3.3 Proof Validation

Once the proof is generated, it is transmitted to the verifier on chain in the Settlement Layer, who is responsible for verifying its correctness. The verifier performs a series of computations on the proof and the statement’s public parameters to determine whether the proof is valid. If the verification process succeeds, the verifier accepts the proof as valid and concludes that the statement which represents the execution outcome of transactions is true. Otherwise, the verifier rejects the proof and the related transactions. The ZKP verification process typically consists of several key steps, each aimed at rigorously examining the proof’s validity.

Public Parameters and Circuit Representation: The verification process begins with the verifier obtaining the public parameters associated with the ZKP system. These parameters include information about the cryptographic primitives used in the proof generation process, as well as any additional parameters required for verifying the proof. Additionally, the verifier constructs a representation of the arithmetic or Boolean circuit corresponding to the statement being proved. This circuit serves as the basis for the subsequent steps in the verification process.

Proof Parsing: Upon receiving the proof from the prover, the verifier parses the proof to extract the necessary information for verification. This includes retrieving the proof’s components, such as commitments, challenges, and responses, as well as any auxiliary data required for the verification process.

Statement Evaluation: Next, the verifier evaluates the arithmetic or Boolean circuit representing the statement being proved using the input data provided by the prover. This involves simulating the execution of the circuit and computing the output values at each step of the computation. The verifier ensures that the computation proceeds correctly according to the circuit’s logic and that the output values match the expected results.

Challenge Generation: In some ZKP systems, the verification process may involve the generation of a challenge by the verifier. This challenge is typically a random value chosen by the verifier and is used to ensure the soundness of the proof. The verifier selects the challenge based on the information contained in the proof and the public parameters of the proof system.

Response Verification: After receiving the prover’s response to the challenge, the verifier verifies the correctness of the response using the information contained in the proof and the public parameters of the proof system. This involves performing a series of cryptographic computations to ensure that the response is consistent with the challenge and the input data provided by the prover.

Final Verification: Finally, the verifier combines the results of the previous steps to determine the overall validity of the proof. If all the individual components of the proof pass the verification process, the verifier accepts the proof as valid and concludes that the statement being proved is true. Otherwise, the verifier rejects the proof and concludes that the statement is false or the proof is invalid.

The verification process can be described mathematically as follows.

Firstly, generating verification key VKVK from the Circuit constraint:

VKCircuitVK \leftarrow Circuit

Then we save VKVK to the contract in the Settlement Layer. The verification algorithm in the contract, denoted as VerifyVerify, takes as input the verification key VKVK and the proof (A,B,C)(A,B,C). It outputs the verification result:

True/FalseVerify(VK,A,B,C)True/False \leftarrow Verify(VK,A,B,C)