zk-checkpoint

Polygon PoS being one of the most used chains has a mechanism where it settles to Ethereum (L1) at regular intervals through checkpoints which is helpful for bridging. As a result, the consensus signatures are sent to L1 contract and signature verification for all validators is done on-chain. This incurs a lot of gas on ethereum and ~86% of total gas used is taken by signature verification for all validators (on mainnet, roughly 105). The costs gas go >250$ in case of high demand.

This settlement workflow can be improved using ZK proofs which asserts that majority of validator set (>2/3) voted on a particular checkpoint. This can lead to 2 things:

1. It can drastically improve the L1 gas costs incurred currently on mainnet leading to cheaper on-chain settlement.
2. Because we commit to a specific block hash, other chains and apps on those chains can leverage this info to derive finality and PoS can settle on multiple chains with giving them a strong guarantee of a view of the chain.

The project is made with the help of SP1, which allows to write the signature verification and validation logic in Rust and generate a proof out of it which can be verified on-chain.

While the crux is pretty simple, there were lots of challenges while building this.

• Fetching all the validator data inside the proving circuit was a bit challenging and it was also tricky to implement a contract which scraps this data from the staking contracts.
• Because the types for checkpoint were based on internal tendermint libraries, it was difficult to serialise and deserialise the messages for verification.

Moreover, the circuit has certain strict constraints which eliminates the risk of prover generating false/fake proofs.