You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+79-82Lines changed: 79 additions & 82 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -171,161 +171,158 @@ If you are developing in Aligned, or want to run your own devnet, check our [Inf
171
171
172
172
## FAQ
173
173
174
-
## What is the objective of Aligned?
175
-
174
+
### What is the objective of Aligned?
175
+
176
176
Aligned’s mission is to extend Ethereum’s zero-knowledge capabilities. We are certain the zero-knowledge proofs will have a key role in the future of blockchains and computation. We don’t know what that future will look like, but we are certain it will be in Ethereum. The question we want to share is: If we are certain zero-knowledge proofs are the future of Ethereum but we are not certain which of the many possible zero-knowledge futures will win. How can we build an infrastructure for Ethereum to be compatible with any future zero-knowledge proving system?
177
-
177
+
178
178
### What is the throughput of Aligned?
179
-
180
-
Aligned runs the verifier’s code natively. The verification time depends on the proof system, program run, and public input. Generally, most verifiers can be run in the order of ms on consumer-end hardware. We can optimize the code for speed and leverage parallelization by running it natively. Taking 3 ms per proof, Aligned could verify 300 proofs per second and, using parallelization, over 10,000 proofs per second.
181
-
179
+
180
+
Aligned runs the verifier’s code natively. The verification time depends on the proof system, program run, and public input. Generally, most verifiers can be run in the order of ms on consumer-end hardware. We can optimize the code for speed and leverage parallelization by running it natively. Current testnet can verify more than 2500 proofs per second.
181
+
182
182
### How does the throughput of Aligned compare with Ethereum?
183
-
184
-
Ethereum runs on top of the EVM. Each block is limited to 30,000,000 gas. Since the most efficient proof systems take at least 250,000 gas, Ethereum can verify 120 proofs per block. Aligned runs the code natively and leverages parallelization, reaching 10,000 proofs in the same period.
185
-
183
+
184
+
Ethereum runs on top of the EVM. Each block is limited to 30,000,000 gas. Since the most efficient proof systems take at least 250,000 gas, Ethereum can verify 120 proofs per block. Aligned runs the code natively and leverages parallelization, reaching 30,000 proofs in the same period.
185
+
186
186
### Is Aligned an Ethereum L2?
187
-
187
+
188
188
Aligned is related to Ethereum but is not an L2 since it does not produce blocks. It is a decentralized network of verifiers.
189
-
189
+
190
190
### Does Aligned compete with L2s?
191
-
191
+
192
192
No. Aligned is a decentralized network of verifiers and has proof aggregation. It does not produce blocks or generate proofs of execution. Aligned provides L2s with fast and cheap verification for the proofs they generate, reducing settlement costs and enhancing cross-chain interoperability with quick and cheap bridging.
193
-
193
+
194
194
### What are the costs for Aligned?
195
-
195
+
196
196
The costs depend on task creation, aggregated signature or proof verification, and reading the results. The cost C per proof by batching N proofs is roughly:
197
-
197
+
198
198
$$
199
199
C =\frac{C_{task} + C_{verification}}{N} + C_{read}
200
200
$$
201
-
202
-
Batching 1024 proofs using Aligned’s fast mode can cost around 2,100 gas in Ethereum (for a gas price of 8 gwei/gas and ETH = $3000, $0.05). As a helpful comparison, a transaction in Ethereum costs 21,000 gas, so you get proof verification for 1/10th of the transaction cost!
203
-
201
+
204
202
### Why do you have a fast and slow mode?
205
-
203
+
206
204
The fast mode is designed to offer very cheap verification costs and low latency. It uses crypto-economic guarantees provided by restaking; costs can be as low as 2100 gas. The slow mode works with proof aggregation, with higher fees and latency, and achieves the complete security of Ethereum. We verify an aggregated BLS signature (around 113,000 gas) in the fast mode. We verify an aggregated proof (around 300,000 gas) in the slow mode.
207
-
205
+
208
206
### Why don’t you run Aligned on top of a virtual machine?
209
-
207
+
210
208
Running on a virtual machine adds complexity to the system and an additional abstraction layer. It can also reduce Aligned's throughput, which is needed to offer really fast and cheap verification.
