Blockchains
BNB Beacon Chain
Couche de gouvernance et de staking de l’écosystème de BNB Chain
Développeurs
Écosystème
Staking
Earn BNB and rewards effortlessly
Tokenization Solutions
Get Your Business Into Web3
Communauté
Background - generic VM v.s. custom circuit
In the last year, Optimism initiated a Foundation Mission Request to develop the Op Stack Zero Knowledge Proof (ZKP) for verifying the correctness of its fault proof program. Once implemented, this ZKP can reduce the challenge period for Optimism from 7 days to 12 hours and avoid complicated interactive challenge procedures.
Optimism accepted and funded three proposals from Risc Zero, O(1) Labs, and the ETH Storage team. Each team proposes a similar approach, where the fault proof program, written in Go or Rust, is compiled into a generic instruction set such as RISCV, WASM, or MIPS.
These compiled instructions are then verified for correctness using zkVMs like zkRISCV, zkWASM, or zkMIPS, which we refer to as the generic VM approach. An alternative approach involves developing a custom circuit for the fault proof program, which we believe offers better performance compared to the generalized VM method.
Recently, Polygon Zero announced the development of a highly performant type1 zkEVM, which aligns with our expectations for creating a custom circuit for opBNB’s fault proof program. Therefore, we have decided to develop a proof of concept (PoC) based on Polygon Zero’s type1 zkEVM codebase to demonstrate the performance advantages compared to the generalized VM approach. The PoC involves the protocol specific to Optimism, and can be used to generate ZKP for Optimism blocks.
The figure below illustrates the simple workflow of the two approaches. It is worth noting that our proposal aims to improve and enhance the robustness of the Optimism multi-proofs system.
Current Fault Proof Overview
Before delving into the ZK fault proof design, Let's quickly review the current optimism fault proof design.
The offchain fault proof program consists of two parts:
The onchain fault dispute game works as following:
The above fault proof design has following disadvantages:
Architecture of ZK Fault Proof
The ZK solution for fault proof is designed to address the aforementioned disadvantages. The following figure illustrates the components and workflow of the ZK fault proof design:
The challenger monitors the L2 output root proposed on-chain by the proposer. Upon finding an invalid output root, the challenger can generate a ZK fault proof for the disputed L1 block and submit it to the zkFaultProofVerifier contract. If the verification passes, the challenger wins.
The ZK fault proof approach has the following advantages:
Our work
To demonstrate the performance advantages of the custom circuit, we quickly developed a PoC based on type1 zkEVM. This PoC only includes the Optimism block execution circuit, which is the most time-consuming of all the circuits mentioned above. The adoption work we have done is as follows:
Performance Testing
We conducted a performance test for the same L2 batch using the opBNB custom circuit and Zeth developed by Risc Zero. The opBNB custom circuit is more efficient than the generic VM approach, generating 10 times fewer ZK cycles and proving 5-6 times faster than zeth. This makes the opBNB approach 5-6 times cheaper.
The tables below show the configuration and performance data for both.
Configurations for opBNB custom circuit and Zeth:
Batch information used in opBNB custom circuit and Zeth
Zeth generic vm approach and opBNB custom circuit performance data:
Based on the performance tables above, we can draw the following conclusions:
Future work
The type1 zkEVM is currently in development, with features like continuations designed to make proof generation more parallel-friendly. Additionally, efforts are underway to enhance the performance of the backend proving system. The opBNB team can contribute to these planned improvements. We believe that the performance of the opBNB custom circuit approach will significantly improve as the performance of the type 1 zkEVM continues to advance.
To achieve a complete ZK fault proof for Optimism or opBNB, we need to implement all the components such as the block derivation circuit, fault proof circuit, and the on-chain zkFaultProofVerifier contract. These will be important tasks for the next phase of our PoC.
Once the development of the opBNB custom circuit design is complete, the opBNB team will contribute this work to the Optimism ecosystem to enhance the security and performance of the multi-proof system.
1 For batch 114223488, the proving time of opBNB is only 2.5 times faster than zeth. This is due to the presence of a complex transaction in this epoch, which involves approximately 2^27 cycles. Because the type1 zkEVM lacks a continuations mechanism, the transaction proof generation process cannot be fully parallelized, resulting in a 47.6-minute proof generation time. In contrast, the total proving time for the other transactions in this epoch is only about 25 minutes; The above analysis also applies to the batch 113963903 and 114511643.