Introduction
An introduction to Bonsol, its underlying technologies, and how it integrates with Solana.
Understanding Bonsol
Bonsol acts as a bridge between Solana's on-chain capabilities and off-chain computational power. It allows developers to execute computationally intensive tasks off-chain and then verify the results on-chain, leveraging the power of verifiable computation. Using Bonsol, developers can:
Lower their regulatory burden
Build trust with their community
Simplify protocol design
Bonsol is deeply integrated with Solana and can be used to build a variety of use cases. You can compose other programs on top of Bonsol to add verifiable computation to your protocol, or add a verifiable layer on top of existing primitives. Bonsol is built on top of the excellent RISC Zero zkVM, which allows developers to write arbitrary programs and generate verifiable proofs of their execution, in some cases those proofs can be zero-knowledge with regard to the inputs.
How Bonsol Works
Developers create verifiable programs using RISC Zero Tooling
These verifiable programs are registered with Bonsol
Users can request execution of these verifiable programs through Bonsol
Provers run the verifiable programs and generate STARK proofs
Bonsol wraps the STARK proof into a SNARK (Succinct Non-interactive ARgument of Knowledge)
The SNARK proof is verified natively on Solana
RISC0 STARK Proofs
RISC Zero generates STARK proofs, which have several important properties:
Scalability: STARK proofs can handle arbitrarily large computations, with proof size and verification time growing logarithmically with the computation size.
Transparency: STARKs don't require a trusted setup, enhancing their security and reducing reliance on external parties.
Variable Length: The size of a STARK proof is directly related to the complexity and length of the computation being proved. This means that for simple computations, the proof can be quite small, while for more complex ones, it can grow larger.
Post-Quantum Security: STARKs are believed to be secure against attacks from quantum computers.
However, these proofs can become quite large for complex computations, which can be problematic for on-chain verification on Solana.
STARK to SNARK Conversion
To address the potential size issues of STARK proofs, Bonsol converts them into Groth16 SNARKs. This process involves several steps:
Proof Aggregation: In the case of using Proofs as Inputs, Bonsol may first aggregate multiple proof segments into a single, more compact proof.
Circuit Generation: The STARK verification circuit is transformed into an arithmetic circuit suitable for SNARK proving.
Trusted Setup: A one-time trusted setup is performed for the Groth16 scheme. This setup is universal for all STARK to SNARK conversions in Bonsol.
Proof Generation: Using the Groth16 scheme, a new SNARK proof is generated that attests to the validity of the original STARK proof.
Benefits of Groth16 SNARKs
The conversion to Groth16 SNARKs offers several advantages:
Constant-size proofs: Regardless of the complexity of the original computation, the Groth16 SNARK proof has a fixed, small size.
Fast verification: Groth16 proofs can be verified extremely quickly, which is crucial for on-chain verification.
Efficient implementation: The algebraic structure of Groth16 proofs allows for efficient implementation on Solana.
Native Verification on Solana
Bonsol implements a native Groth16 verifier on Solana, allowing for:
Efficient proof verification, with the verification call happening in less than 200k compute units
This means we can compose over other programs in the same transaction
Input Digest Verification
To ensure the integrity of inputs, Bonsol:
Ensures that verifiable programs compute a digest (hash) of all inputs (public and private)
Commits this digest as part of the verifiable programs execution
Verifies the digest on-chain during proof verification
This additional step prevents potential attacks where a malicious prover might try to use different inputs than those specified in the execution request.\
Last updated