A ZK fault proof is a process that proves which of the first disagreeing execution results of L2 block is correct. This process allows a Challenger to submit zk-proof of the correct execution to rectify it if a Validator posts an incorrect execution result.
The Challenger should perform block-execution off-chain to prove this, as doing it on the EVM is inefficient, and attach a zk-proof to ensure the validity of the off-chain computations. Additionally, since the L2Batch data cannot be accessed on the EVM (although it exists on L1), the Challenger must prove the validity of the block-derivation process.
This document introduces a complete derivation process that can be verified solely with data, without relying on a trusted third party.
Since the corrupted block is identified through a dispute game, a derivation for just one block is sufficient.
For a random L2 block, $T$
Kona of Optimism and Zeth of Risc0 implement “General Derivation”, which does not verify the RPC responses. (Pros) This is the lighter than one described later, so it may be quickly proved with zk-scheme. However, (Cons) since the process lacks verification of data obtained externally(a.k.a., pre-images), an additional integrity check for this data must be performed.
To recover L2 block $T$ without relying on a third party, checking integrity must be added to “General Derivation”. In the diagram above, check whether the hash of the previous data exists as a member of the next data at the point indicated by the orange arrow. If all integrity checks are possible, the execution result of $T$ is deterministic.
However, currently, the integrity check of L1 block $B$ is not possible on chain. In other words, $T$ could be restored with an incorrect transaction, potentially producing an incorrect state root if $B$ is forged.