# ZK-SNARKs Implementation

IBVM uses ZK-SNARKs to generate cryptographic proofs that state transitions are valid without revealing the full transaction data.

## Circuit Design

The ZK circuit in IBVM verifies the correctness of state transitions with the following components:

1. Transaction Verification Circuit: Validates transaction signatures and nonce values
2. EVM Execution Circuit: Verifies that each instruction executed correctly
3. State Transition Circuit: Confirms the validity of state changes

### **Transaction Verification**

For each transaction $T$, the circuit verifies:

* Signature validity: $Verify(pk\_T, sig\_T, hash(T)) = true$
* Nonce correctness: $T.nonce = Account\[T.from].nonce$
* Balance sufficiency: $Account\[T.from].balance \geq T.value + T.gasLimit \times T.gasPrice$

### **EVM Execution**

The EVM execution circuit validates each step of transaction execution:

* For each instruction $I$ and state $S$:
  * $S\_{i+1} = Apply(S\_i, I\_i)$
* The circuit proves that each $Apply$ function correctly follows EVM rules

### **State Transition**

The state transition circuit verifies:

1. Initial state hash matches previous state root: $Hash(S\_0) = H\_s$
2. Final state hash matches claimed new state root: $Hash(S\_n) = H\_{s'}$
3. Each intermediate state is derived correctly: $S\_{i+1} = Apply(S\_i, I\_i)$

## Proving System

IBVM uses the Groth16 proving system for efficiently generating and verifying ZK-SNARKs:

1. Setup Phase:
   1. Generate proving key $pk$ and verification key $vk$
   2. The setup requires a trusted setup ceremony to eliminate backdoors
2. Proving Phase:
   1. For batch of transactions $B$ with initial state $S\_0$ and final state $S\_n$
   2. Generate proof $\pi = Prove(pk, S\_0, S\_n, B)$
3. Verification Phase:
   1. Verify proof: $Verify(vk, H\_s, H\_{s'}, \pi) = true$

## Recursive Proofs

To handle high throughput, IBVM implements recursive SNARK composition:

1. Generate sub-proofs $\pi\_1, \pi\_2, ..., \pi\_k$ for smaller batches
2. Create a recursive proof $\pi\_{rec}$ that verifies all sub-proofs are valid
3. Submit only $\pi\_{rec}$ to the Bitcoin blockchain

The recursive verification equation: $Verify\_{rec}(vk\_{rec}, H\_s, H\_{s'}, \pi\_{rec}) = \bigwedge\_{i=1}^{k} Verify(vk, H\_{s\_{i-1}}, H\_{s\_i}, \pi\_i)$

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ibvm.gitbook.io/ibvm-doc/zk-snarks-implementation.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.