Struct winterfell::ProofOptions
[−]pub struct ProofOptions { /* private fields */ }
Expand description
STARK protocol parameters.
These parameters have a direct impact on proof soundness, proof generation time, and proof size. Specifically:
- Hash function - proof soundness is limited by the collision resistance of the hash function used by the protocol. For example, if a hash function with 128-bit collision resistance is used, soundness of a STARK proof cannot exceed 128 bits.
- Finite field - proof soundness depends on the size of finite field used by the protocol. This means, that for small fields (e.g. smaller than ~128 bits), field extensions must be used to achieve adequate security. And even for ~128 bit fields, to achieve security over 100 bits, a field extension may be required.
- Number of queries - higher values increase proof soundness, but also increase proof size.
- Blowup factor - higher values increase proof soundness, but also increase proof generation time and proof size. However, higher blowup factors require fewer queries for the same security level. Thus, it is frequently possible to increase blowup factor and at the same time decrease the number of queries in such a way that the proofs become smaller.
- Grinding factor - higher values increase proof soundness, but also may increase proof
generation time. More precisely, proof soundness is bounded by
num_queries * log2(blowup_factor) + grinding_factor
.
Implementations
impl ProofOptions
impl ProofOptions
pub const MIN_BLOWUP_FACTOR: usize = 2usize
pub const MIN_BLOWUP_FACTOR: usize = 2usize
Smallest allowed blowup factor which is currently set to 2.
The smallest allowed blowup factor for a given computation is derived from degrees of constraints defined for that computation and may be greater than 2. But no computation may have a blowup factor smaller than 2.
pub fn new(
num_queries: usize,
blowup_factor: usize,
grinding_factor: u32,
hash_fn: HashFunction,
field_extension: FieldExtension,
fri_folding_factor: usize,
fri_max_remainder_size: usize
) -> ProofOptions
pub fn new(
num_queries: usize,
blowup_factor: usize,
grinding_factor: u32,
hash_fn: HashFunction,
field_extension: FieldExtension,
fri_folding_factor: usize,
fri_max_remainder_size: usize
) -> ProofOptions
Returns a new instance of ProofOptions struct constructed from the specified parameters.
Panics
Panics if:
num_queries
is zero or greater than 128.blowup_factor
is smaller than 4, greater than 256, or is not a power of two.grinding_factor
is greater than 32.fri_folding_factor
is not 4, 8, or 16.fri_max_remainder_size
is smaller than 32, greater than 1024, or is not a power of two.
pub fn num_queries(&self) -> usize
pub fn num_queries(&self) -> usize
Returns number of queries for a STARK proof.
This directly impacts proof soundness as each additional query adds roughly
log2(blowup_factor)
bits of security to a proof. However, each additional query also
increases proof size.
pub fn blowup_factor(&self) -> usize
pub fn blowup_factor(&self) -> usize
Returns trace blowup factor for a STARK proof.
This is the factor by which the execution trace is extended during low-degree extension. It
has a direct impact on proof soundness as each query adds roughly log2(blowup_factor)
bits of security to a proof. However, higher blowup factors also increases prover runtime,
and may increase proof size.
pub fn grinding_factor(&self) -> u32
pub fn grinding_factor(&self) -> u32
Returns query seed grinding factor for a STARK proof.
Grinding applies Proof-of-Work/ to the query position seed. An honest prover needs to perform this work only once, while a dishonest prover will need to perform it every time they try to change a commitment. Thus, higher grinding factor makes it more difficult to forge a STARK proof. However, setting grinding factor too high (e.g. higher than 20) will adversely affect prover time.
pub fn hash_fn(&self) -> HashFunction
pub fn hash_fn(&self) -> HashFunction
Returns a hash functions to be used during STARK proof construction.
