Separate verify (#721)

crates/prover/benches/poseidon.rs

@@ -3,7 +3,7 @@ use stwo_prover::core::backend::simd::SimdBackend;
 use stwo_prover::core::channel::{Blake2sChannel, Channel};
 use stwo_prover::core::fields::m31::BaseField;
 use stwo_prover::core::fields::IntoSlice;
-use stwo_prover::core::prover::prove;
+use stwo_prover::core::prover::commit_and_prove;
 use stwo_prover::core::vcs::blake2_hash::Blake2sHasher;
 use stwo_prover::core::vcs::hasher::Hasher;
 use stwo_prover::examples::poseidon::{gen_trace, PoseidonAir, PoseidonComponent};
@@ -20,7 +20,7 @@ pub fn simd_poseidon(c: &mut Criterion) {
             let trace = gen_trace(component.log_column_size());
             let channel = &mut Blake2sChannel::new(Blake2sHasher::hash(BaseField::into_slice(&[])));
             let air = PoseidonAir { component };
-            prove::<SimdBackend>(&air, channel, trace).unwrap()
+            commit_and_prove::<SimdBackend>(&air, channel, trace).unwrap()
         });
     });
 }

crates/prover/src/core/prover/mod.rs

@@ -76,6 +76,8 @@ pub fn evaluate_and_commit_on_trace<B: Backend + MerkleOps<MerkleHasher>>(
 
     let interaction_elements = air.interaction_elements(channel);
     let interaction_trace = air.interact(&trace, &interaction_elements);
+    // TODO(spapini): Make this symmetric with verify, once the TraceGenerator traits support
+    // retrieveing the column log sizes.
     if !interaction_trace.is_empty() {
         let span = span!(Level::INFO, "Interaction trace interpolation").entered();
         let interaction_trace_polys = interaction_trace
@@ -89,7 +91,7 @@ pub fn evaluate_and_commit_on_trace<B: Backend + MerkleOps<MerkleHasher>>(
     Ok((commitment_scheme, interaction_elements))
 }
 
-pub fn generate_proof<B: Backend + MerkleOps<MerkleHasher>>(
+pub fn prove<B: Backend + MerkleOps<MerkleHasher>>(
     air: &impl AirProver<B>,
     channel: &mut Channel,
     interaction_elements: &InteractionElements,
@@ -148,7 +150,7 @@ pub fn generate_proof<B: Backend + MerkleOps<MerkleHasher>>(
     })
 }
 
-pub fn prove<B: Backend + MerkleOps<MerkleHasher>>(
+pub fn commit_and_prove<B: Backend + MerkleOps<MerkleHasher>>(
     air: &impl AirTraceGenerator<B>,
     channel: &mut Channel,
     trace: ColumnVec<CircleEvaluation<B, BaseField, BitReversedOrder>>,
@@ -192,7 +194,7 @@ pub fn prove<B: Backend + MerkleOps<MerkleHasher>>(
             .collect_vec(),
     );
 
-    generate_proof(
+    prove(
         &air,
         channel,
         &interaction_elements,
@@ -201,13 +203,16 @@ pub fn prove<B: Backend + MerkleOps<MerkleHasher>>(
     )
 }
 
-pub fn verify(
+pub fn commit_and_verify(
     proof: StarkProof,
     air: &(impl Air + AirTraceVerifier),
     channel: &mut Channel,
 ) -> Result<(), VerificationError> {
     // Read trace commitment.
     let mut commitment_scheme = CommitmentSchemeVerifier::new();
+
+    // TODO(spapini): Retrieve column_log_sizes from AirTraceVerifier, and remove the dependency on
+    // Air.
     let column_log_sizes = air.column_log_sizes();
     commitment_scheme.commit(
         proof.commitments[BASE_TRACE],
@@ -234,6 +239,22 @@ pub fn verify(
             .map(|v| SecureField::from(*v))
             .collect_vec(),
     );
+    verify(
+        air,
+        channel,
+        &interaction_elements,
+        &mut commitment_scheme,
+        proof,
+    )
+}
+
+pub fn verify(
+    air: &impl Air,
+    channel: &mut Blake2sChannel,
+    interaction_elements: &InteractionElements,
+    commitment_scheme: &mut CommitmentSchemeVerifier,
+    proof: StarkProof,
+) -> Result<(), VerificationError> {
     let random_coeff = channel.draw_felt();
 
