Verifying proof authenticity with regards to program

[maoudia-via]

We are looking for a way to verify that a proof created with stone-prover was in fact created for the expected cairo(0) program. I understand from the documentation that is not currently supported by the prover, however:

• Is there a documented method to perform this verification.
• Are there any plans to support this with stone-prover or another tool ?

[ilyalesokhin-starkware]

The public_input includes: "program": { "begin_addr": ..., "stop_ptr": ... }, and "public_memory": [ ... ]

The public memory should include the program being verified at the relevant addresses.

[maoudia-via]

Thank you @iliav-starkware ! So in order to verify that a proof was created for an expected program I would have to :

1. cairo-run to get the air_public_input file and extract public_memory
2. Extract public_memory from the proof as you suggested.
3. Compare public_memory obtained in 1 and 2.

However 1 remains unclear because cairo-run requires the private program inputs, which, as a prover, I don't have access to. Is there another way to obtain the program public memory?

[ilyalesokhin-starkware]

If the proof was generated from the result of a cairo-run then 1 and 2 are going to be the same.

Instead of 1, you want to compile the relevant program with cairo-compile to get the bytecode and then check that the bytecode is loaded at the relevant addresses in the public public_memory.

[ilyalesokhin-starkware]

The required checks are mentioned here: https://github.com/starkware-libs/starkex-contracts/blob/master/evm-verifier/solidity/contracts/cpu/CpuVerifier.sol#L25

[maoudia-via]

Thank you @ilyalesokhin-starkware ! I think it would be nice to document the full extent of verification steps to verify a proof.