Zero Knowledge Verifier Microstructure & Gas Optimization
Input Parameters
verify(bytes π, bytes32 root, uint256[] publicInputs)
• π Aggregated STARK proof
• root Poseidon Merkle root
• publicInputs Task hash and result summary
Verification Process (Five Steps)
1. Decode Header
Parse polynomial degree, random challenge seed, FRI iteration layers. All length information is packed in binary VLQ to reduce calldata.
2. Challenge Reconstruction
Reproduce off-chain Fiat–Shamir random challenge using keccak(address(this),blockhash(block.number-1),seed); avoid additional random numbers on-chain.
3. Merkle Path Verification
Check node hashes layer by layer to redirect to root. EVM only performs finite field addition and Poseidon single-round hashing to avoid bigint modulo operations.
4. Polynomial Consistency
For each random line x_i, compute p_low(x_i^2) and p_high(x_i) to ensure half correctness; pseudo-constant loop, dynamically truncating with gasleft() to prevent DoS.
5. FRI Terminal Check
The final low-degree polynomial is reduced to quadratic; three field mul operations can complete the verification, with stable Gas consumption.
Gas Results
• Regular Batch (64 Sub-proofs): ≈ 210,000
• Extended Batch (128 Sub-proofs): ≈ 245,000
Growth is sub-linear, suitable for high throughput applications.
Connection with LA
• LA consumed for each verify call is automatically deducted based on dynamic curve calculated by FeeOracle, avoiding manual rate configuration.
• Verification Gas overestimate by more than 20%, the excess is deducted from Prover's collateral; ensures that rate mismatch risk does not spill over.
• 2% of the fee is immediately burned after transaction completion, with the remainder distributed to executors and insurance pools, forming a deflationary closed loop.