What is a coprocessor?

Mo Dong, the co-founder of Celer Network and Brevis, believes that, in simple terms, a coprocessor is a tool that “gives smart contracts the ability of Dune Analytics.”

In simple terms, current general smart contracts cannot access historical data. For instance, while working on a Liquidity Management Protocol, I needed historical price data to calculate how often and at what cost liquidity providers exceeded the price range in an AMM. We had to depend on a chain-hosted index service like The Graph’s GraphQL API, because aggregation, searching, and filtering tasks cannot be performed through contract interaction alone. Indeed, even indexing standard blockchain transaction data is challenging, let alone reading more complex data than basic information.

Regarding liquidity management protocols, evaluating the historical performance of existing test pools or user pools still requires using a chain-hosted index service’s API. This data is then manually calculated in Excel. Is there a service capable of simplifying this process, providing dapp smart contracts with the ability to aggregate, filter, and analyze this data directly? Coprocessors are designed to solve the problem.

Why is it called a coprocessor?

In early computer systems, the CPU processor could often only perform basic operations. It needed to be paired with a dedicated “coprocessor” to perform specific types of computing tasks, such as floating-point operations, to improve performance.

Now, we can think of Ethereum as a giant supercomputer. Smart contracts all over the world can only access on-chain data from the current block, not historical data including transaction records and account balance changes. This is because Ethereum’s design does not provide a way for smart contracts to access this historical data.

Accessing historical data to ensure its trustworthiness requires a cryptographic method that links historical records to the current block. However, calculating and verifying this proof in a smart contract directly can be time-consuming and costly. Alternatively, queries through storage nodes can be made, but smart contracts cannot interact directly with them, and there is a trust issue. So, how can we solve this trust problem and enable verifiable computation? In other words, how can we allow a third party to directly verify the results of the computation for correctness, without needing to re-execute the computation itself? The solution may lie in coprocessors, which are similar to early computer systems. They can extend the computing power of smart contracts on Ethereum, giving them the new ability to access historical data and perform complex calculations.

How does a coprocessor typically work?

In general, the main workflow of a coprocessor that verifies Ethereum data is as follows:

1. Query historical data and perform relevant calculations in an off-chain environment through a service;

2. The service will generate some kind of proof to prove that its operation is trustworthy;

3. The developer’s dapp will interact with the coprocessor contract deployed on Ethereum to verify the proof;

4. After interacting with the coprocessor contract and verifying the result, the dapp can directly access the historical data it needs without trust.

Projects in the Coprocessor or Broad Verifiable Computation Space

This section mainly analyzes the key technical stacks and competitive advantages of leading players in the coprocessor space.

Axiom

A pioneer in the coprocessor space, Axiom is building on-chain data infrastructure to simplify smart contract interaction with on-chain data. Axiom is also credited with introducing the concept of coprocessors. We’ll delve deeper into how their coprocessor works later in this article using Axiom as an example.

Lagrange

Lagrange focuses on cross-chain state proofs and parallel processing techniques. Their proofs can achieve cross-chain verification without relying on cross-chain messaging protocols like zkBridge or IBC. Lagrange’s Parallel Prover is well-suited for products involving re-staking, solidifying their position in the RaaS (Rollup as a Service) ecosystem.

Unlike sequential proofs, parallel proofs can distribute their workload across thousands of threads simultaneously. Additionally, re-staking on EigenLayer can secure them. In other words, this approach of parallel computing and parallel proving allows for better horizontal scalability.

One real-world use case is Lagrange’s application on AltLayer. AltLayer offers active verification services for Restaked Rollup, helping developers implement decentralized sequencing and verify the correctness of Rollup state efficiently. In March 2024, Lagrange partnered with AltLayer to utilize parallel provers for Rollup co-processing. This ensures verifiable and trustless on-chain data and computation results for AltLayer’s RaaS customers.

Herodotus

Closely tied to the Starkware/Starknet ecosystem, Herodotus partners with projects like Snapshot. They call their coprocessor system “Storage Proof,” which can be combined with ZK proofs to enable cross-layer data access between different Ethereum layers.

