What does Axiom prove?

To prove a piece of Ethereum on-chain data, Axiom first generates a Ethereum light client proof for it. For example, suppose we wish to prove the value at storage slot slot for address address at block blockNumber. This light client proof can be fetched from an Ethereum archive node using the eth_getProof JSON-RPC call and consists of:
  • The block header at block blockNumber and in particular the stateRoot.
  • An account proof of Merkle-Patricia inclusion for the key-value pair (keccak(address), rlp([nonce, balance, storageRoot, codeHash])) of the RLP-encoded account data in the state trie rooted at stateRoot.
  • A storage proof of Merkle-Patricia inclusion for the key-value pair (keccak(slot), rlp(slotValue)) of the storage slot data in the storage trie rooted at storageRoot.
Verifying this light client proof requires the trusted block hash blockHash for block blockNumber and requires checking:
  • The block header is properly formatted, has Keccak hash blockHash, and contains stateRoot.
  • The state trie proof is properly formatted, has key keccak(address), Keccak hashes of each node along the Merkle-Patricia inclusion proof match the appropriate field in the previous node, and has value containing storageRoot.
  • A similar validity check for the Merkle-Patricia inclusion proof for the storage trie.
Axiom does each of these checks in the EthBlockStorageCircuit circuit, which proves validity of the statement
Assuming the block hash at blockNumber is blockHash, the value of slot for address at blockNumber is slotValue.
This is the ZK proof we verify on-chain in the AxiomV0StoragePf smart contract.
Question: How do you get a trusted block hash? Read on...