#Off-Chain Verifiable Proof Of State Of The Mina Blockchain

Hello guys,

I'm currently investigating how Mina's blockchain sate can be verified for validity off-chain, or at least without an active connection to the internet or RCP endpoint.

That proof can come in various forms, such as:

1. Proof that a particular transaction was submitted and acceptedon chain, what time/block that transaction was performed and, and what are the public outputs/account updates.

2. A proof generated by a smart contract that a certain action has been performed, and included on-chain

3. A proof of an included transaction in the history (e.g. past included blocks).

Ideally, it would be sufficient for the verifier to have knowledge of a historical state/snapshot at a certain time in the past, and be able to use that knowledge to assert the validity of future transactions/state changes.

All of this logic could be isolated in the context of a particular smart contract, and have the verification key of that smart contract assumed known knowledge. In this sense, the Mina blockchain would be used as a trusted source for application code storage, and it's associated functions.

One way of doing this would be to perhaps submit a transaction, wait for X blocks of confirmation, and then provide a historical proof of includsion of a previous transaction.

For a practial way, you can think of a "proof of deposit". For example, "here is a nullifer that allows you to withdraw 10 MINA from a particular smart contract once a proof with a particular ID is submitted into this smart contract".

How such a feat can be achieved in practice, and what limitations/hard requirements should be kept in mind?

Thank you in advance.

Ideally, it would be sufficient for the verifier to have knowledge of a historical state/snapshot at a certain time in the past, and be able to use that knowledge to assert the validity of future transactions/state changes.

I think it's the other way around. the verifiers can assert the validity of past transactions given the root hash at a certain point in time.
So the validator needs to know the latest state of the chain or update it frequently.

That is true! I was seeking some sort of a solution were partial knowledge of the past would allow you to make assertions about near future. Since all smart contracts are verified by a single circuit that lives on the Mina nodes, I was wondering if such a setup would be possible.

But let's simplify it: let's say I have the knowledge of the blockchain state until block 100. How can a proof of state/transaction/previous block be verified based on that? From an immediate outlook, this would involve providing a valid path/witness in the chain of transactions. I'm wondering if there is a more compressed way of doing it. For example, if I know the block N of the blockchain, how can I generate a proof of the state for block N-M, with 0 >= M <= N (M larger than 0 and smaller or equal to N), and have that be verifiable offline/with partial blockchain information.

Thank you!

@woven jasper easiest technique is using write only state trees and the latest state, thats the technique we use for state proofs in Protokit. I believe the same is possible with the L1 protocol and snarked ledger hash preconditions

What are you building @woven jasper ? A bridge ?

@fathom crater from what I understand:

Write only state tree = Append-only Merkle tree , where existing entries cannot be mutated?

Latest state = most recent known block state proof on Mina?

How exactly can those two be used to verify the validity of a snapshot Mina's state off-chain? Wouldn’t that require you to have the full list of blocks in that append-only tree?

@mellow stump I would like to move computation over Mina state off-chain. For example, I would like to be able to verify a proof that a certain amount of $MINA has been deposited into a smart contract. This would allow for a creation of a “side-chain” which can perform computations without having an active connection to the internet

@woven jasper we solve this exact problem for Protokit L2 app chains by implementing a commitment based bridge between the L1 and the L2.

You deposit on the L1, creating a deposit commitment. Other users do the same, and these commitments come together in a hashlist.

When settling the L2, it must honor all the deposits. Otherwise you wont be able to settle

@fathom crater thank you. I’m currently looking into implementing my goal in Protokit. I’ll get back to you

You can solve it different way. For example using zk Oracle, which will monitor deposit on the smart contract and create a off chain proof of all deposits. I know Hyper Oracle implement this on evm chain but you can probably do the same