Paper 2022/1633

Linea Prover Documentation

Linea Prover
Abstract

Rollup technology today promises long-term solutions to the scalability of the blockchain. Among a thriving ecosystem, Consensys has launched the Linea zkEVM Rollup network for Ethereum. At a high level, the Ethereum blockchain can be seen as a state machine and its state transition can be arithmetized carefully. Linea's prover protocol uses this arithmetization, along with transactions on layer two in order to compute a cryptographic proof that the state transition is performed correctly. The proof is then sent over to the Ethereum layer, where the smart contract (verifier contract) on Ethereum checks the proof and accepts the state transition if the proof is valid. The interaction between layer two and Ethereum is costly, which imposes substantial limitations on the proof size. Therefore, Linea's prover aims to compress the proof via cryptographic tools such as list polynomial commitments (LPCs), polynomial interactive oracle proofs (PIOPs), and Succinct Non-Interactive Arguments of Knowledge (SNARKs). We introduce Wizard-IOP, a cryptographic tool for handling a wide class of queries (such as range checks, scalar products, permutations checks, etc.) needed to ensure the correctness of the executions of the state machines efficiently and conveniently. Another cryptographic tool is the Arcane compiler, which outputs standard PIOPs and is employed by Wizard-IOP to make different queries homogeneous. After applying Arcane, all the queries constitute evaluation queries over the polynomials. We then apply the Unique Evaluation compiler (UniEval), which receives the output of the Arcane and provides us with a PIOP that requires only a single evaluation check. At this point, we employ Vortex, a list polynomial commitment (LPC) scheme to convert the resulting PIOP into an argument of knowledge. Since the proof size may not still be sufficiently succinct, we apply different techniques such as self-recursion, standard recursion, and proof aggregations. The security of different components and steps will be discussed in separate papers as we advance on the final design of the Linea prover.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
LineazkEVMSNARKRing-SISSelf-RecursionArcaneWizard-IOPRange ChecksLookup ProofsPermutation Proofs.
Contact author(s)
alexandre belling @ consensys net
History
2024-02-07: last of 4 revisions
2022-11-24: received
See all versions
Short URL
https://ia.cr/2022/1633
License
No rights reserved
CC0

BibTeX 

@misc{cryptoeprint:2022/1633,
      author = {Linea Prover},
      title = {Linea Prover Documentation},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1633},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/1633}},
      url = {https://eprint.iacr.org/2022/1633}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.