You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are compiling a comprehensive list of existing Zero-Knowledge Virtual Machines (zkVMs). To ensure that we don't have multiple people working on the same zkVM, please assign yourself to the corresponding entry before you start filling in the information.
How to Contribute
Assign Yourself: Click on the gear icon next to the zkVM you want to provide information about and assign yourself.
Fill in the Template: Copy the template provided below and fill in the details for the zkVM you chose.
Submit Your Information: Edit the issue to add your filled-in template under the respective zkVM.
Assignment Comments
Please leave a comment in the following format to assign yourself to a zkVM: @Yourusername - I will work on zkVM Example 1
If there are missing ZkVms, please contact me so I can add them (Do not add new ones to avoid confusion)
Template
[zkVM Name]
ZkVM: [Yes/No]
Zero Knowledge: [Yes/No]
Description: A brief description of the zkVM (A paragraph or two at most)
Repository: [Link to the GitHub repository or other source]
Documentation: [Link to documentation and/or paper or Website (specific to the Zkvm)]
Status: [Active/Inactive]
Type of Proof Systems Used: [zk-SNARKs, zk-STARKs, etc.]
Main Focus: [Scalability, privacy, interoperability, etc.]
Privacy Guarantees Achieved: [What information is hidden or revealed during transactions, resistance to privacy attacks]
Potential Privacy Enhancements: [Additional privacy features that could be added]
Cryptographic Primitives and Security Assumptions: [List of cryptographic primitives used and their security assumptions]
Performance and Scalability: [Overhead, transaction throughput, benchmarks, etc.]
Integration with Existing Systems: [How well it integrates with existing systems]
Development Tools and Documentation: [Availability of dev tools and quality of documentation]
Additional Information: [Any other relevant information]
Compiled Information for each ZkVM in the above list
[SP1]
ZkVM: Yes
Zero Knowledge: No
Description: SP1 is a contributor-friendly zkVM. Any execution that is written with LLVM based language such as C, C++, D, Rust, Nim, and Kotlin can be proved by using SP1.
Type of Proof Systems Used: zk-STARKs. FRI(Quantum safe hash based) from Plonky3, Valida, RISC0.
Main Focus: Scalability, dev-friendly, and fully open source.
Privacy Guarantees Achieved: Not mentioned
Potential Privacy Enhancements: Not mentioned
Cryptographic Primitives and Security Assumptions: Quantum safe hash based
Performance and Scalability: 5.4x faster than Risc 0 for Fibonacci computation. See for the other comparison at the Appendix part of https://blog.succinct.xyz/introducing-sp1/.
Description: The Nexus zkVM is a modular, extensible, open-source, and highly-parallelized zkVM, designed to run at a trillion CPU cycles proved per second given enough machine power.
Description: Risc0 is a zkVM is designed to be developer friendly. Specifically, instead of having developers write circuits, Risc0 works with regular C and Rust source code. Risc0 produces a proof with a 3 stage method that concludes with a Groth16 wrapper to produce a constant size proof.
Description: Powdr is a toolkit that helps build zkVMs and similar proof frameworks. Anyone can build a zkVM by choosing one of the front-end such as RISC-V and the back-end such as Halo2 and convert any rust code to a verifiable execution.
Additional Information: The github readme points out that the compiler currently generates unnecessary columns. This causes efficiency issues, but they are working on an optimizer to fix this.
[ZkMips]
ZkVM: Yes
Zero Knowledge: Yes
Description: General purpose zkVM in MIPS architecture.
Type of Proof Systems Used: zk-STARK in particular Starky and Plonky2 based.
Main Focus: Scalability, privacy, and interoperability
Privacy Guarantees Achieved: Private inputs(witnesses) are allowed.
Potential Privacy Enhancements: Not mentioned.
Cryptographic Primitives and Security Assumptions: Quantum safe hash-based architecture
Performance and Scalability: Not mentioned
Integration with Existing Systems: It can be integrated into private connections to IoT networks, decentralized cloud computing, Ethereum L2 roll up, and ZKML.
Description: Valida is a VM that focuses on the Prover's performance. Currently, Valida VM uses a special instruction set that is RISC-inspired. The goal is to construct a zkVM that can prove programs that are written in a variety of languages, such as Rust, Go, and C++, with minimal changes to the original source code.
