Introduction: Welcome, crypto-native high schooler, to an exploration of Linea's prover flow and the fascinating world of lattice-based hashing. In this blog post, we'll provide an overview of Linea's inner-proof system, emphasizing Vortex and Arcane, as well as the final compression step known as PlonK. Join us on this journey to understand Linea's innovative approach to zkEVM and its significance in the realm of decentralized finance.
The Basics: Assuming you've already dived into our article on "What is a zkEVM?", we'll build upon those foundational concepts. However, we'll define relevant terms from Linea's zk glossary and encourage you to refer to it for a comprehensive understanding (while also urging you to read the full article - it's worth it!).
Linea's Prover Flow: To prove the occurrence of a transaction, Linea employs a series of steps. It starts with arithmetization, which transforms computer programs into mathematical expressions that can be comprehended by zk-proofs. This process converts transactions into traces and a set of constraints that validate the accuracy of computations.
Next, Linea employs an inner-proof system that recursively reduces the proof size until it reaches a final compression step within an outer-proof system.
Vortex and Arcane: Linea's In-House Proof System: Linea distinguishes itself from other zkEVMs through its arithmetization scheme and inner-proof system, namely Vortex and Arcane. Let's focus on Linea's inner-proof system for now. Arcane compiles the arithmetization into an Interactive Oracle Proof (IOP) model. An IOP allows the verifier to query an oracle, a trusted third-party that provides necessary information probabilistically. Linea employs the Wizard-IOP framework, offering more complex queries than standard IOP models.
Arcane transforms the set of constraints into polynomial evaluations, enhancing the mathematical form of proofs. To eliminate reliance on third parties, Linea employs cryptographic assumptions and iterative transformations to replace the oracle with a polynomial commitment scheme.
Why Lattice-Based Hashing is Cool: Lattice-based hashing offers several advantages over traditional cryptographic methods. It boasts faster performance than popular elliptic curve cryptography and is plausibly post-quantum, meaning it resists quantum computing attacks. Lattice hashing is optimized for recursion, efficient for hardware acceleration, and offers compatibility with SIMD parallelism. Additionally, lattice-based functions avoid the tradeoff between speed and use in a SNARK (Succinct Non-Interactive Argument of Knowledge), making them more versatile.
Understanding Error-Correcting Codes: Error-correcting codes, widely used in telecommunication, ensure data integrity and reliability. These codes incorporate redundancy into data to enable error identification and correction, even in the presence of corrupted or lost information.
How Polynomial Commitment Works: To commit to traces, Linea arranges them in a rectangular matrix. Each row is encoded and subjected to a lattice-based hash, ensuring commitment to the traces' integrity. Verifiers then send a challenge, requesting a random linear combination of hashed data and a random subset of traces. By leveraging probability calculations, consistency between the linear combination, claimed evaluations, and selected traces confirms the correctness of the computation.
The Final Compression Step: PlonK: To make proofs verifiable on Ethereum's L1 directly, Linea performs the final compression step using the PlonK proof. PlonK, like Groth16, is a zkSNARK construction, leveraging advanced cryptographic techniques. PlonK's SNARK-friendly properties and lattice-based hashes ensure fast verification and produce compact proofs suitable for efficient verification on L1.
Why the Switch to PlonK: The shift from Groth16 to PlonK was driven by the trusted setup process. Groth16 requires repeated setup whenever the circuit changes, whereas PlonK performs the setup once, independent of the circuit. Linea's iterative circuit design would have necessitated frequent trusted setup reruns with Groth16, raising concerns about trust. By adopting PlonK, Linea maintains protocol integrity while providing confidence to the community regarding fair play.
Verification and Finalization: After this transformative journey, a proof is created for verification by Linea's verifier contract on Ethereum's L1. Upon successful validation of the proof, state commitment, and calldata, the new rollup state is finalized on the L1 smart contract.
Stay Connected: We hope this overview has shed light on Linea's inner-proof system and lattice-based hashing. Expect monthly community calls, where Linea highlights researchers, community members, and key partners. Subscribe, follow us on Twitter, YouTube, and Lens, and join our Discord to stay connected with the latest Linea developments.
Conclusion: Linea is charting new territories in the realm of decentralized finance, and understanding its inner-proof system and lattice-based hashing lays a foundation for exploring its potential further. As a curious high schooler, your journey into the world of cryptography and zkEVM is just beginning. Embrace the opportunity to contribute and shape the future of Linea!
To stay up to date with the latest challenges and find ones that pique your interest, we encourage you to follow us on Mirror, Twitter.
Together, let's embark on this thrilling NFT adventure and shape the future of Linea!