You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/2_architecture/agg_mode_components/1_deep_dive.md
+15-6Lines changed: 15 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,7 +12,7 @@ The **Aggregation Mode** runs every 24 hours and performs the following steps:
12
12
Selected proofs are aggregated using a zkVM.
13
13
14
14
4.**Construct the Blob**
15
-
A blob is built containing the commitments of the aggregated proofs.
15
+
A blob is built containing the [commitments](#proof-commitment) of the aggregated proofs.
16
16
17
17
5.**Send Aggregated Proof**
18
18
The final aggregated proof and its blob are sent to the `AlignedProofAggregationService` contract for verification.
@@ -24,6 +24,15 @@ Two separate aggregators are run every 24 hours:
24
24
-**Risc0**: Aggregates proofs of types `Composite` and `Succinct`.
25
25
-**SP1**: Aggregates `Compressed` proofs.
26
26
27
+
## Proof Commitment
28
+
29
+
The **proof commitment** is a hash that uniquely identifies a proof. It is defined as the keccack of the proof public inputs + program ID:
30
+
31
+
-**For SP1**:
32
+
The commitment is computed as: `keccak(proof_public_inputs_bytes || vk_hash_bytes)`
33
+
-**For Risc0**:
34
+
The commitment is computed as: `keccack(receipt_public_inputs_bytes || image_id_bytes)`
35
+
27
36
## Multilayer Aggregation
28
37
29
38
To scale aggregation without exhausting zkVM memory, aggregation is split in two programs:
@@ -35,9 +44,9 @@ To scale aggregation without exhausting zkVM memory, aggregation is split in two
35
44
Aggregates all chunk-level proofs into a single final proof. It receives:
36
45
37
46
- The chunked proofs
38
-
- The original proofs commitments included each chunk received
47
+
- The original [proofs commitments](#proof-commitment) included each chunk received
39
48
40
-
During verification, it checks that each chunk’s committed Merkle root matches the reconstructed root to ensure input correctness. The final Merkle root—representing all user proofs—is then committed as a public input.
49
+
During verification, it checks that each chunk’s committed Merkle root matches the reconstructed root to ensure input correctness. The final Merkle root, representing all user [proofs commitments](#proof-commitment), is then committed as a public input.
41
50
42
51
## Verification
43
52
@@ -71,9 +80,9 @@ The Merkle root is computed and checked for existence in the contract using the
71
80
72
81
## Data Availability
73
82
74
-
When submitting the aggregated proof to Ethereum, we include a **blob** that contains the commitments of all the individual proofs that were aggregated. This blob serves two main purposes:
83
+
When submitting the aggregated proof to Ethereum, we include a **blob** that contains the [commitments](#proof-commitment) of all the individual proofs that were aggregated. This blob serves two main purposes:
75
84
76
-
- It makes the proof commitments publicly available for **18 days**.
85
+
- It makes the [proof commitments](#proof-commitment) publicly available for **18 days**.
77
86
- It allows users to:
78
87
- Inspect which proofs were aggregated
79
88
- Get a Merkle proof to verify that their proof is included in the aggregated proof
@@ -102,7 +111,7 @@ So the _actual usable capacity_ per blob becomes:
102
111
103
112
### Current Bottleneck
104
113
105
-
Since each proof commitment is exactly **32 bytes**, the maximum number of proof commitments that can fit in a single blob is:
114
+
Since each [proof commitment](#proof-commitment) is exactly **32 bytes**, the maximum number of proof commitments that can fit in a single blob is:
0 commit comments