Conversation
ashpect
force-pushed
the
ash/witness_split
branch
3 times, most recently
from
a35db76 to
67cae81
Compare
shreyas-londhe
force-pushed
the
sl/witness-split
branch
from
13a50e4 to
d6817ee
Compare
ashpect
force-pushed
the
ash/witness_split
branch
3 times, most recently
from
69ba9b3 to
857db9b
Compare
shreyas-londhe
force-pushed
the
sl/witness-split
branch
2 times, most recently
from
da0ce79 to
52b6528
Compare
ashpect
force-pushed
the
ash/witness_split
branch
from
576f283 to
54c49f2
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds support for public witness opening in the WHIR R1CS proof system. The implementation introduces a new PublicInputs struct to handle public values, updates both the prover and verifier to compute and verify public input hashes, and modifies the witness scheduling to ensure public inputs are correctly ordered in the witness commitment.
Key Changes:
- Introduced
PublicInputsstruct with SHA-256 hashing for commitment - Modified prover and verifier to handle public weights and verify public input consistency
- Updated witness scheduling to place public inputs in w1 (pre-challenge) layer with proper ordering
Reviewed changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated 22 comments.
Show a summary per file
| File | Description |
|---|---|
| provekit/common/src/witness/mod.rs | Adds PublicInputs struct with hashing and serialization support |
| provekit/common/src/utils/serde_ark_vec.rs | New module for serializing vectors of field elements |
| provekit/common/src/utils/mod.rs | Exports new serde_ark_vec module |
| provekit/common/src/utils/sumcheck.rs | Adds add_public_inputs() method to IO pattern for public input hash and randomness |
| provekit/common/src/whir_r1cs.rs | Updates constraint counts and IO pattern to include public weights verification |
| provekit/common/src/noir_proof_scheme.rs | Adds public_inputs field to NoirProof struct |
| provekit/common/src/lib.rs | Exports PublicInputs type |
| provekit/common/Cargo.toml | Adds sha2 dependency for hashing |
| provekit/common/src/witness/witness_builder.rs | Passes public input indices to witness splitting logic |
| provekit/common/src/witness/scheduling/splitter.rs | Ensures public inputs are placed in w1 and properly ordered after constant builder |
| provekit/r1cs-compiler/src/noir_proof_scheme.rs | Extracts ACIR public input indices for witness splitting |
| provekit/prover/src/lib.rs | Extracts public inputs from witness and passes to proof generation |
| provekit/prover/src/whir_r1cs.rs | Implements public weights computation and statement updates for both single and batch commitment cases |
| provekit/verifier/src/lib.rs | Passes public inputs to verification |
| provekit/verifier/src/whir_r1cs.rs | Verifies public input hash and updates statements with public weights constraints |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
ashpect
force-pushed
the
ash/witness_split
branch
from
37d7c42 to
15bddd8
Compare
ashpect
force-pushed
the
ash/witness_split
branch
from
15bddd8 to
f9776b5
Compare
Bisht13
requested changes
Jan 21, 2026
Collaborator
|
Please add unit tests for testing all cases of public inputs. |
Collaborator
Author
Tracking ref: #257 |
Bisht13
reviewed
Jan 23, 2026
Collaborator
There was a problem hiding this comment.
Hash Algorithm Mismatch: Rust SHA-256 vs Go Skyscraper
This will cause the recursive verifier to fail.
Rust (provekit/common/src/witness/mod.rs:78-97):
pub fn hash(&self) -> FieldElement {
let mut hasher = Sha256::new(); // Uses SHA-256
// ...
}Go (recursive-verifier/app/circuit/mtUtilities.go:115-135):
func hashPublicInputs(sc *skyscraper.Skyscraper, publicInputs PublicInputs) (frontend.Variable, error) {
hash := sc.CompressV2(publicInputs.Values[0], publicInputs.Values[1]) // Uses Skyscraper
}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
Collaborator
Author
Ref: #260 |
Bisht13
approved these changes
Jan 23, 2026
Bisht13
added a commit
that referenced
this pull request
Feb 7, 2026
Migrate ProveKit to the new WHIR version which replaces the Statement/CommitmentWriter/Prover/Verifier abstraction with a unified Config type, switches to spongefish-based transcripts, and uses a hash-engine system for Merkle trees. Key changes: - Replace DuplexSponge<Skyscraper> with StdHash (Shake128) for transcripts due to Rust orphan rules; Skyscraper still used for Merkle trees via SkyscraperHashEngine - Adapt prover/verifier to new WHIR batch commit/prove/verify API with cross-commitment evaluations for dual-commitment path - Update spongefish to fcc277f8 and whir to 246dae28 - Remove obsolete IOPattern, SumcheckIOPattern, and PoW infrastructure - Fix deferred evals offset bug: public weights are Geometric (not deferred), so offset must be 0 regardless of public inputs
Bisht13
added a commit
that referenced
this pull request
Feb 13, 2026
Replace IOPattern-based transcript with whir's DomainSeparator/ProverState/ VerifierState API (rev 246dae28). Update spongefish to v1.0.0-rc1 with byte-oriented Permutation<64> interface. Proof now carries narg_string + hints instead of a single transcript blob. Key changes: - Sponge: Permutation<64> with U=u8, WIDTH=64, RATE=32 - PoW: PoWSolution return type, solution() method - Prover: config.commit()/config.prove() replacing CommitmentWriter/Prover - Verifier: config.receive_commitment()/config.verify() replacing readers - Public weights use Weights::geometric (non-deferred) on both sides - Cross-evaluation hints for dual-commitment path - NTT registration via global type-map for ark_bn254::Fr - Clippy clean on prover/verifier crates
This was referenced Feb 14, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Support for public_witness opening