Crate winter_verifier

source ·
Expand description

This crate contains Winterfell STARK verifier.

This verifier can be used to verify STARK proofs generated by the Winterfell STARK prover.

Usage

To verify a proof that a computation was executed correctly, you’ll need to do the following:

  1. Define an algebraic intermediate representation (AIR) for you computation. This can be done by implementing Air trait.
  2. Execute verify() function and supply the AIR of your computation together with the StarkProof and related public inputs as parameters.

Performance

Proof verification is extremely fast and is nearly independent of the complexity of the computation being verified. In vast majority of cases proofs can be verified in 3 - 5 ms on a modern mid-range laptop CPU (using a single core).

There is one exception, however: if a computation requires a lot of sequence assertions (see Assertion for more info), the verification time will grow linearly in the number of asserted values. But for the impact to be noticeable, the number of asserted values would need to be in tens of thousands. And even for hundreds of thousands of asserted values, the verification time should not exceed 50 ms.

Re-exports

pub use math;
pub use crypto;

Structs

AirContext
STARK parameters and trace properties for a specific execution of a computation.
Assertion
An assertion made against an execution trace.
AuxTraceRandElements
Random elements used in construction of auxiliary trace segments.
BoundaryConstraint
The numerator portion of a boundary constraint.
BoundaryConstraintGroup
A group of boundary constraints all having the same divisor.
ConstraintCompositionCoefficients
Coefficients used in construction of constraint composition polynomial.
ConstraintDivisor
The denominator portion of boundary and transition constraints.
DeepCompositionCoefficients
Coefficients used in construction of DEEP composition polynomial.
EvaluationFrame
A set of execution trace rows required for evaluation of transition constraints.
ProofOptions
STARK protocol parameters.
SliceReader
Implements ByteReader trait for a slice of bytes.
StarkProof
A proof generated by Winterfell prover.
TraceInfo
Information about a specific execution trace.
TransitionConstraintDegree
Degree descriptor of a transition constraint.
TransitionConstraintGroup
A group of transition constraints all having the same degree.

Enums

DeserializationError
Defines errors which can occur during deserialization.
FieldExtension
Defines an extension field for the composition polynomial.
HashFunction
Defines a set of available hash function for STARK protocol.
VerifierError
Represents an error returned by the verifier during an execution of the protocol.

Traits

Air
Describes algebraic intermediate representation of a computation.
ByteReader
Defines how primitive values are to be read from Self.
ByteWriter
Defines how primitive values are to be written into Self.
Deserializable
Defines how to deserialize Self from bytes.
Serializable
Defines how to serialize Self into bytes.

Functions

verify
Verifies that the specified computation was executed correctly against the specified inputs.