Bullet
  • Introduction
  • Bullet Network
    • Design Goals
    • Architecture
      • Sequencer
      • Full & Light Nodes
      • Zero-knowledge Virtual Machine
      • State Database
      • Data Availability
      • Bridge
      • Oracle
      • Gas & Paymaster
      • Wallet Abstraction
    • Network Specifications
    • Build on Bullet
      • REST/WS APIs
      • BulletSVM
  • Tokenomics
    • Bullet Token
    • ZEX Token Migration
  • FAQs
    • Frequently Asked Questions
  • Campaigns
    • Testnet Trading Cup
Powered by GitBook
On this page
  • State Transition Function (STF)
  • Verifiable Computation
  • Zero-Knowledge Virtual Machine
  • Boundless Scalability
  • Proof Aggregation
  1. Bullet Network
  2. Architecture

Zero-knowledge Virtual Machine

PreviousFull & Light NodesNextState Database

Last updated 18 days ago

State Transition Function (STF)

Blockchains can be thought of as a "state machine". Starting with an initial state (A=1, B=0), applying a transaction (transferring 1 token from A to B) results in a new state (A=0, B=1).

s′=f(s,tx)s' = f(s, tx)s′=f(s,tx)

In this case the state is basically all the accounts, token balances, orderbooks and whatever else we care about. The state transition function is the transaction processing rules of the rollup i.e. the BulletX matching engine, any user deployed smart contract etc.

Verifiable Computation

Now that we understand this, why don't we just run our STF on a single server and call ourselves a world leading crypto exchange? No, because that approach would not improve upon the centralized exchanges that preceded us. Users would still have to trust the party running the exchange to process transactions fairly.

Zero-Knowledge Virtual Machine

Can we do better? Why yes, we absolutely can. With the invention of zero-knowledge cryptography (computerphile primer here for the uninitiated) and its commercialization via RISC-V compatible zkVMs like Risc0 and Succinct SP1, we can now process trades secured by math rather than the next Sam Bankman-Fried. zkVMs open the door to the concept of "verifiable computation", the notion that every single computation performed by Bullet can be cryptographically proven to have been executed correctly.

To facilitate this, our STF (i.e. the entire rollup logic: matching engine, risk systems, lending markets and so on) has been written in pure Rust, and cross-compiled into zk-circuits thanks to the aforementioned general purpose zkVMs. To create a proof of the validity of our STF, the mathematical statement reads something along the lines of:

I know of a Solana block with hash X and a Bullet state root Y such that the rollup transitions to state Z when you apply its transaction processing rules.

where X, Y and Z are all public inputs to the proof.

Boundless Scalability

The beauty of this design is Bullet's sequencers can execute transactions and produce blocks as fast as we can vertically scale the CPU power, whilst the prover network can prove said blocks asynchronously and in parallel on hardware like GPUs. Risc0 already has been been able to prove full Ethereum blocks in a matter of minutes as opposed to hours since 2023, and this has only gotten an order of magnitude more efficient since. We're already seeing zk proving cost on the order of mere cents per transaction, making it now very feasible for consumer grade networks like Bullet.

Proof Aggregation

Another incredible property of ZKPs is the computational cost to verify a proof is roughly constant. Importantly this means that verifying a recursive "aggregate" proof of all blocks back to genesis is no more expensive than verifying a single block. This has significant potential in enabling light clients to sync to the network in seconds.