Short explainer of how SNARK for transaction aggregation can be verified more efficiently on-chain. It allows the trade-off "100 mil constraints + one SNARK verification <=> few proofs of 10 mil constraints + batched verification".
Full construction description is here.
These tests are for three public inputs and uses r[0] = 1
optimization.
- Verification of 1 proof using batching verifier requires gas: 737684
- Verification of 2 proofs using batching verifier requires gas: 924385
- Verification of 3 proofs using batching verifier requires gas: 1111151
- Verification of 4 proofs using batching verifier requires gas: 1297855
- Verification of 5 proofs using batching verifier requires gas: 1484433
Implementation code available under the Apache License 2.0 license. See the LICENSE for details.
Alex Vlasov, @shamatar, [email protected]