{
"creator": "Matter Labs",
"proofSystemInfo": "\n ## Description\n\n Boojum is a proving system operating on [EraVM](https://matter-labs.github.io/zksync-era/core/latest/guides/advanced/12_alternative_vm_intro.html) ISA and supporting [zk stack](https://zkstack.io) chains. It includes recursive STARK proving of zkVM execution, as well as the final wrap with [Plonk](https://github.com/matter-labs/franklin-crypto/tree/dev/src/plonk) or [Fflonk](https://github.com/matter-labs/zksync-crypto/blob/main/crates/fflonk/docs/spec.pdf) SNARK proving system. Boojum targets [100 bits of security](https://github.com/matter-labs/era-boojum?tab=readme-ov-file#for-curions-in-benchmarks-only).\n\n ## Proof system\n\n ### zkVM component\n\n [Boojum](https://github.com/matter-labs/era-boojum/tree/main)'s core is an implementation of the [**Redshift**](https://eprint.iacr.org/2019/1400.pdf) protocol which uses the Plonk IOP with a polynomial commitment scheme based on List Polynomial Commitments (LPCs), which is in turn based on FRI, making the scheme transparent. The scheme makes use of the Goldilocks field, which is much smaller than BN254's field. This part of boojum implements a zkVM for EraVM, which is closely aligned with EVM but has essential differences like 16 registers.\n\n ### Recursion circuits\n\n The protocol makes use of several layers of recursive proof aggregation for 15 types of [circuits](https://github.com/matter-labs/era-zkevm_test_harness/blob/3cd647aa57fc2e1180bab53f7a3b61ec47502a46/circuit_definitions/src/circuit_definitions/recursion_layer/mod.rs#L29). In particular, node and scheduler circuits aggregate zk proofs and compressor and wrapper circuits reduce the final proof size. Further information about the aggregation architecture can be found [**here**](https://github.com/matter-labs/zksync-era/blob/1b61d0797062ab8b0aa2c1e92b23a3a0d8fd2c61/docs/guides/advanced/15_prover_keys.md#circuits).\n\n ### Final wrap\n\n The final proof could either be wrapped into a [Plonk](https://github.com/matter-labs/era-zkevm_test_harness/blob/3cd647aa57fc2e1180bab53f7a3b61ec47502a46/circuit_definitions/src/circuit_definitions/aux_layer/wrapper.rs)+KZG proof, or into [Fflonk](https://github.com/matter-labs/zksync-crypto/tree/main/crates/fflonk)+KZG for cheap verification. The KZG commitment is done over BN254 curve and it uses Aztec Ignition trusted setup ceremony, see [below](#trusted-setups) for more details.\n ",
"techStack": {
"zkVM": [
{
"id": "Boojum",
"type": "STARK",
"name": "Boojum",
"description": "zkVM STARK proving system developed by Matter Labs for proving state transition of ZKsync Era."
},
{
"id": "EraVM",
"type": "ISA",
"name": "EraVM",
"description": "Instruction language for ZKsync Era virtual machine."
},
{
"id": "Goldilocks",
"type": "Field",
"name": "Goldilocks",
"description": "Prime field of order p = 2**64 - 2**32 + 1."
}
],
"finalWrap": [
{
"id": "Bellman",
"type": "Plonk",
"name": "Bellman",
"description": "Bellman Rust library for Plonk proving system, originally developed for ZCash."
},
{
"id": "Zksync",
"type": "Fflonk",
"name": "Zksync",
"description": "Matter Labs Rust implementation of Fflonk improvement over standard Plonk proving system."
},
{
"id": "BN254",
"type": "curve",
"name": "BN254",
"description": "BN254, aka BN256, aka alt_bn128 pairing-friendly 254-bit prime field Weierstrass elliptic curve."
}
]
},
"trustedSetups": [
{
"proofSystem": {
"id": "Bellman",
"type": "Plonk",
"name": "Bellman",
"description": "Bellman Rust library for Plonk proving system, originally developed for ZCash."
},
"id": "AztecIgnition",
"name": "Aztec Ignition",
"risk": "green",
"shortDescription": "Aztec Ignition is a trusted setup ceremony that was run by Aztec for KZG commitment over BN254 curve in 2019. It included 176 participants and was publicly open for participation.",
"longDescription": " \n Aztec Ignition is a trusted setup ceremony for KZG commitments over BN254 curve that was run by Aztec for KZG commitment over BN254 curve in 2019. \n It included 176 participants and was publicly open for participation.\n \n - Github repo to download and verify the ceremony artifacts: [https://github.com/AztecProtocol/ignition-verification](https://github.com/AztecProtocol/ignition-verification).\n - Github repo with instructions for ceremony participants: [https://github.com/AztecProtocol/Setup](https://github.com/AztecProtocol/Setup).\n - Ceremony announcement with a call to participate: [https://aztec.network/blog/announcing-ignition](https://aztec.network/blog/announcing-ignition).\n "
},
{
"proofSystem": {
"id": "Zksync",
"type": "Fflonk",
"name": "Zksync",
"description": "Matter Labs Rust implementation of Fflonk improvement over standard Plonk proving system."
