Last week, we published a research paper formalizing the Nock ISA and demonstrating how to represent it as an efficient circuit, usable as a performant Zero-Knowledge Virtual Machine (ZKVM).
This paper is an important milestone in the Nockchain adventure, for it is largely the NockVM that will make Nockchain civilization-grade infrastructure.
With performance akin to specialized Domain-Specific Language circuits but the generality of traditional big-ISA ZKVMs, we believe NockVM is the future of general-purpose verifiable computing.
Read: “A Framework for Compiling Custom Languages as Efficiently Verifiable Virtual Machines”
The Goal: General-Purpose Verifiable Computing
For a Zero-Knowledge blockchain to become civilization-grade infrastructure, it must eventually support efficient verification of arbitrary computations.
Achieving efficiency and generality, however, has been difficult.
Historically, Zero-Knowledge Proof (ZKP) architectures have adopted one of the following approaches:
- DSL Circuits (e.g., Noir, Leo): Optimized for specific use cases, Domain-Specific Languages (DSLs) achieve performance advantages with the cost of specificity. Developers must learn new languages and manage specialized tooling targeted at particular circuits.
- "Large" ISA ZKVMs (e.g., SP1, Jolt): These architectures provide general and flexible development environments for popular ISAs (e.g., RISC-V, WASM) but introduce higher circuit complexity when ISAs have large numbers of opcodes and registers, which can result in worse performance and higher proving costs.
- Generic Frameworks (e.g., Valida, OpenVM): Hybrid models offer efficient, modular circuits and compatibility with standard ISAs. These frameworks aim balance performance and generality.
NockVM fits in the generic framework approach, aiming to balance efficiency with generality simultaneously.
Why Nock? The NockVM Breakthrough
We're building Nockchain on Nock because it's small, but not too small. Nock's 12 opcodes reduce complexity relative to popular ISAs like RISC-V (47 opcodes), but remain powerful enough to handle the chain's logic. Specifically, Nock gives the NockVM several advantages:
- Novel Tree-Encoded ISA with Dyck Fingerprinting: We've developed a unique tree-based approach, leveraging tools from combinatorics, to achieve highly efficient polynomial encodings for binary trees. These are then used to minimize circuit complexity in the NockVM.
- General VM-Compiler Transformation Applied to Nock: To our knowledge, this one of the first contributions to formally specify traits an ISA must satisfy in order to be generically compilable into an efficient ZKP circuit. We apply this concept to show that the Nock ISA can be efficiently transformed into a simple ZKVM specification.
- Smaller Circuits for 10× Smaller Constraints: Fewer opcodes mean simpler arithmetic circuits, which are the bedrock of ZKPs. Smaller circuits reduce proving time and cost. Our approach dramatically reduces circuit complexity, achieving constraint sizes an order of magnitude smaller than comparable table-based RISC-V ZKVMs.
- Designed with Formal Soundness in Mind: Verifying the correctness of a VM—ensuring it does exactly what it claims and nothing more—gets exponentially harder with larger ISAs. Most architectures require substantial theoretical work to prove the soundness of their corresponding ZKVMs—with usage, developer docs, and multi-million-dollar audits only partially effective. In this release, we provide soundness proofs for many crucial gadgets of our ZKVM design and identify relevant open questions for achieving security for the feature-complete version. We think this enhances trust in the reliability of NockVM.
- Sufficient Power: Despite its minimalism, Nock is Turing-complete and general-purpose. We’re creating a unified ecosystem where developers can write programs in Jock, run Nockapps off-chain, prove critical subroutines in the Nock ZKVM, and then verify it all on Nockchain. We expect some developers will use other languages, and proofs from other systems like Risc Zero will eventually be able to be verified in Nock.
Limitations & Future Work
Proving the soundness of NockVM, with all of its innovations, is a great achievement—but we'll be the first to acknowledge that much work still remains. Obviously, Nock is unfamiliar to many developers, whereas RISC-V is widely used. We have not built and integrated NockVM into Nockchain‘s transaction engine yet, whereas other ZKVMs are running in the real world. Discerning readers of the paper will note that efficient memory writes remain an open question, although we have a strong sense of how that will be handled.
Nonetheless, we are off to the races... The mining competition on v1 of Nockchain is heating up, open-source development is heating up, and our chain development is heating up.
We've proven the NockVM is sound, but can we prove how efficient it is in practice?
You'll have to stay tuned, because there's only one way to find out.
Proof of Work is a bloodsport.
Get Involved
- For the bigger picture, see the Nockchain lightpaper
- Explore the Nockchain GitHub repository
- Say hello in the Technical Forum
- Connect in our Telegram
