openvm_stark_backend/
proof.rs

1use derivative::Derivative;
2use serde::{Deserialize, Serialize};
3
4use crate::config::{Com, PcsProof, RapPhaseSeqPartialProof, StarkGenericConfig, Val};
5
6/// The full proof for multiple RAPs where trace matrices are committed into
7/// multiple commitments, where each commitment is multi-matrix.
8///
9/// Includes the quotient commitments and FRI opening proofs for the constraints as well.
10#[derive(Serialize, Deserialize, Derivative)]
11#[serde(bound = "")]
12#[derivative(Clone(bound = "Com<SC>: Clone"))]
13pub struct Proof<SC: StarkGenericConfig> {
14    /// The PCS commitments
15    pub commitments: Commitments<Com<SC>>,
16    /// Opening proofs separated by partition, but this may change
17    pub opening: OpeningProof<PcsProof<SC>, SC::Challenge>,
18    /// Proof data for each AIR
19    pub per_air: Vec<AirProofData<Val<SC>, SC::Challenge>>,
20    /// Partial proof for rap phase if it exists
21    pub rap_phase_seq_proof: Option<RapPhaseSeqPartialProof<SC>>,
22}
23
24impl<SC: StarkGenericConfig> Proof<SC> {
25    pub fn get_air_ids(&self) -> Vec<usize> {
26        self.per_air.iter().map(|p| p.air_id).collect()
27    }
28    pub fn get_public_values(&self) -> Vec<Vec<Val<SC>>> {
29        self.per_air
30            .iter()
31            .map(|p| p.public_values.clone())
32            .collect()
33    }
34}
35
36/// All commitments to a multi-matrix STARK that are not preprocessed.
37#[derive(Clone, Serialize, Deserialize)]
38pub struct Commitments<Com> {
39    /// Multiple commitments for the main trace.
40    /// For each RAP, each part of a partitioned matrix trace matrix
41    /// must belong to one of these commitments.
42    pub main_trace: Vec<Com>,
43    /// One shared commitment for all trace matrices across all RAPs
44    /// in a single challenge phase `i` after observing the commits to
45    /// `preprocessed`, `main_trace`, and `after_challenge[..i]`
46    pub after_challenge: Vec<Com>,
47    /// Shared commitment for all quotient polynomial evaluations
48    pub quotient: Com,
49}
50
51/// PCS opening proof with opened values for multi-matrix AIR.
52#[derive(Clone, Serialize, Deserialize)]
53pub struct OpeningProof<PcsProof, Challenge> {
54    pub proof: PcsProof,
55    pub values: OpenedValues<Challenge>,
56}
57
58#[derive(Clone, Serialize, Deserialize)]
59pub struct OpenedValues<Challenge> {
60    /// For each preprocessed trace commitment, the opened values
61    pub preprocessed: Vec<AdjacentOpenedValues<Challenge>>,
62    /// For each main trace commitment, for each matrix in commitment, the
63    /// opened values
64    pub main: Vec<Vec<AdjacentOpenedValues<Challenge>>>,
65    /// For each phase after challenge, there is shared commitment.
66    /// For each commitment, if any, for each matrix in the commitment, the opened values,
67    pub after_challenge: Vec<Vec<AdjacentOpenedValues<Challenge>>>,
68    /// For each RAP, for each quotient chunk in quotient poly, the opened values
69    pub quotient: Vec<Vec<Vec<Challenge>>>,
70}
71
72#[derive(Clone, Serialize, Deserialize)]
73pub struct AdjacentOpenedValues<Challenge> {
74    pub local: Vec<Challenge>,
75    pub next: Vec<Challenge>,
76}
77
78#[derive(Clone, Serialize, Deserialize)]
79pub struct AirProofData<Val, Challenge> {
80    pub air_id: usize,
81    /// height of trace matrix.
82    pub degree: usize,
83    /// For each challenge phase with trace, the values to expose to the verifier in that phase
84    pub exposed_values_after_challenge: Vec<Vec<Challenge>>,
85    // The public values to expose to the verifier
86    pub public_values: Vec<Val>,
87}