Proof System Overview

When the RISC Zero zkVM executes, it produces a SessionReceipt that serves as a proof of validity of a given Session.

To confirm that a SessionReceipt was honestly generated, use SessionReceipt::verify and supply the ImageID of the code that should have been executed as a parameter.

The SessionReceipt includes a journal, which contains the public outputs of the Session. The contents of the journal are specified by calling env::commit() and env::commit_slice() in the guest code.

Cryptographically speaking, the SessionReceipt is a collection of ZK-STARKs, each of which proves a single Segment.

The details of the RISC Zero ZK-STARK are described in our ZKP Whitepaper and in this Sequence Diagram.

Learn More

About the zkVM

• Video Explainer from zkHack
• Written Explainer

About STARKs

• STARKs reference doc
• STARK by Hand Tutorial
  • Website version
  • Google Sheet version
  • Printable Version

About RISC Zero

• All our public talks and podcasts are available on our YouTube channel.
• RISC Zero Study Club is intended to help make the technology underpinning RISC Zero more accessible. Past sessions include:
  • What is RISC-V and how does it relate to RISC Zero?
  • Intro to Finite Fields
  • Intro to Reed-Solomon Codes
  • Intro to Number Theoretic Transforms
  • Intro to the FRI Protocol
  • Finite Field Implementation Options: Barrett & Montgomery Multiplication