Skip to main content

Setup

The best way to get started with verifying SP1 proofs on-chain is to refer to the SP1 Project Template.

You can initialize a new project with the template by running:

cargo prove new --evm <name>

This will create a new project with the following structure:

  • The template program shows how to write outputs that can be decoded in Solidity.
  • The template script shows how to generate the proof using the SP1 SDK.
  • The template contract shows how to verify the proof onchain using Solidity.

Refer to the section on Contract Addresses for the addresses of the deployed verifiers.

Generating SP1 Proofs for Onchain Verification

By default, the proofs generated by SP1 are not verifiable onchain, as they are non-constant size and STARK verification on Ethereum is very expensive. To generate a proof that can be verified onchain, we use performant STARK recursion to combine SP1 shard proofs into a single STARK proof and then wrap that in a SNARK proof. Our ProverClient has a prover option for this called plonk. Behind the scenes, this function will first generate a normal SP1 proof, then recursively combine all of them into a single proof using the STARK recursion protocol. Finally, the proof is wrapped in a SNARK proof using PLONK.

WARNING: The Groth16 and PLONK provers are only guaranteed to work on official releases of SP1. To use Groth16 or PLONK proving & verification locally, ensure that you have Docker installed and have at least 16GB of RAM (refer to hardware requirements for more details). Note that you might need to increase the memory limit for docker desktop if you're running on Mac.

Example

You can run the above script with RUST_LOG=info cargo run --bin groth16_bn254 --release in examples/fibonacci/script.