Helper function for verify_openvm_stark

Author: nyunyunyunyu

crates/cli/src/commands/prove.rs

@@ -103,6 +103,13 @@ impl ProveCmd {
                 sdk.set_agg_tree_config(*agg_tree_config);
                 let (app_pk, committed_exe, input) =
                     Self::prepare_execution(&sdk, app_pk, exe, input)?;
+                let commits = AppExecutionCommit::compute(
+                    &app_pk.app_vm_pk.vm_config,
+                    &committed_exe,
+                    &app_pk.leaf_committed_exe,
+                );
+                println!("exe commit: {:?}", commits.exe_commit);
+                println!("vm commit: {:?}", commits.vm_commit);
                 let agg_pk = read_agg_pk_from_file(DEFAULT_AGG_PK_PATH).map_err(|e| {
                     eyre::eyre!("Failed to read aggregation proving key: {}\nPlease run 'cargo openvm setup' first", e)
                 })?;
@@ -129,6 +136,14 @@ impl ProveCmd {
                 let params_reader = CacheHalo2ParamsReader::new(DEFAULT_PARAMS_DIR);
                 let (app_pk, committed_exe, input) =
                     Self::prepare_execution(&sdk, app_pk, exe, input)?;
+                let commits = AppExecutionCommit::compute(
+                    &app_pk.app_vm_pk.vm_config,
+                    &committed_exe,
+                    &app_pk.leaf_committed_exe,
+                );
+                println!("exe commit: {:?}", commits.exe_commit_to_bn254());
+                println!("vm commit: {:?}", commits.vm_commit_to_bn254());
+
                 println!("Generating EVM proof, this may take a lot of compute and memory...");
                 let agg_pk = read_agg_pk_from_file(DEFAULT_AGG_PK_PATH).map_err(|e| {
                     eyre::eyre!("Failed to read aggregation proving key: {}\nPlease run 'cargo openvm setup' first", e)
@@ -155,14 +170,6 @@ impl ProveCmd {
         let app_exe = read_exe_from_file(exe)?;
         let committed_exe = sdk.commit_app_exe(app_pk.app_fri_params(), app_exe)?;
 
-        let commits = AppExecutionCommit::compute(
-            &app_pk.app_vm_pk.vm_config,
-            &committed_exe,
-            &app_pk.leaf_committed_exe,
-        );
-        println!("app_pk commit: {:?}", commits.app_config_commit_to_bn254());
-        println!("exe commit: {:?}", commits.exe_commit_to_bn254());
-
         let input = read_to_stdin(input)?;
         Ok((app_pk, committed_exe, input))
     }

crates/sdk/src/commit.rs

@@ -4,8 +4,7 @@ use openvm_circuit::{
     arch::{instructions::exe::VmExe, VmConfig},
     system::program::trace::VmCommittedExe,
 };
-use openvm_continuations::verifier::leaf::LeafVmVerifierConfig;
-use openvm_native_compiler::{conversion::CompilerOptions, ir::DIGEST_SIZE};
+use openvm_native_compiler::ir::DIGEST_SIZE;
 use openvm_stark_backend::{config::StarkGenericConfig, p3_field::PrimeField32};
 use openvm_stark_sdk::{
     config::{baby_bear_poseidon2::BabyBearPoseidon2Engine, FriParameters},
@@ -14,14 +13,16 @@ use openvm_stark_sdk::{
     p3_baby_bear::BabyBear,
     p3_bn254_fr::Bn254Fr,
 };
+use serde::{Deserialize, Serialize};
 
-use crate::{keygen::AppProvingKey, NonRootCommittedExe, F, SC};
+use crate::{NonRootCommittedExe, F, SC};
 
 /// `AppExecutionCommit` has all the commitments users should check against the final proof.
-pub struct AppExecutionCommit<T> {
+#[derive(Clone, Debug, Serialize, Deserialize)]
+pub struct AppExecutionCommit {
     /// Commitment of the leaf VM verifier program which commits the VmConfig of App VM.
     /// Internal verifier will verify `leaf_vm_verifier_commit`.
-    pub leaf_vm_verifier_commit: [T; DIGEST_SIZE],
+    pub vm_commit: [u32; DIGEST_SIZE],
     /// Commitment of the executable. It's computed as
     /// compress(
     ///     compress(
@@ -31,37 +32,39 @@ pub struct AppExecutionCommit<T> {
     ///     hash(right_pad(pc_start, 0))
     /// )
     /// `right_pad` example, if pc_start = 123, right_pad(pc_start, 0) = \[123,0,0,0,0,0,0,0\]
-    pub exe_commit: [T; DIGEST_SIZE],
+    pub exe_commit: [u32; DIGEST_SIZE],
 }
 
