The EVM L2 scaling solution zkSync Era has announced the Boojum upgrade, where it will be transitioning from SNARK proofs to more scalable STARK proofs.
Succinct Non-interaction ARgument of Knowledge (SNARK) and Scalable Transparent ARguments of Knowledge (STARK) are different types of Zero-Knowledge cryptographic proofs.
SNARK Proofs Explained
zkSync Era has always utilized SNARK proofs as cryptographic evidence to prove the correctness and legitimacy of the transactions in its rollups.
SNARK proofs consist of a succinct computation between a party known as the prover, who is proving the correctness of the transactions, and another party known as the verifier, who verifies the prover’s claim.
The term “succinct” refers to the compactness of SNARK proofs. They can represent complex computations concisely and efficiently, resulting in proofs that are much smaller in size compared to the original computation. SNARK proofs are non-interactive, meaning the prover can generate the proof independently without interacting with the verifier.
How SNARK Proofs are Generated:
- First, a setup occurs where cryptographic parameters that govern how the proposed computation is solved are established; the computation refers to proof generation.
- Next, the proposed computation is translated into a circuit representation. This circuit outlines the logical operations of the computation and the necessary inputs for the desired output.
- Thirdly, the prover takes the circuit representation, along with the specific inputs and outputs of the computation, and constructs a SNARK proof. This involves performing a series of mathematical operations on the circuit to create a proof demonstrating the computation’s correctness. The prover ensures the proof contains sufficient information to convince a verifier of the computation’s correctness without revealing any sensitive data.
- Finally, the verifier receives the SNARK proof from the prover and independently verifies its validity. The verifier uses the cryptographic parameters generated during the setup phase to check the proof’s integrity and correctness.
STARK Proofs Explained
STARK Proofs are the type of cryptographic proof that zkSync Era is switching to in the Boojum upgrade.
STARK proofs are a type of zk-proof where, similar to SNARK proof generation, a prover convinces a verifier that a computation was executed correctly without revealing any sensitive information. STARK proof generation is also non-interactive, and the proofs are succinct.
However, STARK proofs do not require a setup process to execute a proposed computation, and the sizes of STARK proofs are more relaxed than SNARK proofs. STARK proofs are still succinct but are larger than SNARK proofs meaning they are more scalable and capable of performing and compacting more complex computations.
How STARK Proofs are Generated:
- First, the proposed computation is translated into a circuit representation; STARK proof generation has no initial setup.
- Next, the circuit is transformed into a constraint system. Where a circuit representation outlines the logical operations of a computation and its necessary inputs for the desired output, a constraint system converts this representation into a set of equations or constraints that enforce the desired computation.
- Thirdly, the constraint system is arithmetized, where each equation in the constraint system is converted into a mathematical form that STARK protocols can process.
- Fourthly, the prover performs the computation to generate a proof of the computation’s correctness.
- The prover then ensures the proof’s integrity with low-degree testing, which helps verify that the prover has correctly constructed the proof without cheating.
- Finally, the verifier receives the prover’s STARK proof and checks it against the original computations’ constraint system to validate its legitimacy.
zkEra’s Reasoning for Switching Proofs
zkSync Era has chosen to switch to STARK proofs because although their generation process is less efficient and more energy intensive than SNARK proofs due to the extremely complex mathematical processes that occur in low-degree testing and when transforming circuit representations to constraint systems, STARK proofs are more transparent and scalable.
The setup process for SNARK proof generation is arbitrary and requires establishing cryptographic parameters that are not easily understood. STARK-proof generation skips the setup entirely, and the rest of the process is easier to follow despite its use of complex mathematical equations.
STARK proof sizes are also more scalable because they are less compact than SNARK proofs. While still succinct, STARK proof sizes are slightly bigger, allowing for more complicated computations to be performed.
Boojum Details and Features
Built on a Rust-based cryptographic library, Boojum employs PLONK-style arithmetization, which simplifies circuit development, auditability, and maintainability.
Boojum contributes significantly to zkSync’s mission of advancing personal freedom by providing world-class performance and reduced hardware requirements to increase decentralization.
The current SNARK-based proof system of zkSync Era performs well but lacks scalability for hyperchains. Boojum offers significant performance improvements, complementing zkSync Era’s sequencer that can process over 100 TPS. Additionally, with Boojum, consumer-grade GPUs with just 16 GB GPU RAM can perform prover functions, reducing the barrier to entry for participation.
Boojum provides a thin base constraint system abstraction, allowing users to add custom gate types and define their circuit structures effortlessly. The extension interface efficiently generates provers, verifiers, and recursive verifiers, streamlining the development process.
Boojum has made substantial progress and is now live on Mainnet, generating and verifying “shadow” or mock proofs with real production data. The Boojum repository is open-source, inviting exploration and collaboration.
zkSync Era has introduced the Boojum to switch from SNARK proof to STARK proofs because they’re more scalable and their generation process is more transparent. The Boojum upgrade introduces groundbreaking performance and decentralization improvements while reducing hardware requirements.
Boojum’s journey from design to Mainnet has involved rigorous testing, security audits, and open collaboration. With Boojum, zkSync Era takes a significant step towards scalability, efficiency, and a more secure zkEVM ecosystem.