Add merkle verify gate

Cargo.toml

@@ -48,7 +48,10 @@ itertools = { version = "0.14.0", default-features = false, features = [
     "use_alloc",
 ] }
 rand = { version = "0.9.2", default-features = false, features = ["small_rng"] }
-serde = { version = "1.0", default-features = false, features = ["derive", "alloc"] }
+serde = { version = "1.0", default-features = false, features = [
+    "derive",
+    "alloc",
+] }
 thiserror = { version = "2.0", default-features = false }
 
 # Local dependencies

circuit-prover/Cargo.toml

@@ -10,6 +10,7 @@ keywords.workspace = true
 categories.workspace = true
 
 [dependencies]
+itertools.workspace = true
 p3-air.workspace = true
 p3-baby-bear.workspace = true
 p3-challenger.workspace = true
@@ -20,24 +21,27 @@ p3-dft.workspace = true
 p3-field.workspace = true
 p3-fri.workspace = true
 p3-goldilocks.workspace = true
+p3-keccak.workspace = true
 p3-koala-bear.workspace = true
 p3-matrix.workspace = true
 p3-merkle-tree.workspace = true
+p3-merkle-tree-air.workspace = true
 p3-symmetric.workspace = true
 p3-uni-stark.workspace = true
-postcard = { version = "1.0", default-features = false, features = ["alloc"] }
 rand.workspace = true
 thiserror.workspace = true
 
 [dev-dependencies]
 postcard = { version = "1.0", default-features = false, features = ["alloc"] }
 rand.workspace = true
-tracing = { version = "0.1.40", default-features = false, features = ["attributes"] }
+tracing = { version = "0.1.40", default-features = false, features = [
+    "attributes",
+] }
 
 [[example]]
 name = "fibonacci"
 path = "examples/fibonacci.rs"
 
 [[example]]
-name = "fake_merkle_verify"
-path = "examples/fake_merkle_verify.rs"
+name = "merkle_verify"
+path = "examples/merkle_verify.rs"

circuit-prover/examples/fibonacci.rs

@@ -3,21 +3,22 @@ use std::env;
 /// Fibonacci circuit: Compute F(n) and prove correctness
 /// Public input: expected_result (F(n))
 use p3_baby_bear::BabyBear;
-use p3_circuit::builder::CircuitBuilder;
+use p3_circuit::CircuitBuilder;
 use p3_circuit_prover::config::babybear_config::build_standard_config_babybear;
 use p3_circuit_prover::prover::ProverError;
 use p3_circuit_prover::{MultiTableProver, TablePacking};
 use p3_field::PrimeCharacteristicRing;
+use p3_field::extension::BinomialExtensionField;
 
-type F = BabyBear;
+type F = BinomialExtensionField<BabyBear, 4>;
 
 fn main() -> Result<(), ProverError> {
     let n = env::args()
         .nth(1)
         .and_then(|s| s.parse().ok())
         .unwrap_or(100);
 
-    let mut builder = CircuitBuilder::<F>::new();
+    let mut builder = CircuitBuilder::new();
 
     // Public input: expected F(n)
     let expected_result = builder.add_public_input();
@@ -43,7 +44,7 @@ fn main() -> Result<(), ProverError> {
     runner.set_public_inputs(&[expected_fib])?;
 
     let traces = runner.run()?;
-    let config = build_standard_config_babybear();
+    let (config, _) = build_standard_config_babybear::<F>();
     let table_packing = TablePacking::from_counts(4, 1);
     let multi_prover = MultiTableProver::new(config).with_table_packing(table_packing);
     let proof = multi_prover.prove_all_tables(&traces)?;

