add native interface for proving Claims

Fix #201
TritonVM · Jun 13, 2023 · 4f2f02f · 4f2f02f
1 parent ea2f45a
commit 4f2f02f
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 4 deletions.
diff --git a/triton-vm/src/lib.rs b/triton-vm/src/lib.rs
@@ -2,6 +2,8 @@
 //! of programs written in Triton assembly. The proof system is a zk-STARK, which is a
 //! state-of-the-art ZKPS.
 
+use anyhow::bail;
+use anyhow::Result;
 pub use twenty_first::shared_math::b_field_element::BFieldElement;
 pub use twenty_first::shared_math::tip5::Digest;
 use twenty_first::shared_math::tip5::Tip5;
@@ -40,7 +42,7 @@ pub mod vm;
 /// `assert` instruction, proof generation will fail.
 ///
 /// The default STARK parameters used by Triton VM give a (conjectured) security level of 160 bits.
-pub fn prove(
+pub fn prove_from_source(
     source_code: &str,
     public_input: &[u64],
     secret_input: &[u64],
@@ -105,7 +107,31 @@ pub fn prove(
     (parameters, proof)
 }
 
-/// Verify a proof generated by [`prove`].
+/// A convenience function for proving a [`Claim`] and the program that claim corresponds to.
+/// Method [`prove_from_source`] gives a simpler interface with less control.
+pub fn prove(
+    parameters: &StarkParameters,
+    claim: &Claim,
+    program: &Program,
+    secret_input: &[BFieldElement],
+) -> Result<Proof> {
+    let program_digest = Tip5::hash(program);
+    if program_digest != claim.program_digest {
+        bail!("Program digest must match claimed program digest.");
+    }
+    let (aet, public_output, maybe_error) =
+        vm::simulate(program, claim.input.clone(), secret_input.to_vec());
+    if let Some(error) = maybe_error {
+        bail!("Execution error: {error}");
+    }
+    if public_output != claim.output {
+        bail!("Program output must match claimed program output.");
+    }
+    let proof = Stark::prove(parameters, claim, &aet, &mut None);
+    Ok(proof)
+}
+
+/// Verify a proof generated by [`prove`] or [`prove_from_source`].
 pub fn verify(parameters: &StarkParameters, proof: &Proof) -> bool {
     Stark::verify(parameters, proof, &mut None).unwrap_or(false)
 }
@@ -148,7 +174,7 @@ mod public_interface_tests {
             17174585125955027015,
         ];
 
-        let (parameters, proof) = prove(source_code, &public_input, &secret_input);
+        let (parameters, proof) = prove_from_source(source_code, &public_input, &secret_input);
         assert_eq!(
             StarkParameters::default(),
             parameters,
@@ -173,4 +199,22 @@ mod public_interface_tests {
         let verdict = verify(&parameters, &proof);
         assert!(verdict);
     }
+
+    #[test]
+    fn lib_prove_verify() {
+        let parameters = StarkParameters::default();
+
+        let source_code = "push 1 assert halt";
+        let program = Program::from_code(source_code).unwrap();
+
+        let claim = Claim {
+            program_digest: Tip5::hash(&program),
+            input: vec![],
+            output: vec![],
+        };
+
+        let proof = prove(&parameters, &claim, &program, &[]).unwrap();
+        let verdict = verify(&parameters, &proof);
+        assert!(verdict);
+    }
 }
diff --git a/triton-vm/src/table/master_table.rs b/triton-vm/src/table/master_table.rs
@@ -1407,7 +1407,7 @@ mod master_table_tests {
 
     #[test]
     fn smallest_possible_padded_height_is_correct_test() {
-        let (_, proof) = crate::prove("halt", &[], &[]);
+        let (_, proof) = crate::prove_from_source("halt", &[], &[]);
         let parameters = StarkParameters::default();
         let smallest_padded_height_exp = proof.padded_height(&parameters).ilog2();
         let smallest_padded_height_exp: usize = smallest_padded_height_exp.try_into().unwrap();