Home/Blockchain/ZK Rollup Circuit Visualizer/Proof Generation

⚡ Proof Generation: Groth16 & PLONK

Discover how provers generate succinct validity proofs

Your Progress

0 / 5 completed

Proof Generation

**Proof generation** is where the magic happens—the prover takes private transaction data, executes the circuit, and creates a succinct cryptographic proof that all computations were correct. This proof can be verified in constant time (~300k gas) regardless of batch size, enabling massive scalability.

The process involves witness generation (computing wire values), polynomial commitments (binding to the witness), and proof construction (using FFTs and elliptic curve operations). Modern provers can generate proofs for 1000+ transactions in seconds.

Interactive: Proof Generation Pipeline

Watch the four stages of ZK proof generation for a rollup batch.

📝

Witness Generation

~250ms

Compute all wire values by executing the circuit with private inputs

🔐

Polynomial Commitment

~1000ms

Commit to witness polynomial and compute constraint evaluations

⚡

Proof Construction

~2000ms

Generate the ZK proof using the proving algorithm (Groth16/PLONK)

✓

Verification

~300k gas (constant)

Verifier checks proof on-chain in constant time

Performance Analysis

Adjust batch size to see how it affects proving time, cost per transaction, and throughput.

Batch Size: 500 transactions

1002000

Total Proving Time

3.3s

Linear with batch size

Cost Per Transaction

600 gas

300k gas ÷ batch size

Throughput

154 TPS

Transactions per second

Analysis

• Medium batches: Good balance (600 gas per tx)

• Verification cost: Always ~300k gas regardless of batch size

⚡ Proving Optimizations

🔄

FFT Acceleration

Fast Fourier Transforms on GPUs reduce proving time by 10-100x

🎯

Multi-Scalar Multiplication

MSM is 70% of proving time—use specialized hardware (FPGAs, ASICs)

📦

Recursive Proofs

Prove multiple batches in parallel, then aggregate proofs recursively

🧮

Witness Compression

Minimize witness size with efficient data structures (Merkle trees, Poseidon hashes)

Production Proving Infrastructure

Hardware Requirements

•CPU: 32+ cores (AMD EPYC/Intel Xeon)

•RAM: 128-512 GB DDR4

•GPU: NVIDIA A100 or H100 (optional)

•Storage: NVMe SSD for witness data

Proving as a Service

•Decentralized provers (zkSync, Polygon)

•Pay per proof (~$0.10-$5 per batch)

•No hardware investment needed

•Elastic scaling for demand spikes

Proof Verification on Ethereum

The verifier contract on Ethereum L1 performs **pairing checks** using precompiled contracts (bn256Add, bn256Mul, bn256Pairing). Verification is constant time regardless of batch size—always ~300k gas.

// Simplified Groth16 verification

function verifyProof(

uint[2] memory a, uint[2][2] memory b,

uint[2] memory c, uint[2] memory publicInputs

) public view returns (bool) {

// Pairing check: e(A, B) = e(α, β) * e(C, δ) * e(pub, γ)

return bn256Pairing(a, b, c, publicInputs);

}

←Previous: Constraint SystemsPrevious