},
"id": "AztecIgnition",
"name": "Aztec Ignition",
"risk": "green",
"shortDescription": "Aztec Ignition is a trusted setup ceremony that was run by Aztec for KZG commitment over BN254 curve in 2019. It included 176 participants and was publicly open for participation.",
"longDescription": " \n Aztec Ignition is a trusted setup ceremony for KZG commitments over BN254 curve that was run by Aztec for KZG commitment over BN254 curve in 2019. \n It included 176 participants and was publicly open for participation.\n \n - Github repo to download and verify the ceremony artifacts: [https://github.com/AztecProtocol/ignition-verification](https://github.com/AztecProtocol/ignition-verification).\n - Github repo with instructions for ceremony participants: [https://github.com/AztecProtocol/Setup](https://github.com/AztecProtocol/Setup).\n - Ceremony announcement with a call to participate: [https://aztec.network/blog/announcing-ignition](https://aztec.network/blog/announcing-ignition).\n "
}
],
"verifierHashes": [
{
"hash": "0x6f36a08c517b060fa97308cdb3e23b04842ff839d451a753ec8fae1a5408304a",
"proofSystem": {
"id": "Zksync",
"type": "Fflonk",
"name": "Zksync",
"description": "Matter Labs Rust implementation of Fflonk improvement over standard Plonk proving system."
},
"knownDeployments": [
{
"address": "0x1AC4F629Fdc77A7700B68d03bF8D1A53f2210911",
"chain": "ethereum"
},
{
"address": "0x3CFB3a80Af42cBE4d82C14301690A62D53e870a5",
"chain": "zksync"
}
],
"verificationStatus": "notVerified"
},
{
"hash": "0x17e8d7931f1314431359233e65c22657a32c335205e3c24ce292c5819becfaa7",
"proofSystem": {
"id": "Zksync",
"type": "Fflonk",
"name": "Zksync",
"description": "Matter Labs Rust implementation of Fflonk improvement over standard Plonk proving system."
},
"knownDeployments": [
{
"address": "0xD5dBE903F5382B052317D326FA1a7B63710C6a5b",
"chain": "ethereum"
}
],
"verificationStatus": "notVerified"
},
{
"hash": "0x64b347c642ea60114c98b3976124ea8a7e0bb778bd7e479aedc02f994486c8a1",
"proofSystem": {
"id": "Bellman",
"type": "Plonk",
"name": "Bellman",
"description": "Bellman Rust library for Plonk proving system, originally developed for ZCash."
},
"knownDeployments": [
{
"address": "0x2db2ffdecb7446aaab01FAc3f4D55863db3C5bd6",
"chain": "ethereum"
},
{
"address": "0x92A9Fd0E84354213D9c3d33128eDd6Ea55ee0717",
"chain": "zksync"
}
],
"verificationStatus": "notVerified"
},
{
"hash": "0xd90459c5b727b9ceeb2b6192d2953dbf05970edf090333b3ad3bcac1a1442b78",
"proofSystem": {
"id": "Bellman",
"type": "Plonk",
"name": "Bellman",
"description": "Bellman Rust library for Plonk proving system, originally developed for ZCash."
},
"knownDeployments": [
{
"address": "0x5BAfEF6729228add8775aF4Cecd2E68a51424Ee1",
"chain": "ethereum"
}
],
"verificationStatus": "notVerified"
},
{
"hash": "0x8574e152c41dc39a2ecab984545e1cf21cb3ec250b919018a8053f2fa270784f",
"proofSystem": {
"id": "Bellman",
"type": "Plonk",
"name": "Bellman",
"description": "Bellman Rust library for Plonk proving system, originally developed for ZCash."
},
"knownDeployments": [
{
"address": "0x902C3806A84f4e855a8746e92d7F1C9a51400458",
"chain": "linea"
}
],
"verificationStatus": "notVerified"
},
{
"hash": "0x49eae0bf5c7ea580f4979b366e52b386adc5f42e2ce50fc1d3c4de9a86052bff",
"proofSystem": {
"id": "Zksync",
"type": "Fflonk",
"name": "Zksync",
"description": "Matter Labs Rust implementation of Fflonk improvement over standard Plonk proving system."
},
"knownDeployments": [
{
"address": "0xD324a7c8556A059371B207fB96FD77bE24E2042c",
"chain": "ethereum"
},
{
"address": "0xD324a7c8556A059371B207fB96FD77bE24E2042c",
"chain": "gateway"
}
],
"verificationStatus": "notVerified"
},
{
"hash": "0x1ffc56111a5cfaf5db387f6a31408ad20217e9bc1f31f2f5c1bd38b0d6d7968b",
"proofSystem": {
"id": "Bellman",
"type": "Plonk",
"name": "Bellman",
"description": "Bellman Rust library for Plonk proving system, originally developed for ZCash."
},
"knownDeployments": [
{
"address": "0xe201837d151E5aC33Af3305f287Ad6F6a7Dfccd7",
"chain": "ethereum"
},
{
"address": "0xe201837d151E5aC33Af3305f287Ad6F6a7Dfccd7",
"chain": "gateway"
}
],
"verificationStatus": "notVerified"
}
]
}