-impl AppExecutionCommit<F> {
+impl AppExecutionCommit {
     /// Users should use this function to compute `AppExecutionCommit` and check it against the
     /// final proof.
     pub fn compute<VC: VmConfig<F>>(
         app_vm_config: &VC,
         app_exe: &NonRootCommittedExe,
         leaf_vm_verifier_exe: &NonRootCommittedExe,
     ) -> Self {
-        let exe_commit = app_exe
+        let exe_commit: [F; DIGEST_SIZE] = app_exe
             .compute_exe_commit(&app_vm_config.system().memory_config)
             .into();
-        let leaf_vm_verifier_commit: [F; DIGEST_SIZE] =
-            leaf_vm_verifier_exe.committed_program.commitment.into();
+        let vm_commit: [F; DIGEST_SIZE] = leaf_vm_verifier_exe.committed_program.commitment.into();
 
         Self {
-            leaf_vm_verifier_commit,
-            exe_commit,
+            vm_commit: vm_commit.map(|x| x.as_canonical_u32()),
+            exe_commit: exe_commit.map(|x| x.as_canonical_u32()),
         }
     }
 
-    pub fn app_config_commit_to_bn254(&self) -> Bn254Fr {
-        babybear_digest_to_bn254(&self.leaf_vm_verifier_commit)
+    pub fn vm_commit_to_bn254(&self) -> Bn254Fr {
+        babybear_u32_digest_to_bn254(&self.vm_commit)
     }
 
     pub fn exe_commit_to_bn254(&self) -> Bn254Fr {
-        babybear_digest_to_bn254(&self.exe_commit)
+        babybear_u32_digest_to_bn254(&self.exe_commit)
     }
 }
+fn babybear_u32_digest_to_bn254(digest: &[u32; DIGEST_SIZE]) -> Bn254Fr {
+    babybear_digest_to_bn254(&digest.map(F::from_canonical_u32))
+}
 
 pub(crate) fn babybear_digest_to_bn254(digest: &[F; DIGEST_SIZE]) -> Bn254Fr {
     let mut ret = Bn254Fr::ZERO;
@@ -74,25 +77,6 @@ pub(crate) fn babybear_digest_to_bn254(digest: &[F; DIGEST_SIZE]) -> Bn254Fr {
     ret
 }
 
-pub fn generate_leaf_committed_exe<VC: VmConfig<F>>(
-    leaf_fri_params: FriParameters,
-    compiler_options: CompilerOptions,
-    app_pk: &AppProvingKey<VC>,
-) -> Arc<NonRootCommittedExe> {
-    let app_vm_vk = app_pk.app_vm_pk.vm_pk.get_vk();
-    let leaf_engine = BabyBearPoseidon2Engine::new(leaf_fri_params);
-    let leaf_program = LeafVmVerifierConfig {
-        app_fri_params: app_pk.app_vm_pk.fri_params,
-        app_system_config: app_pk.app_vm_pk.vm_config.system().clone(),
-        compiler_options,
-    }
-    .build_program(&app_vm_vk);
-    Arc::new(VmCommittedExe::commit(
-        leaf_program.into(),
-        leaf_engine.config.pcs(),
-    ))
-}
-
 pub fn commit_app_exe(
     app_fri_params: FriParameters,
     app_exe: impl Into<VmExe<F>>,

crates/sdk/tests/integration_test.rs

@@ -1,6 +1,7 @@
 use std::{borrow::Borrow, path::PathBuf, sync::Arc};
 
 use eyre::Result;
+use openvm::host::{compute_hint_key_for_verify_openvm_stark, encode_rv32_public_values};
 use openvm_build::GuestOptions;
 use openvm_circuit::{
     arch::{
@@ -44,9 +45,7 @@ use openvm_sdk::{
     types::{EvmHalo2Verifier, EvmProof},
     DefaultStaticVerifierPvHandler, Sdk, StdIn,
 };
-use openvm_stark_backend::{
-    keygen::types::LinearConstraint, p3_field::PrimeField32, p3_matrix::Matrix,
-};
+use openvm_stark_backend::{keygen::types::LinearConstraint, p3_matrix::Matrix};
 use openvm_stark_sdk::{
     config::{
         baby_bear_poseidon2::{BabyBearPoseidon2Config, BabyBearPoseidon2Engine},
@@ -356,7 +355,7 @@ fn test_static_verifier_custom_pv_handler() {
         &app_pk.leaf_committed_exe,
     );
     let exe_commit = commits.exe_commit_to_bn254();
-    let leaf_verifier_commit = commits.app_config_commit_to_bn254();
+    let leaf_verifier_commit = commits.vm_commit_to_bn254();
 
     let pv_handler = CustomPvHandler {
         exe_commit,
@@ -643,42 +642,23 @@ fn test_verify_openvm_stark_e2e() -> Result<()> {
         sdk.transpile(elf, vm_config.transpiler())?
     };
 