Additional Information: Valida's roadmap includes fast recursion, parallelizable proving of individual program execution. Valida uses FRI, but may switch to Brakedown for speedup. Plans to use Groth16 wrapper
[Jolt]
ZkVM: Yes
Zero Knowledge:No
Description: Jolt is a zkVM framework built around the Lasso lookup argument.
Jolt powers succinct proofs of execution of programs written in any high-level language. Jolt's sumcheck-based SNARK makes extensive use of multivariate polynomials and commitment schemes. Jolt zkVMs have state-of-the-art prover performance and have substantial room for growth over the coming decades.
Description: zkWASM is a portable virtual machine that allows developers to create privacy-preserving applications using any language that compiles to WebAssembly (WASM), without needing specialized knowledge of zero-knowledge proof (ZKP) technology. These applications run seamlessly in web browsers without requiring any special hardware or software. Using Zero-Knowledge Proofs, zkWASM accelerates transaction times by combining off-chain computations with on-chain verifications, making the blockchain more efficient. This ensures that all transactions remain secure and private, enhancing the overall security of the blockchain. The core concept is: On-Chain Contracts + Off-Chain VM + WASM Integration.
Type of Proof Systems Used: zk-SNARKs or better Halo2's zero-knowledge proof system generating execution proofs in a ZKSNARK way.
Main Focus: Scalability and Privacy
Privacy Guarantees Achieved: Mpc-solution for hiding the witness, confidential transactions, private smart contracts, and secure data sharing.
Potential Privacy Enhancements: Not mentioned
Cryptographic Primitives and Security Assumptions: ZAWA uses KZG and plookup (for lookup tables); DelphinusLab's zkwasm appears to use zcash's Halo2 (IPA instead of KZG).
Performance and Scalability: All the benchmark test suites are run on a machine with AMD Ryzen 7 5800X3D 8-Core Processor, one GeForce RTX 3090 graphic card and 32G * 4 DDR4 2133 ram https://jhc.sjtu.edu.cn/~hongfeifu/manuscriptb.pdf
Description: Ola is a zk-friendly hybrid zk-rollup that is currently in development. Mainnet is expected to be launched in 2024. OlaVM is designed to execute any computation while generating a valid proof for the execution.
Description: A brief description of the zkVM: It is a proof of concept of the verifiable operating system in RISC-V architecture. In the end, it will be an operation system in which all untrusted executions are run in a verifiable way. It helps to create a world computer.
Cryptographic Primitives and Security Assumptions: Not mentioned
Performance and Scalability: Not mentioned
Integration with Existing Systems: Not mentioned
Development Tools and Documentation: Not mentioned
Additional Information: None
[Triton]
ZkVM: Yes
Zero Knowledge: Yes but more Succint verification
Description: Triton is a Turing-complete virtual machine engineered for rapid recursive zk-STARK verification. Triton VM is versatile and can be utilized for various applications. Its swift, recursive verification of computational integrity transforms the way computation is approached in networked environments.
Cryptographic Primitives and Security Assumptions: Not mentioned
Performance and Scalability: None
Integration with Existing Systems: Proves correct execution of programs written in Triton assembly! Built for Neptune blockchain, but can be used as a standalone.
Description: The Cairo VM employs a single-write-only memory model, ensuring each memory slot is written to only once. The Cairo compiler abstracts this, allowing mutable variables in code. This model enhances predictability and verifiability, providing an immutable computation record essential for generating STARK proofs. Cairo lacks inheritance and polymorphism. Contracts extend functionality by importing specific functions and storage variables, requiring a different approach from traditional object-oriented programming.
Integration with Existing Systems: Compile Cairo programs into Sierra and CASM.
Development Tools and Documentation: Implementation is very well documented.
Additional Information: It simplifies contract writing and reduces the chance for bugs
[SnarkOS]
ZkVM: No
Zero Knowledge: Yes
Description: snarkOS is a decentralized OS that behaves as the base layer for Aleo's network. Specifically, snarkOS is used for transactions and consensus. Additionally, allows users to write dApps in Javascript and Typescript.
Privacy Guarantees Achieved: There is no public ledger. So, transactions are kept fully confidential; based on code, there appears to be a viewing key.
