Merge pull request #7 from mir-protocol/merkle_proofs

Candidate API for Merkle proof data

src/gadgets/merkle_proofs.rs

@@ -0,0 +1,39 @@
+use crate::circuit_builder::CircuitBuilder;
+use crate::field::field::Field;
+use crate::proof::{Hash, HashTarget};
+use crate::target::Target;
+
+pub struct MerkleProof<F: Field> {
+    /// The Merkle digest of each sibling subtree, staying from the bottommost layer.
+    pub siblings: Vec<Hash<F>>,
+}
+
+pub struct MerkleProofTarget {
+    /// The Merkle digest of each sibling subtree, staying from the bottommost layer.
+    pub siblings: Vec<HashTarget>,
+}
+
+/// Verifies that the given leaf data is present at the given index in the Merkle tree with the
+/// given root.
+pub(crate) fn verify_merkle_proof<F: Field>(
+    leaf_data: Vec<F>,
+    leaf_index: usize,
+    merkle_root: Hash<F>,
+    proof: MerkleProof<F>,
+) {
+    todo!()
+}
+
+impl<F: Field> CircuitBuilder<F> {
+    /// Verifies that the given leaf data is present at the given index in the Merkle tree with the
+    /// given root.
+    pub(crate) fn verify_merkle_proof(
+        &mut self,
+        leaf_data: Vec<Target>,
+        leaf_index: Target,
+        merkle_root: HashTarget,
+        proof: MerkleProofTarget,
+    ) {
+        todo!()
+    }
+}

src/gadgets/mod.rs

@@ -1,3 +1,4 @@
 pub(crate) mod arithmetic;
-pub(crate) mod split_join;
 pub(crate) mod hash;
+pub(crate) mod merkle_proofs;
+pub(crate) mod split_join;

src/proof.rs

@@ -1,5 +1,6 @@
 use crate::field::field::Field;
 use crate::target::Target;
+use crate::gadgets::merkle_proofs::{MerkleProofTarget, MerkleProof};
 
 /// Represents a ~256 bit hash output.
 #[derive(Copy, Clone, Debug)]
@@ -32,7 +33,8 @@ pub struct Proof<F: Field> {
     /// Purported values of each polynomial at each challenge point.
     pub openings: Vec<OpeningSet<F>>,
 
-    // TODO: FRI Merkle proofs.
+    /// A FRI argument for each FRI query.
+    pub fri_proofs: Vec<FriProof<F>>,
 }
 
 pub struct ProofTarget {
@@ -50,22 +52,29 @@ pub struct ProofTarget {
     pub fri_proofs: Vec<FriProofTarget>,
 }
 
+pub struct FriProof<F: Field> {
+    /// A Merkle root for each reduced polynomial in the commit phase.
+    pub commit_phase_merkle_roots: Vec<Hash<F>>,
+    /// Merkle proofs for the original purported codewords, i.e. the subject of the LDT.
+    pub initial_merkle_proofs: Vec<MerkleProof<F>>,
+    /// Merkle proofs for the reduced polynomials that were sent in the commit phase.
+    pub intermediate_merkle_proofs: Vec<MerkleProof<F>>,
+    /// The final polynomial in coefficient form.
+    pub final_poly: Vec<F>,
+}
+
 /// Represents a single FRI query, i.e. a path through the reduction tree.
 pub struct FriProofTarget {
+    /// A Merkle root for each reduced polynomial in the commit phase.
+    pub commit_phase_merkle_roots: Vec<HashTarget>,
     /// Merkle proofs for the original purported codewords, i.e. the subject of the LDT.
     pub initial_merkle_proofs: Vec<MerkleProofTarget>,
     /// Merkle proofs for the reduced polynomials that were sent in the commit phase.
     pub intermediate_merkle_proofs: Vec<MerkleProofTarget>,
-    /// The final polynomial in point-value form.
+    /// The final polynomial in coefficient form.
     pub final_poly: Vec<Target>,
 }
 
-pub struct MerkleProofTarget {
-    pub leaf: Vec<Target>,
-    pub siblings: Vec<Target>,
-    // TODO: Also need left/right turn info.
-}
-
 /// The purported values of each polynomial at a single point.
 pub struct OpeningSet<F: Field> {
     pub constants: Vec<F>,

src/prover.rs

@@ -111,6 +111,8 @@ pub(crate) fn prove<F: Field>(
 
     let openings = Vec::new(); // TODO
 
+    let fri_proofs = Vec::new(); // TODO
+
     info!("{:.3}s for overall witness & proof generation",
           start_proof_gen.elapsed().as_secs_f32());
 
@@ -119,6 +121,7 @@ pub(crate) fn prove<F: Field>(
         plonk_zs_root,
         quotient_polys_root,
         openings,
+        fri_proofs,
     }
 }