Polygon Plonky3, the Next Generation of ZK Proving Systems, is Production Ready

Polygon Labs is extremely opinionated about exactly one thing: zero-knowledge tech.

No other scaling technology can do what ZK can do.

Cryptographic security, at speed; recursion, for efficiency; and the ability to unify liquidity and state across a web of sovereign chains that’s simply not possible otherwise. 

ZK is how Ethereum will scale to the size of the Internet. 

Today, researchers at Polygon Labs are excited to announce that Polygon Plonky3, the next generation of ZK proving systems, is production ready and open-source licensed under MIT/Apache.

Checkout the Github today 

With Polygon Plonky3, developers will have a wide variety of choices to build bespoke proving systems for zkVM or zkEVM chains, suited to whatever use case.

Plonky2++

Two years ago, Plonky2 was introduced by core engineers at Polygon Labs as a blazing fast proving system, optimized for hardware and recursion. In the time since, it has become one of the most widely adopted ZK proving systems in the industry. Plonky2 is known for both its engineering innovation with Starky and its mathematical innovation with the use of small prime fields.  

But optimizing for commercial hardware and recursion is another way of saying Plonky2 made trade offs: the properties of the proving system were fixed to accelerate certain kinds of common blockchain applications.    

Polygon Plonky3 differs from Plonky2 in that Plonky3 has fewer fixed properties, i.e., it is less opinionated. 

Whereas Plonky2 was a single proving system focused on lightning fast recursion by optimizing for hardware, Polygon Plonky3 is an open source toolkit that empowers ZK developers to build their own zkVMs or zkEVMs. 

It has been extensively audited for soundness. Check out the audit, here.

As a reminder, a proving system is a mathematical framework that ensures the validity and soundness of a proof. In simple terms, that means cryptographic security for some arbitrary computation, like that a transaction was correctly executed or that a blockchain’s state has been updated properly.

But the particular kind of blockchain computation a proving system is used for has a large effect on that proving system’s performance in terms of cost and speed. For the researchers and engineers that built Plonky2, the goal became designing a proving system for modularity and flexibility: speed, when speed speed matters; proof size, when cost matters, and everything in between. 

With Polygon Plonky3, developers can more easily extend the cryptographic security provided by ZK by building use-case specific zkVMs and zkEVMs.

Polygon Plonky3: A modular toolkit

Designed to be un-opinionated, Polygon Plonky3 enables ZK devs to build their own zkVMs and zkEVMs best suited to a targeted use case using Plonky3. 

A developer that requires speed would configure Polygon Plonky3 completely differently than a developer that requires the smallest proof size. 

At a high-level, Polygon Plonky3 is modular across finite field and hash function:

• Finite fields: BabyBear; Mersenne31; Goldilocks
• Hash functions: Poseidon; Poseidon2; Rescue; BLAKE3; Keccak-256; Monolith

(For now, the only available polynomial commitment-scheme is FRI, but support for several others are in-development.)

One effect of this modularity is more innovation. Polygon Plonky3 has already been adopted by projects like Valida and Succinct Labs’ SP1. Indirectly, that means every subsequent project that builds with these zkVMs is building on Plonky3, too. 

Because Plonky3 is open-source, these libraries can and will grow alongside the mathematical and engineering innovations that occur in the field.

In practice, ZK devs can mix and match to build a zkVM or zkEVM that best fits the blockchain application. Here’s what that looks like.

SP1 + Polygon Plonky3

SP1 is a general purpose zkVM that can prove arbitrary Rust code, providing the developer velocity and code maintainability of Rust, with the performance and soundness guarantees of Polygon Plonky3.

The configuration of Polygon Plonky3 used in SP1 was selected primarily by performance across the widest range of blockchain applications, including recursion, signature hashing, and the arbitrary computation of programs like the pessimistic proof.

For SP1, this was achieved using BabyBear for the finite field and Poseidon2 for the hash function. BabyBear, which is a 31-bit prime field and a spiritual descendant of the Goldilocks Field, provides speed on both CPUs and GPUs. And because proof verification often requires a lot of hashing, Poseidon2 provides blazing fast STARK recursion. 

This is only one example, with the possibility of many future customized use cases and configurable zkVMs or zkEVMs.  

Polygon Plonky3 is a continuation of Polygon Labs’ broader commitment to open-source ZK-powered technology as the only way to achieve verifiable off-chain computation.  

Tune into the blog and our social channels to keep up with updates about Polygon.

The future of Web3 is aggregated.

Website | Twitter | Forum | Telegram | Discord | Instagram | LinkedIn | Polygon Knowledge Layer