Fflonk for the Polygon zkEVM
Abstract
PlonK is a zk-SNARK that is currently being widely adopted as the underlying proving system in numerous projects not only because it possesses a small proof size and verification time, but also because it does not require a specific trusted setup. Fflonk is a variant of PlonK that offers significantly improved verifier performance, albeit at the cost of roughly tripling the prover time. Fflonk achieves this through the use of a variant of the KZG polynomial commitment scheme that reduces the opening of multiple polynomials at a single point to the opening of a single polynomial at multiple points via an “FFT-like” construction. However, the increased prover time of Fflonk is not a significant concern in the context of the zkEVM, as the size of the circuit that Fflonk is being applied to is relatively small thanks to a series of reductions via proof composition of a STARK-based proving system (our eSTARK). Furthermore, we have made slight modifications to Fflonk to ensure a faster prover and gave the option of turning it zero-knowledge in a PlonK-style manner.
