Proof Types

There are a few different types of proofs that can be generated by the SP1 zkVM. Each proof type has its own tradeoffs in terms of proof generation time, verification cost, and proof size.

The ProverClient follows a "builder" pattern that allows you to configure the proof type and other options after creating a ProverClient and calling prove on it.

For a full list of options, see the following docs.

Core (Default)

The default prover mode generates a list of STARK proofs that in aggregate have size proportional to the size of the execution. Use this in settings where you don't care about verification cost / proof size.

let client = ProverClient::new();
client.prove(&pk, stdin).run().unwrap();

Compressed

The compressed prover mode generates STARK proofs that have constant size. Use this in settings where you care about verification cost / proof size. This is useful for applications where you want to recursively verify SP1 proofs within SP1 (see the proof aggregation section).

let client = ProverClient::new();
client.prove(&pk, stdin).compressed().run().unwrap();

Groth16 (testnet only)

The Groth16 prover mode generate a SNARK proof with extremely small proof size and low verification cost. This mode generates proofs that can be verified onchain for around ~270k gas.

let client = ProverClient::new();
client.prove(&pk, stdin).groth16().run().unwrap();

PLONK

The Groth16 and PLONK prover modes generate a SNARK proof with extremely small proof size and low verification cost. This mode generates proofs that can be verified onchain for around ~300k gas.

let client = ProverClient::new();
client.prove(&pk, stdin).plonk().run().unwrap();