Comment on page
The Trusted Aggregator should eventually aggregate the sequences of batches previously committed by the Trusted Sequencer in order to achieve the L2 State final stage, which is the Consolidated State.
Aggregating a sequence means successfully adding the resulting L2 State root to the
batchNumToStateRootmapping in the L1 'ZK Chain.sol' contract. This is a storage structure that contains all of the consolidated L2 State roots, which are keyed by the last batch index of each aggregated sequence of batches.
// BatchNum --> state root
mapping (uint64 => bytes32) public batchNumToStateRoot;
Furthermore, the aggregation implies the successful verification of the Zero-Knowledge proof of the computational integrity of the transaction batches execution.
A SNARK (Succinct Non-interactive Arguments of Knowledge) is the underlying Zero-Knowledge proof verification schema. One of its key characteristics is the proof's conciseness and speed of verification.
As a result, the integrity of an exhaustive computation can be verified using a fraction of the computational resources required by the original computation. As a result, by employing a SNARK schema, we can provide on-chain security to exhaustive off-chain computations in a gas-efficient manner.
rollupVerifieris an external contract that has a function
verifyProofthat takes a proof (
proofC) and a value
inputSnarkand returns a Boolean value that will be
trueif the proof is valid and
falseif it isn’t.
The successful verification of the proof just confirms the integrity of the computation, but not that the correct inputs were used and that they resulted in the correct output values. Public arguments are used to publicly disclose key points of the computation being proved, in order to prove that it was performed using the correct inputs and reveal the outputs.
This way, during the proof verification, the L1 smart contract will set the public arguments to ensure that the state transition being proved corresponds to the execution of the batches committed by the Trusted Sequencer.
inputSnark is a 256 bits unique cryptographic representative of a specific L2 State transition, which is used as public argument. It is computed as
sha256 mod % _RFIELDhash of a bytes string called
snarkHashBytes(modulo operator is needed due to math primitives used in SNARKs).
snarkHashBytesarray is computed by a smart contract’s function called
getInputSnarkBytesand it is an ABI-encoded packed string of the following values:
- msg.sender: Address of Trusted Aggregator.
- oldStateRoot: L2 State Root that represents the L2 State before the state transition that wants to be proven.
- oldAccInputHash: Accumulated hash of the last batch aggregated.
- initNumBatch: Index of the last batch aggregated.
- chainID: Unique chain identifier.
- newStateRoot: L2 State Root that represents the L2 State after the state transition that is being proved.
- newAccInputHash: Accumulated hash of the last batch in the sequence that is being aggregated.
- newLocalExitRoot: Root of the Bridge’s L2 Exit Merkle Tree at the end of sequence execution.
- finalNewBatch: Number of the final batch in the execution range.
inputSnark will represent all the L2 transactions of a specific L2 State transition, executed in a specific order, in a specific L2 (chain id), and proved by a specific Trusted Aggregator (
trustedVerifyBatchesfunction not only verifies the validity of the Zero-Knowledge proof, but it also checks that the value of InputSnark corresponds to an L2 State transition that is pending to be aggregated.
If the internal call to
true, it will mean that the sequence of batches is verified successfully, and then the
newStateRootargument will be added to the
batchNumToStateRootmapping. The index of the last batch in the sequence will be used as the key for the entry.
TrustedVerifyBatchesevent will be emitted.
event TrustedVerifyBatches (
uint64 indexed numBatch,
address indexed aggregator
Once the batches have been successfully aggregated in L1, all ZK Chain nodes can validate their local L2 state by retrieving and validating consolidated roots directly from the L1 Consensus Contract (ZK Chain.sol). As a result, the L2 consolidated State has been reached.