Skip to main content

What is a zkVM?

A zero-knowledge virtual machine (zkVM) is a system that allows developers to generate zero-knowledge proofs (ZKPs) for the correct execution of arbitrary programs.

Think of a zkVM as a way to prove that a program evaluated a function f(x) and produced an output y, without revealing how it did so. The typical zkVM flow looks like this:

  1. Define your function f.
  2. Setup a proving key pk and a verifying key vk for the program based on the ELF.
  3. Prove the output of your program using prove(pk, x) to produce a proof π that f(x) = y.
  4. Verify the proof with verify(vk, x, y, π).

For example, f could be a simple Fibonacci sequence computation. In blockchain contexts, the proof is often verified on-chain via a smart contract.

How Does SP1 Work?

SP1 is a zkVM built to prove the execution of arbitrary programs compiled to the RISC-V instruction set. Here's how it works:

  1. Define your function f in Rust and compile it to a RISC-V ELF file.
  2. Setup a proving key pk and a verifying key vk for the program based on the ELF.
  3. Prove the execution of your program using SP1.
  4. Verify the proof using SP1.

Behind the scenes, SP1 is powered by a zero-knowledge proof system known as STARKs (Scalable Transparent ARguments of Knowledge), which enable fast, transparent, and post-quantum-secure proof generation. STARKs work by encoding a computation as a series of algebraic constraints and using a cryptographic commitment scheme known as FRI (Fast Reed-Solomon Interactive Oracle Proofs of Proximity) to prove that these constraints are satisfied. SP1 operates over the Baby Bear field, a finite field optimized for efficient arithmetic in STARK-based systems.

To ensure scalability, SP1 supports recursive STARKs, allowing it to break long computations into smaller chunks and prove each recursively. Additionally, SP1 includes a STARK-to-SNARK wrapping layer that compresses large STARK proofs into small SNARK proofs, enabling efficient verification on-chain (especially in EVM environments). This hybrid design strikes a balance between performance, proof size, and compatibility with existing blockchain infrastructure.