zkVM exploration

SP1 zkVM

Overview

SP1 uses FRI-based STARK proving system with recursive aggregation and optional STARK-to-SNARK wrapping. It supports on-chain verification on Ethereum and Solana.

SP1 can execute and prove programs written in Rust, C, C++, or any language compiled to risc-v.

Proving System

• Base proving system: FRI-based STARK

• Field: Baby Bear field

  • Small field with prime

    p = 15 \cdot 2^{27} + 1

• Recursion: Fully supported (recursive STARKs)

• Acceleration:

  • Cryptographic precompiles

  • GPU acceleration

Proof Types in SP1

SP1 supports multiple proof types:

1. Core Proof (Default)

• A list of STARK proofs

• Fully transparent (no trusted setup)

• Large proof size

• Best suited for:

  • Off-chain verification

  • Further recursive proving and aggregation

2. Compressed Proof

• Constant-size proof

• Required for proof aggregation

• Used as input for recursive verification inside SP1

Note: To verify an SP1 proof within SP1, a compressed proof must be generated first

3. Groth16 Proof

• ~260 bytes

• ~270k gas on Ethereum

• Requires a trusted setup

• Setup details:

  • Aztec ceremony

  • Additional entropy contributions from the Succinct team

4. PLONK Proof

• ~868 bytes

• ~300k gas on Ethereum

• Universal trusted setup

Proof Aggregation & Recursion

• SP1 natively supports recursive STARKs

• Multiple proofs can be aggregated into a single proof

• Aggregation occurs inside the zkVM itself

• Aggregated proofs can then be wrapped into:

  • Groth16

  • PLONK

Local & Remote Proving

Local Proving

• Fully supported(STARK, Groth16, and Plonk proofs)

• Requires Docker env to generate Groth16 and Plonk proofs

• Hardware requirements:
  

  

  image1818×550 45.8 KB

• In practice, 32GB RAM recommended for Groth16 and Plonk proofs

• Requires downloading Groth16 (2.82 GiB) and Plonk (1.09 GiB) circuit artifacts.

Remote Proving

SP1 supports a prover network that enables:

• Fast proving with a GPU cluster
• Decentralized proof generation

Precompiles

SP1 includes a set of precompiles to accelerate common cryptographic operations inside the zkVM.
It also supports extending precompiles by external contributors, but current documentation is limited—only a few examples exist, and the full developer guide will be coming as claimed.

Benchmark(TBD)
I’m benchmarking large circuits and cryptographic primitives; results coming soon.

Let me know if I missed any key features

Other zkVM exploration is underway—including Nexus, OpenVM, and others. Please suggest additional promising zkVMs so I can adjust priorities accordingly.