Transaction Proof
Brevis transaction proof attestation via zk-SNARKs enables efficient verification of any transactions (included in the synced blocks) that happened on a connected remote chain.
Similar to the storage slot value proof described in the previous section, transaction proof is also using the synced block header information stored on the destination chain as the ground truth. With this, one can prove the source chain's transaction information by proving the following parts:
- 1.validity of a block transaction root that matches the synced block header info;
- 2.validity of the transaction leaf hash that matches the transaction root.
This circuit is composed of two parts, including MPT calculation and block header calculation.
Public Inputs (can be used by on-chain app contracts):
LeafHash
Leaf node (transaction leaf node) key of the transactions MPT.BlockHash
Hash of the block which include this transaction.BlockNumber
Number of the block which include this transaction.BlockTime
Time of the block which include this transaction.
Private Inputs:
Key
The key nibble of the transaction in MPT.KeyLength
The length of the key above.RootHash
Transaction MPT root hash.KeyFragmentStarts
The index for each node in key nibbles.NodeRlp
Node value for each node in the merkle branch.NodeRlpRoundIndexes
NodeRlp keecak round number.NodePathPrefixLength
Length for check node type in merkle branch.NodeTypes
MPT node type.Depth
MPT depth.BlockHashRlp
Block RLP.BlockFieldsNum
Block fields count.BlockRoundIndex
Block hash keccak count from block rlp.
For example, if the transaction is the 133th transaction in this block, also means the transaction index is 133. The nibble key is 0x8185 (
33 --> 0x85 -- rlp --> 0x8185
). You can find more detail from Merkle Patricia Trie doc.The transaction root hash is one field of the block header RLP, which is used to calculate the block hash. The circuit first proves that the transaction root hash is included in the decoded block RLP, and then it computes the keccak hash of the block RLP to match the provided public input.
To prove the validity of the public input transaction leaf hash, the circuit uses the Merkel branch that includes the transaction leaf to compute the MPT root hash and verify that it matches the validated transaction root hash. Note that the circuit only validates the transaction leaf hash, leaving the validation of transaction RLP fields to the on-chain verifier contract.
The circuit verifier contract is generated by gnark verifier. The main process of this contract is to check the correctness of the proof by calculating the pairing on BN254 using Groth16.
The ZK proof and metadata generated by the Brevis proofing system can be submitted to the TxVerifier contract through the
verifyTx
function to get the ZK-attested slot value. Please refer to this section for smart contract usage.
Last modified 4mo ago