Description: RISC Zero zkVM is a general-purpose zero-knowledge virtual machine leveraging STARKs and a RISC-V architecture to prove the correct execution of arbitrary computations**.**
Technical Details:
- Proof System: STARK-based, leveraging FRI protocol.
- Finite Field: Operates primarily in fields such as Goldilocks (2^64 - 2^32 + 1) and Baby Bear, optimized for STARK arithmetic.
- Security Level: Approximately 98 bits of conjectured security.
- Proof Size: ~217.4 KB before wrapping; wrapping via Groth16 reduces proofs to 128 bytes.
Use in Nomos:
Risc0 is the designated proving system for native zones in Nomos. Native zones require general-purpose computation that can’t be easily expressed in arithmetic circuits alone.
Risc0’s flexibility and integration with widely used programming languages ensure accessibility for developers, preventing a bottleneck in adoption due to overly complex or niche tooling.
Rationale for Use:
- Flexibility and compatibility due to RISC-V architecture and LLVM integration.
- Efficient proof wrapping, allowing manageable proof sizes and easy verification on-chain.
- Mature SDK and tooling, simplifying zk application development.
Security Considerations:
- Relies on the cryptographic strength of the STARK protocol and FRI polynomial commitment schemes.
- Security relies on algebraic and polynomial IOP assumptions, well-reviewed in cryptographic literature.
References