ZK Rollup
DUAL's zero-knowledge proof layer enables scalable, private, and verifiable state transitions. By bundling thousands of tokenization actions into a single cryptographic proof, ZK Rollup achieves enterprise-grade throughput while maintaining complete on-chain verifiability and data availability.
Why Zero-Knowledge Proofs Matter
Zero-knowledge proofs give DUAL three superpowers: the ability to verify massive batches of transactions without replaying them on-chain (scalability), cryptographic assurance that state transitions are valid without exposing intermediate details (privacy), and mathematical certainty that the entire rollup history is consistent.
For enterprises and asset issuers, this translates to economic sustainability: DUAL can process thousands of tokenization actions, compliance checks, and settlements for the cost of a handful of Ethereum transactions. The rollup's capacity scales to meet demand while maintaining a nearly constant, negligible per-action cost.
Architecture Overview
DUAL's ZK Rollup executes a four-stage pipeline to produce a single proof that can verify thousands of state transitions:
State Diff Computation
Sequencer batches pending actions and computes the delta from the current state root to the proposed new root. Only the changed leaves of the state tree are included.
Circuit Execution
The ZK circuit evaluates all transactions in the batch, verifying signatures, checking balance constraints, validating template compliance, and confirming that all state transitions are valid.
Proof Generation
Prover hardware constructs a cryptographic proof that the circuit execution was correct. This proof is a tiny (~200 bytes) certificate of computation.
On-Chain Verification
The on-chain verifier contract checks the proof in constant time (~300K gas). If valid, the new state root is committed on-chain and the rollup advances.
How Zero-Knowledge Proofs Work
The Core Idea: Imagine proving that you know the answer to a puzzle without actually revealing the answer. A zero-knowledge proof is a cryptographic method to do exactly that—convince someone of a fact's truth without divulging the fact itself.
In DUAL's context: the prover (DUAL's infrastructure) executes thousands of tokenization actions and computes a new state root. To settle that state on-chain, the prover generates a ZK proof that says: "I have executed all these actions correctly, and the state has transitioned from state_root_N to state_root_N+1, without revealing the details of every action." The on-chain verifier (a smart contract) checks this proof in milliseconds.
The Prover
- Executes all pending actions in sequence
- Constructs Merkle trees of state transitions
- Generates the cryptographic proof
- Publishes proof + new state root on-chain
The Verifier
- Receives proof and state root on-chain
- Executes verification algorithm (constant time)
- Either accepts or rejects the proof
- Updates state only if proof is valid
Proof System Design
Proof Scheme: ZK-SNARK
DUAL uses a Succinct Non-interactive Argument of Knowledge (ZK-SNARK). This means:
- Succinct: The proof is tiny (~200 bytes), regardless of batch size.
- Non-interactive: No back-and-forth between prover and verifier.
- Argument of Knowledge: Computationally infeasible to forge a false proof.
Circuit Design
The ZK circuit encodes the DUAL state transition rules. It validates:
Every transaction is signed by its creator. The circuit verifies that all signatures are valid using the appropriate cryptographic scheme.
Actions modify object state, token balances, and ownership records. The circuit enforces that all rules are followed.
For every token transfer, the source balance decreases and the destination balance increases. Total supply is conserved.
Objects created from templates must respect all rules, constraints, and metadata defined by the template.
Key Technical Parameters
Constant regardless of batch size. Enables efficient on-chain submission.
Constant time verification on-chain. Amortized per action: negligible.
DUAL uses a multi-party ceremony with public randomness extraction to minimize trust assumptions.
All computations are performed in a large prime field, enabling efficient constraint checking.
State Management
State Tree: Sparse Merkle Tree
DUAL represents all platform state (objects, wallets, ownership records, token balances) as leaves in a sparse Merkle tree. Each leaf corresponds to a unique entity on the platform. The root of this tree is a single 256-bit hash that cryptographically commits to the entire state.
Why Sparse Merkle?
- ✓ Supports a massive address space (2^256 possible leaves) with minimal overhead
- ✓ Only changed leaves need to be included in the ZK proof (state diffs)
- ✓ Efficient Merkle proofs for any single leaf (log(n) path length)
State Diff: What Changes
Instead of updating every leaf in the tree with each batch, DUAL only tracks the leaves that have changed. The state diff includes:
Which entity was modified (wallet, object, token record)
The leaf's value before the batch
The leaf's value after all actions in the batch
State Root: The Commitment
The state root is the Merkle root of the entire sparse tree. It's a 256-bit value that uniquely identifies the platform state at a given moment. Every action changes the state root.
state_root_0 → (batch_0) → state_root_1 → (batch_1) → state_root_2 → ...