211
-
209
+
212
210
### Why don’t you build Aligned on top of a rollup?
213
-
211
+
214
212
The main problem with settling on top of a rollup is that you still need confirmation in Ethereum, which adds latency to the process. Besides, most rollups are not fully decentralized, even if they were, not to the extent of Ethereum. Aligned also achieves an already low verification cost in Ethereum, so it would not be convenient to build Aligned on top of a rollup in terms of latency, costs, and decentralization.
215
-
213
+
216
214
An L2 needs to use the EVM to settle in Ethereum. This means that the proofs need to be efficiently verified in the EVM, and their data made available there.
217
-
215
+
218
216
The EVM is not designed for ZK Verification, so most verifications are expensive.
219
-
217
+
220
218
To solve this, for pairing-based cryptography, Ethereum has added a precompile for verifications using the curve BN254.
221
-
219
+
222
220
But technology changes fast. BN254 security was demonstrated to be around 100 bits instead of the expected 128. Fast Starks need efficient hashing for fields. Which is the best field? Mersenne’s? Goldilocks? Binary fields? What about the sumcheck protocol? Is Jolt the endgame? Or is GKR going to be faster?
223
-
221
+
224
222
The amount of progress in the field is big, and nobody can predict the endgame.
225
-
223
+
226
224
Even more, it would be naive to think that only one optimized prover will exist in the future. In the world of ZK, as in many others, there are trade-offs and systems that solve different problems.
227
-
225
+
228
226
Maybe we want faster proving and don't care about proof size. Maybe we want the fastest proof verification and smallest size and can do more work on the prover. The system may be optimized to prove Keccak really fast. Or we can skip the traditional hashes altogether and just optimize for Poseidon, Rescue, or one hash not created yet.
229
-
227
+
230
228
Aligned solves all of this. No matter how or what you want to prove, it can be verified efficiently here while still inheriting the security of Ethereum as other L2s.
231
-
229
+
232
230
### Is Aligned an aggregation layer?
233
-
234
-
Aligned provides proof aggregation as part of its slow mode, a feature shared with all aggregation layers. However, Aligned offers a unique fast mode designed to provide cheap and low-latency proof verification, leveraging the power of restaking. Aligned is a decentralized network designed to verify zero-knowledge proofs and uses recursive proof aggregation as one of its tools.
235
-
231
+
232
+
Aligned provides proof aggregation as part of its slow mode, a feature shared with all aggregation layers. However, Aligned offers a unique fast mode designed to provide cheap and low-latency proof verification, leveraging the power of restaking. Aligned is a decentralized network designed to verify zero-knowledge proofs and uses recursive proof aggregation as one of its tools.
233
+
236
234
### What proof systems do you support?
237
-
235
+
238
236
Aligned is designed to support any proof system. Currently supported ones are Groth 16 and Plonk (gnark), SP1, Halo 2 (IPA and KZG)
239
-
237
+
240
238
### How hard is it to add new proof systems?
241
-
239
+
242
240
Aligned is designed to make adding new proof systems easy. The only thing needed is the verifier function, which is written in a high-level language like Rust. For example, we could integrate Jolt into one of our testnets just a few hours after it was released.
243
-
241
+
244
242
### What are BLS signatures?
245
-
243
+
246
244
[Boneh-Lynn-Shacham](https://en.wikipedia.org/wiki/BLS_digital_signature) is a cryptographic signature that allows a user to verify that a signer is authentic. It relies on elliptic curve pairings and is used by Ethereum due to its aggregation properties.
247
-
245
+
248
246
### How does Aligned work?
249
-
247
+
250
248
The flow for fast verification is as follows:
251
-
249
+
252
250
1. The user uses a provided CLI or SDK to send one proof or many to the batcher, and waits (Alternatively, the user can run a batcher or interact directly with Ethereum)
253
251
2. The batcher accumulates proofs of many users for a small number of blocks (typically 1-3).
254
252
3. The batcher creates a Merkle Tree with commitments to all the data submitted by users, uploads the proofs to the Data Service, and creates the verification task in the ServiceManager.
