Overview

Understanding the EVM

To build a zkEVM that proves the execution of the Ethereum Virtual Machine (EVM), it's essential to first comprehend the structure and functionality of the EVM itself.

The EVM can be conceptualized as a state transition function, defined by a function fff that, given an initial world state SSS and a transaction TTT, produces a new world state S′S'S′: f(S,T)=S′f(S, T) = S'f(S,T)=S′

In this context, the "world state" is represented by a modified Merkle-Patricia Trie (MPT), which serves as a data structure containing all persistent information in the network. This includes data for all externally-owned accounts (EOAs) and smart contract accounts. Each smart contract account contains sub-tries that store its bytecode and persistent data.

When a new transaction is processed, the EVM executes the associated computations and updates the world state accordingly. The EVM performs computations over both transient data stores (such as the stack and memory) and persistent data stores (including contract bytecode and storage).

The computation initiated by a transaction is broken down into discrete machine instructions known as "opcodes," which the EVM can interpret and execute directly. The behavior of each opcode is detailed in the Ethereum Yellow Paper, and the execution of a transaction can be summarized as an "execution trace," which is an ordered list of the executed opcodes. Ethereum execution clients, such as Geth, can provide a detailed step-by-step execution trace of the computations performed.

As the opcodes are executed, the state trie is modified, resulting in an updated state trie with a new state root.

Proving EVM Execution Validity

The primary objective of a zkEVM is to generate a proof that validates the execution of a transaction. Specifically, given an initial world state SSS, a transaction TTT, and a resulting world state S′S'S′, the zkEVM must produce a proof that f(S,T)=S′f(S, T) = S'f(S,T)=S′, where fff is the state transition function outlined in the Ethereum Yellow Paper.

To prove the correctness of the transition function's execution, we break down the execution into a detailed execution trace. The execution of f(S,T)f(S, T)f(S,T) is expanded into a sequence of opcode executions. This execution trace acts as a "witness" that confirms the accuracy of the state transition f(S,T)=S′f(S, T) = S'f(S,T)=S′—essentially serving as a step-by-step account of how the state transitions from SSS to S′S'S′.

The challenge is then to prove the following:

1. Correctness of the Execution Trace: Ensure that the entire execution trace is accurate.

2. Correct Execution of Each Opcode: Validate that each opcode was executed in accordance with the specifications in the Ethereum Yellow Paper. For example, the ADD opcode must correctly pop two values from the stack and push their sum back onto the stack.

3. Proper Behavior of Each Opcode: A proof must demonstrate that each opcode was executed with the expected outcomes, including any modifications to transient data stores (stack and memory) or persistent data stores (contract bytecode and storage).

4. Correct Sequence of Opcodes: The ordered list of executed opcodes must reflect the appropriate set of opcodes triggered by the transaction. This entails properly loading the initial transaction calldata and the bytecode for any invoked contracts.

5. State Transition Verification: Confirm that the execution trace initiates from the initial state SSS and leads to the resulting state S′S'S′.

ZK rollups are increasingly recognized as the premier scaling solution for Ethereum, leveraging the robust security of Ethereum Layer 1 while providing faster transaction finality than other Layer 2 solutions.

The fundamental concept behind a ZK rollup involves executing transactions off-chain and generating succinct proofs that attest to the validity of the execution. These succinct proofs can then be posted and verified on Ethereum Layer 1, significantly enhancing scalability, as verifying a proof for a batch of transactions is considerably more cost-effective than re-executing the entire batch.

ZK rollups can be categorized into two main types: application-specific and general-purpose rollups, based on the kinds of transactions they support.

• Application-Specific ZK Rollups: These rollups are tailored for specific transaction types, such as payments, swaps, or specific actions within an on-chain game. In such scenarios, rollups only need to generate proofs that confirm the correctness of the supported primitives, like valid state transitions for game participants.

• General-Purpose ZK Rollups: In contrast, general-purpose ZK rollups accommodate a broader range of transactions and computations. They utilize a virtual machine (VM) to execute assembly code and subsequently generate a proof demonstrating that the execution was performed accurately according to the VM's specifications. Various ZK rollup projects employ different VMs; some opt to develop custom VMs optimized for rapid proof generation, while others utilize the Ethereum Virtual Machine (EVM) to ensure compatibility with the Ethereum ecosystem.

Wischain is a general-purpose ZK rollup that utilizes the EVM for off-chain computations. Its execution layer closely mirrors that of Ethereum: transactions are batched into blocks, which are then executed according to EVM specifications. Notably, Wischain employs a slightly modified version of Geth, enabling users to interact with Wischain just as they would with Ethereum. This design also allows developers to build on Wischain in the same manner as they would on Ethereum.

However, achieving compatibility with Ethereum in a ZK rollup presents significant challenges. The rollup must be capable of generating a proof that verifies the correct execution of off-chain EVM computations. This is the essence of a “zkEVM”—a system designed to prove the accurate execution of the EVM.

The EVM was originally crafted without the considerations of ZK rollups, making the development of a zkEVM a complex endeavor. Nevertheless, Wischain is committed to overcoming these challenges and has been actively collaborating with the Ethereum Privacy and Scaling Explorations team to turn the zkEVM into a reality.

Learn more