Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Proof Composition

Ziren zkVM introduces an innovative proof composition system that empowers developers to nest and aggregate cryptographic proofs within zkVM programs. This flexible architecture enables recursive verification, multi-proof aggregation, and modular program upgrades, all while ensuring seamless compatibility with Ziren’s verification framework.

Key Use Cases

  • Privacy-Preserving Computation

    Securely process distributed or confidential data by splitting computations into sub-proofs, each protecting its own data fragment, and then aggregating them into a unified, privacy-preserving proof.

  • Cryptographic Proof Nesting

    Enable recursive verification of encrypted values—such as zero-knowledge proofs, digital signatures, or homomorphic encryption—without revealing underlying data, thus strengthening both privacy and security.

  • Proof Aggregation & Cross-Chain Verification

    Combine independent proofs from multiple sources or blockchains (e.g., Ethereum, other rollups) into a single aggregate proof, facilitating trusted cross-chain data flows and unified validation.

  • Rollup Optimization

    Batch and compress large numbers of transaction proofs or state changes into a single, compact proof to improve scalability, reduce verification cost, and maximize on-chain throughput.

  • Modular Program Architecture & Maintainability

    Break complex applications into independently verifiable modules, allowing developers to update or upgrade specific components without re-running the entire workflow, increasing maintainability and development agility.

  • Pipeline Proof and Concurrent Verification

    Divide lengthy computations into parallel, independently verifiable sub-proofs, streamlining the overall proof generation and validation process for greater efficiency.

Core Components

Ziren packages each proof into an object called a receipt. The proof composition system is built around the idea of recursively verifying receipts inside other zkVM programs. The main components are:

  • Assumption

    A formal assertion that declares what needs to be proven, serving as a dependency within the proof composition pipeline.

  • Receipt Claim

    A structured statement identifying a specific receipt, which includes metadata such as the program image ID and a SHA-256 commitment to the public input/output, ensuring unique and tamper-evident referencing.

  • Inner Receipt

    The fundamental container of a base proof, holding the STARK proof, public values, and the corresponding claim.

  • Assumption Receipt

    A conditional receipt that is valid only if its dependencies (assumptions) are fulfilled by other receipts.

  • Composite Receipt

    A recursively constructed bundle that aggregates multiple layers of verification, supporting nested proofs and multi-stage validation.

  • Final Receipt

    The ultimate artifact that confirms all assumptions have been resolved and all required proofs successfully verified.

Implementation Workflow

Proof Generation

  • Base Proof Generation

    Generate a STARK proof for a given (possibly nested) guest program, resulting in an initial inner receipt.

  • Recursive Composition

    Use the base and composite receipts as building blocks, recursively aggregate them using Ziren’s aggregation engine, and form higher-level proofs as needed.

  • Final Receipt Assembly

    Collect and combine all required receipts (base, assumption, composite) into a final, comprehensive receipt representing the complete proof.

Verification

  • Composite Receipt Verification

    Validate the STARK constraints for the main (composite) proof to ensure correctness of the aggregated verification.

  • Inner Receipt Validation

    Recursively verify all dependent proofs (assumptions) included within the composition.

  • Receipt Claim Consistency

    Check that SHA-256 commitments match across all receipt claims to ensure input/output consistency and cross-proof integrity.