integrity icon indicating copy to clipboard operation
integrity copied to clipboard
Published 1 month ago verified publisher icon HerodotusDev

can't verify proof locally

Open rnbguy opened this issue 8 months ago • 6 comments

I have a sha256 verifier using the sha256 implementation from alexandria project. (I can't use core::sha256::compute_sha256_byte_array because I hit on this error.)

#[feature("deprecated-sha256")]
use alexandria_math::sha256::sha256;

fn main(args: Array<felt252>) -> Array<felt252> {
    let mut span = args.span();
    let data = Serde::<Array<u8>>::deserialize(ref span).unwrap();
    assert(data == array![97, 98, 99], 'Invalid input data');
    let hash: Array<u8> = sha256(data);
    let mut result = array![];
    Serde::serialize(@hash, ref result);
    result
}

I compile it using scarb as instructed and produced sha256.sierra.json. Then I follow the instructions from stone-prover repo to set it up.

git clone https://github.com/starkware-libs/stone-prover
cd e2e_test/Cairo
git clone https://github.com/lambdaclass/cairo-vm
cd cairo-vm/cairo1-run
make deps

Now I generate proof artifacts.

cargo run sha256.sierra.json --layout recursive --air_public_input=sha256_public_input.json --air_private_input=sha256_private_input.json --trace_file=sha256_trace.bin --memory_file=sha256_memory.bin --print_output --proof_mode --args '[3 97 98 99]'
...
Program Output : [32 186 120 22 191 143 1 207 234 65 65 64 222 93 174 34 35 176 3 97 163 150 23 122 156 180 16 255 97 242 0 21 173]

The program output is correct (for "abc").

I use recursive as integrity uses recursive, keccak and monolith features by default.

Now I try to generate the proof.

cpu_air_prover --out_file=sha256_proof.json --private_input_file=sha256_private_input.json --public_input_file=sha256_public_input.json --prover_config_file=../../cpu_air_prover_config.json --parameter_file=../../cpu_air_params.json --generate_annotations

But I hit on the following error.

Fri parameters do not match stark degree bound. Expected FRI degree from FriParameters: 8192. STARK: 4194304

Following the instruction for stone-prover, I set the cpu_air_params.json to the following

{
    "field": "PrimeField0",
    "stark": {
        "fri": {
            "fri_step_list": [
                0,
                4,
                3,
                4,
                3,
                2
            ],
            "last_layer_degree_bound": 64,
            "n_queries": 18,
            "proof_of_work_bits": 24
        },
        "log_n_cosets": 4
    },
    "use_extension_field": false
}

The above cpu_air_prover works now and generates sha256_proof.json.

Now I come back to integrity repo.

git clone https://github.com/HerodotusDev/integrity
cd integrity

Then I generate the felt calldata from the sha256_proof.json.

cargo run --release --bin proof_serializer < sha256_proof.json
...
7 26 0 3 26 0 2 26 0 26 6 15 16 22 ...

Now I try to verify the proof locally using integrity. But I hit on errors.

scarb build
cargo run --release --bin runner -- --program sha256.sierra.json --memory-verification strict --stone-version stone6 --hasher-bit-length 160_lsb < sha256_proof.json
...
proof size: 12134 felts

thread 'main' panicked at runner/src/main.rs:69:6:
called `Result::unwrap()` on an `Err` value: BuildError(FailedGasCalculation(UnexpectedCycle))
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

What am I doing wrong ?

rnbguy avatar May 06 '25 14:05 rnbguy

Hi, can you please attach proof file you got from stone?

fmkra avatar May 08 '25 09:05 fmkra

here it is: sha256_proof.json

rnbguy avatar May 08 '25 09:05 rnbguy

The issue with your proof is that fri_step_list has incorrect values:

"fri_step_list" : 
[
	0,
	6,
	4,
	3,
	2,
	1
],

namely step size should never be above 4 (because of this check). I'm not sure why 6 appears here given your cpu_air_params.json, but you can check that it is indeed 6 in your sha256_proof.json under proof_parameters > stark > fri > fri_step_list keys.

fmkra avatar May 08 '25 11:05 fmkra

Also for further debugging, make sure that you pass integrity.sierra.json as --program to the runner and not your actual sha256 program. Then you would get meaningful error:

proof size: 12682 felts
gas_counter: 4227578975
n_steps: 718138
thread 'main' panicked at runner/src/main.rs:90:13:
[0x56616c756520746f6f206c61726765]
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

and after decoding hex value to string you get 0x56616c756520746f6f206c61726765 -> 'Value too large' which leads us to the assertion error I pointed out in comment above.

fmkra avatar May 08 '25 11:05 fmkra

ah. I may have messed up something somewhere before. you're right. 🙏🏼 thanks for pointing me to the right direction. 🙌🏼

currently, I am using this sha256_proof.json

and I am getting

cargo run --release --bin runner -- --program target/dev/integrity.sierra.json --memory-verification strict --stone-version stone6 --hasher-bit-length 160_lsb < sha256_proof.json
...
proof size: 12134 felts
gas_counter: 4161528168
n_steps: 1010718

thread 'main' panicked at runner/src/main.rs:90:13:
[0x7533325f737562204f766572666c6f77]
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

0x7533325f737562204f766572666c6f77 -> u32_sub Overflow

I am using the latest scarb.

$ scarb --version
scarb 2.11.4 (c0ef5ec6a 2025-04-09)
cairo: 2.11.4 (https://crates.io/crates/cairo-lang-compiler/2.11.4)
sierra: 1.7.0

rnbguy avatar May 08 '25 12:05 rnbguy

It fails on this subtraction, because length of oods array is 0, so unsent_commitment.odds_values of this StarkProof object is missing, which means that the proof is still missing some fields. Please compare it with examples proofs we have in the repo and check if there is any section missing.

fmkra avatar May 08 '25 12:05 fmkra