zkVM

ZK tech name(s)

Plonky3

Plonky3 + more

Plonky3

Arkworks + Binius

Stwo

Arithmetization

AIR

AIR

AIR

AIR

R1CS

AIR

AIR

Proofs

STARK

STARK

STARK / CircleStark

STARK

Sumcheck

CircleSTARK

STARK

Commitments

FRI

FRI

FRI

FRI

Zeromorph

FRI

Prime Field

Baby-Bear

Baby-Bear

BabyBear / Mersenne31

Mersenne31

Mersenne31

Mersenne31

Memory Argument

Multi-set Hashing

Twist and Shout

Based on Two Shuffled Make a RAM

Instruction Set

RISC-V

RISC-V

RISC-V

Lita ISA

Risc-V

Risc-V

RISCV-32 I+M

Other thoughts

Extremely popular

• Easy to get started

• Good docs & examples

• product focused

• developer friendly

One of the first general-purpose zkVMs

• robust codebase

• zirgen language

• organized/ well-documented

• devs with long-term vision

Focused on modularity

• supports multiple proving backends

• enshrined app level co-processors

• focused on dev ex

The truly fastest

• custom instruction set architecture (ISA)

• modified from RISC-V to be more zk-friendly

• custom compiler (30x faster)

Unique cryptography choices

• Sumcheck 👀

• Just One Lookup Table (JOLT)

• smallest + simplest codebase

• most likely to get fully formally verified (sumcheck easier to verifier than, say, FRI)

Goal of processing 1 trillion Hz/s

• Switched from folding schemes and elliptic curve groups (Nova/Hypernova/Jolt & Ristretto 255 for Nexus zkVM2.0) to Stwo

• uses "Harvard architecture in which the program being executed resides in a read-only memory space separate from the data."

Make devs happy

• separated proof system from the execution layer

• Full EVM equivalent

• should come out summer 2025

• fast and cheap tx for users

• 4th full re-write of zk proof sytem