Potential Privacy Enhancements: Not mentioned.
Cryptographic Primitives and Security Assumptions: Not mentioned.
Performance and Scalability: Transaction throughput is increased by shifting proving off network, and use of Proof of Mix.
Additional Information: Current implementation has a disclaimer to not use Lurk in production code as it uses Groth16 without a trusted setup.
[Piecrust]
ZkVM: Yes
Zero Knowledge: Could be Zk-friendly, more for succint
Description: Piecrust is a WASM virtual machine designed to run Dusk Network's smart contracts. These smart contracts are represented by their WASM bytecode and utilize linear memory. Piecrust supports concurrent execution, allowing multiple sessions to run simultaneously on the same VM and be distributed across different threads. This ensures that contract calls are executed atomically, meaning they either complete entirely or not at all, providing robust transactional integrity. By integrating with Dusk Network, Piecrust enhances smart contract development with strong privacy-preserving and compliance features. It includes native support for cryptographic primitives, such as zero-knowledge proof verification, and offers an efficient method for creating Merkle Trees within contract storage, making it a powerful tool for secure and private decentralized applications.
Status: Dusk plans to launch its mainnet in the second quarter of 2024
Type of Proof Systems Used: not mentioned, Zk-friendly
Main Focus: Scalability and privacy
Privacy Guarantees Achieved:
- In the [Dusk Network](https://github.com/dusk-network/phoenix/blob/master/docs/protocol.pdf
), Proof of Blind-Bid serves as the foundation for the Segregated Byzantine Agreement (SBA) consensus mechanism, providing a private proof-of-stake system.
- The SBA consensus mechanism is a permissionless, committee-based Proof-of-Stake protocol that offers near-instant transactional finality with a negligible probability of forks.
- [Phoenix]( https://dusk.network/news/phoenix-security-proofs/) is a UTxO-based privacy-preserving transaction model that enables users to confidentially spend non-obfuscated outputs.
- Zedger is a hybrid privacy-preserving transaction model designed to meet regulatory requirements for security tokenization and lifecycle management. It employs a Sparse Merkle-Segment Trie to create private memory for user accounts, allowing account owners to log balance changes per segment while only publicly revealing changes to the Trie root.
Potential Privacy Enhancements: None
Cryptographic Primitives and Security Assumptions: Merkle Trees, Sparse Merkle-Segment Trie.
Performance and Scalability: Still not benchmarked neither launched
Integration with Existing Systems: If released, it can be used to achieve several privacy guarantees regarding transaction models.
Development Tools and Documentation: Still no mainnet.
Description: Ceno Basic and Pro are (currently) theoretical zkVM's that have not been implemented. The design goal for these zkVms is to reduce the proving time by replacing costly FFT of Plonkish proof systems with sumcheck rounds in the GKR protocol. Ceno Pro is recommended for repeated blocks of code.
Cryptographic Primitives and Security Assumptions: lookup tables (or set equality), sumcheck, multilinear extensions, new IOP based on GKR. Security assumption - q-String bilinear Diffie-Hellman and (d,l)-Extended Power Knowledge of Exponent.
Performance and Scalability: None.
Integration with Existing Systems: Not mentioned.
Development Tools and Documentation: Not mentioned.
Additional Information:
[Stellar]
ZkVM: No
Zero Knowledge: No
Description: Confidential TX aimed zkVM. It is a decentralized protocol for digital currency to fiat currency transfers which allows cross-border transactions between any currencies. Its primary focus is on facilitating fast, low-cost international payments and not on providing zero-knowledge proofs or verifiable computation, which are key features of zkVMs.
Main Focus: Confidential and lightweight transactions for Slingshot project that is a kind of a privacy-preseving architecture with a strong focus on scalability and safety.
Privacy Guarantees Achieved: The users can hide atbirary part of smart contracts with cloak(a protocol) instructions by proving the balance check.
Additional Information: This zkVM does not permit loops or unbounded recursion, which greatly simplifies the calculation of the costs of operating the network
[Novanet]
ZkVM: No
Zero Knowledge: No
Description: NovaNet is not a zkL1 or L2 but rather an open peer-to-peer network. It builds from the ideas of non-uniform incremental verifiable computation from the SuperNova proving scheme to allow for a highly portable and customizable zero-knowledge virtual machine and opcode based prover framework.
