succinctlabs · yuwen01 · Nov 7, 2024 · Nov 5, 2024 · Nov 6, 2024 · Nov 6, 2024
diff --git a/book/SUMMARY.md b/book/SUMMARY.md
@@ -57,13 +57,14 @@
 
 - [FAQ](./generating-proofs/sp1-sdk-faq.md)
 
-# Onchain Verification
+# Verification
 
-- [Setup](./onchain-verification/getting-started.md)
+- [On-chain Verification](./verification/onchain/getting-started.md)
 
-- [Solidity Verifier](./onchain-verification/solidity-sdk.md)
+  - [Solidity Verifier](./verification/onchain/solidity-sdk.md)
+  - [Contract Addresses](./verification/onchain/contract-addresses.md)
 
-- [Contract Addresses](./onchain-verification/contract-addresses.md)
+- [Off-chain Verification](./verification/off-chain-verification.md)
 
 # Developers
 

diff --git a/book/verification/off-chain-verification.md b/book/verification/off-chain-verification.md
@@ -0,0 +1,49 @@
+# Offchain Verification
+
+## Rust `no_std` Verification
+
+You can verify SP1 Groth16 and Plonk proofs in `no_std` environments with [`sp1-verifier`](https://docs.rs/sp1-verifier/latest/sp1_verifier/).
+
+`sp1-verifier` is also patched to verify Groth16 and Plonk proofs within the SP1 ZKVM, using
+[bn254](https://blog.succinct.xyz/succinctshipsprecompiles/) precompiles. For an example of this, see
+the [Groth16 Example](https://github.com/succinctlabs/sp1/tree/main/examples/groth16/).
+
+### Installation
+
+Import the following dependency in your `Cargo.toml`:
+
+```toml
+sp1-verifier = {version = "3.0.0", default-features = false}
+```
+
+### Usage
+
+`sp1-verifier`'s interface is very similar to the solidity verifier's. It exposes two public functions:
+[`Groth16Verifier::verify_proof`](https://docs.rs/sp1-verifier/latest/src/sp1_verifier/groth16.rs.html)
+and [`PlonkVerifier::verify_proof`](https://docs.rs/sp1-verifier/latest/src/sp1_verifier/plonk.rs.html).
+
+`sp1-verifier` also exposes the Groth16 and Plonk verifying keys as constants, `GROTH16_VK_BYTES` and `PLONK_VK_BYTES`. These
+keys correspond to the current SP1 version's official Groth16 and Plonk verifying keys, which are used for verifying proofs generated
+using docker or the prover network.
+
+First, generate your groth16/plonk proof with the SP1 SDK. See [here](./onchain/getting-started.md#generating-sp1-proofs-for-onchain-verification)
+for more information -- `sp1-verifier` and the solidity verifier expect inputs in the same format.
+
+Next, verify the proof with `sp1-verifier`. The following snippet is from the [Groth16 example program](https://github.com/succinctlabs/sp1/tree/dev/examples/groth16/).
+
+```rust,noplayground
+{{#include ../../examples/groth16/program/src/main.rs}}
+```
+
+Here, the proof, public inputs, and vkey hash are read from stdin. See the following snippet to see how these values are generated.
+
+```rust,noplayground
+{{#include ../../examples/groth16/script/src/main.rs:12:34}}
+```
+
+> Note that the SP1 SDK itself is *not* `no_std` compatible.
+
+## Wasm Verification
+
+The [`example-sp1-wasm-verifier`](https://github.com/succinctlabs/example-sp1-wasm-verifier) demonstrates how to
+verify SP1 proofs in wasm. For a more detailed explanation of the process, please see the [README](https://github.com/succinctlabs/example-sp1-wasm-verifier/blob/main/README.md).
diff --git a/...nchain-verification/contract-addresses.md → ...erification/onchain/contract-addresses.md b/...nchain-verification/contract-addresses.md → ...erification/onchain/contract-addresses.md
diff --git a/book/onchain-verification/getting-started.md → book/verification/onchain/getting-started.md b/book/onchain-verification/getting-started.md → book/verification/onchain/getting-started.md
diff --git a/book/onchain-verification/solidity-sdk.md → book/verification/onchain/solidity-sdk.md b/book/onchain-verification/solidity-sdk.md → book/verification/onchain/solidity-sdk.md
diff --git a/examples/elf/riscv32im-succinct-zkvm-elf b/examples/elf/riscv32im-succinct-zkvm-elf
diff --git a/examples/groth16/script/src/main.rs b/examples/groth16/script/src/main.rs
@@ -9,7 +9,11 @@ const GROTH16_ELF: &[u8] = include_elf!("groth16-verifier-program");
 /// The ELF for the Fibonacci program.
 const FIBONACCI_ELF: &[u8] = include_elf!("fibonacci-program");
 
-fn generate_fibonacci_proof() -> (SP1ProofWithPublicValues, String) {
+/// Generates the proof, public values, and vkey hash for the Fibonacci program in a format that
+/// can be read by `sp1-verifier`.
+///
+/// Returns the proof bytes, public values, and vkey hash.
+fn generate_fibonacci_proof() -> (Vec<u8>, Vec<u8>, String) {
     // Create an input stream and write '20' to it.
     let n = 20u32;
 
@@ -21,23 +25,24 @@ fn generate_fibonacci_proof() -> (SP1ProofWithPublicValues, String) {
     // Create a `ProverClient`.
     let client = ProverClient::new();
 
-    // Generate the proof for the fibonacci program..
+    // Generate the groth16 proof for the Fibonacci program.
     let (pk, vk) = client.setup(FIBONACCI_ELF);
     println!("vk: {:?}", vk.bytes32());
-    (client.prove(&pk, stdin).groth16().run().unwrap(), vk.bytes32())
+    let proof = client.prove(&pk, stdin).groth16().run().unwrap();
+    (proof.bytes(), proof.public_values.to_vec(), vk.bytes32())
 }
 
 fn main() {
     // Setup logging.
     utils::setup_logger();
 
-    // Generate the Fibonacci proof.
-    let (fibonacci_proof, vk) = generate_fibonacci_proof();
+    // Generate the Fibonacci proof, public values, and vkey hash.
+    let (fibonacci_proof, fibonacci_public_values, vk) = generate_fibonacci_proof();
 
     // Write the proof, public values, and vkey hash to the input stream.
     let mut stdin = SP1Stdin::new();
-    stdin.write_vec(fibonacci_proof.bytes());
-    stdin.write_vec(fibonacci_proof.public_values.to_vec());
+    stdin.write_vec(fibonacci_proof);
+    stdin.write_vec(fibonacci_public_values);
     stdin.write(&vk);
 
     // Create a `ProverClient`.