An evolution of TxVM with cloaked assets and zero-knowledge smart contracts.
- ZkVM whitepaper — technology overview.
- ZkVM specification — transaction validation rules.
- Blockchain specification — blockchain state machine specification.
- ZkVM API — how to create transactions with ZkVM.
ZkVM architecture uses four concepts:
- Programs
- Predicates
- Constraints
- Crypto operations
ZkVM is a stack machine. Program is a string of bytecode representing ZkVM instructions. Instructions manipulate values, contracts and constraints stored on a single stack.
ZkVM does not compile programs into a constraint system. Instead, the bytecode directly combines variables and constraints and adds them into constraint system.
Predicates protect the contracts’ contents (value and parameters) from unauthorized access or modification.
Predicates are represented with a single point which can be used either as a public key, as a commitment to a program, or as a commitment to a disjunction of other predicates. Predicate tree protocol is a variant of prior proposals Taproot by Gregory Maxwell and G'root by Anthony Towns.
Like programs, ZkVM does not compile the predicate tree into a constraint system: it exists on its own and VM provides instruction for traversing the tree and satisfying the predicates with signatures and program execution.
Constraint system is another component in ZkVM, in addition to the stack and transaction log. Various instructions may add custom constraints to the constraint system to enforce smart contract conditions in zero knowledge. The same constraint system also contains constraints for the Cloak protocol, that are added by the cloak instruction that re-distributes a collection of values.
At the end of the VM execution, the entire constraint system is verified with a single R1CS proof.
All instructions that perform relatively expensive scalar-point multiplications to implement various checks (traversal of a predicate tree, checking signatures, etc) defer these operations till the end of the VM execution. Then, all such checks are verified in a batch, significantly reducing the overall verification time.
The ZkVM repository was moved from this location on 2/6/2019.