Move component log sizes from proof claim to Statement

The Statement trait now exposes get_component_log_sizes; verify reads
log sizes from the statement instead of proof.claim. The Claim struct is
removed (claimed_sums is now a top-level field on Proof), shrinking the
serialized proof by one packed-u8 entry per component.

CircuitStatement derives the per-component log sizes from n_blake_compress
(added to CircuitParams/CircuitConfig) plus preprocessed column log sizes,
and now takes &CircuitConfig instead of seven individual fields. Cairo's
component log sizes ride along on public_claim, removing the dedicated
field on CairoVerifierConfig.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: ilyalesokhin-starkware

crates/cairo_verifier/src/privacy_test.rs

@@ -46,6 +46,7 @@ fn verify_circuit_proof(
         config: circuit_proof.pcs_config,
         output_addresses: preprocessed_circuit.params.output_addresses.clone(),
         n_blake_gates: preprocessed_circuit.params.n_blake_gates,
+        n_blake_compress: preprocessed_circuit.params.n_blake_compress,
         preprocessed_column_ids: preprocessed_circuit.preprocessed_trace.ids(),
         preprocessed_column_log_sizes: preprocessed_circuit.preprocessed_trace.log_sizes(),
         preprocessed_root,
@@ -240,6 +241,7 @@ fn test_privacy_proof_info() {
         config: pcs_config,
         output_addresses: preprocessed_circuit.params.output_addresses.clone(),
         n_blake_gates: preprocessed_circuit.params.n_blake_gates,
+        n_blake_compress: preprocessed_circuit.params.n_blake_compress,
         preprocessed_column_ids: preprocessed_circuit.preprocessed_trace.ids(),
         preprocessed_column_log_sizes: preprocessed_circuit.preprocessed_trace.log_sizes(),
         preprocessed_root,
@@ -248,15 +250,8 @@ fn test_privacy_proof_info() {
         output_values: vec![QM31::zero(); preprocessed_circuit.params.output_addresses.len()],
     };
     let mut context = Context::<NoValue>::default();
-    let statement = CircuitStatement::new(
-        &mut context,
-        &circuit_config.output_addresses,
-        &public_data.output_values,
-        circuit_config.n_blake_gates,
-        circuit_config.preprocessed_column_ids.clone(),
-        circuit_config.preprocessed_column_log_sizes.clone(),
-        circuit_config.preprocessed_root,
-    );
+    let statement =
+        CircuitStatement::new(&mut context, &circuit_config, &public_data.output_values);
 
     let enabled_bits = vec![true; all_circuit_components::<NoValue>().len()];
     let proof_config = ProofConfig::new(
@@ -269,5 +264,5 @@ fn test_privacy_proof_info() {
     let proof_info = ProofInfo::from_config(&proof_config);
     println!("{proof_info}");
     // Assert the total size in bytes.
-    assert_eq!(proof_info.total_bytes(), 347360);
+    assert_eq!(proof_info.total_bytes(), 347344);
 }

crates/cairo_verifier/src/statement.rs

@@ -145,6 +145,7 @@ pub struct CairoStatement<Value: IValue> {
     pub packed_outputs: Simd,
     pub preprocessed_root: HashValue<QM31>,
     pub preprocessed_trace_variant: PreProcessedTraceVariant,
+    pub component_log_sizes: Simd,
 }
 
 impl<Value: IValue> CairoStatement<Value> {
@@ -261,21 +262,29 @@ impl<Value: IValue> CairoStatement<Value> {
 }
 
 impl<Value: IValue> CairoStatement<Value> {
+    /// `public_claim` is the flat public claim laid out as:
+    /// `[public_data (PUBLIC_DATA_LEN + outputs.len() + program.len() M31s) | component_log_sizes
+    /// (components.len() M31s)]`.
     pub fn new(
         context: &mut Context<Value>,
-        public_data: Vec<M31>,
+        public_claim: Vec<M31>,
         outputs: Vec<[M31; MEMORY_VALUES_LIMBS]>,
         program: Arc<[[M31; MEMORY_VALUES_LIMBS]]>,
         components: IndexMap<&'static str, Box<dyn CircuitEval<Value>>>,
         preprocessed_root: HashValue<QM31>,
         preprocessed_trace_variant: PreProcessedTraceVariant,
     ) -> Self {
-        let packed_public_data = pack_into_qm31s(public_data.iter().cloned())
+        let n_components = components.len();
+        let public_data_len = PUBLIC_DATA_LEN + outputs.len() + program.len();
+        assert_eq!(public_claim.len(), public_data_len + n_components);
+        let (public_data_m31s, log_sizes_m31s) = public_claim.split_at(public_data_len);
+
+        let packed_public_data = pack_into_qm31s(public_data_m31s.iter().cloned())
             .into_iter()
             .map(|qm31| Value::from_qm31(qm31).guess(context))
             .collect_vec();
 
-        let packed_public_data = Simd::from_packed(packed_public_data, public_data.len());
+        let packed_public_data = Simd::from_packed(packed_public_data, public_data_m31s.len());
         // Note that we don't enforce anything on the padding M31 in packed_public_data.
         let unpacked_simd = Simd::unpack(context, &packed_public_data);
 
@@ -289,12 +298,19 @@ impl<Value: IValue> CairoStatement<Value> {
             .collect_vec();
         let packed_outputs = Simd::from_packed(packed_outputs, n_outputs * MEMORY_VALUES_LIMBS);
 
+        let packed_log_sizes = pack_into_qm31s(log_sizes_m31s.iter().cloned())
+            .into_iter()
+            .map(|qm31| Value::from_qm31(qm31).guess(context))
+            .collect_vec();
+        let component_log_sizes = Simd::from_packed(packed_log_sizes, n_components);
+
         Self {
             packed_public_data,
             public_data,
             program,
             packed_outputs,
             components,
+            component_log_sizes,
             preprocessed_root,
             preprocessed_trace_variant,
         }
@@ -306,13 +322,18 @@ impl<Value: IValue> Statement<Value> for CairoStatement<Value> {
         &self.components
     }
 
+    fn get_component_log_sizes(&self) -> &Simd {
+        &self.component_log_sizes
+    }
+
     fn claims_to_mix(&self, context: &mut Context<Value>) -> Vec<Vec<Var>> {
         let Self {
             components: _components,
             packed_public_data,
             public_data: _public_data,
             program,
             packed_outputs,
+            component_log_sizes: _component_log_sizes,
             preprocessed_root: _preprocessed_root,
             preprocessed_trace_variant: _preprocessed_trace_variant,
         } = self;

crates/cairo_verifier/src/test.rs

@@ -53,7 +53,7 @@ pub fn verify_cairo_with_component_set(
     cairo_proof: &CairoProof<Blake2sM31MerkleHasher>,
     component_set: HashSet<&str>,
 ) -> Result<Context<QM31>, String> {
-    let FlatClaim { component_enable_bits, component_log_sizes: _, public_data: _ } =
+    let FlatClaim { component_enable_bits, component_log_sizes, public_data: _ } =
         cairo_proof.claim.flatten_claim();
     let components: indexmap::IndexMap<&'static str, Box<dyn CircuitEval<QM31>>> =
         zip_eq(all_components::<QM31>().into_iter(), &component_enable_bits)
@@ -80,7 +80,8 @@ pub fn verify_cairo_with_component_set(
     );
 
     let (proof, public_data) = prepare_cairo_proof_for_circuit_verifier(cairo_proof, &proof_config);
-    let (public_claim, outputs, program) = public_data.pack_into_u32s();
+    let (mut public_claim, outputs, program) = public_data.pack_into_u32s();
+    public_claim.extend(component_log_sizes);
     let outputs = outputs
         .chunks_exact(MEMORY_VALUES_LIMBS)
         .map(|chunk| array::from_fn(|i| M31::from_u32_unchecked(chunk[i])))
@@ -112,25 +113,27 @@ fn test_verify() {
     let mut novalue_context = Context::<NoValue>::default();
     let output_len = 1;
     let program_len = 128;
-    let flat_claim = vec![M31::zero(); PUBLIC_DATA_LEN + output_len + program_len];
     let outputs = vec![[M31::zero(); MEMORY_VALUES_LIMBS]; output_len];
     let program: Arc<[[M31; MEMORY_VALUES_LIMBS]]> =
         std::iter::repeat_n([M31::zero(); MEMORY_VALUES_LIMBS], program_len).collect();
-    let components = all_components();
-    let mut statement = CairoStatement::new(
+    // Remove the pedersen points table component since it requires long preprocessed columns, which
+    // are not supported.
+    let pedersen_points_index =
+        all_components::<NoValue>().get_full("pedersen_points_table_window_bits_18").unwrap().0;
+    let mut components = all_components();
+    components.shift_remove("pedersen_points_table_window_bits_18");
+
+    let public_claim =
+        vec![M31::zero(); PUBLIC_DATA_LEN + output_len + program_len + components.len()];
+    let statement = CairoStatement::new(
         &mut novalue_context,
-        flat_claim,
+        public_claim,
         outputs,
         program,
         components,
         get_preprocessed_root(20 + pcs_config.fri_config.log_blowup_factor),
         PreProcessedTraceVariant::CanonicalSmall,
     );
-    // Remove the pedersen points table component since it requires long preprocessed columns, which
-    // are not supported.
-    let pedersen_points_index =
-        all_components::<NoValue>().get_full("pedersen_points_table_window_bits_18").unwrap().0;
-    statement.components.shift_remove("pedersen_points_table_window_bits_18");
 
     let mut enabled_bits = vec![true; all_components::<NoValue>().len()];
     enabled_bits[pedersen_points_index] = false;

crates/cairo_verifier/src/verify.rs

@@ -10,10 +10,8 @@ use circuits::context::{Context, TraceContext};
 use circuits::ivalue::{IValue, NoValue};
 use circuits::ops::Guess;
 use circuits_stark_verifier::constraint_eval::CircuitEval;
-use circuits_stark_verifier::proof::{Claim, Proof, ProofConfig, empty_proof};
-use circuits_stark_verifier::proof_from_stark_proof::{
-    pack_component_log_sizes, proof_from_stark_proof,
-};
+use circuits_stark_verifier::proof::{Proof, ProofConfig, empty_proof};
+use circuits_stark_verifier::proof_from_stark_proof::proof_from_stark_proof;
 use circuits_stark_verifier::verify::verify;
 use indexmap::IndexMap;
 use itertools::{Itertools, zip_eq};
@@ -139,13 +137,14 @@ pub fn build_cairo_verifier_circuit(verifier_config: &CairoVerifierConfig) -> Co
 
     let n_outputs = verifier_config.n_outputs;
     let program_len = verifier_config.program.len();
-    let public_data = vec![M31::zero(); PUBLIC_DATA_LEN + n_outputs + program_len];
+    let n_components = components.len();
+    let public_claim = vec![M31::zero(); PUBLIC_DATA_LEN + n_outputs + program_len + n_components];
     let outputs = vec![[M31::zero(); MEMORY_VALUES_LIMBS]; n_outputs];
 
     let mut context = Context::<NoValue>::default();
     let statement = CairoStatement::<NoValue>::new(
         &mut context,
-        public_data,
+        public_claim,
         outputs,
         verifier_config.program.clone(),
         components,
@@ -181,15 +180,10 @@ pub fn prepare_cairo_proof_for_circuit_verifier(
     debug_assert_eq!(component_log_sizes.len(), proof_config.n_components());
     debug_assert_eq!(claimed_sums.len(), proof_config.n_components());
 
-    let claim = Claim {
-        packed_component_log_sizes: pack_component_log_sizes(&component_log_sizes),
-        claimed_sums,
-    };
-
     let proof = proof_from_stark_proof(
         extended_stark_proof,
         proof_config,
-        claim,
+        claimed_sums,
         *interaction_pow,
         *channel_salt,
     );

crates/circuit_common/src/lib.rs

@@ -9,6 +9,9 @@ pub struct CircuitParams {
     pub trace_log_size: u32,
     pub first_permutation_row: usize,
     pub n_blake_gates: usize,
+    /// Total number of blake compression blocks across all blake gates (unpadded). Equals
+    /// `sum(gate.input.len())`.
+    pub n_blake_compress: usize,
     pub output_addresses: Vec<usize>,
 }
 

crates/circuit_common/src/preprocessed.rs

@@ -556,10 +556,12 @@ impl PreprocessedCircuit {
         let blake_g_log_size = log_n_blake_updates + 7;
         let trace_log_size = std::cmp::max(max_pp_trace_log_size, blake_g_log_size);
 
+        let n_blake_compress: usize = circuit.blake.iter().map(|gate| gate.input.len()).sum();
         let params = CircuitParams {
             trace_log_size,
             first_permutation_row: qm31_ops_trace_generator.first_permutation_row,
             n_blake_gates: circuit.blake.len(),
+            n_blake_compress,
             output_addresses: circuit.output.iter().map(|out| out.in0).collect(),
         };
 

crates/circuit_prover/src/prover.rs

@@ -11,10 +11,8 @@ use circuit_verifier::circuit_claim::{
 use circuit_verifier::statement::INTERACTION_POW_BITS;
 use circuit_verifier::verify::CircuitPublicData;
 use circuits_stark_verifier::proof::Proof;
-use circuits_stark_verifier::proof::{Claim, ProofConfig};
-use circuits_stark_verifier::proof_from_stark_proof::{
-    pack_component_log_sizes, proof_from_stark_proof,
-};
+use circuits_stark_verifier::proof::ProofConfig;
+use circuits_stark_verifier::proof_from_stark_proof::proof_from_stark_proof;
 use itertools::chain;
 use num_traits::Zero;
 use stwo::core::air::Component;
@@ -263,15 +261,12 @@ pub fn prepare_circuit_proof_for_circuit_verifier(
 
     let public_data = CircuitPublicData { output_values: claim.output_values.clone() };
 
-    let claim = Claim {
-        packed_component_log_sizes: pack_component_log_sizes(&claim.log_sizes),
-        claimed_sums: interaction_claim.claimed_sums.to_vec(),
-    };
+    let claimed_sums = interaction_claim.claimed_sums.to_vec();
 
     let proof = proof_from_stark_proof(
         &stark_proof,
         proof_config,
-        claim,
+        claimed_sums,
         interaction_pow_nonce,
         channel_salt,
     );

crates/circuit_prover/src/prover_test.rs

@@ -251,6 +251,7 @@ fn circuit_verify(
         config: circuit_proof.pcs_config,
         output_addresses: preprocessed_circuit.params.output_addresses.clone(),
         n_blake_gates: preprocessed_circuit.params.n_blake_gates,
+        n_blake_compress: preprocessed_circuit.params.n_blake_compress,
         preprocessed_column_ids: preprocessed_circuit.preprocessed_trace.ids(),
         preprocessed_column_log_sizes: preprocessed_circuit.preprocessed_trace.log_sizes(),
         preprocessed_root: preprocessed_root.into(),

crates/circuit_serialize/src/deserialize.rs

@@ -10,8 +10,7 @@ use circuits_stark_verifier::fri_proof::{
 };
 use circuits_stark_verifier::merkle::{AuthPath, AuthPaths};
 use circuits_stark_verifier::oods::{EvalDomainSamples, N_COMPOSITION_COLUMNS};
-use circuits_stark_verifier::proof::{Claim, InteractionAtOods, N_TRACES, Proof, ProofConfig};
-use circuits_stark_verifier::proof_from_stark_proof::pack_component_log_sizes;
+use circuits_stark_verifier::proof::{InteractionAtOods, N_TRACES, Proof, ProofConfig};
 
