feat: helper functions for verify_openvm_stark (#1631)

- `AppExecutionCommit` stores `u32` instead of `BabyBear`.
- Rename `E2eStarkProof` to `VmStarkProof`.
- Add
`compute_hint_key_for_verify_openvm_stark`/`encode_rv32_public_values`
for users to prepare inputs for `verify_openvm_stark`. But it still
seems hard to understand what happens.
- Improve docs about `Rv32HintLoadByKey`.

Author: nyunyunyunyu

Cargo.lock

@@ -66,6 +66,7 @@ members = [
     "extensions/pairing/transpiler",
     "extensions/pairing/guest",
     "extensions/pairing/tests",
+    "guest-libs/verify_stark/guest",
 ]
 exclude = ["crates/sdk/example"]
 resolver = "2"
@@ -162,6 +163,7 @@ openvm-ecc-sw-macros = { path = "extensions/ecc/sw-macros", default-features = f
 openvm-pairing-circuit = { path = "extensions/pairing/circuit", default-features = false }
 openvm-pairing-transpiler = { path = "extensions/pairing/transpiler", default-features = false }
 openvm-pairing-guest = { path = "extensions/pairing/guest", default-features = false }
+openvm-verify-stark = { path = "guest-libs/verify_stark/guest", default-features = false }
 
 # Benchmarking
 openvm-benchmarks-utils = { path = "benchmarks/utils", default-features = false }

Cargo.toml

@@ -103,6 +103,13 @@ impl ProveCmd {
                 sdk.set_agg_tree_config(*agg_tree_config);
                 let (app_pk, committed_exe, input) =
                     Self::prepare_execution(&sdk, app_pk, exe, input)?;
+                let commits = AppExecutionCommit::compute(
+                    &app_pk.app_vm_pk.vm_config,
+                    &committed_exe,
+                    &app_pk.leaf_committed_exe,
+                );
+                println!("exe commit: {:?}", commits.exe_commit);
+                println!("vm commit: {:?}", commits.vm_commit);
                 let agg_pk = read_agg_pk_from_file(DEFAULT_AGG_PK_PATH).map_err(|e| {
                     eyre::eyre!("Failed to read aggregation proving key: {}\nPlease run 'cargo openvm setup' first", e)
                 })?;
@@ -129,6 +136,14 @@ impl ProveCmd {
                 let params_reader = CacheHalo2ParamsReader::new(DEFAULT_PARAMS_DIR);
                 let (app_pk, committed_exe, input) =
                     Self::prepare_execution(&sdk, app_pk, exe, input)?;
+                let commits = AppExecutionCommit::compute(
+                    &app_pk.app_vm_pk.vm_config,
+                    &committed_exe,
+                    &app_pk.leaf_committed_exe,
+                );
+                println!("exe commit: {:?}", commits.exe_commit_to_bn254());
+                println!("vm commit: {:?}", commits.vm_commit_to_bn254());
+
                 println!("Generating EVM proof, this may take a lot of compute and memory...");
                 let agg_pk = read_agg_pk_from_file(DEFAULT_AGG_PK_PATH).map_err(|e| {
                     eyre::eyre!("Failed to read aggregation proving key: {}\nPlease run 'cargo openvm setup' first", e)
@@ -155,14 +170,6 @@ impl ProveCmd {
         let app_exe = read_exe_from_file(exe)?;
         let committed_exe = sdk.commit_app_exe(app_pk.app_fri_params(), app_exe)?;
 
-        let commits = AppExecutionCommit::compute(
-            &app_pk.app_vm_pk.vm_config,
-            &committed_exe,
-            &app_pk.leaf_committed_exe,
-        );
-        println!("app_pk commit: {:?}", commits.app_config_commit_to_bn254());
-        println!("exe commit: {:?}", commits.exe_commit_to_bn254());
-
         let input = read_to_stdin(input)?;
         Ok((app_pk, committed_exe, input))
     }

crates/cli/src/commands/prove.rs

@@ -30,15 +30,15 @@ pub struct InternalVmVerifierInput<SC: StarkGenericConfig> {
 }
 assert_impl_all!(InternalVmVerifierInput<BabyBearPoseidon2Config>: Serialize, DeserializeOwned);
 
-/// The final output of the internal VM verifier.
+/// A proof which can prove OpenVM program execution.
 #[derive(Deserialize, Serialize, Derivative)]
 #[serde(bound = "")]
 #[derivative(Clone(bound = "Com<SC>: Clone"))]
-pub struct E2eStarkProof<SC: StarkGenericConfig> {
+pub struct VmStarkProof<SC: StarkGenericConfig> {
     pub proof: Proof<SC>,
     pub user_public_values: Vec<Val<SC>>,
 }
-assert_impl_all!(E2eStarkProof<BabyBearPoseidon2Config>: Serialize, DeserializeOwned);
+assert_impl_all!(VmStarkProof<BabyBearPoseidon2Config>: Serialize, DeserializeOwned);
 