Description: zkLLVM is a compiler that transforms C++ or Rust code into circuits to be used in zk-SNARK or zk-STARK systems. The goal of zkLLVM is to make zero-knowledge proofs and provable computations accessible for everyone with knowledge of C++ or Rust programming. zkLLVM takes code, breaks it down into circuit components, and transforms it into an arithmetic constraint system that can be used to generate and verify proofs when given public and private inputs.
Description: zkMove is a smart contract runtime environment designed to execute smart contracts written in the Move language. It is zero-knowledge proof friendly, generating zero-knowledge proofs during the execution of Move contracts. This ensures enhanced privacy and security for smart contract operations.
Description: o1vm is a general-purpose zkVM which can be used to prove the correct execution of MIPS programs. It implements of a folding scheme and RAMLookups, i.e. "additive lookups", which to handle long execution traces and to efficiently represent random-memory access.
The text was updated successfully, but these errors were encountered:
moudyellaz
added
the
vm-foundations
Integrate advanced cryptographic primitives to create a highly secure, privacy-preserving computatio
label
May 15, 2024
Introduction
We are compiling a comprehensive list of existing Zero-Knowledge Virtual Machines (zkVMs). To ensure that we don't have multiple people working on the same zkVM, please assign yourself to the corresponding entry before you start filling in the information.
How to Contribute
Assignment Comments
@Yourusername - I will work on zkVM Example 1
Template
[zkVM Name]
List of ZkVMs
1. SP1
2. Nexus
3. Risc0
4. Powdr
5. ZKMips
6. Valida
7. Jolt
8. ZkWasm
9. Aleo
10. Ola
11. Miden
12. ZkOS
13. Triton
14. Cairo
15. SnarkOS
16. Lurk
17. Piecrust
18. Ceno
19. Stellar
20. Novanet
21. ZkLLVM
22. ZkMove
23. o1VM
Compiled Information for each ZkVM in the above list
[SP1]
[Nexus]
The Nexus v1.0 zkVM and Roadmap
[Risc0]
[Powdr]
[ZkMips]
proof guide: https://docs.zkm.io/guides/proof-generation-guide
[Valida]
[Jolt]
Jolt powers succinct proofs of execution of programs written in any high-level language. Jolt's sumcheck-based SNARK makes extensive use of multivariate polynomials and commitment schemes. Jolt zkVMs have state-of-the-art prover performance and have substantial room for growth over the coming decades.
[ZkWasm]
[Aleo]
[Ola]
and Developer documents https://ola-2.gitbook.io/ola-developer-documents/quick_start
[Miden]
[ZkOS]
[Triton]
[Cairo]
[SnarkOS]
[Lurk]
[Piecrust]
ZkVM: Yes
Zero Knowledge: Could be Zk-friendly, more for succint
Description: Piecrust is a WASM virtual machine designed to run Dusk Network's smart contracts. These smart contracts are represented by their WASM bytecode and utilize linear memory. Piecrust supports concurrent execution, allowing multiple sessions to run simultaneously on the same VM and be distributed across different threads. This ensures that contract calls are executed atomically, meaning they either complete entirely or not at all, providing robust transactional integrity. By integrating with Dusk Network, Piecrust enhances smart contract development with strong privacy-preserving and compliance features. It includes native support for cryptographic primitives, such as zero-knowledge proof verification, and offers an efficient method for creating Merkle Trees within contract storage, making it a powerful tool for secure and private decentralized applications.
Repository: https://github.com/dusk-network/piecrust
Documentation: https://docs.rs/piecrust/latest/piecrust/
Status: Dusk plans to launch its mainnet in the second quarter of 2024
Type of Proof Systems Used: not mentioned, Zk-friendly
Main Focus: Scalability and privacy
Privacy Guarantees Achieved:
), Proof of Blind-Bid serves as the foundation for the Segregated Byzantine Agreement (SBA) consensus mechanism, providing a private proof-of-stake system.
[Ceno]
[Stellar]
[Novanet]
[ZkLLVM]
[ZkMove]
[o1VM]
Summary table (To compile by @moudyellaz )
The text was updated successfully, but these errors were encountered: