Split prove function.

crates/prover/src/core/prover/mod.rs

@@ -7,6 +7,7 @@ use super::backend::Backend;
 use super::fri::FriVerificationError;
 use super::pcs::{CommitmentSchemeProof, TreeVec};
 use super::poly::circle::{CanonicCoset, SecureCirclePoly, MAX_CIRCLE_DOMAIN_LOG_SIZE};
+use super::poly::twiddles::TwiddleTree;
 use super::proof_of_work::ProofOfWorkVerificationError;
 use super::ColumnVec;
 use crate::core::air::{Air, AirExt, AirProverExt};
@@ -48,51 +49,32 @@ pub struct AdditionalProofData {
     pub oods_quotients: Vec<CircleEvaluation<CpuBackend, SecureField, BitReversedOrder>>,
 }
 
-pub fn prove<B: Backend + MerkleOps<MerkleHasher>>(
-    air: &impl AirProver<B>,
+pub fn evaluate_and_commit_on_trace<B: Backend + MerkleOps<MerkleHasher>>(
     channel: &mut Channel,
+    twiddles: &TwiddleTree<B>,
     trace: ColumnVec<CircleEvaluation<B, BaseField, BitReversedOrder>>,
-) -> Result<StarkProof, ProvingError> {
-    // Check that traces are not too big.
-    for (i, trace) in trace.iter().enumerate() {
-        if trace.domain.log_size() + LOG_BLOWUP_FACTOR > MAX_CIRCLE_DOMAIN_LOG_SIZE {
-            return Err(ProvingError::MaxTraceDegreeExceeded {
-                trace_index: i,
-                degree: trace.domain.log_size(),
-            });
-        }
-    }
-
-    // Check that the composition polynomial is not too big.
-    let composition_polynomial_log_degree_bound = air.composition_log_degree_bound();
-    if composition_polynomial_log_degree_bound + LOG_BLOWUP_FACTOR > MAX_CIRCLE_DOMAIN_LOG_SIZE {
-        return Err(ProvingError::MaxCompositionDegreeExceeded {
-            degree: composition_polynomial_log_degree_bound,
-        });
-    }
-
-    let span = span!(Level::INFO, "Precompute twiddle").entered();
-    let twiddles = B::precompute_twiddles(
-        CanonicCoset::new(air.composition_log_degree_bound() + LOG_BLOWUP_FACTOR)
-            .circle_domain()
-            .half_coset,
-    );
-    span.exit();
-
-    // Evaluate and commit on trace.
-    // TODO(spapini): Commit on trace outside.
+) -> Result<CommitmentSchemeProver<B>, ProvingError> {
     let span = span!(Level::INFO, "Trace interpolation").entered();
     let trace_polys = trace
         .into_iter()
-        .map(|poly| poly.interpolate_with_twiddles(&twiddles))
+        .map(|poly| poly.interpolate_with_twiddles(twiddles))
         .collect();
     span.exit();
 
     let mut commitment_scheme = CommitmentSchemeProver::new(LOG_BLOWUP_FACTOR);
     let span = span!(Level::INFO, "Trace commitment").entered();
-    commitment_scheme.commit(trace_polys, channel, &twiddles);
+    commitment_scheme.commit(trace_polys, channel, twiddles);
     span.exit();
 
+    Ok(commitment_scheme)
+}
+
+pub fn generate_proof<B: Backend + MerkleOps<MerkleHasher>>(
+    air: &impl AirProver<B>,
+    channel: &mut Channel,
+    twiddles: &TwiddleTree<B>,
+    commitment_scheme: &mut CommitmentSchemeProver<B>,
+) -> Result<StarkProof, ProvingError> {
     // Evaluate and commit on composition polynomial.
     let random_coeff = channel.draw_felt();
 
@@ -107,7 +89,7 @@ pub fn prove<B: Backend + MerkleOps<MerkleHasher>>(
     span.exit();
 
     let span = span!(Level::INFO, "Composition commitment").entered();
-    commitment_scheme.commit(composition_polynomial_poly.to_vec(), channel, &twiddles);
+    commitment_scheme.commit(composition_polynomial_poly.to_vec(), channel, twiddles);
     span.exit();
 
     // Draw OODS point.
@@ -123,7 +105,7 @@ pub fn prove<B: Backend + MerkleOps<MerkleHasher>>(
     sample_points.push(vec![vec![oods_point]; 4]);
 
     // Prove the trace and composition OODS values, and retrieve them.
-    let commitment_scheme_proof = commitment_scheme.prove_values(sample_points, channel, &twiddles);
+    let commitment_scheme_proof = commitment_scheme.prove_values(sample_points, channel, twiddles);
 
     // Evaluate composition polynomial at OODS point and check that it matches the trace OODS
     // values. This is a sanity check.
@@ -143,6 +125,42 @@ pub fn prove<B: Backend + MerkleOps<MerkleHasher>>(
     })
 }
 
+pub fn prove<B: Backend + MerkleOps<MerkleHasher>>(
+    air: &impl AirProver<B>,
+    channel: &mut Channel,
+    trace: ColumnVec<CircleEvaluation<B, BaseField, BitReversedOrder>>,
+) -> Result<StarkProof, ProvingError> {
+    // Check that traces are not too big.
+    for (i, trace) in trace.iter().enumerate() {
+        if trace.domain.log_size() + LOG_BLOWUP_FACTOR > MAX_CIRCLE_DOMAIN_LOG_SIZE {
+            return Err(ProvingError::MaxTraceDegreeExceeded {
+                trace_index: i,
+                degree: trace.domain.log_size(),
+            });
+        }
+    }
+
+    // Check that the composition polynomial is not too big.
+    let composition_polynomial_log_degree_bound = air.composition_log_degree_bound();
+    if composition_polynomial_log_degree_bound + LOG_BLOWUP_FACTOR > MAX_CIRCLE_DOMAIN_LOG_SIZE {
+        return Err(ProvingError::MaxCompositionDegreeExceeded {
+            degree: composition_polynomial_log_degree_bound,
+        });
+    }
+
+    let span = span!(Level::INFO, "Precompute twiddle").entered();
+    let twiddles = B::precompute_twiddles(
+        CanonicCoset::new(air.composition_log_degree_bound() + LOG_BLOWUP_FACTOR)
+            .circle_domain()
+            .half_coset,
+    );
+    span.exit();
+
+    let mut commitment_scheme = evaluate_and_commit_on_trace(channel, &twiddles, trace)?;
+
+    generate_proof(air, channel, &twiddles, &mut commitment_scheme)
+}
+
 pub fn verify(
     proof: StarkProof,
     air: &impl Air,