Chaining State Roots
Each ZK proof validates a state transition from state_root_N to state_root_N+1. Because each proof commits to both roots, the entire rollup history forms an immutable chain. Any attempt to rewrite history would require forging a proof, which is cryptographically infeasible.
Rollup Economics
The economic case for ZK Rollup is compelling for asset issuers and enterprises. Here's how costs compare:
| Metric | Direct L1 Settlement | DUAL ZK Rollup | Savings |
|---|---|---|---|
| Per-transaction gas cost (ETH) | ~100,000 gas (~$5 at 20 gwei) | ~0.3 gas (~$0.00001 amortized) | ~500,000x |
| Per-action cost (100K actions/batch) | $500,000 | ~$3 | ~166,666x |
| Throughput capacity | ~12 tx/sec | Unlimited (batching) | — |
| Cost per action at scale | $5–10 per action | ~$0.00001 per action | 99.9%+ reduction |
Revenue Model Implications
With on-chain costs reduced to nearly zero, DUAL can:
- Monetize selectively: Charge market-rate fees only on premium features, without passing along on-chain infrastructure costs.
- Achieve unit economics: Even at modest per-action fees ($0.001–$0.01), DUAL is highly profitable at scale.
- Compete on efficiency: Offer costs 100–1000x lower than traditional asset issuance infrastructure.
- Support high-volume use cases: Compliance engines, atomic swaps, and complex settlement workflows become economically viable.
Bottom Line: ZK Rollup transforms the economics of digital asset infrastructure. The cost to settle a transaction drops from dollars to micro-cents, enabling new business models and market segments that were previously uneconomical.
Developer Integration
API Endpoints
DUAL exposes endpoints to query state and proofs:
Returns the current state root and checkpoint ID.
{
"stateRoot": "0x1f2a...",
"checkpointId": 42,
"timestamp": 1710618000,
"blockNumber": 19402410
}Returns the zero-knowledge proof and state transition metadata for a given checkpoint.
{
"checkpointId": 42,
"stateRootBefore": "0x1e9b...",
"stateRootAfter": "0x1f2a...",
"proof": "0x1a2b3c...",
"proofSize": 200,
"actionCount": 5243,
"timestamp": 1710618000
}Proof Verification
Developers and auditors can independently verify a proof. Here's a code sample:
// Pseudo-code: Independent proof verification
const stateRootBefore = "0x1e9b...";
const stateRootAfter = "0x1f2a...";
const proof = "0x1a2b3c...";
// Verify the proof using the on-chain verifier contract
const isValid = await verifierContract.verify(
proof,
stateRootBefore,
stateRootAfter
);
if (isValid) {
console.log("✓ Proof is valid");
console.log("✓ State transition is correct");
console.log("✓ All actions were valid");
} else {
console.log("✗ Proof verification failed");
console.log("✗ Something went wrong");
}On-Chain Contract Addresses
Contract addresses are placeholders. Check the deployment docs for current mainnet and testnet addresses.
Security Model
Soundness
It is computationally infeasible (harder than breaking SHA-256) to construct a false zero-knowledge proof. A dishonest prover cannot forge a proof that validates an invalid state transition. The security of the rollup rests on the soundness of the ZK-SNARK scheme and the correct implementation of the circuit.
Data Availability
All transaction data and state diffs are published on-chain (or committed to via Merkle roots). This ensures that anyone with access to the blockchain can reconstruct the full state at any point in rollup history. If the prover disappears, users can still prove their balances and assets.
Liveness
If the centralized sequencer/prover goes offline, new transactions cannot be processed and new proofs cannot be generated. However:
- • Existing state is safe and verifiable (backed by on-chain commitments)
- • A recovery mechanism allows designated participants to produce proofs using published data
- • Governance can upgrade or replace the sequencer to restore liveness
Upgrade Path
The proof system can be upgraded through governance. New circuits, proof schemes, or verifier contracts can be deployed without disrupting existing state. A consensus rule ensures that proofs generated with old and new systems are both accepted during a transition period, guaranteeing no liveness gap.
What We've Covered
- ✓ How ZK proofs enable scalable, verifiable state transitions
- ✓ DUAL's four-stage ZK pipeline and circuit design
- ✓ State management via sparse Merkle trees and state roots
- ✓ Economic case: 90–99% cost reduction vs. L1 settlement
- ✓ Developer APIs and proof verification workflows
- ✓ Security guarantees: soundness, data availability, liveness