Struct winter_verifier::ProofOptions

pub struct ProofOptions { /* fields omitted */ }

STARK protocol parameters.

These parameters have a direct impact on proof soundness, proof generation time, and proof size. Specifically:

1. Hash function - proof soundness is limited by the collision resistance of the hash function used by the protocol. For example, if a hash function with 128-bit collision resistance is used, soundness of a STARK proof cannot exceed 128 bits.
2. Finite field - proof soundness depends on the size of finite field used by the protocol. This means, that for small fields (e.g. smaller than ~128 bits), field extensions must be used to achieve adequate security. And even for ~128 bit fields, to achieve security over 100 bits, a field extension may be required.
3. Number of queries - higher values increase proof soundness, but also increase proof size.
4. Blowup factor - higher values increase proof soundness, but also increase proof generation time and proof size. However, higher blowup factors require fewer queries for the same security level. Thus, it is frequently possible to increase blowup factor and at the same time decrease the number of queries in such a way that the proofs become smaller.
5. Grinding factor - higher values increase proof soundness, but also may increase proof generation time. More precisely, proof soundness is bounded by num_queries * log2(blowup_factor) + grinding_factor.

Implementations

impl ProofOptions

pub fn new(
    num_queries: usize,
    blowup_factor: usize,
    grinding_factor: u32,
    hash_fn: HashFunction,
    field_extension: FieldExtension,
    fri_folding_factor: usize,
    fri_max_remainder_size: usize
) -> ProofOptions

Returns a new instance of ProofOptions struct constructed from the specified parameters.

Panics

Panics if:

• num_queries is zero or greater than 128.
• blowup_factor is smaller than 4, greater than 256, or is not a power of two.
• grinding_factor is greater than 32.
• fri_folding_factor is not 4, 8, or 16.
• fri_max_remainder_size is smaller than 32, greater than 1024, or is not a power of two.

pub fn num_queries(&self) -> usize

Returns number of queries for a STARK proof.

This directly impacts proof soundness as each additional query adds roughly log2(blowup_factor) bits of security to a proof. However, each additional query also increases proof size.

pub fn blowup_factor(&self) -> usize

Returns trace blowup factor for a STARK proof.

This is the factor by which the execution trace is extended during low-degree extension. It has a direct impact on proof soundness as each query adds roughly log2(blowup_factor) bits of security to a proof. However, higher blowup factors also increases prover runtime, and may increase proof size.

pub fn grinding_factor(&self) -> u32

Returns query seed grinding factor for a STARK proof.

Grinding applies Proof-of-Work/ to the query position seed. An honest prover needs to perform this work only once, while a dishonest prover will need to perform it every time they try to change a commitment. Thus, higher grinding factor makes it more difficult to forge a STARK proof. However, setting grinding factor too high (e.g. higher than 20) will adversely affect prover time.

pub fn hash_fn(&self) -> HashFunction

Returns a hash functions to be used during STARK proof construction.

Security of a STARK proof is bounded by collision resistance of the hash function used during proof construction. For example, if collision resistance of a hash function is 128 bits, then soundness of a proof generated using this hash function cannot exceed 128 bits.

pub fn field_extension(&self) -> FieldExtension

Specifies whether composition polynomial should be constructed in an extension field of STARK protocol.

Using a field extension increases maximum security level of a proof, but also has non-negligible impact on prover performance.

pub fn domain_offset<B>(&self) -> B where
    B: StarkField, 

Returns the offset by which the low-degree extension domain is shifted in relation to the trace domain.

Currently, this is hard-coded to the primitive element of the underlying base field.

pub fn to_fri_options(&self) -> FriOptions

Returns options for FRI protocol instantiated with parameters from this proof options.

Trait Implementations

impl Clone for ProofOptions

pub fn clone(&self) -> ProofOptions

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for ProofOptions

pub fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl Deserializable for ProofOptions

pub fn read_from<R>(
    source: &mut R
) -> Result<ProofOptions, DeserializationError> where
    R: ByteReader, 

Reads proof options from the specified source and returns the result.

Errors

Returns an error of a valid proof options could not be read from the specified source.

fn read_batch_from<R>(
    source: &mut R,
    num_elements: usize
) -> Result<Vec<Self, Global>, DeserializationError> where
    R: ByteReader, 

Reads a sequence of bytes from the provided source, attempts to deserialize these bytes into a vector with the specified number of Self elements, and returns the result.

impl PartialEq<ProofOptions> for ProofOptions

pub fn eq(&self, other: &ProofOptions) -> bool

This method tests for self and other values to be equal, and is used by ==.

pub fn ne(&self, other: &ProofOptions) -> bool

This method tests for !=.

impl Serializable for ProofOptions

pub fn write_into<W>(&self, target: &mut W) where
    W: ByteWriter, 

Serializes self and writes the resulting bytes into the target.

fn to_bytes(&self) -> Vec<u8, Global>

Serializes self into a vector of bytes.

fn write_batch_into<W>(source: &[Self], target: &mut W) where
    W: ByteWriter, 

Serializes all elements of the source and writes these bytes into the target.

fn get_size_hint(&self) -> usize

Returns an estimate of how many bytes are needed to represent self.

impl Eq for ProofOptions

impl StructuralEq for ProofOptions

impl StructuralPartialEq for ProofOptions