Proofs

Proofs tab contains a list of proofs for a given project, sorted by time of addition. Each proof line contains the columns Status, Version, Expression, Time, Input, Proofs and Verification.

Status

Status can be:

  • New - when the proving task has just been added;

  • Processing - when the task is processed by the proving system;

  • Failed - when an error has occurred and the proving is no longer performed;

  • Success - when the proof is generated and can be used in the future.

Version expression

Since expressions can be edited, they can have different versions. To track these changes, you can check the version number of the expression.

Expression

The name of the expression for which the proof is calculated.

Time

Shows how much time has passed since the proof calculation job was added.

Input

Proving input data.

The data is json, which can be opened in a separate browser tab or copied to the clipboard by clicking the appropriate buttons. An example, input.json is presented below:

{
  "user_inputs":{
     "block_number_start":19213400,
     "block_number_end":19213510,
     "value":117420373259851,
     “expressions”: {}
  },
  "plonky2_inputs": {
     "extract":{
     	"type":"extract4",
        "offsets":[0,32,64,96],
        "aux_inputs":{
           "19213400":{"value":"256439480000"}, 
              … ,
           "19213509":{"value":"259878762000"},
           "19213510":{"value":"259878762000"}
        }
     },
     "filter":{
        "contract":"0x7d2768dE32b0b80b7a3454c06BdAc94A69DDc7A9",
        "topics":[
           "0xde6857219544bb5b7746f48ed30be6386fefc61b2f864cacf559893bf50fd951",
           "0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2"
        ]
     },
     "map":{
        "type":"4to1with1lookup",
        "lookup":[1,1000000,1000000000],
        "formula":[{"formula":"op1 aux0 mul 1000000000000000000 div"}]
     },
     "reduce":{
        "type":"1to1sum",
        "expressions":{"formula":"acc0 op0 add"}
     },
     "id":"1",
     "verify_inputs":{
        "19213401":{"value":"0"},
        …,
        "19213510":{"value":"117420373259851"}
     },
     "start_block":19213400,
     "end_block":19213510,
     "hash":"4553b38eea91182c1d2507648822eb5bf3fd909a8106c0bd652dcd1ae50c06f2"
  },
  "verifier_inputs": {
     "block_start":"0x189651567ae148ba3ff8aa6ba23b3434d6764b010cd489bf459a29c8cbfb09b9",
     "block_end":"0x93704246d9f10f7475341dba453e42297c5e76e5ca463e503d9d37aed942fb49",
     "value":"0x00000000000000000000000000000000000000000000000000006acb0fa3364b",
     "hash":"4553b38eea91182c1d2507648822eb5bf3fd909a8106c0bd652dcd1ae50c06f2"
  }
}

This json consists of three types of input data that are used at different stages of the calculation:

  1. user_inputs” - user input and precalculation result;

  2. plonky2_inputs” - public input and part of the private input that is passed to the plonky2 input of the proof circuit;

  3. verifier_inputs” - input data that is transmitted for verification in the blockchain network.

user_inputs

user_inputs” consists of the following data blocks:

  • "block_number_start" - the number of the starting block of the selected Ethereum block range;

  • "block_number_end" - the number of the end block of the selected range of Ethereum blocks;

  • "value" - the result of precalculation of the expression in the form of an int256 number;

  • "expressions" - expressions entered by the user.

plonky2_inputs

plonky2_inputs” consists of the following data blocks, which describe the successive stages of the calculation:

  • "extract" - describes what data should be extracted from the blockchain;

    • offsets” - an array of offset values ​​that defines the location in the event byte slice in which the event parameters data is stored;

    • aux_inputs” - defines an array of auxiliary data that is used, for example, as a transmission of pre-proven ChainLink prices for tokens;

  • filter” - describes how data from the ‘extract’ block should be filtered;

    • "contract" - contains the address of the contract that generated the events used in the expression;

    • "topics" - contains an array of event topics that interpret the indexed event parameters;

  • map” - describes the 'map' operation on the data received at the output of the 'filter' block;

    • "formula" - expression formula, which is presented in reverse Polish notation;

  • reduce” - a data block describing the aggregation of data obtained from the previous calculation step (from the ‘map’ block);

  • verify_inputs” - auxiliary intermediate data used to check the results of parallel calculations;

  • start_block” - the starting block number of the selected Ethereum block range;

  • end_block” - the ending block number of the selected range of Ethereum blocks;

  • hash” - hash, which is used to identify various expressions in the proving system and is calculated as follows:

hash = sha256(concat(
    filter.contract,
    concat(filter.topics),
    keccak(concat(extract.offsets)),
    keccak(concat(map.formula, map.filter)),
    keccak(concat(
        reduce.expressions.formula,
        reduce.expressions.formula_1,
        reduce.expressions.formula_2,
        reduce.expressions.formula_3
    ))
))

verifier_inputs

verifier_inputs” consists of the following data blocks:

  • "block_start" - the start block hash of the selected Ethereum block range;

  • "block_end" - the end block hash of the selected Ethereum block range;

  • "value" - hex of the final value of the expression calculation;

  • "hash" - a hash that identifies the expression.

Proofs

Data received at the proving output.

This data is json, which can be opened in a separate browser tab or copied to the clipboard by clicking the appropriate buttons.

Verification

After the proof is generated, it can be verified on-chain in the Sepolia Testnet network, in which contracts for proof verification are pre-deployed.

To verify the proof, the user needs to click the “Verify” button, after which the system backend will automatically create a verification transaction and save the result in the VerificationGateway contract storage.

The backend of the Maru portal then calls the verifyAndSaveProof method of the VerificationGateway contract:

function verifyAndSaveProof(
    uint256[8] calldata input,
    uint256[8] calldata proof
) external;

The public input consists of the previous block hash and the ending block hash of the range of blocks, the input expression hash, and the calculated value. Each value consists of 2 numbers of 256 bits.

A proof is a condensed proof of computation obtained using the zk-SNARK library gnark.

In the body of the verifyAndSaveProof function, the contract calls the verifyProof method of the Verifier contract, which supports checking the Groth16 proof that the Plonky2 proof is true.

/// Verify an uncompressed Groth16 proof.
/// @notice Reverts with InvalidProof if the proof is invalid or
/// with PublicInputNotInField the public input is not reduced.
/// @notice There is no return value. If the function does not revert, the
/// proof was successfully verified.
/// @param proof the points (A, B, C) in EIP-197 format matching the output
/// of compressProof.
/// @param input the public input field elements in the scalar field Fr.
/// Elements must be reduced.
function verifyProof(
    uint256[8] calldata proof,
    uint256[8] calldata input
) external;

After a successful transaction, a link to the transaction in etherscan will be displayed in the Verification column, for example, https://sepolia.etherscan.io/tx/0x2ed94332839a3fd37abee0c569209167300a93aadac832b3467c7929ceda6198

Other smart contracts can check whether Inputs have previously been verified with the corresponding proofs using the following functions:

function isProofed(
    uint256[8] calldata input
) external view returns (bool);
function isProofedUserInput(
    bytes32 blockhash_prev,
    bytes32 blockhash_end,
    bytes32 hash,
    bytes32 value
) external view returns (bool);

For this check, other smart contracts do not need to know the proof, but simply pass the correct input data (input), which contains information about the block range (blockhash_prev, blockhash_end), expression (hash) and calculation result (value).

Last updated