Add a way to verify constraints without producing proof

Author: sebastiencs

ledger/src/proofs/block.rs

@@ -47,7 +47,7 @@ use super::{
     to_field_elements::ToFieldElements,
     transaction::{
         transaction_snark::{checked_hash, CONSTRAINT_CONSTANTS},
-        Check, Prover,
+        Check, ProofError, Prover,
     },
     witness::Witness,
     wrap::WrapProof,
@@ -1718,6 +1718,9 @@ pub struct BlockParams<'a> {
     pub block_step_prover: &'a Prover<Fp>,
     pub block_wrap_prover: &'a Prover<Fq>,
     pub tx_wrap_prover: &'a Prover<Fq>,
+    /// When set to `true`, `generate_block_proof` will not create a proof, but only
+    /// verify constraints in the step witnesses
+    pub only_verify_constraints: bool,
     /// For debugging only
     pub expected_step_proof: Option<&'static str>,
     /// For debugging only
@@ -1726,7 +1729,10 @@ pub struct BlockParams<'a> {
 
 const BLOCK_N_PREVIOUS_PROOFS: usize = 2;
 
-pub(super) fn generate_block_proof(params: BlockParams, w: &mut Witness<Fp>) -> WrapProof {
+pub(super) fn generate_block_proof(
+    params: BlockParams,
+    w: &mut Witness<Fp>,
+) -> Result<WrapProof, ProofError> {
     let BlockParams {
         input:
             v2::ProverExtendBlockchainInputStableV2 {
@@ -1740,6 +1746,7 @@ pub(super) fn generate_block_proof(params: BlockParams, w: &mut Witness<Fp>) ->
         block_step_prover,
         block_wrap_prover,
         tx_wrap_prover,
+        only_verify_constraints,
         expected_step_proof,
         ocaml_wrap_witness,
     } = params;
@@ -1805,9 +1812,10 @@ pub(super) fn generate_block_proof(params: BlockParams, w: &mut Witness<Fp>) ->
             hack_feature_flags: OptFlag::No,
             wrap_prover: block_wrap_prover,
             step_prover: block_step_prover,
+            only_verify_constraints,
         },
         w,
-    );
+    )?;
 
     if let Some(expected) = expected_step_proof {
         let proof_json = serde_json::to_vec(&proof).unwrap();

ledger/src/proofs/merge.rs

@@ -28,7 +28,7 @@ use super::{
     step::{
         extract_recursion_challenges, InductiveRule, OptFlag, PreviousProofStatement, StepProof,
     },
-    transaction::{PlonkVerificationKeyEvals, Prover},
+    transaction::{PlonkVerificationKeyEvals, ProofError, Prover},
     witness::Witness,
     wrap::WrapProof,
 };
@@ -140,6 +140,9 @@ pub struct MergeParams<'a> {
     pub message: &'a SokMessage,
     pub step_prover: &'a Prover<Fp>,
     pub wrap_prover: &'a Prover<Fq>,
+    /// When set to `true`, `generate_block_proof` will not create a proof, but only
+    /// verify constraints in the step witnesses
+    pub only_verify_constraints: bool,
     /// For debugging only
     pub expected_step_proof: Option<&'static str>,
     /// For debugging only
@@ -148,13 +151,17 @@ pub struct MergeParams<'a> {
 
 const MERGE_N_PREVIOUS_PROOFS: usize = 2;
 
-pub(super) fn generate_merge_proof(params: MergeParams, w: &mut Witness<Fp>) -> WrapProof {
+pub(super) fn generate_merge_proof(
+    params: MergeParams,
+    w: &mut Witness<Fp>,
+) -> Result<WrapProof, ProofError> {
     let MergeParams {
         statement,
         proofs,
         message,
         step_prover,
         wrap_prover,
+        only_verify_constraints,
         expected_step_proof,
         ocaml_wrap_witness,
     } = params;
@@ -217,9 +224,10 @@ pub(super) fn generate_merge_proof(params: MergeParams, w: &mut Witness<Fp>) ->
             prev_challenge_polynomial_commitments,
             step_prover,
             hack_feature_flags: OptFlag::No,
+            only_verify_constraints,
         },
         w,
-    );
+    )?;
 
     if let Some(expected) = expected_step_proof {
         let proof_json = serde_json::to_vec(&proof).unwrap();

ledger/src/proofs/mod.rs

@@ -26,17 +26,23 @@ pub mod zkapp;
 pub const BACKEND_TICK_ROUNDS_N: usize = 16;
 pub const BACKEND_TOCK_ROUNDS_N: usize = 15;
 
-pub fn generate_tx_proof(params: transaction::TransactionParams) -> wrap::WrapProof {
+pub fn generate_tx_proof(
+    params: transaction::TransactionParams,
+) -> Result<wrap::WrapProof, transaction::ProofError> {
     use {mina_hasher::Fp, witness::Witness};
     let mut w: Witness<Fp> = Witness::new::<constants::StepTransactionProof>();
     transaction::generate_tx_proof(params, &mut w)
 }
-pub fn generate_merge_proof(params: merge::MergeParams) -> wrap::WrapProof {
+pub fn generate_merge_proof(
+    params: merge::MergeParams,
+) -> Result<wrap::WrapProof, transaction::ProofError> {
     use {mina_hasher::Fp, witness::Witness};
     let mut w: Witness<Fp> = Witness::new::<constants::StepMergeProof>();
     merge::generate_merge_proof(params, &mut w)
 }
-pub fn generate_block_proof(params: block::BlockParams) -> wrap::WrapProof {
+pub fn generate_block_proof(
+    params: block::BlockParams,
+) -> Result<wrap::WrapProof, transaction::ProofError> {
     use {mina_hasher::Fp, witness::Witness};
     let mut w: Witness<Fp> = Witness::new::<constants::StepBlockProof>();
     block::generate_block_proof(params, &mut w)

ledger/src/proofs/step.rs

@@ -52,9 +52,9 @@ use super::{
     to_field_elements::{ToFieldElements, ToFieldElementsDebug},
     transaction::{
         create_proof, make_group, messages_for_next_wrap_proof_padding,
-        scalar_challenge::to_field_checked, Check, CircuitPlonkVerificationKeyEvals, InnerCurve,
-        MessagesForNextStepProof, PlonkVerificationKeyEvals, Prover,
-        ReducedMessagesForNextStepProof, StepStatement,
+        scalar_challenge::to_field_checked, Check, CircuitPlonkVerificationKeyEvals,
+        CreateProofParams, InnerCurve, MessagesForNextStepProof, PlonkVerificationKeyEvals,
+        ProofError, Prover, ReducedMessagesForNextStepProof, StepStatement,
     },
     unfinalized::{evals_from_p2p, AllEvals, EvalsWithPublicInput, Unfinalized},
     util::extract_bulletproof,
@@ -2532,6 +2532,7 @@ pub struct StepParams<'a, const N_PREVIOUS: usize> {
     pub hack_feature_flags: OptFlag,
     pub step_prover: &'a Prover<Fp>,
     pub wrap_prover: &'a Prover<Fq>,
+    pub only_verify_constraints: bool,
 }
 
 pub struct StepProof {
@@ -2543,7 +2544,7 @@ pub struct StepProof {
 pub fn step<C: ProofConstants, const N_PREVIOUS: usize>(
     params: StepParams<N_PREVIOUS>,
     w: &mut Witness<Fp>,
-) -> StepProof {
+) -> Result<StepProof, ProofError> {
     let StepParams {
         app_state,
         rule,
@@ -2553,6 +2554,7 @@ pub fn step<C: ProofConstants, const N_PREVIOUS: usize>(
         hack_feature_flags,
         step_prover,
         wrap_prover,
+        only_verify_constraints,
     } = params;
 
     let dlog_plonk_index = w.exists(super::merge::dlog_plonk_index(wrap_prover));
@@ -2708,7 +2710,14 @@ pub fn step<C: ProofConstants, const N_PREVIOUS: usize>(
 
     w.primary = statement.to_field_elements_owned();
 
-    let proof = create_proof::<C, Fp>(step_prover, prev_challenge_polynomial_commitments, w);
+    let proof = create_proof::<C, Fp>(
+        CreateProofParams {
+            prover: step_prover,
+            prev_challenges: prev_challenge_polynomial_commitments,
+            only_verify_constraints,
+        },
+        w,
+    )?;
 
     let proofs: [&v2::PicklesProofProofsVerified2ReprStableV2; N_PREVIOUS] =
         std::array::from_fn(|i| rule.previous_proof_statements[i].proof);
@@ -2767,9 +2776,9 @@ pub fn step<C: ProofConstants, const N_PREVIOUS: usize>(
         messages_for_next_wrap_proof,
     };
 
-    StepProof {
+    Ok(StepProof {
         statement: step_statement,
         prev_evals,
         proof,
-    }
+    })
 }