The goal of this project is to produce a generalized ZK based Merkle-Patricia tree inclusion proofs (MPTIP) system and all the supporting infrastructure. The workings of this system will be showcased through a verification PoC, proving state with Arbitrum, Optimism, or Ethereum as the source or destination network.
In order for the ZK MPTIPs to work a halo2 based circuit will be created. The circuit will have a single public input publicInputsHash
. In reality this will be a hash of the actual public inputs of the MPT, but will be condensed to a single hash for optimization purposes.
The public input constituents that are concatenated and hashed together to form the single publicInputsHash
are:
blockhash
- The blockhash of a block of the chain we are proving againsttarget
- The account whose slot we will be proving the value ofslot
- The slot inside the storage of this account to prove the value ofvalue
- The supposed value of the slot.Note: The verifier (think smart contract) will get these and hash them together to form the publicInputsHash
and provide it as input to the verification.
The private inputs of the circuit will include the above 4 constituents in their raw form. In addition the following inputs will be passed:
rlpHead
- All the blockhash
constituents up to the stateRoot in their RLP encoded form. It should also include the prefix indicating that the complete concatenated RLP encoded block header size when rlpHead
, stateRoot
and rlpTail
are concatenated.stateRoot
- state tree root of the chain in this block. Should be 32 bytes.rlpTail
- All the blockhash
constituents after the stateRoot in their RLP encoded form.storageRoot
- The storage tree root for this account.accountProofBranch
- Array of nodes of the MPT proving the target
account exists in this state tree and its storage tree root is storageRoot
.storageProofBranch
- Array of nodes of the MPT proving that at slot slot
in the MPT with root storageRoot
the value is value
.