Assessing RISC Zero using ZKit: An Extensible Testing and Benchmarking Suite for ZKP Frameworks

Zero-Knowledge Proofs (ZKPs) are cryptographic protocols designed to verify a statement without disclosing any information beyond its boolean verification outcome. A prevalent use case for such protocols resides in the realm of digital cash, where payers whish to prove the validity of a token without disclosing any specification about the token in particular to uphold privacy. Numerous ZKP software libraries or frameworks have emerged to enhance accessibility for developers and encouraging the widespread adoption of this technology in practical applications.

The thesis introduces the readership to ZKPs, elucidating their fundamental attributes and delving into two key implementation families — namely, Succinct Non-Interactive Argument of Knowledge (SNARK) and Scalable Transparent Argument of Knowledge (STARK) systems. Our emphasis is on the latter, given its perceived post-quantum security. Furthermore, we provide an overview of promising STARK-based ZKP frameworks and discuss their distinguishing features.

One of such frameworks is RISC Zero, which facilitates verifiable general-purpose computations in zero-knowledge through its virtual machine. Essentially, it proves statements indirectly by proving the integrity of all chronologically recorded register states throughout a computational process. We elucidate its internal mechanisms and assess its efficiency by examining two different disciplines. The first involves proving a preimage to a hash value. The second entails proving the membership of a data leaf within a Merkle tree, also known as inclusion proofs (IP).

To streamline systematic analysis, we present the concept of ZKit, an extensible test and benchmark suite designed to accommodate diverse ZKP frameworks. ZKit enables the orchestration of activities through a command line interface and incorporates a suggested information exchange format for IPs. Additionally, it demonstrates the process of porting ZKP functionality defined in the Rust programming language to Go.

We utilize ZKit to benchmark RISC Zero across various settings and workloads. Our results reveal that generating a single STARK proof for a batch of IPs can be up to 3.9 times more efficient than proving each IP individually. Verifying such batch proofs can even offer a performance improvement of up to 14 times. The thesis concludes by discussing key insights gained during the research process and summarizes the implications of the findings.