# What is a zkVM?

A zero-knowledge virtual machine (zkVM) is zero-knowledge proof system that allows developers to prove the execution of arbitrary Rust (or other LLVM-compiled language) programs.

Conceptually, you can think of the SP1 zkVM as proving the evaluation of a function `f(x) = y`

by following the steps below:

- Define
`f`

using normal Rust code and compile it to an ELF (covered in the writing programs section). - Setup a proving key (
`pk`

) and verifying key (`vk`

) for the program given the ELF. - Generate a proof
`π`

using the SP1 zkVM that`f(x) = y`

with`prove(pk, x)`

. - Verify the proof
`π`

using`verify(vk, x, y, π)`

.

As a practical example, `f`

could be a simple Fibonacci program. The process of generating a proof and verifying it can be seen here.

For blockchain applications, the verification usually happens inside of a smart contract.

## How does SP1 Work?

At a high level, SP1 works with the following steps:

- Write a program in Rust that defines the logic of your computation for which you want to generate a ZKP.
- Compile the program to the RISC-V ISA (a standard Rust compilation target) using the
`cargo prove`

CLI tool (installation instructions here) and generate a RISC-V ELF file. - SP1 will prove the correct execution of arbitrary RISC-V programs by generating a STARK proof of execution.
- Developers can leverage the
`sp1-sdk`

crate to generate proofs with their ELF and input data. Under the hood the`sp1-sdk`

will either generate proofs locally or use a beta version of Succinct's prover network to generate proofs.

SP1 leverages performant STARK recursion that allows us to prove the execution of arbitrarily long programs and also has a STARK -> SNARK "wrapping system" that allows us to generate small SNARK proofs that can be efficiently verified on EVM chains.

## Proof System

For more technical details, check out the SP1 technical note that explains our proof system in detail. In short, we use:

- STARKs + FRI over the Baby Bear field
- We use performant STARK recursion that allows us to prove the execution of arbitrarily long programs
- We have a system of performant precompiles that accelerate hash functions and cryptographic signature verification that allow us to get substantial performance gains on blockchain workloads