andrewmilson / sandstorm

Cairo prover powered by miniSTARK (compatible with StarkWare's verifiers)
MIT License
156 stars 21 forks source link

Default ProofParams on sandstorm and Starkware Verifier expected ProofParams #6

Open tiagorvmartins opened 1 year ago

tiagorvmartins commented 1 year ago

The proof generation on sandstorm uses the following parameters listed below as default:

#[structopt(long, default_value = "65")]
num_queries: u8,
#[structopt(long, default_value = "2")]
lde_blowup_factor: u8,
#[structopt(long, default_value = "16")]
proof_of_work_bits: u8,
#[structopt(long, default_value = "8")]
fri_folding_factor: u8,
#[structopt(long, default_value = "16")]
fri_max_remainder_coeffs: u8,

While checking starkex smart contracts, the proofParams expected on the smart contract method verifyProofAndRegister of Starkware GpsStatementVerifier seems to be the related with the following:


I can see a relation between the first three to the default ones used by sandstorm, but even looking at sandstorm and comparing with starkex smart contracts, couldn't figure yet how I can get the other parameters (PROOF_PARAMS_FRI_LAST_LAYER_LOG_DEG_BOUND_OFFSET, PROOF_PARAMS_N_FRI_STEPS_OFFSET, PROOF_PARAMS_FRI_STEPS_OFFSET), taking into account on sandstorm there is the fri_folding_factor and fri_max_remainder_coeffs.

I believe there might be a way, maybe not trivial, can some insight be given on this matter? @andrewmilson Thank you!

andrewmilson commented 1 year ago

Yeah, not all the proof params can be derived directly from the Sandstorm params. Here's how you can calculate each of them:

let lde_blowup_factor = proof.options.lde_blowup_factor as usize;
let lde_domain_size = proof.trace_len * lde_blowup_factor;
let fri_options = proof.options.into_fri_options();
let remainder_codeword_size = fri_options.remainder_size(lde_domain_size);
let max_remainder_coeffs = remainder_codeword_size / lde_blowup_factor;

let fri_last_layer_log_deg_bound = max_remainder_coeffs.ilog2();

let fri_steps = [
    vec![proof.options.fri_folding_factor.ilog2(); fri_options.num_layers(lde_domain_size)],

let n_fri_steps = fri_steps.len();
tiagorvmartins commented 1 year ago

Hi @andrewmilson thank you! That really helped understanding and putting it together on my side. I am currently trying to test an example following the required params for the starkex expected params.

Another fields which I couldn't find a matching anywhere was the cairoAuxInput and cairoVerifierId. However, did some digging/comparing the source code and I have the following at the moment:

println!("n_steps: {}", air_public_input.n_steps);
println!("rc_min: {}", air_public_input.rc_min);
println!("rc_max: {}", air_public_input.rc_max);
println!("layout_code: {}", air_public_input.layout.sharp_code()); // the code returned doesnt match any layout code in starkex contracts, also what layout from the specs should we use? Does the layout used is related with the cairoVerifierId field?
println!("program_begin_addr: {}", air_public_input.memory_segments.program.begin_addr);
println!("program_stop_ptr: {}", air_public_input.memory_segments.program.stop_ptr);
println!("execution_begin_addr: {}", air_public_input.memory_segments.execution.begin_addr);
println!("execution_stop_ptr: {}", air_public_input.memory_segments.execution.stop_ptr);            
match air_public_input.memory_segments.output {
    Some(p) => {
        println!("output_begin_addr: {}", p.begin_addr);
        println!("output_stop_ptr: {}", p.stop_ptr);
    None => println!("memory_segment output has no value"),
match air_public_input.memory_segments.pedersen {
    Some(p) => {
        println!("pedersen_begin_addr: {}", p.begin_addr);
        println!("pedersen_stop_ptr: {}", p.stop_ptr);
    None => println!("memory_segment pedersen has no value"),
match air_public_input.memory_segments.range_check {
    Some(p) => {
        println!("range_check_begin_addr: {}", p.begin_addr);
        println!("range_check_stop_ptr: {}", p.stop_ptr);
    None => println!("memory_segment range_check has no value"),
match air_public_input.memory_segments.ecdsa {
    Some(p) => {
        println!("ecdsa_begin_addr: {}", p.begin_addr);
        println!("ecdsa_stop_ptr: {}", p.stop_ptr);
    None => println!("memory_segment ecdsa has no value"),
match air_public_input.memory_segments.bitwise {
    Some(p) => {
        println!("bitwise_begin_addr: {}", p.begin_addr);
        println!("bitwise_stop_ptr: {}", p.stop_ptr);
    None => println!("memory_segment bitwise has no value"),
match air_public_input.memory_segments.ec_op {
    Some(p) => {
        println!("ec_op_begin_addr: {}", p.begin_addr);
        println!("ec_op_stop_ptr: {}", p.stop_ptr);
    None => println!("memory_segment ec_op has no value"),
println!("public_memory_padding_addr: {}", air_public_input.public_memory_padding().address);
println!("public_memory_padding_value: {}", air_public_input.public_memory_padding().value);
println!("n_public_memory_pages: {}", air_public_input.public_memory.len() - 1); // Minus 1, because there is the padding element inside, I guess?

let addr = air_public_input.public_memory_padding().address;            
let mut public_memory_pages: Vec<String> = Vec::new();

for i in air_public_input.public_memory.iter() {                 
    if i.address != addr {                     

println!("public_memory_pages: {}", public_memory_pages.join(""));

Note: I am not fluent in rust, so sorry if there is something that doesn't make sense.

However I have a few questions which can also be seen as comments on the code above.

1) What layout code should we use? In starkex contracts, I notice there are at least 6 different layouts, and there is a LAYOUT_CODE there, but none matched the code returned from this sharp_code function, maybe its in a different type data (not sure).

2) Does the layout code should match the cairoVerifierId? Which layout of starkex contracts does sandstorm uses? Let's say it matches the Layout6 of Starkex, then I should use cairoVerifierId 6?

3) Not sure about how to send the public memory pages from the air_public_input, is something along the logic I followed the correct way of doing it?

Thank you again your help!

tiagorvmartins commented 1 year ago

Hello @andrewmilson, quick update:

Found the utility function public_input_elements on the type CairoAuxInput inside sandstorm which helps with my previous comment, however I did notice the following:

 // Only 1 memory page currently for the main memory page
// TODO: support more memory pages
vals[OFFSET_N_PUBLIC_MEMORY_PAGES] = Some(uint!(1_U256));

Also looked into the contract source code:

Trying to submit a transaction to a starkex verifier on chain and I am getting: execution reverted: Invalid publicMemoryPages length.

Can you give some insights on what I might be missing?

Here is the current cairoAuxInput: [14 32764 32770 2110234636557836973669 1 5 45 76 76 76 76 76 460 460 2508 2508 1 290341444919459839 1 44 2438915998226227605472886518537430927592922043182741168578657691006379362735]