Security of a STARK proof is bounded by collision resistance of the hash function used during proof construction. For example, if collision resistance of a hash function is 128 bits, then soundness of a proof generated using this hash function cannot exceed 128 bits.
pub fn field_extension(&self) -> FieldExtension
pub fn field_extension(&self) -> FieldExtension
Specifies whether composition polynomial should be constructed in an extension field of STARK protocol.
Using a field extension increases maximum security level of a proof, but also has non-negligible impact on prover performance.
pub fn domain_offset<B>(&self) -> B where
B: StarkField,
pub fn domain_offset<B>(&self) -> B where
B: StarkField,
Returns the offset by which the low-degree extension domain is shifted in relation to the trace domain.
Currently, this is hard-coded to the primitive element of the underlying base field.
pub fn to_fri_options(&self) -> FriOptions
pub fn to_fri_options(&self) -> FriOptions
Returns options for FRI protocol instantiated with parameters from this proof options.
Trait Implementations
impl Clone for ProofOptions
impl Clone for ProofOptions
fn clone(&self) -> ProofOptions
fn clone(&self) -> ProofOptions
Returns a copy of the value. Read more
1.0.0 · sourcefn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
Performs copy-assignment from source
. Read more
impl Debug for ProofOptions
impl Debug for ProofOptions
impl Deserializable for ProofOptions
impl Deserializable for ProofOptions
fn read_from<R>(source: &mut R) -> Result<ProofOptions, DeserializationError> where
R: ByteReader,
fn read_from<R>(source: &mut R) -> Result<ProofOptions, DeserializationError> where
R: ByteReader,
Reads proof options from the specified source
and returns the result.
Errors
Returns an error of a valid proof options could not be read from the specified source
.
fn read_batch_from<R>(
source: &mut R,
num_elements: usize
) -> Result<Vec<Self, Global>, DeserializationError> where
R: ByteReader,
fn read_batch_from<R>(
source: &mut R,
num_elements: usize
) -> Result<Vec<Self, Global>, DeserializationError> where
R: ByteReader,
Reads a sequence of bytes from the provided source
, attempts to deserialize these bytes
into a vector with the specified number of Self
elements, and returns the result. Read more
impl PartialEq<ProofOptions> for ProofOptions
impl PartialEq<ProofOptions> for ProofOptions
fn eq(&self, other: &ProofOptions) -> bool
fn eq(&self, other: &ProofOptions) -> bool
This method tests for self
and other
values to be equal, and is used
by ==
. Read more
fn ne(&self, other: &ProofOptions) -> bool
fn ne(&self, other: &ProofOptions) -> bool
This method tests for !=
.
impl Serializable for ProofOptions
impl Serializable for ProofOptions
fn write_into<W>(&self, target: &mut W) where
W: ByteWriter,
fn write_into<W>(&self, target: &mut W) where
W: ByteWriter,
Serializes self
and writes the resulting bytes into the target
.
fn write_batch_into<W>(source: &[Self], target: &mut W) where
W: ByteWriter,
fn write_batch_into<W>(source: &[Self], target: &mut W) where
W: ByteWriter,
Serializes all elements of the source
and writes these bytes into the target
. Read more
fn get_size_hint(&self) -> usize
fn get_size_hint(&self) -> usize
Returns an estimate of how many bytes are needed to represent self. Read more
impl Eq for ProofOptions
impl StructuralEq for ProofOptions
impl StructuralPartialEq for ProofOptions
Auto Trait Implementations
impl RefUnwindSafe for ProofOptions
impl Send for ProofOptions
impl Sync for ProofOptions
impl Unpin for ProofOptions
impl UnwindSafe for ProofOptions
Blanket Implementations
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
sourceimpl<T> ToOwned for T where
T: Clone,
impl<T> ToOwned for T where
T: Clone,
type Owned = T
type Owned = T
The resulting type after obtaining ownership.
sourcefn clone_into(&self, target: &mut T)
fn clone_into(&self, target: &mut T)
toowned_clone_into
)Uses borrowed data to replace owned data, usually by cloning. Read more