17 releases (8 breaking)

0.11.1 Aug 13, 2022
0.10.0 Jun 24, 2022

#2400 in Cryptography

Download history 5/week @ 2023-10-22 34/week @ 2023-10-29 1/week @ 2023-11-12 2/week @ 2023-11-19 73/week @ 2023-11-26 19/week @ 2023-12-03 20/week @ 2023-12-10 38/week @ 2023-12-24 18/week @ 2023-12-31 17/week @ 2024-01-21 38/week @ 2024-01-28 1/week @ 2024-02-04

56 downloads per month


22K SLoC


The RISC Zero ZKVM's guest-side RISC-V APIs.

Code that is validated by the RISC Zero zkVM is run inside the guest. In the minimal case, an entrypoint (the guest's "main" function) must be provided by calling [entry]. The code executed when the entrypoint function is called is what will be proven by the zkVM and available for verification later. In almost all practical cases, the guest will want to read private input data using env::read and commit public output data using env::commit; additional I/O functionality is also available in [mod@env].

For example[^starter-ex], the following guest code proves a number is composite by multiplying two unsigned integers, and panicking if either is 1 or if the multiplication overflows:

use risc0_zkvm_guest::env;


pub fn main() {
    // Load the first number from the host
    let a: u64 = env::read();
    // Load the second number from the host
    let b: u64 = env::read();
    // Verify that neither of them are 1 (i.e. nontrivial factors)
    if a == 1 || b == 1 {
        panic!("Trivial factors")
    // Compute the product while being careful with integer overflow
    let product = a.checked_mul(b).expect("Integer overflow");

Notice how [entry] is used to indicate the entrypoint, env::read is used to load the two factors, and env::commit is used to make their composite product publically available.

[^starter-ex]: The example is based on the Risc Zero Rust Starter repository.


~96K SLoC