 #[derive(Debug)]
 pub enum DeserializeError {
@@ -105,7 +104,7 @@ pub fn deserialize_proof_with_config(
     let trace_root = HashValue::<QM31>::deserialize(data)?;
     let interaction_root = HashValue::<QM31>::deserialize(data)?;
     let composition_polynomial_root = HashValue::<QM31>::deserialize(data)?;
-    let claim = deserialize_claim(data, config)?;
+    let claimed_sums = deserialize_vec(data, config.n_components())?;
     let preprocessed_columns_at_oods = deserialize_vec(data, config.n_preprocessed_columns())?;
     let trace_at_oods = deserialize_vec(data, config.n_trace_columns)?;
     let interaction_at_oods = deserialize_interaction_at_oods(data, config)?;
@@ -124,7 +123,7 @@ pub fn deserialize_proof_with_config(
         preprocessed_columns_at_oods,
         trace_at_oods,
         composition_eval_at_oods,
-        claim,
+        claimed_sums,
         interaction_at_oods,
         eval_domain_samples,
         eval_domain_auth_paths,
@@ -134,19 +133,6 @@ pub fn deserialize_proof_with_config(
     })
 }
 
-fn deserialize_claim(data: &mut &[u8], config: &ProofConfig) -> DeserializeResult<Claim<QM31>> {
-    let n_components = config.n_components();
-
-    // Unpack log sizes from packed u8s (1 per u8, 8 bits each).
-    let log_sizes: Vec<u32> =
-        take_bytes(data, n_components.next_multiple_of(4))?.iter().map(|&b| b as u32).collect();
-    let packed_component_log_sizes = pack_component_log_sizes(&log_sizes);
-
-    let claimed_sums = deserialize_vec(data, n_components)?;
-
-    Ok(Claim { packed_component_log_sizes, claimed_sums })
-}
-
 fn deserialize_interaction_at_oods(
     data: &mut &[u8],
     config: &ProofConfig,

crates/circuit_serialize/src/serialize.rs

@@ -6,8 +6,7 @@ use circuits::wrappers::M31Wrapper;
 use circuits_stark_verifier::fri_proof::{FriCommitProof, FriProof, FriWitness};
 use circuits_stark_verifier::merkle::{AuthPath, AuthPaths};
 use circuits_stark_verifier::oods::EvalDomainSamples;
-use circuits_stark_verifier::proof::{Claim, InteractionAtOods, Proof};
-use circuits_stark_verifier::verify::LOG_SIZE_BITS;
+use circuits_stark_verifier::proof::{InteractionAtOods, Proof};
 
 pub trait CircuitSerialize {
     fn serialize(&self, output: &mut Vec<u8>);
@@ -23,7 +22,7 @@ impl CircuitSerialize for Proof<QM31> {
             preprocessed_columns_at_oods,
             trace_at_oods,
             composition_eval_at_oods,
-            claim,
+            claimed_sums,
             interaction_at_oods,
             eval_domain_samples,
             eval_domain_auth_paths,
@@ -36,7 +35,7 @@ impl CircuitSerialize for Proof<QM31> {
         trace_root.serialize(output);
         interaction_root.serialize(output);
         composition_polynomial_root.serialize(output);
-        claim.serialize(output);
+        claimed_sums.serialize(output);
         preprocessed_columns_at_oods.as_slice().serialize(output);
         trace_at_oods.as_slice().serialize(output);
         interaction_at_oods.as_slice().serialize(output);
@@ -89,22 +88,6 @@ impl CircuitSerialize for HashValue<QM31> {
     }
 }
 
-impl CircuitSerialize for Claim<QM31> {
-    fn serialize(&self, output: &mut Vec<u8>) {
-        let Self { packed_component_log_sizes, claimed_sums } = self;
-
-        // Pack log sizes: 1 per u8 (requires `LOG_SIZE_BITS` <= 8).
-        assert!(LOG_SIZE_BITS as usize <= 8);
-        for qm31 in packed_component_log_sizes {
-            for m31 in qm31.to_m31_array().into_iter() {
-                output.push((m31.0 & 0xFF) as u8);
-            }
-        }
-
-        claimed_sums.serialize(output);
-    }
-}
-
 impl CircuitSerialize for InteractionAtOods<QM31> {
     fn serialize(&self, output: &mut Vec<u8>) {
         let Self { at_oods, at_prev } = self;