Skip to content

Verifying Proofs

To verify a proof generated by OpenVM, you can use the following CLI command:

cargo openvm verify <app | stark | evm>

Verifying Application Proofs

Verifying a proof at the application level requires both the proof and application verifying key.

cargo openvm verify app
    --app-vk <path_to_app_vk>
    --proof <path_to_proof>

Options --manifest-path, --target-dir are also available to verify. If you omit --app_vk the command will search for the verifying key at ${target_dir}/openvm/app.vk.

If you omit --proof, the command will search the working directory for files with the .app.proof extension. In this case, we expect to find a single proof, and verify will fail otherwise.

Verifying STARK Proofs

To verify a STARK proof, you can run the following command:

cargo openvm verify stark --proof <path_to_proof>

If you omit --proof, the command will search the working directory for files with the .stark.proof extension. In this case, we expect to find a single proof, and verify will fail otherwise.

The command defaults to reading a JSON file containing app_exe_commit and app_vm_commit fields at ${target_dir}/openvm/release/${target}.commit.json. To override this, you can use the --app-commit option to specify a path to a JSON file generated by the cargo openvm commit CLI command as described here.

Verifying EVM Proofs

To verify an EVM proof, you can run the following command or call the IOpenVmHalo2Verifier.verify() function in the OpenVM Solidity SDK.

cargo openvm verify evm --proof <path_to_proof>

If you omit --proof, the command will search the working directory for files with the .evm.proof extension. In this case, we expect to find a single proof, and verify will fail otherwise.

EVM Proof: JSON Format

The EVM proof is written as a JSON of the following format:

[...].evm.proof
{
  "version": "v..",
  "app_exe_commit": "..",
  "app_vm_commit": "..",
  "user_public_values": "..",
  "proof_data": {
    "accumulator": "..",
    "proof": ".."
  },
}

where each field is a hex string (without the 0x prefix). We explain what each field represents:

  • version: current OpenVM version
  • app_exe_commit: 32 bytes for the commitment of the app executable.
  • app_vm_commit: 32 bytes for the commitment of the app VM configuration.
  • user_public_values: concatenation of 32 byte chunks for user public values. The number of user public values is a configuration parameter.
  • accumulator: 12 * 32 bytes representing the KZG accumulator of the proof, where the proof is from a SNARK using the KZG commitment scheme.
  • proof: The rest of the proof required by the SNARK as a hex string of 43 * 32 bytes.

EVM Proof: Calldata Format

The cargo openvm verify evm command reads the EVM proof from JSON file and then simulates the call to the verifier contract using Revm. This function should only be used for testing and development purposes but not for production.

To verify the EVM proof in an EVM execution environment, the entries of the JSON can be passed as function arguments for the verify contract function, where the proofData argument is constructed by proofData = abi.encodePacked(accumulator, proof).