Integrity Verifier
Integrity allows you to verify STARK proofs on Starknet. It also registers all verified proofs in its storage, so other Cairo contracts can access them. It is crucial to understand how programs are stored inside Integrity’s Fact Registry.
Cairo memory sections
Cairo memory consists of 3 main sections - program, execution and output. That’s a simplification, but for understanding hashes calculated by Integrity, it will be enough. The program section contains your Cairo code compiled to Cairo VM instructions. Execution and output depend on program and input data. They are both calculated when running the program, but only output is exposed in public memory.
Fact and Verification Hash
After verifying the proof, Integrity calculates two hashes: program_hash and output_hash. They are Poseidon hashes of corresponding memory sections. Then, those two hashes are hashed together to get fact_hash.
If your contract needs to check whether certain proof was verified, you have to calculate those hashes in your contract and pass a fact_hash (or better verification_hash) to Integrity’s function. Usually you would verify proofs for some constant set of programs with arbitrary input and output, which means that you can hardcode program_hash while calculating output_hash and fact_hash dynamically.
However, as is usually the case, the reality is more complicated. To reduce public memory size, Cairo programs are often bootloaded, which means that your program isn’t run directly, but rather a special program called “bootloader” is placed in program segment, which is responsible for loading your program (called child program) to memory, executing it and calculating program_hash of the child program. This means that every bootloaded program will have the same program_hash and the program_hash of child program will only be present in bootloader’s output. This flow and hash calculation is represented in the following diagram:
Fortunately, you don’t need to implement above logic yourself, because Integrity provides a Scarb package with many useful utility functions, namely calculate_fact_hash and calculate_bootloaded_fact_hash. For more details, see “Calls from Starknet contracts” section in Integrity documentation.
If you have fact_hash calculated, you can call integrity’s get_all_verifications_for_fact_hash function to check whether given fact_hash has been verified. However, because Integrity accepts proofs with many settings and any number of security bits, you need to check if the proof has been verified with enough number of security bits. For that you can use is_fact_hash_valid_with_security utility function.
Here is an example of how to use those functions:
An alternative way is using verification_hash, which is composed from fact_hash, configuration and security bits. That means that no additional checks are needed.
And here is how you would check verification of multiple proofs with the same configuration using verification_hash:
If you are having trouble calculating any of those hashes, check out Integrity Hashes Calculator. Not only does it automatically calculate hashes for provided program_hash and output array, but also supports proof uploading, so you can get data directly from it.