Search
⌃K

System Verifier

System verifiers:
  • verify specific instantiations of the light protocol circuit.
  • are implemented in one Solana program each.
  • verify a ZKP of Light transactions. (Light transactions invalidate and create shielded UTXOs.)
    • the integrity UTXOs and their set membership in the Merkle tree.
    • check public inputs of the zero-knowledge proof.
Public Input Checks
Integrity Hash:
  • is computed from keccak256( recipient, recipientSol, signing_address, relayer fee, encrypted UTXOs )
root:
  • The root is used as a reference that the zero-knowledge proof was computed on the correct Merkle tree. Uses the root from the passed in Merkle tree pda specified by a root index as the root input.
Mint:
  • is an account that does not need to be sent as data
Public Amount Spl:
  • is only checked in the proof and later used to shield, unshield
Public Amount Sol:
  • is only checked in the proof and later used to shield, unshield, and pay the relayer
verifier Program Id: (only for app-enabled verifiers)
  • uses the checks that the signer is a PDA
connecting Hash: (only for app-enabled verifiers)
  • is used to cross-check inputs between an application verifier and a system verifier
  • invoke the Merkle tree program to:
    • transfer funds spl & sol
    • insert nullifiers A nullifier is derived deterministically from a UTXO while not revealing any information about it. In other words, a nullifier is an identifier for a UTXO which is emitted by a proof and saved in a Solana PDA. At proof verification, the program checks whether the nullifier emitted by the proof already exists; if not, it inserts the nullifier. Therefore, every UTXO committed to the Merkle tree can only be used once in a proof.
  • are trusted by the Merkle tree program.

System verifiers can differ in 4 parameters:

  • number of input UTXOs
  • number of output UTXOs
  • number of Solana transactions required to execute
  • support app UTXOs

Deployed system verifiers:

Verifier ID
Inputs
Outputs
Sol Tx
App Support
ProgramID
Zero
2
2
1
One
10
2
2
Two
4
4
2
Three (Storage)
2
2
2

Accounts:

Name
Lookup
Description
signer
no
fee payer and signer of the transaction
system program
yes
for account creation of leaves, nullifiers etc.
merkle tree
yes
state pda of the merkle tree the input leaves have been inserted into
pre inserted leaves index
yes
index of next queued leaf
authority
yes
is used for cpi to merkle tree program
token program
yes
token program for spl transfers
sender spl
no
sender of spl tokens, in shield owned by the user, for transfers and unshields it a merkle tree pda
recipient spl
no
recipient of spl tokens, in shield this is a merkle tree pda, for transfers and unshields it is owned by the user.
sender sol
no
sender of sol tokens, in shield owned by the user, for transfers and
unshields it a merkle tree pda
recipient sol
no
recipient of sol tokens, in shield this is a merkle tree pda, for transfers and unshields it is owned by the user.
relayer recipient
yes
recipient of the relayer
escrow
yes
pda that is created and closed in the same transaction to do a sol transfer from the fee payer to the merkle tree
token authority
yes
pda owned by the merkle tree to sign token withdrawals
registered verifier
yes
regulates access control