     // Read composition polynomial commitment.
@@ -263,7 +284,7 @@ pub fn verify(
             oods_point,
             &trace_oods_values,
             random_coeff,
-            &interaction_elements,
+            interaction_elements,
             &proof.lookup_values,
         )
     {
@@ -367,7 +388,7 @@ mod tests {
         CanonicCoset, CircleDomain, CircleEvaluation, MAX_CIRCLE_DOMAIN_LOG_SIZE,
     };
     use crate::core::poly::BitReversedOrder;
-    use crate::core::prover::{prove, ProvingError};
+    use crate::core::prover::{commit_and_prove, ProvingError};
     use crate::core::test_utils::test_channel;
     use crate::core::{ColumnVec, InteractionElements, LookupValues};
     use crate::qm31;
@@ -517,7 +538,7 @@ mod tests {
         let values = vec![BaseField::zero(); 1 << LOG_DOMAIN_SIZE];
         let trace = vec![CpuCircleEvaluation::new(domain, values)];
 
-        let proof_error = prove(&air, &mut test_channel(), trace).unwrap_err();
+        let proof_error = commit_and_prove(&air, &mut test_channel(), trace).unwrap_err();
         assert!(matches!(
             proof_error,
             ProvingError::MaxTraceDegreeExceeded {
@@ -544,7 +565,7 @@ mod tests {
         let values = vec![BaseField::zero(); 1 << LOG_DOMAIN_SIZE];
         let trace = vec![CpuCircleEvaluation::new(domain, values)];
 
-        let proof_error = prove(&air, &mut test_channel(), trace).unwrap_err();
+        let proof_error = commit_and_prove(&air, &mut test_channel(), trace).unwrap_err();
         assert!(matches!(
             proof_error,
             ProvingError::MaxCompositionDegreeExceeded {
@@ -566,7 +587,7 @@ mod tests {
         let values = vec![BaseField::zero(); 1 << LOG_DOMAIN_SIZE];
         let trace = vec![CpuCircleEvaluation::new(domain, values)];
 
-        let proof = prove(&air, &mut test_channel(), trace).unwrap_err();
+        let proof = commit_and_prove(&air, &mut test_channel(), trace).unwrap_err();
         assert!(matches!(proof, ProvingError::ConstraintsNotSatisfied));
     }
 }

crates/prover/src/examples/fibonacci/mod.rs

@@ -10,7 +10,9 @@ use crate::core::fields::m31::BaseField;
 use crate::core::fields::{FieldExpOps, IntoSlice};
 use crate::core::poly::circle::{CanonicCoset, CircleEvaluation};
 use crate::core::poly::BitReversedOrder;
-use crate::core::prover::{prove, verify, ProvingError, StarkProof, VerificationError};
+use crate::core::prover::{
+    commit_and_prove, commit_and_verify, ProvingError, StarkProof, VerificationError,
+};
 use crate::core::vcs::blake2_hash::Blake2sHasher;
 use crate::core::vcs::hasher::Hasher;
 
@@ -55,15 +57,15 @@ impl Fibonacci {
             .air
             .component
             .claim])));
-        prove(&self.air, channel, vec![trace])
+        commit_and_prove(&self.air, channel, vec![trace])
     }
 
     pub fn verify(&self, proof: StarkProof) -> Result<(), VerificationError> {
         let channel = &mut Blake2sChannel::new(Blake2sHasher::hash(BaseField::into_slice(&[self
             .air
             .component
             .claim])));
-        verify(proof, &self.air, channel)
+        commit_and_verify(proof, &self.air, channel)
     }
 }
 
@@ -98,13 +100,13 @@ impl MultiFibonacci {
         let channel =
             &mut Blake2sChannel::new(Blake2sHasher::hash(BaseField::into_slice(&self.claims)));
         let trace = self.get_trace();
-        prove(&self.air, channel, trace)
+        commit_and_prove(&self.air, channel, trace)
     }
 
     pub fn verify(&self, proof: StarkProof) -> Result<(), VerificationError> {
         let channel =
             &mut Blake2sChannel::new(Blake2sHasher::hash(BaseField::into_slice(&self.claims)));
-        verify(proof, &self.air, channel)
+        commit_and_verify(proof, &self.air, channel)
     }
 }
 