255
-
4. The operators, using the data in Ethereum, download the proofs from the DataService. They then verify that the Merkle root is equal to the one in Ethereum, and verify all the proofs.
253
+
4. The operators, using the data in Ethereum, download the proofs from the DataService. They then verify that the Merkle root is equal to the one in Ethereum, and verify all the proofs.
256
254
5. If the proofs are valid, they sign the root and send this to the BLS signature aggregator.
257
255
6. The signature aggregator accumulates the signed responses until reaching the quorum, then sends the aggregated signature to Ethereum.
258
256
7. Ethereum verifies the aggregated signatures and changes the state of the batch to verified.
259
-
257
+
260
258
### What is restaking?
261
-
259
+
262
260
EigenLayer introduced the concept of Restaking. It allows Ethereum’s validators to impose additional slashing conditions on their staked ETH to participate in Actively Validated Services (AVS) and earn additional rewards. This creates a marketplace where applications can rent Ethereum's trust without competing for blockspace. Aligned is an example of an AVS.
263
-
261
+
264
262
### How can I verify proofs in Aligned?
265
-
263
+
266
264
You can verify proofs in Aligned using our CLI.
267
-
265
+
268
266
### Can you provide an estimate of Aligned’s savings?
269
-
270
-
In Ethereum (does not include access cost):
271
-
272
-
- Groth 16 proofs: 250,000 gas
267
+
268
+
In Ethereum (does not include access cost):
269
+
270
+
- Groth 16 proofs: >250,000 gas
273
271
- Plonk/KZG proofs: >300,000 gas
274
272
- STARKs: >1,000,000 gas
275
273
- Binius/Jolt: too expensive to run!
276
-
274
+
277
275
In Aligned, fast mode:
278
-
279
-
- Just one proof (any!): 120,000 gas
280
-
- Batching 1024 proofs: 120 gas + reading cost
281
-
276
+
277
+
- Just one proof (any!): 350,000 gas
278
+
- Batching 1024 proofs: 350 gas + reading cost
279
+
282
280
It’s over 99% savings!
283
-
281
+
284
282
### I want to verify just one proof. Can I use Aligned for cheap and fast verification?
285
-
283
+
286
284
Yes!
287
-
285
+
288
286
### Is Aligned open-source?
289
-
287
+
290
288
Yes!
291
-
289
+
292
290
### What are the goals of Aligned?
293
-
291
+
294
292
Aligned is an infrastructure that offers fast and cheap verification for zero-knowledge and validity proofs. It can take any proof system and verify it cheaply and fast.
295
-
293
+
296
294
This means that what Aligned wants to achieve is to allow anyone to build zk applications. This can only be achieved by:
297
-
295
+
298
296
- Reducing operational costs when maintaining a zk application -> anyone can afford to build zk apps.
299
297
- Offering more options so developers can choose how they want to build their protocols -> everyone can choose their tools.
300
298
- Offer the latest zk that allows anyone to build zk applications by just proving rust -> anyone can code a zk application.
301
-
299
+
302
300
### What’s the role of Aligned in Ethereum?
303
-
304
-
Aligned’s role is to help advance the adoption of zero-knowledge proofs in Ethereum, increase verification throughput, and reduce on-chain verification time and costs. Aligned can easily incorporate proof systems without any further changes in Ethereum. In a more straightforward analogy, Aligned is like a GPU for Ethereum.
305
-
301
+
302
+
Aligned’s role is to help advance the adoption of zero-knowledge proofs in Ethereum, increase verification throughput, and reduce on-chain verification time and costs. Aligned can easily incorporate proof systems without any further changes in Ethereum. In a more straightforward analogy, Aligned is like a GPU for Ethereum.
