Skip to main content
Version: Next

Verifier Contracts

To utilize the results generated by a zkVM program in your on-chain application, it's essential to verify the receipt on-chain.

You can verify a RISC Zero Groth16Receipt using a verify() call to an IRiscZeroVerifier contract.

Using a Verifier

Use verifier contract in your application by calling the verify method with the expected journal and other fields of the receipt.

Below is an example from the EvenNumber.sol contract in the Foundry Template:

contract EvenNumber {
    // ...

    /// @notice Set the even number stored on the contract. Requires a RISC Zero proof that the number is even.
    function set(uint256 x, bytes calldata seal) public {
        // Construct the expected journal data. Verify will fail if journal does not match.
        bytes memory journal = abi.encode(x);
        // The verify call will revert if the given seal is not a verifying zero-knowledge proof.
        verifier.verify(seal, IS_EVEN_ID, sha256(journal));
        number = x;
    }

    // ...
}

In this example, the IS_EVEN zkVM program verifies that the number, x, is even. By verifying a receipt with the image ID of that program, it is guaranteed that the stored number will always be even. RISC Zero's zkVM and the IS_EVEN program guarantee that it's computationally impossible to produce a verifying receipt for an odd number.

Verifier Implementations

All of our deployed verifier contracts implement the IRiscZeroVerifier interface.

We deploy a base verifier implementation, the emergency stop wrapper, and the router as part of our version management design. It is recommended that most applications use RiscZeroVerifierRouter. In some cases, your application may wish to make calls directly to either the emergency stop wrapper, or the base implementation.

tip

It is recommended that you use the RiscZeroVerifierRouter

Verifier Router

Calls to RiscZeroVerifierRouter.verify() will be routed to the appropriate base verifier contract depending on which version of the zkVM was used to generate the receipt. By using the RiscZeroVerifierRouter, your contract can accept multiple types of receipts, including batch-verified receipts and receipts generated with future improvements to the zkVM and proofs system.

RISC Zero deploys and manages the RiscZeroVerifierRouter contract listed below. This contract will have verifiers added for each release of the zkVM, and will have verifiers removed in the case of security vulnerabilities. You can find detailed information in the version management design, including information about how to manage your own copy of the smart contracts, if your application requires it.

Contract Addresses

info

Contracts are not deployed for unreleased versions. You can use the deployed contracts for a released version.