 /// Aggregated state of all segments
 #[derive(Debug, Clone, Copy, AlignedBorrow)]

crates/continuations/src/verifier/internal/types.rs

@@ -6,7 +6,7 @@ use openvm_stark_sdk::openvm_stark_backend::proof::Proof;
 
 use crate::{
     verifier::{
-        internal::types::{E2eStarkProof, InternalVmVerifierInput},
+        internal::types::{InternalVmVerifierInput, VmStarkProof},
         utils::write_field_slice,
     },
     C, F, SC,
@@ -44,7 +44,7 @@ impl Hintable<C> for InternalVmVerifierInput<SC> {
     }
 }
 
-impl Hintable<C> for E2eStarkProof<SC> {
+impl Hintable<C> for VmStarkProof<SC> {
     type HintVariable = E2eStarkProofVariable<C>;
 
     fn read(builder: &mut Builder<C>) -> Self::HintVariable {

crates/continuations/src/verifier/internal/vars.rs

@@ -58,10 +58,6 @@ hex.workspace = true
 forge-fmt = { workspace = true, optional = true }
 rrs-lib = { workspace = true }
 
-[dev-dependencies]
-openvm-rv32im-guest.workspace = true
-
-
 [features]
 default = ["parallel", "jemalloc", "evm-verify"]
 evm-prove = ["openvm-native-recursion/evm-prove"]

crates/sdk/Cargo.toml

@@ -4,7 +4,7 @@ use openvm_circuit::{
     arch::ContinuationVmProof, system::memory::tree::public_values::UserPublicValuesProof,
 };
 use openvm_continuations::verifier::{
-    internal::types::E2eStarkProof, root::types::RootVmVerifierInput,
+    internal::types::VmStarkProof, root::types::RootVmVerifierInput,
 };
 use openvm_native_compiler::ir::DIGEST_SIZE;
 use openvm_native_recursion::hints::{InnerBatchOpening, InnerFriProof, InnerQueryProof};
@@ -61,7 +61,7 @@ impl Encode for ContinuationVmProof<SC> {
     }
 }
 
-impl Encode for E2eStarkProof<SC> {
+impl Encode for VmStarkProof<SC> {
     fn encode<W: Write>(&self, writer: &mut W) -> Result<()> {
         self.proof.encode(writer)?;
         encode_slice(&self.user_public_values, writer)
@@ -332,7 +332,7 @@ impl Decode for ContinuationVmProof<SC> {
     }
 }
 
-impl Decode for E2eStarkProof<SC> {
+impl Decode for VmStarkProof<SC> {
     fn decode<R: Read>(reader: &mut R) -> Result<Self> {
         let proof = Proof::decode(reader)?;
         let user_public_values = decode_vec(reader)?;

crates/sdk/guest/verify_openvm_stark/src/main.rs

@@ -4,8 +4,7 @@ use openvm_circuit::{
     arch::{instructions::exe::VmExe, VmConfig},
     system::program::trace::VmCommittedExe,
 };
-use openvm_continuations::verifier::leaf::LeafVmVerifierConfig;
-use openvm_native_compiler::{conversion::CompilerOptions, ir::DIGEST_SIZE};
+use openvm_native_compiler::ir::DIGEST_SIZE;
 use openvm_stark_backend::{config::StarkGenericConfig, p3_field::PrimeField32};
 use openvm_stark_sdk::{
     config::{baby_bear_poseidon2::BabyBearPoseidon2Engine, FriParameters},
@@ -14,14 +13,16 @@ use openvm_stark_sdk::{
     p3_baby_bear::BabyBear,
     p3_bn254_fr::Bn254Fr,
 };
+use serde::{Deserialize, Serialize};
 
-use crate::{keygen::AppProvingKey, NonRootCommittedExe, F, SC};
+use crate::{NonRootCommittedExe, F, SC};
 
 /// `AppExecutionCommit` has all the commitments users should check against the final proof.
-pub struct AppExecutionCommit<T> {
+#[derive(Clone, Debug, Serialize, Deserialize)]
+pub struct AppExecutionCommit {
     /// Commitment of the leaf VM verifier program which commits the VmConfig of App VM.
     /// Internal verifier will verify `leaf_vm_verifier_commit`.
-    pub leaf_vm_verifier_commit: [T; DIGEST_SIZE],
+    pub vm_commit: [u32; DIGEST_SIZE],
     /// Commitment of the executable. It's computed as
     /// compress(
     ///     compress(
@@ -31,37 +32,39 @@ pub struct AppExecutionCommit<T> {
     ///     hash(right_pad(pc_start, 0))
     /// )
     /// `right_pad` example, if pc_start = 123, right_pad(pc_start, 0) = \[123,0,0,0,0,0,0,0\]
-    pub exe_commit: [T; DIGEST_SIZE],
+    pub exe_commit: [u32; DIGEST_SIZE],
 }
 
