Verifier Contracts
To utilize the results generated by a zkVM program in your on-chain application, it's essential to verify the receipt on-chain.
You can verify a RISC Zero Groth16Receipt using a verify()
call to an IRiscZeroVerifier contract.
Using a Verifier
Use verifier contract in your application by calling the verify
method with the expected journal and other fields of the receipt.
Below is an example from the EvenNumber.sol contract in the Foundry Template:
contract EvenNumber {
// ...
/// @notice Set the even number stored on the contract. Requires a RISC Zero proof that the number is even.
function set(uint256 x, bytes calldata seal) public {
// Construct the expected journal data. Verify will fail if journal does not match.
bytes memory journal = abi.encode(x);
// The verify call will revert if the given seal is not a verifying zero-knowledge proof.
verifier.verify(seal, IS_EVEN_ID, sha256(journal));
number = x;
}
// ...
}
In this example, the IS_EVEN
zkVM program verifies that the number, x
, is even.
By verifying a receipt with the image ID of that program, it is guaranteed that the stored number will always be even.
RISC Zero's zkVM and the IS_EVEN
program guarantee that it's computationally impossible to produce a verifying receipt for an odd number.
Verifier Implementations
All of our deployed verifier contracts implement the IRiscZeroVerifier interface.
We deploy a base verifier implementation, the emergency stop wrapper, and the router as part of our version management design. It is recommended that most applications use RiscZeroVerifierRouter. In some cases, your application may wish to make calls directly to either the emergency stop wrapper, or the base implementation.
It is recommended that you use the RiscZeroVerifierRouter
Verifier Router
Calls to RiscZeroVerifierRouter.verify()
will be routed to the appropriate base verifier contract depending on which version of the zkVM was used to generate the receipt.
By using the RiscZeroVerifierRouter
, your contract can accept multiple types of receipts, including batch-verified receipts and receipts generated with future improvements to the zkVM and proofs system.
RISC Zero deploys and manages the RiscZeroVerifierRouter
contract listed below.
This contract will have verifiers added for each release of the zkVM, and will have verifiers removed in the case of security vulnerabilities.
You can find detailed information in the version management design, including information about how to manage your own copy of the smart contracts, if your application requires it.
Contract Addresses
NOTE: The tables below are generated from the
deployment.toml
file in the risc0-ethereum repository.