+    // app_exe publishes 7th and 8th fibonacci numbers.
     let pvs = [13u32, 21, 0, 0, 0, 0, 0, 0];
+    let pvs_u32 = encode_rv32_public_values(&pvs);
 
-    let exe_commit_u32: Vec<_> = commits
-        .exe_commit
-        .iter()
-        .map(|x| x.as_canonical_u32())
-        .collect();
-    let vm_commit_u32: Vec<_> = commits
-        .leaf_vm_verifier_commit
-        .iter()
-        .map(|x| x.as_canonical_u32())
-        .collect();
-    let pvs_u32: Vec<_> = pvs
-        .iter()
-        .flat_map(|x| x.to_le_bytes())
-        .map(|x| x as u32)
-        .collect();
-
-    let key = ASM_FILENAME
-        .as_bytes()
-        .iter()
-        .cloned()
-        .chain(exe_commit_u32.iter().flat_map(|x| x.to_le_bytes()))
-        .chain(vm_commit_u32.iter().flat_map(|x| x.to_le_bytes()))
-        .chain(pvs_u32.iter().flat_map(|x| x.to_le_bytes()))
-        .collect();
     let mut stdin = StdIn::default();
+    let key = compute_hint_key_for_verify_openvm_stark(
+        ASM_FILENAME,
+        &commits.exe_commit,
+        &commits.vm_commit,
+        &pvs_u32,
+    );
     let to_encode: Vec<Vec<F>> = e2e_stark_proof.proof.write();
     let value = hint_load_by_key_encode(&to_encode);
     stdin.add_key_value(key, value);
 
-    let exe_commit_u32_8: [u32; 8] = exe_commit_u32.try_into().unwrap();
-    let vm_commit_u32_8: [u32; 8] = vm_commit_u32.try_into().unwrap();
-
-    stdin.write(&exe_commit_u32_8);
-    stdin.write(&vm_commit_u32_8);
+    stdin.write(&commits.exe_commit);
+    stdin.write(&commits.vm_commit);
     stdin.write(&pvs_u32);
 
     sdk.execute(verify_exe, vm_config, stdin)?;

crates/toolchain/openvm/src/host.rs

@@ -98,6 +98,33 @@ pub fn read_u32() -> u32 {
     u32::from_le_bytes(bytes.try_into().unwrap())
 }
 
+/// Compute the hint key for `verify_openvm_stark` function, which reads a stark proof from stream
+/// `kv_store`.
+pub fn compute_hint_key_for_verify_openvm_stark(
+    asm_filename: &str,
+    exe_commit_u32: &[u32; 8],
+    vm_commit_u32: &[u32; 8],
+    pvs_u32: &[u32],
+) -> Vec<u8> {
+    asm_filename
+        .as_bytes()
+        .iter()
+        .cloned()
+        .chain(exe_commit_u32.iter().flat_map(|x| x.to_le_bytes()))
+        .chain(vm_commit_u32.iter().flat_map(|x| x.to_le_bytes()))
+        .chain(pvs_u32.iter().flat_map(|x| x.to_le_bytes()))
+        .collect()
+}
+
+/// Encode the public values in guest program(revealed by `reveal_u32`) into the format in proofs.
+pub fn encode_rv32_public_values(logic_pvs: &[u32]) -> Vec<u32> {
+    logic_pvs
+        .iter()
+        .flat_map(|x| x.to_le_bytes())
+        .map(|x| x as u32)
+        .collect()
+}
+
 #[cfg(all(feature = "std", test, not(target_os = "zkvm")))]
 mod tests {
     use alloc::vec;

crates/toolchain/openvm/src/verify_stark.rs

@@ -10,9 +10,9 @@
 /// program calls `reveal_u32` to publish an u32(e.g. `258`) in the proof, that u32 is decomposed
 /// into 4 field elements in byte. In `user_pvs`, it should be an u32 array, `[2, 1, 0, 0]`.
 /// 2. Provide the corresponding stark proof in the key-value store in OpenVM streams. The key
-///    should
-/// be the concatenation of the filename, `app_exe_commit`, `app_vm_commit`, and `user_pvs` in
-/// little-endian bytes.
+/// should be the concatenation of the filename, `app_exe_commit`, `app_vm_commit`, and `user_pvs`
+/// in little-endian bytes. Users can use `openvm::host::compute_hint_key_for_verify_openvm_stark`
+/// to compute the hint key.
 #[macro_export]
 macro_rules! define_verify_openvm_stark {
     ($fn_name: ident, $asm_folder: expr, $asm_filename: literal) => {