Verifier Contract
To utilize the results generated by a zkVM program in your application, it’s essential to verify the receipt. You can verify receipts with a call to a RISC Zero verifier contract.
- Every verifier contract implements the
IRiscZeroVerifierinterface, which defines the necessary data structures for the receipt and includes averifymethod. - This interface is implemented by the
RiscZeroGroth16Verifiercontract, a stateless and immutable verifier designed for RISC Zero Groth16 SNARK proofs.
Using the zkVM, any computation performed off-chain can be proven on-chain using a single verifier contract. This simplifies system architecture and eliminates the need for multiple contracts for different circuits. Even in the case of a system that needs to use custom circuits, it's possible to prove the resulting custom receipts within a zkVM program through proof composition and submit the resulting proof to the verifier contract.
Using the Verifier Contract
Use verifier contract in your application by calling the verify method with the expected journal and other fields of the receipt.
Below is an example from the EvenNumber.sol contract in the Foundry Template:
contract EvenNumber {
// ...
/// @notice Set the even number stored on the contract. Requires a RISC Zero proof that the number is even.
function set(uint256 x, bytes32 postStateDigest, bytes calldata seal) public {
// Construct the expected journal data. Verify will fail if journal does not match.
bytes memory journal = abi.encode(x);
require(verifier.verify(seal, IS_EVEN_ID, postStateDigest, sha256(journal)));
number = x;
}
// ...
}
In this example, the IS_EVEN zkVM program verifies that the number, x, is even.
By verifying a receipt with the image ID of that program in a require statement, it is guaranteed that the stored number will always be even.
RISC Zero's zkVM and the IS_EVEN program guarantee that it's computationally impossible to produce a verifying receipt for an odd number.
Versioning
The RiscZeroGroth16Verifier contract is stateless and immutable.
When new versions of the RISC Zero proof system are released, a new verifier contract will be deployed.
When using this contract directly you can be sure that the verifier will never change, as it cannot be upgraded or otherwise mutated. However, when new versions of the zkVM add features you'd like to use in your application, you will need to change the verifier contract address in your application as part of your upgrade process. This includes updates that include security fixes.
We are working on process to provide opt-in upgradeability for the verifier contract, and we will have more information here in the future.
Addresses
RISC Zero provides an already deployed verifier contract in the Sepolia network for your convenience. You can choose to use this contract or deploy your own.
| Contract | Network | Address |
|---|---|---|
| RiscZeroGroth16Verifier.sol | Sepolia | 0x83C2e9CD64B2A16D3908E94C7654f3864212E2F8 |