ZK Circuits for Axiom Queries
The ZK circuits underlying Axiom historic data queries.
Axiom proves in ZK that historic Ethereum on-chain data is committed to in block headers of the corresponding Ethereum block. In this page, we explain the structure of this commitment and how Axiom uses ZK circuits to prove it.
Account and account storage data is committed to in an Ethereum block header via several Merkle-Patricia tries. Inclusion proofs for this data into the block header are provided by Ethereum light client proofs. For example, consider the value at storage slot
blockNumber. The light client proof for this value is available from the
eth_getProofJSON-RPC call and consists of:
- The block header at block
blockNumberand in particular the
- An account proof of Merkle-Patricia inclusion for the key-value pair
(keccak(address), rlp([nonce, balance, storageRoot, codeHash]))of the RLP-encoded account data in the state trie rooted at
Verifying this light client proof against a block hash
- The block header is properly formatted, has Keccak hash
blockHash, and contains
- The state trie proof is properly formatted, has key
keccak(address), Keccak hashes of each node along the Merkle-Patricia inclusion proof match the appropriate field in the previous node, and has value containing
- A similar validity check for the Merkle-Patricia inclusion proof for the storage trie.
- Ethereum block header, account, and storage proofs: We enable proving fields in the block header, account, and account storage relative to a block hash. This includes:
- Parsing block header fields in a block.
- Proving the balance, nonce, storageRoot, and codeHash for an account.
- Verifying lookups into an account's local storage mapping.
The end result of these are ZK circuits for block headers, accounts, and account storage, which prove validity of the block statements:
Assuming the block hash at
blockHash, the state root is
the account statements:
Assuming the state root is
stateRootat a given block, the account value for
[nonce, balance, storageRoot, codeHash].
and storage statements:
Assuming the storage root for an account is
storageRoot, the value of the storage at
Combining these circuits together gives ZK circuits for account and storage proofs.
To fulfill queries into Axiom with ZK proofs verified against Merkle mountain ranges cached in
AxiomV1, we put together ZK circuits for account and storage proofs from the previous section with ZK circuits verifying Merkle inclusion proofs into Merkle mountain ranges. For a query in the Axiom Query Format, we generate ZK proofs of:
- Merkle inclusion proofs of each block hash in a Merkle mountain range in the format cached in
- Proofs of the
stateRootin the block header committed to in each block hash.
- Account proofs for each queried account relative to its
stateRootwhich in particular establishes the
storageRootof the account.
- Storage proofs for each queried storage slot relative to its
- Consistency between the block hashes, state roots, and storage roots referenced in the four previous proofs.