-impl AppExecutionCommit<F> {
+impl AppExecutionCommit {
     /// Users should use this function to compute `AppExecutionCommit` and check it against the
     /// final proof.
     pub fn compute<VC: VmConfig<F>>(
         app_vm_config: &VC,
         app_exe: &NonRootCommittedExe,
         leaf_vm_verifier_exe: &NonRootCommittedExe,
     ) -> Self {
-        let exe_commit = app_exe
+        let exe_commit: [F; DIGEST_SIZE] = app_exe
             .compute_exe_commit(&app_vm_config.system().memory_config)
             .into();
-        let leaf_vm_verifier_commit: [F; DIGEST_SIZE] =
-            leaf_vm_verifier_exe.committed_program.commitment.into();
+        let vm_commit: [F; DIGEST_SIZE] = leaf_vm_verifier_exe.committed_program.commitment.into();
 
         Self {
-            leaf_vm_verifier_commit,
-            exe_commit,
+            vm_commit: vm_commit.map(|x| x.as_canonical_u32()),
+            exe_commit: exe_commit.map(|x| x.as_canonical_u32()),
         }
     }
 
-    pub fn app_config_commit_to_bn254(&self) -> Bn254Fr {
-        babybear_digest_to_bn254(&self.leaf_vm_verifier_commit)
+    pub fn vm_commit_to_bn254(&self) -> Bn254Fr {
+        babybear_u32_digest_to_bn254(&self.vm_commit)
     }
 
     pub fn exe_commit_to_bn254(&self) -> Bn254Fr {
-        babybear_digest_to_bn254(&self.exe_commit)
+        babybear_u32_digest_to_bn254(&self.exe_commit)
     }
 }
+fn babybear_u32_digest_to_bn254(digest: &[u32; DIGEST_SIZE]) -> Bn254Fr {
+    babybear_digest_to_bn254(&digest.map(F::from_canonical_u32))
+}
 
 pub(crate) fn babybear_digest_to_bn254(digest: &[F; DIGEST_SIZE]) -> Bn254Fr {
     let mut ret = Bn254Fr::ZERO;
@@ -74,25 +77,6 @@ pub(crate) fn babybear_digest_to_bn254(digest: &[F; DIGEST_SIZE]) -> Bn254Fr {
     ret
 }
 
-pub fn generate_leaf_committed_exe<VC: VmConfig<F>>(
-    leaf_fri_params: FriParameters,
-    compiler_options: CompilerOptions,
-    app_pk: &AppProvingKey<VC>,
-) -> Arc<NonRootCommittedExe> {
-    let app_vm_vk = app_pk.app_vm_pk.vm_pk.get_vk();
-    let leaf_engine = BabyBearPoseidon2Engine::new(leaf_fri_params);
-    let leaf_program = LeafVmVerifierConfig {
-        app_fri_params: app_pk.app_vm_pk.fri_params,
-        app_system_config: app_pk.app_vm_pk.vm_config.system().clone(),
-        compiler_options,
-    }
-    .build_program(&app_vm_vk);
-    Arc::new(VmCommittedExe::commit(
-        leaf_program.into(),
-        leaf_engine.config.pcs(),
-    ))
-}
-
 pub fn commit_app_exe(
     app_fri_params: FriParameters,
     app_exe: impl Into<VmExe<F>>,

crates/sdk/src/codec.rs

@@ -21,7 +21,7 @@ use openvm_circuit::{
     },
 };
 use openvm_continuations::verifier::{
-    internal::types::E2eStarkProof,
+    internal::types::VmStarkProof,
     root::{types::RootVmVerifierInput, RootVmVerifierConfig},
 };
 pub use openvm_continuations::{
@@ -61,7 +61,7 @@ pub mod prover;
 mod stdin;
 pub use stdin::*;
 
-use crate::keygen::asm::program_to_asm;
+use crate::{config::AggStarkConfig, keygen::asm::program_to_asm};
 
 pub mod fs;
 pub mod types;
@@ -261,6 +261,11 @@ impl<E: StarkFriEngine<SC>> GenericSdk<E> {
         Ok(agg_pk)
     }
 
+    pub fn agg_stark_keygen(&self, config: AggStarkConfig) -> Result<AggStarkProvingKey> {
+        let agg_pk = AggStarkProvingKey::keygen(config);
+        Ok(agg_pk)
+    }
+
     pub fn generate_root_verifier_asm(&self, agg_stark_pk: &AggStarkProvingKey) -> String {
         let kernel_asm = RootVmVerifierConfig {
             leaf_fri_params: agg_stark_pk.leaf_vm_pk.fri_params,
@@ -302,7 +307,7 @@ impl<E: StarkFriEngine<SC>> GenericSdk<E> {
         app_exe: Arc<NonRootCommittedExe>,
         agg_stark_pk: AggStarkProvingKey,
         inputs: StdIn,
-    ) -> Result<E2eStarkProof<SC>>
+    ) -> Result<VmStarkProof<SC>>
     where
         VC::Executor: Chip<SC>,
         VC::Periphery: Chip<SC>,