Source: Herodotus Website

The storage proof system consists of three components:

1. Inclusion Proofs: Confirm data genuinely exists within Ethereum’s data structure.
2. Proofs of Computation: Verify the validity of multi-step workflows, particularly those involving data conversion or other operations.
3. ZK Proofs: Allow smart contracts to confirm the validity of proofs without processing all the underlying data. Any on-chain data in an Ethereum archive node can be proven using the storage-proof system.

Like other coprocessors, the storage proof system is generated off-chain and verified on-chain, minimizing on-chain resource consumption. It also reduces data transferred between Ethereum layers by only sending the block hash or accumulator root for verification.

Brevis

Developed by Celer Network, Brevis is an infrastructure for building various on-chain data services, including ZK coprocessors. Celer Network, an interoperability protocol founded by Mo Dong and Qingkai Liang, raised $4 million in an IEO (Initial Exchange Offering) in 2019.

Celer Network has deployed a Brevis contract on-chain. This contract verifies proofs from coprocessor requests and relays the results back to the dapp’s contract through a callback function. Developers can leverage the Brevis SDK to enable dapps to access on-chain historical data with ease. The SDK abstracts away complex circuits, eliminating the need for developers to have prior knowledge of ZK proofs. The Brevis SDK is built on the gnark framework developed by the Consensys Linea team. Additionally, Brevis supports Ethereum’s ZK light client, allowing it to work with on-chain data from any Ethereum EVM-compatible blockchain.

Source: Brevis Documentation

Celer Network is currently developing coChain, a blockchain focused on the RaaS ecosystem, using Brevis as the foundation. coChain is a blockchain based on the Proof-of-Stake (PoS) consensus algorithm and can provide Ethereum staking and slashing services. Slashing refers to the process of penalizing validators who violate the rules in the Ethereum PoS ecosystem, including fines and state changes. Historically, the slashing rate in the Ethereum staking ecosystem has been very low, with data suggesting that only around 0.04% of validators have been slashed.

coChain’s unique feature is linking the generation of coprocessor results to the rewards and punishments of Ethereum staking. Here’s the process:

1. The smart contract submits a coprocessor request, and the PoS consensus mechanism generates the coprocessor result;
2. The PoS-generated result is submitted to the blockchain as a “proposal” that can be “challenged” by a zero-knowledge (ZK) proof;
3. If the ZK proof challenge is successful, indicating validator misconduct during staking, the corresponding validator’s stake is slashed directly on Ethereum. Conversely, if the PoS-generated result remains unchallenged, the dapp can directly utilize the coprocessor result without incurring the cost of ZK proofs. This “optimistic” approach to proof challenges, similar to Optimism, keeps costs lower.

Overall, coChain’s approach combines coprocessors’ trust/verification incentives with the Ethereum staking ecosystem. In the future, it will integrate with EigenLayer to reduce the proof cost of ZK coprocessors.

Nexus

Nexus zkVM allows verification of any on-chain computation result. Its unique feature is the ability to verify ZK proofs based on folding techniques. Founded in 2022, Nexus is another player in the zkVM space. While details haven’t been widely disclosed yet, the founder, Daniel Marin (Stanford graduate with prior experience at Google), published early research papers through the Stanford Blockchain Club.

ZK folding technology is considered a promising branch within zkVM solutions. Nexus zkVM supports the verification of both folding proofs and accumulation schemes. It aims to be a scalable, modular, and open-source zkVM. Their technical stack includes large-scale parallelized proof aggregation mechanisms based on Incremental Verifiable Computation (IVC) and various folding schemes like Nova, CycleFold, SuperNova, and HyperNova. They’re also developing the Nexus Network, a large-scale parallelized proof mining network built on Nexus zkVM.