circuit-prover/examples/merkle_verify.rs

@@ -0,0 +1,115 @@
+use std::env;
+
+/// Merkle verification circuit: Prove knowledge of a leaf in a Merkle tree
+/// Public inputs: leaf_hash, leaf_index, expected_root
+/// Private inputs: merkle path (siblings + directions)
+use p3_baby_bear::BabyBear;
+use p3_circuit::op::MerkleVerifyConfig;
+use p3_circuit::tables::MerklePrivateData;
+use p3_circuit::{CircuitBuilder, NonPrimitiveOpPrivateData};
+use p3_circuit_prover::MultiTableProver;
+use p3_circuit_prover::config::babybear_config::build_standard_config_babybear;
+use p3_circuit_prover::prover::ProverError;
+use p3_field::PrimeCharacteristicRing;
+use p3_field::extension::BinomialExtensionField;
+
+type F = BinomialExtensionField<BabyBear, 4>;
+
+fn main() -> Result<(), ProverError> {
+    let depth = env::args().nth(1).and_then(|s| s.parse().ok()).unwrap_or(3);
+    let (config, merkle_config) = build_standard_config_babybear();
+
+    let mut builder = CircuitBuilder::new();
+
+    // Public inputs: leaf hash and expected root hash
+    let leaf_hash = vec![builder.add_public_input(), builder.add_public_input()];
+    let index_expr = builder.add_public_input();
+    let expected_root = vec![builder.add_public_input(), builder.add_public_input()];
+
+    // Add a Merkle verification operation
+    // This declares that leaf_hash and expected_root are connected to witness bus
+    // The AIR constraints will verify the Merkle path is valid
+    let merkle_op_id =
+        builder.add_merkle_verify(merkle_config.clone(), leaf_hash, index_expr, expected_root);
+
+    let circuit = builder.build()?;
+    let mut runner = circuit.runner();
+
+    // Set public inputs
+    let leaf_value = [F::ZERO, F::from_u64(42)]; // Our leaf value
+    let siblings: Vec<(Vec<F>, Option<Vec<F>>)> = (0..depth)
+        .map(|i| {
+            (
+                vec![F::ZERO, F::from_u64((i + 1) * 10)],
+                if i % 2 == 0 {
+                    None
+                } else {
+                    Some(vec![F::ZERO, F::from_u64(i + 1)])
+                },
+            )
+        })
+        .collect();
+    let directions: Vec<bool> = (0..depth).map(|i| i % 2 == 0).collect();
+    let index_value = F::from_u64(
+        (0..32)
+            .zip(directions.iter())
+            .filter(|(_, dir)| **dir)
+            .map(|(i, _)| 1 << i)
+            .sum(),
+    );
+    let expected_root_value =
+        compute_merkle_root(&merkle_config, &leaf_value, &siblings, &directions);
+
+    runner.set_public_inputs(&[
+        leaf_value[0],
+        leaf_value[1],
+        index_value,
+        expected_root_value[0],
+        expected_root_value[1],
+    ])?;
+
+    // Set private Merkle path data
+    runner.set_non_primitive_op_private_data(
+        merkle_op_id,
+        NonPrimitiveOpPrivateData::MerkleVerify(MerklePrivateData {
+            path_siblings: siblings,
+        }),
+    )?;
+
+    let traces = runner.run()?;
+    let multi_prover = MultiTableProver::new(config).with_merkle_table(merkle_config.into());
+    let proof = multi_prover.prove_all_tables(&traces)?;
+    multi_prover.verify_all_tables(&proof)?;
+
+    println!(
+        "✅ Verified Merkle path for leaf {leaf_value:?}, index {index_value} with depth {depth} → root {expected_root_value:?}",
+    );
+
+    Ok(())
+}
+
+pub type Hash = [BabyBear; 8];
+
+/// Simulate classical Merkle root computation for testing
+fn compute_merkle_root(
+    merkle_config: &MerkleVerifyConfig<F>,
+    leaf: &[F; 2],
+    siblings: &[(Vec<F>, Option<Vec<F>>)],
+    directions: &[bool],
+) -> Vec<F> {
+    directions.iter().zip(siblings.iter()).fold(
+        leaf.to_vec(),
+        |state, (direction, (sibling, other_sibling))| {
+            let (left, right) = if *direction {
+                (state.clone(), sibling.clone())
+            } else {
+                (sibling.clone(), state.clone())
+            };
+            let mut new_state = (merkle_config.compress)([&left, &right]);
+            if let Some(other_sibling) = other_sibling {
+                new_state = (merkle_config.compress)([&state, other_sibling]);
+            }
+            new_state
+        },
+    )
+}