Skip to content
forked from risc0/risc0

RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture.

License

Apache-2.0, Unknown licenses found

Licenses found

Apache-2.0
LICENSE
Unknown
license-check.py
Notifications You must be signed in to change notification settings

justinfrevert/risc0

Repository files navigation

Crates.io MIT licensed Build Status Discord chat Twitter

WARNING: This software is still experimental, we do not recommend it for production use (see Security section).

RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture.

A zero knowledge proof allows one party (the prover) to convince another party (the verifier) that something is true without revealing all the details. In the case of RISC Zero, the prover can show they correctly executed some code (known to both parties), while only revealing to the verifier the output of the code, not any of its inputs or any state during execution.

The code runs in a special virtual machine, called a zkVM. The RISC Zero zkVM emulates a small RISC-V computer, allowing it to run arbitrary code in any language, so long as a compiler toolchain exists that targets RISC-V. Currently, SDK support exists for Rust, C, and C++.

Protocol overview and terminology

First, the code to be proven must be compiled from its implementation language into a method. A method is represented by a RISC-V ELF file with a special entry point that runs the code of the method. Additionally, one can compute for a given method its image ID which is a special type of cryptographic hash of the ELF file, and is required for verification.

Next, the prover runs the method inside the zkVM. The logical RISC-V machine running inside the zkVM is called the guest and the prover running the zkVM is called the host. The guest and the host can communicate with each other during the execution of the method, but the host cannot modify the execution of the guest in any way, or the proof being generated will be invalid. During execution, the guest code can write to a special append-only log called the journal that represents the official output of the computation.

Presuming the method terminated correctly, a receipt is produced, which provides the proof of correct execution. This receipt consists of 2 parts: the journal written during execution and a blob of opaque cryptographic data called the seal.

The verifier can then verify the receipt and examine the log. If any tampering was done to the journal or the seal, the receipt will fail to verify. Additionally, it is cryptographically infeasible to generate a valid receipt unless the output of the journal is the exactly correct output for some valid execution of the method whose image ID matches the receipt. In summary, the receipt acts as a zero knowledge proof of correct execution.

Because the protocol is zero knowledge, the verifier cannot infer anything about the details of the execution or any data passed between the host and the guest (aside from what is implied by the data written to the journal and the correct execution of the code).

Security

This code is based on the well studied zk-STARK protocol, which has been proven secure under the random oracle model, with the only assumption being the security of the cryptographic hash used. Our implementation uses SHA-256 for that hash and targets 100 bits of security.

That said, this code is still under heavy development and has not been audited. There may be bugs in the zk-STARK implementation, the arithmetic circuit used to instantiate the RISC-V zkVM, or any other element of the code's implementation. Such bugs may impact the security of receipts, leak information, or cause any other manner of problems. Caveat emptor.

Getting Started

First, clone this repository and install rust.

To start your own project, you can use our cargo risczero tool to write the initial boilerplate and set up a standard file structure. First install the tool

cargo install cargo-risczero

Then, create a new project (named my_project in this example command)

cargo risczero new my_project

More details and options for cargo risczero are given in its README.

To run a simple RISC Zero program, navigate to the examples/factors directory and run cargo run:

cd examples/factors
cargo run -r

This should produce the output I know the factors of 391, and I can prove it!. Congratulations, you've produced your first RISC Zero zero-knowledge proof! You can find more examples in this examples folder.

For more guidance on how to use RISC Zero, how RISC Zero projects are typically structured, and other resources useful to developers new to RISC Zero, see our Getting Started page.

Rust Binaries

crate crates.io
risc0-r0vm x
risc0-tools x

Rust Libraries

crate crates.io docs.rs
risc0-build x
risc0-build-kernel x
risc0-circuit-rv32im x
risc0-core x
risc0-sys x
risc0-zeroio x
risc0-zeroio-derive x
risc0-zkp x
risc0-zkvm x
risc0-zkvm-platform x

cargo risczero tool

Included is a tool to manage RISC Zero project directories.

# Installing from local source
cargo install --path risc0/cargo-risczero
# Install from crates.io
cargo install cargo-risczero

License

This project is licensed under the Apache2 license. See LICENSE.

About

RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture.

Resources

License

Apache-2.0, Unknown licenses found

Licenses found

Apache-2.0
LICENSE
Unknown
license-check.py

Stars

Watchers

Forks

Packages

No packages published

Languages

  • C++ 67.5%
  • Rust 19.5%
  • Metal 5.8%
  • Cuda 5.6%
  • Solidity 0.5%
  • TeX 0.4%
  • Other 0.7%