Comment on page

Batch Aggregation

The Trusted Aggregator should eventually aggregate the sequences of batches previously committed by the Trusted Sequencer in order to achieve the L2 State final stage, which is the Consolidated State.
Aggregating a sequence means successfully adding the resulting L2 State root to the batchNumToStateRoot mapping in the L1 'ZK Chain.sol' contract. This is a storage structure that contains all of the consolidated L2 State roots, which are keyed by the last batch index of each aggregated sequence of batches.
// BatchNum --> state root
mapping (uint64 => bytes32) public batchNumToStateRoot;
Furthermore, the aggregation implies the successful verification of the Zero-Knowledge proof of the computational integrity of the transaction batches execution.
A SNARK (Succinct Non-interactive Arguments of Knowledge) is the underlying Zero-Knowledge proof verification schema. One of its key characteristics is the proof's conciseness and speed of verification.
As a result, the integrity of an exhaustive computation can be verified using a fraction of the computational resources required by the original computation. As a result, by employing a SNARK schema, we can provide on-chain security to exhaustive off-chain computations in a gas-efficient manner.


rollupVerifier is an external contract that has a function verifyProof that takes a proof (proofA, proofB, proofC) and a value inputSnark and returns a Boolean value that will be true if the proof is valid and false if it isn’t.
The successful verification of the proof just confirms the integrity of the computation, but not that the correct inputs were used and that they resulted in the correct output values. Public arguments are used to publicly disclose key points of the computation being proved, in order to prove that it was performed using the correct inputs and reveal the outputs.
This way, during the proof verification, the L1 smart contract will set the public arguments to ensure that the state transition being proved corresponds to the execution of the batches committed by the Trusted Sequencer.


inputSnark is a 256 bits unique cryptographic representative of a specific L2 State transition, which is used as public argument. It is computed as sha256 mod % _RFIELD hash of a bytes string called snarkHashBytes (modulo operator is needed due to math primitives used in SNARKs).
snarkHashBytes array is computed by a smart contract’s function called getInputSnarkBytes and it is an ABI-encoded packed string of the following values:
  • msg.sender: Address of Trusted Aggregator.
  • oldStateRoot: L2 State Root that represents the L2 State before the state transition that wants to be proven.
  • oldAccInputHash: Accumulated hash of the last batch aggregated.
  • initNumBatch: Index of the last batch aggregated.
  • chainID: Unique chain identifier.
  • newStateRoot: L2 State Root that represents the L2 State after the state transition that is being proved.
  • newAccInputHash: Accumulated hash of the last batch in the sequence that is being aggregated.
  • newLocalExitRoot: Root of the Bridge’s L2 Exit Merkle Tree at the end of sequence execution.
  • finalNewBatch: Number of the final batch in the execution range.
inputSnark will represent all the L2 transactions of a specific L2 State transition, executed in a specific order, in a specific L2 (chain id), and proved by a specific Trusted Aggregator (msg.sender). The trustedVerifyBatches function not only verifies the validity of the Zero-Knowledge proof, but it also checks that the value of InputSnark corresponds to an L2 State transition that is pending to be aggregated.
If the internal call to _verifyAndRewardBatches returns true, it will mean that the sequence of batches is verified successfully, and then the newStateRoot argument will be added to the batchNumToStateRoot mapping. The index of the last batch in the sequence will be used as the key for the entry.
Finally a TrustedVerifyBatches event will be emitted.
event TrustedVerifyBatches (
  uint64 indexed numBatch,
  bytes32 stateRoot,
  address indexed aggregator
Once the batches have been successfully aggregated in L1, all ZK Chain nodes can validate their local L2 state by retrieving and validating consolidated roots directly from the L1 Consensus Contract (ZK Chain.sol). As a result, the L2 consolidated State has been reached.