303
+
306
304
### What is proof recursion?
307
-
305
+
308
306
Zero-knowledge proofs let you generate proofs that show the correct execution of programs. If a program is the verification of a proof, then we will be getting a proof that we verified the proof and the result was valid. The validity of the second proof implies the validity of the original proof. This is the idea behind proof recursion, and it can be used with two main goals:
309
-
307
+
310
308
1. Convert one proof type to another (for example, a STARK proof to a Plonk proof) either to reduce the proof size, have efficient recursion, or because the proof system cannot be verified where we want.
311
309
2. Proof aggregation: if we have to verify N proofs on-chain, we can generate a single proof that we verified the N proofs off-chain and just check the single proof in Ethereum.
312
-
310
+
313
311
Proof recursion is the primary tool of Aligned’s slow mode.
314
-
312
+
315
313
### What are the use cases of Aligned?
316
-
314
+
317
315
Among the possible use cases of Aligned, we have:
318
-
316
+
319
317
Soft finality for Rollups and Appchains, fast bridging, new settlement layers (use Aligned + EigenDA) for Rollups and Intent-based systems, P2P protocols based on SNARKs such as payment systems and social networks, alternative L1s interoperable with Ethereum, Verifiable Machine Learning, cheap verification and interoperability for Identity Protocols, ZK Oracles, new credential protocols such as zkTLS based systems, ZK Coprocessor, encrypted Mempools using SNARKs to show the correctness of the encryption, protocols against misinformation and fake news, and on-chain gaming.
320
-
318
+
321
319
### Why build Aligned on top of Ethereum?
322
-
320
+
323
321
Ethereum is the most decentralized and most significant source of liquidity in the crypto ecosystem. We believe it is the most ambitious and long-term project on the internet. Aligned is being built to help Ethereum achieve its highest potential, and we believe this is only possible through validity/zero-knowledge proofs.
324
-
322
+
325
323
### Why EigenLayer?
326
-
324
+
327
325
We believe Ethereum is the best settlement layer, and zero-knowledge will play a key role in helping it become the settlement layer of the internet. We want to build a verification layer that helps Ethereum achieve this goal. This layer needs to have a decentralized group of validators that will just re-execute the verification of different proofs, but how can we build such a decentralized network that will help Ethereum? Creating a new L1 doesn’t benefit Ethereum because it will add new trust assumptions to the Ethereum protocols relying on it. So, if we must have:
328
-
329
326
1. A decentralized network of verifiers
330
327
2. A similar economic security level that can be easily measured in Ethereum
331
328
3. Part of the Ethereum ecosystem
@@ -337,4 +334,4 @@ Aligned is just a network of decentralized verifiers renting security from Ether
337
334
338
335
### Why do we need a ZK verification layer?
339
336
340
-
Verifiable computation allows developers to build applications that help Ethereum scale or even create applications that were not possible before, with enhanced privacy properties. We believe the future of Ethereum will be shaped by zero-knowledge proofs and help it increase its capabilities.
337
+
Verifiable computation allows developers to build applications that help Ethereum scale or even create applications that were not possible before, with enhanced privacy properties. We believe the future of Ethereum will be shaped by zero-knowledge proofs and help it increase its capabilities.
Copy file name to clipboardExpand all lines: docs/introduction/2_faq.md
-2Lines changed: 0 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -28,8 +28,6 @@ $$
28
28
C =\frac{C_{task} + C_{verification}}{N} + C_{read}
29
29
$$
30
30
31
-
Batching 1024 proofs using Aligned’s fast mode can cost around 2,100 gas in Ethereum (for a gas price of 8 gwei/gas and ETH = $3000, $0.05). As a helpful comparison, a transaction in Ethereum costs 21,000 gas, so you get proof verification for 1/10th of the transaction cost!
32
-
33
31
### Why do you have a fast and slow mode?
34
32
35
33
The fast mode is designed to offer very cheap verification costs and low latency. It uses crypto-economic guarantees provided by restaking; costs can be as low as 2100 gas. The slow mode works with proof aggregation, with higher fees and latency, and achieves the complete security of Ethereum. We verify an aggregated BLS signature (around 113,000 gas) in the fast mode. We verify an aggregated proof (around 300,000 gas) in the slow mode.
0 commit comments