0xPolygonHermez/zisk v0.16.0

on GitHub

⚠️ Disclaimer: Software Under Development ⚠️

This software is currently under active development and has not been audited for security or correctness.

Please be aware of the following:

• The software is not fully tested.
• Do not use it in production environments until a stable production release is available. 🚧
• Additional functionalities and optimizations are planned for future releases.
• Future updates may introduce breaking backward compatible changes as development progresses.

If you encounter any errors or unexpected behavior, please report them. Your feedback is highly appreciated in improving the software.

Changes:

• DMA precompile reducing steps by 20–35%
• Hints & Inputs streaming architecture
• Persistent 1GB input stream
• SDK full refactor
• Step limit increased to 2³⁶ (64 Gigasteps)
• GPU Plonk SNARK wrapper for efficient on-chain verification
• Embedded allocator support
• Cryptographic & Client Enhancements

DMA Precompile

Implemented a DMA (Direct Memory Access) precompile for optimized memory operations:

• memcpy
• memcmp
• memset
• inputcpy

DMA operations execute without consuming main steps, reducing total step count by 20–35% and circuit area by >15% on medium-large blocks.

The precompile transparently replaces built-in implementations, requiring no code modifications.

Hints & Inputs Streaming

Introduced a streaming architecture for hints and inputs, enabling efficient data flow in both local and distributed execution.

CLI

New --hints-stream (-H) flag available in:

• execute
• prove
• stats
• verify_constraints

Distributed Mode

Hints and inputs can be streamed via gRPC, enabling:

• real-time processing
• reduced memory overhead
• improved distributed proving workflows

Supported Sources

• Files
• Unix sockets
• QUIC protocol

Built-in Hint Handlers

Hashing

• SHA256
• KECCAK256
• BLAKE2B_COMPRESS

BN254

• G1_ADD
• G1_MUL
• PAIRING_CHECK

BLS12-381

• G1_ADD
• G1_MSM
• G2_ADD
• G2_MSM
• PAIRING_CHECK
• FP_TO_G1
• FP2_TO_G2

ECDSA

• SECP256K1_ADDRESS_RECOVER
• SECP256K1_VERIFY
• SECP256R1_VERIFY

MODEXP

• MODEXP

KZG

• VERIFY_KZG_PROOF

Custom hint handlers are allowed and can be integrated into the streaming pipeline.

Additional improvements:

• Precompile results shared memory added to the ASM emulator
• Control input/output shared memories added to the ASM emulator

Persistent Input Stream (1GB)

The previous input data mechanism has been replaced with a 1GB persistent input stream.

Features:

• Compatible with the zerocopy crate for zero-copy deserialization
• Compatible with bincode for efficient serialization
• Optional progressive stream loading and input pipelining to reduce time-to-proof

Step Limit Increase

The step limit has been increased from 2³² to 2³⁶ steps (64 Gigasteps).

Analysis of 22,000+ Ethereum blocks (range 24639178–24439579) shows:

• Peak consumption: 950 Msteps (1.44%)
• Average consumption: 310 Msteps (0.47%)

Additionally, over 5.5% of analyzed blocks exceed 59M gas usage.

GPU Plonk SNARK Wrapper

Added an optional GPU-accelerated Plonk SNARK wrapper for efficient on-chain verification.

• Proof size: ~1KB
• Verification cost: ~250k gas
• Wrapper generation: < 2 seconds

SDK full refactor

• Refactored all SDK calls to improve structure, consistency, and maintainability.
• Integrated SNARK support directly into the SDK.
• Proofs can now be verified in a separate guest program, allowing zisk proofs aggregation

Embedded Allocators Support

Added support for embedded allocators beyond the default bump allocator (512MB RAM).

While bump allocators are extremely efficient, they do not release memory. New allocators now available:

• dlmalloc — 11.6% overhead (default in embedded mode)
• talc — 14.7% overhead
• tlsf — 20.45% overhead

lla and llff allocators were excluded due to ~25× step overhead.

The default allocator remains bump unless embedded mode is explicitly selected.

Cryptographic & Client Enhancements

• New ZisK client based on Reth with custom crypto injection
• BLS12-381 accelerators
  • bls12_381_fp_to_g1
  • bls12_381_fp2_to_g2
• secp256r1 accelerators
  • syscall_secp256r1_add
  • syscall_secp256r1_dbl
  • secp256r1_ecdsa_verify
• Blake2br precompile
• New C-style zisklib interface for zkVM accelerators

Emulator Improvements

Enhanced ziskemu debugging and monitoring capabilities:

• Function call filtering to trace specific function invocations
• Function call capture with argument inspection
• --steps flag to display total step count at the end of execution (fast mode)
• --with-progress flag for progress indicators during long executions
• Hot spot profiling to identify performance-critical execution points

Distributed Execution Improvements

• gRPC spawn moved to spawn_blocking to avoid blocking during hint reception
• Improved fault tolerance for worker disconnections

Core Architecture Enhancements

Improvements in precompiled call architecture:

• Step counter broadcast to the bus without consuming operand registers (a, b)
• Static extended parameter enabling single-cycle optimizations for:
  • memcpy
  • memcmp
  • memset