@@ -128,7 +130,7 @@ mod tests {
     use crate::core::fields::IntoSlice;
     use crate::core::pcs::TreeVec;
     use crate::core::poly::circle::CanonicCoset;
-    use crate::core::prover::{prove, verify, VerificationError, BASE_TRACE};
+    use crate::core::prover::{commit_and_prove, commit_and_verify, VerificationError, BASE_TRACE};
     use crate::core::queries::Queries;
     use crate::core::utils::bit_reverse;
     use crate::core::vcs::blake2_hash::Blake2sHasher;
@@ -252,12 +254,12 @@ mod tests {
         let trace = fib_trace_generator.write_trace();
         let channel =
             &mut Blake2sChannel::new(Blake2sHasher::hash(BaseField::into_slice(&[CLAIM])));
-        let proof = prove(&fib_trace_generator, channel, trace).unwrap();
+        let proof = commit_and_prove(&fib_trace_generator, channel, trace).unwrap();
 
         let channel =
             &mut Blake2sChannel::new(Blake2sHasher::hash(BaseField::into_slice(&[CLAIM])));
         let fib_air = Fibonacci::new(FIB_LOG_SIZE, CLAIM).air;
-        verify(proof, &fib_air, channel).unwrap();
+        commit_and_verify(proof, &fib_air, channel).unwrap();
     }
 
     #[test]

crates/prover/src/examples/poseidon/mod.rs

@@ -501,7 +501,7 @@ mod tests {
     use crate::core::channel::{Blake2sChannel, Channel};
     use crate::core::fields::m31::BaseField;
     use crate::core::fields::IntoSlice;
-    use crate::core::prover::{prove, verify};
+    use crate::core::prover::{commit_and_prove, commit_and_verify};
     use crate::core::vcs::blake2_hash::Blake2sHasher;
     use crate::core::vcs::hasher::Hasher;
     use crate::examples::poseidon::{
@@ -568,9 +568,9 @@ mod tests {
 
         let channel = &mut Blake2sChannel::new(Blake2sHasher::hash(BaseField::into_slice(&[])));
         let air = PoseidonAir { component };
-        let proof = prove::<SimdBackend>(&air, channel, trace).unwrap();
+        let proof = commit_and_prove::<SimdBackend>(&air, channel, trace).unwrap();
 
         let channel = &mut Blake2sChannel::new(Blake2sHasher::hash(BaseField::into_slice(&[])));
-        verify(proof, &air, channel).unwrap();
+        commit_and_verify(proof, &air, channel).unwrap();
     }
 }

crates/prover/src/examples/wide_fibonacci/mod.rs

@@ -22,7 +22,7 @@ mod tests {
     use crate::core::fields::IntoSlice;
     use crate::core::pcs::TreeVec;
     use crate::core::poly::circle::CanonicCoset;
-    use crate::core::prover::{prove, verify};
+    use crate::core::prover::{commit_and_prove, commit_and_verify};
     use crate::core::utils::{
         bit_reverse, circle_domain_order_to_coset_order, shifted_secure_combination,
     };
@@ -235,10 +235,10 @@ mod tests {
         let air = WideFibAir { component };
         let prover_channel =
             &mut Blake2sChannel::new(Blake2sHasher::hash(BaseField::into_slice(&[])));
-        let proof = prove::<CpuBackend>(&air, prover_channel, trace).unwrap();
+        let proof = commit_and_prove::<CpuBackend>(&air, prover_channel, trace).unwrap();
 
         let verifier_channel =
             &mut Blake2sChannel::new(Blake2sHasher::hash(BaseField::into_slice(&[])));
-        verify(proof, &air, verifier_channel).unwrap();
+        commit_and_verify(proof, &air, verifier_channel).unwrap();
     }
 }

crates/prover/src/examples/wide_fibonacci/simd.rs

@@ -261,7 +261,7 @@ mod tests {
     use crate::core::channel::{Blake2sChannel, Channel};
     use crate::core::fields::m31::BaseField;
     use crate::core::fields::IntoSlice;
-    use crate::core::prover::{prove, verify};
+    use crate::core::prover::{commit_and_prove, commit_and_verify};
     use crate::core::vcs::blake2_hash::Blake2sHasher;
     use crate::core::vcs::hasher::Hasher;
     use crate::examples::wide_fibonacci::component::LOG_N_COLUMNS;
@@ -285,9 +285,9 @@ mod tests {
         span.exit();
         let channel = &mut Blake2sChannel::new(Blake2sHasher::hash(BaseField::into_slice(&[])));
         let air = SimdWideFibAir { component };
-        let proof = prove::<SimdBackend>(&air, channel, trace).unwrap();
+        let proof = commit_and_prove::<SimdBackend>(&air, channel, trace).unwrap();
 
         let channel = &mut Blake2sChannel::new(Blake2sHasher::hash(BaseField::into_slice(&[])));
-        verify(proof, &air, channel).unwrap();
+        commit_and_verify(proof, &air, channel).unwrap();
     }
 }