Module prover 

Ligerito proof generation for header chain traces.

Uses SHA256 Fiat-Shamir transcript for browser WASM verification compatibility. The transcript choice is load-bearing: verifier MUST use the same transcript.

Proof format

[public_outputs_len: u32 LE]
[public_outputs: bincode-serialized ProofPublicOutputs]
[log_size: u8]
[ligerito_proof: bincode-serialized FinalizedLigeritoProof]

Public outputs are bound to the Fiat-Shamir transcript before proving, so swapping outputs after proof generation invalidates the proof. However, the Ligerito proximity test does NOT constrain the public outputs to match the polynomial — an honest prover is assumed.

Public outputs

Extracted from fixed positions in the committed trace polynomial by the (honest) prover. Transcript-bound, not evaluation-proven.

• start_hash, tip_hash: first and last block hashes
• start_prev_hash, tip_prev_hash: chain continuity linkage
• cumulative_difficulty: total chain work
• final_commitment: running header hash chain
• final_state_commitment: running state root chain
• tip_tree_root, tip_nullifier_root: NOMT roots at tip
• final_actions_commitment: running actions commitment chain

Structs

HeaderChainProof

Header chain proof with public outputs and serialized ligerito proof.

ProofPublicOutputs

Public outputs claimed by the prover.