as each query adds roughly log2(blowup_factor) bits of security to a proof. However, higher blowup factors also increases prover runtime, and may increase proof size.

source

pub const fn grinding_factor(&self) -> u32

Returns query seed grinding factor for a STARK proof.

Grinding applies Proof-of-Work to the query position seed. An honest prover needs to perform this work only once, while a dishonest prover will need to perform it every time they try to change a commitment. Thus, higher grinding factor makes it more difficult to forge a STARK proof. However, setting grinding factor too high (e.g. higher than 20) will adversely affect prover time.

source

pub const fn field_extension(&self) -> FieldExtension

Specifies whether composition polynomial should be constructed in an extension field of STARK protocol.

Using a field extension increases maximum security level of a proof, but also has non-negligible impact on prover performance.

source

pub const fn domain_offset<B>(&self) -> B
where B: StarkField,

Returns the offset by which the low-degree extension domain is shifted in relation to the trace domain.

Currently, this is hard-coded to the primitive element of the underlying base field.

source

pub fn to_fri_options(&self) -> FriOptions

Returns options for FRI protocol instantiated with parameters from this proof options.

Trait Implementations§

source§

impl Clone for ProofOptions

source§

fn clone(&self) -> ProofOptions

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for ProofOptions

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
source§

impl Deserializable for ProofOptions

source§

fn read_from<R>(source: &mut R) -> Result<ProofOptions, DeserializationError>
where R: ByteReader,

Reads proof options from the specified source and returns the result.

Errors

Returns an error of a valid proof options could not be read from the specified source.

source§

fn read_from_bytes(bytes: &[u8]) -> Result<Self, DeserializationError>

Attempts to deserialize the provided bytes into Self and returns the result. Read more
source§

fn read_batch_from<R>( source: &mut R, num_elements: usize ) -> Result<Vec<Self>, DeserializationError>
where R: ByteReader,

Reads a sequence of bytes from the provided source, attempts to deserialize these bytes into a vector with the specified number of Self elements, and returns the result. Read more
source§

impl PartialEq for ProofOptions

source§

fn eq(&self, other: &ProofOptions) -> bool

This method tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
source§

impl Serializable for ProofOptions

source§

fn write_into<W>(&self, target: &mut W)
where W: ByteWriter,

Serializes self and writes the resulting bytes into the target.

source§

fn to_bytes(&self) -> Vec<u8>

Serializes self into a vector of bytes.
source§

fn write_batch_into<W>(source: &[Self], target: &mut W)
where W: ByteWriter,

Serializes all elements of the source and writes these bytes into the target. Read more
source§

fn get_size_hint(&self) -> usize

Returns an estimate of how many bytes are needed to represent self. Read more
source§

impl<E> ToElements<E> for ProofOptions
where E: StarkField,

source§

fn to_elements(&self) -> Vec<E>

source§

impl Eq for ProofOptions

source§

impl StructuralEq for ProofOptions

source§

impl StructuralPartialEq for ProofOptions

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> Same for T

§

type Output = T

Should always be Self
source§

impl<T> ToOwned for T
where T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.