Transaction Proof

Brevis transaction proof attestation via zk-SNARKs enables efficient verification of any transactions (included in the synced blocks) that happened on a connected remote chain.
Similar to the storage slot value proof described in the previous section, transaction proof is also using the synced block header information stored on the destination chain as the ground truth. With this, one can prove the source chain's transaction information by proving the following parts:
  1. 1.
    validity of a block transaction root that matches the synced block header info;
  2. 2.
    validity of the transaction leaf hash that matches the transaction root.


This circuit is composed of two parts, including MPT calculation and block header calculation.
Public Inputs (can be used by on-chain app contracts):
  • LeafHash Leaf node (transaction leaf node) key of the transactions MPT.
  • BlockHash Hash of the block which include this transaction.
  • BlockNumber Number of the block which include this transaction.
  • BlockTime Time of the block which include this transaction.
Private Inputs:
  • Key The key nibble of the transaction in MPT.
  • KeyLength The length of the key above.
  • RootHash Transaction MPT root hash.
  • KeyFragmentStarts The index for each node in key nibbles.
  • NodeRlp Node value for each node in the merkle branch.
  • NodeRlpRoundIndexes NodeRlp keecak round number.
  • NodePathPrefixLength Length for check node type in merkle branch.
  • NodeTypes MPT node type.
  • Depth MPT depth.
  • BlockHashRlp Block RLP.
  • BlockFieldsNum Block fields count.
  • BlockRoundIndex Block hash keccak count from block rlp.
For example, if the transaction is the 133th transaction in this block, also means the transaction index is 133. The nibble key is 0x8185 (33 --> 0x85 -- rlp --> 0x8185). You can find more detail from Merkle Patricia Trie doc.

Validate transaction root

The transaction root hash is one field of the block header RLP, which is used to calculate the block hash. The circuit first proves that the transaction root hash is included in the decoded block RLP, and then it computes the keccak hash of the block RLP to match the provided public input.

Validate transaction leaf

To prove the validity of the public input transaction leaf hash, the circuit uses the Merkel branch that includes the transaction leaf to compute the MPT root hash and verify that it matches the validated transaction root hash. Note that the circuit only validates the transaction leaf hash, leaving the validation of transaction RLP fields to the on-chain verifier contract.


Transaction Proof Verifier

The circuit verifier contract is generated by gnark verifier. The main process of this contract is to check the correctness of the proof by calculating the pairing on BN254 using Groth16.

Transaction app verifier

The ZK proof and metadata generated by the Brevis proofing system can be submitted to the TxVerifier contract through the verifyTx function to get the ZK-attested slot value. Please refer to this section for smart contract usage.