Add ZKVerifier and ZKProver for zero-knowledge binius64 proofs#1448
Merged
Add ZKVerifier and ZKProver for zero-knowledge binius64 proofs#1448
Conversation
Separate the IOP-level verification logic from the compilation layer by introducing an IOPVerifier struct. IOPVerifier holds the constraint system and log_public_words, and provides the core verify() method that operates on an abstract IOPVerifierChannel. Verifier becomes a thin wrapper that composes IOPVerifier with a BaseFoldVerifierCompiler. This follows the same separation pattern used in the spartan-verifier crate, where IOPVerifier is independent of the specific IOP compilation strategy (BaseFold, etc.).
Separate the IOP-level proving logic from the compilation layer by introducing an IOPProver struct. IOPProver holds the constraint system, derived size parameters, and the KeyCollection, and provides the core prove() method that operates on an abstract IOPProverChannel with the packed field type P as a method-level generic parameter. Prover becomes a thin wrapper that composes IOPProver with a BaseFoldProverCompiler, mirroring the IOPVerifier/Verifier separation in the verifier crate and the same pattern used in spartan-prover.
Replace the binius-verifier dependency with direct imports from the underlying crates (binius-iop, binius-ip, binius-hash). This removes a potential circular dependency, since binius-verifier re-exported these types purely for convenience. Also remove binius-verifier from binius-spartan-prover dependencies (only used in dev-dependencies for tests).
Replace the inner_verifier field with a generic ReplayFn closure parameter. The closure is called during finish() with a ReplayChannel to replay the inner verification and fill the outer witness. This makes the channel generic over different inner verification protocols. Also adds binius_prover::zk_config::ZKProver which uses the generalized channel with a closure that calls binius IOPVerifier::verify for replay.
Add test_zk_prove_verify_sha256_preimage that exercises the full ZK round-trip: ZKVerifier::setup, ZKProver::setup, prove, verify using the SHA256 compression circuit.
All new binius crate dependencies introduced in this PR should use default-features = false, with rayon features wired up through dependent feature flags. Also applies the same pattern to binius-spartan-prover's existing dependencies.
jimpo
force-pushed
the
zk-verifier-prover
branch
from
59ef574 to
85a197d
Compare
In the non-rayon mock, core::iter::repeat_n returns a std::iter::RepeatN which doesn't implement ParallelIterator. Wrap it in a ParallelWrapper so it works with the mock parallel iterator chain methods.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
IOPVerifier/IOPProverfromVerifier/Proverto separate IOP logic from the BaseFold compilation layerIOPVerifier::verifyoverChannel::Elem(not justElem = B128) to enable symbolic execution throughIronSpartanBuilderChannelbinius-verifier/binius-proverdependencies from spartan crates (replace with direct deps onbinius-iop,binius-ip,binius-hash)binius_verifier::zk_config::ZKVerifierandbinius_prover::zk_config::ZKProverthat wrap the binius64 IOP with a Spartan-based ZK wrapperZKWrappedProverChannelto accept aReplayFnclosure instead of holding anIOPVerifier, eliminating protocol-specific channel duplicatesFrom<B128>forCircuitElemto support the generalizedIOPVerifier::verifyboundTest plan
cargo test -p binius-prover --test prove_verify— runs both non-ZK and ZK SHA256 round-tripscargo test -p binius-spartan-prover --test wrapper_integration_test— spartan ZK wrapper test with generalized channel