zkEVM Overview

The problem: zkRollups generally use the zero-knowledge protocol to prove and aggregate all transactions before publishing the summarizations to the chain. In principle, this means that the Layer 1 chain can verify short "proofs" covering thousands of complex transactions, with no possibility of cheating. However, after the release of Scroll and Polygon zkEVM’s testnets, people eventually understand how things actually work out——It's horribly slow that it needs dozens of minutes to execute several transactions. The design and implementation of zkEVM are challenging for the following reasons:

• EVM has limited support for elliptic curves.

• EVM has a number of special opcodes.

• EVM is a stack-based virtual machine.

• The Ethereum storage layout and machine-based proofs are significantly overhead.

The Solution: By applying a skillfully-designed ZK-friendly trace and zk-EVM structure, Fox is able to compress the redundant and wasted spaces in the circuits, which helps to reduce the size of the polynomial to be committed and ultimately shorten the time to generate proofs.