Source: Nexus Documentation, Nexus zkVM Architecture

Comparison Table of Technical Approaches and Competitive Advantages in the Coprocessor Track

As you can see, different projects have chosen different technical stacks based on different ecosystems (Ethereum EVM, RaaS, cross-chain, Ethereum cross-layer), different proof methods (Rollup vs ZK), or different solutions within ZK proofs (zk-SNARK, folding proofs, accumulation schemes, etc.). They each have their strengths and weaknesses regarding competitive advantages and ultimately present different product forms: interactive on-chain contracts, SDKs, and networks designed for various purposes, such as staking verification networks and large-scale verification networks.

Source: By Author

Specific Operation of the Coprocessors: The Case of Axiom

Why Choose Axiom?

Axiom is a ZK proof coprocessor built for Ethereum. It allows smart contracts to access historical on-chain data and ensures the trustlessness of off-chain computation through ZK proof technology. Axiom was founded by Jonathan Wang and Yi Sun in 2022. On January 25, 2024, Axiom announced on Twitter that it had raised $20 million in Series A funding led by Paradigm and Standard Crypto. It is the first project to propose the concept of “coprocessor” and is also one of the most venture capital-backed projects in the space.

Source: Axiom Official X Account

History of Axiom

In 2017, Yi Sun received a PhD in mathematics from MIT and also worked for a high-frequency trading company for a period of time. He began to delve into the field of cryptocurrencies and realized that ZK proof is the key to blockchain scalability. However, at the time, he believed that ZK technology was still in its early stages, so he chose to continue observing the space. It wasn’t until the end of 2021 that ZK technology began to take off, with infrastructure and development tools gradually maturing. In addition, Yi Sun encountered problems accessing historical data in smart contracts he wrote when building DeFi protocols. All of these factors led to the birth of Axiom.

What ZK Proof Technology Does Axiom Use?

Axiom currently uses the SNARK proof system based on Halo2 and KZG backends and ZK proof tools such as lookup tables (LUTs). In the past, ZK proofs were complex and difficult to audit. Lookup tables are a set of pre-computed values that allow the prover to more efficiently prove to the verifier that the value exists.

How Axiom V2 Works

In January 2024, Axiom V2 went live on the Ethereum mainnet, supporting access to transactions, receipts, contract storage, block headers, and other data from smart contracts. This means it now supports access to all historical data on the Ethereum mainnet.

Using the SDK tools developed by Axiom, developers can write Axiom circuits in Typescript to issue data requests and customize computations. Axiom is ahead of the curve because it makes it very easy for smart contracts to access on-chain data:

1. Developers use the Axiom Typescript SDK to write Axiom circuits and issue ZK verification computation requests for Ethereum historical data;

2. Axiom performs the requested computation and generates a ZK proof, proving the correctness of the data and computation results;

3. Developers implement a callback function in the smart contract to verify and execute the data sent from Axiom with the ZK proof result;

4. Axiom queries by sending a transaction on-chain, and the returned result is encrypted by ZK proof to ensure its credibility.

However, unlike Herodotus, Axiom currently does not support querying historical data from other Ethereum EVM networks or L2 networks and only focuses on the Ethereum mainnet. Future support for related features is not ruled out.

Applications of Axiom V2

At the application layer, Axiom can assist dapps in implementing the following functions:

• Provide rewards and loyalty programs based on users’ on-chain activity records
• Implement accountability based on users’ on-chain behavior
• Establish oracles that can be customized according to identity, governance, and settlement needs

Conclusion

The current leader in the coprocessor space, Axiom, has a complementary relationship with light node projects such as Succinct. Succinct attempts to prove the Ethereum consensus itself, while Axiom proves any on-chain historical data based on the consensus, assuming the consensus result is accepted.

The field of ZK proof is rapidly developing with innovative inventions like folding proofs, accumulation schemes, and large lookup tables. This growth has drawn attention to projects like Nexus, which support the latest advancements in ZK proof technology. While ZK proofs are becoming mainstream, other projects like Lagrange are also gaining notice for providing proofs for Rollup through parallel provers, thereby filling a market gap.

Ongoing tech advancements have boosted the performance of various knowledge proofs, shrinking their size and verification costs. And this broadens their potential usage. In this context, the flexibility provided by modularization is gaining recognition, particularly within the coprocessor space.