Full-chain Games/Autonomous Worlds

Full-chain games/autonomous worlds are one of the most important narratives in Web3. As of the end of October, the daily active users (DAU) of web3 games reached 5.3 million, showcasing tremendous market potential. Unlike Web2.5 applications, full-chain games/autonomous worlds deploy all game logic on the blockchain, directly utilizing the blockchain as the game server, ensuring that every user operation occurs authentically on-chain. This brings significant advantages such as decentralization, trustworthiness, and high composability. However, traditional games still face major challenges such as performance bottlenecks, scalability, and privacy when embracing Web3. Nova is a folding solution that is expected to reshape the gaming landscape and lead web3 games into a new era.

What is Nova

Nova [1] is a recursive proof system based on a folding scheme, specifically designed for R1CS, capable of efficiently implementing Incremental Verifiable Computation (IVC). IVC is a cryptographic primitive that ensures the correctness of each step by proving the correctness of the results of all previous steps, allowing a party to demonstrate the integrity of the execution process of a given computer program.

First, what is IC (Incremental Computation)? IC refers to recursively applying the same function F for computation, that is, obtaining a state after iterating through the initial state, as shown in Figure 1.a. If the function F also includes a verification circuit, then we obtain IVC (Incrementally Verifiable Computation). IVC allows the Prover to prove to the Verifier and generates a proof at each step, which is a concise proof ensuring that the computation process from the beginning to the step is correct, as shown in Figure 1.b. It can be seen that this method can break down large computations/statements into smaller chunks, which can then be executed more efficiently by repeating the same code blocks.

Nova proposes an innovative folding scheme that merges two R1CS instances along with their respective witness instances into one. Compared to Snark-based IVC, Nova does not require verifying previous Snark proofs in each recursion, thus having the following characteristics:

• No trusted setup required
• No FFT operations or pairing-friendly elliptic curves needed
• Constant verification time
• Only for R1CS instances, merging 2 R1CS instances into 1 R1CS instance

Why Nova

The prospects for web3 games are broad, but they also face many challenges. First, for real-time fast-paced games, the response time for operation commands is typically measured in milliseconds, yet most blockchains do not possess the capabilities required to support high-performance games. Secondly, as transaction volumes increase, blockchains may become congested, leading to delays and affecting the experience.

To address these issues, we explored a method called Game Rollup. Game Rollup aggregates game operation commands into the same circuit through the Groth16 proof system, then generates a proof and uploads it to the chain for verification. With this approach, players can perform more operations before interacting with the blockchain, enjoying a longer gaming experience without waiting for confirmations on the chain for each operation.

Specifically, our Rollup circuit can also be represented in IVC form:

Where F is the turn function of the game.

Taking our 2048 game as an example, this is an on-chain adaptation of a classic sliding puzzle game. The biggest challenge in designing 2048 lies in the design of the F function. In the 2048 game, there are four possible command inputs for each turn: up, down, left, and right. To accommodate these four inputs, the design of the F function (circuit) needs to be quite sophisticated, as it is fundamentally different from implementations of 2048 logic on-chain through smart contracts, which typically handle commands using simple if statements (e.g., if up {}, else if down {}…). However, the circuit does not support direct use of if-else structures, which we will discuss in detail in the next article.

Solana is a high-performance public chain that can provide faster transaction confirmation speeds, but even so, the experience of the 2048 game [2] deployed on it still does not reach the desired smoothness. In contrast, our Game Rollup-based approach offers a smoother gaming experience, demonstrating the advantages of Game Rollup in enhancing game performance. However, this method still has some limitations, as it is merely the most basic implementation of IVC:

• The prover requires Ω ( i * | F | ) memory
• The proof is not incrementally updatable

Until we encountered and deeply studied Nova, we felt a sense of "meeting too late," as it breaks through the limitations of Game Rollup and is expected to solve performance bottlenecks and scalability issues in Web3 games. Below is our performance benchmark test comparing Game Rollup and Nova using the 2048 game as an example:

Conclusion

Nova not only offers superior performance but also high memory efficiency, which is crucial for large circuits, as Groth16 requires a large SRS and can exhaust memory. Nova can still operate efficiently in low-memory environments. Currently, some ZKVMs have begun to build on Nova, such as Nexus [3]. We believe that Nova will bring unprecedented performance and scalability to Web3 games, becoming a key technology driving the development of Web3 games. Zypher has established a close strategic partnership with Nexus and is actively collaborating to adopt Nexus's ZKVM based on the Nova system to create the next generation of on-chain decentralized application infrastructure.

References:

[1]https://eprint.iacr.org/2021/370

[2]https://solplay.de/solana-2048/

[3]https://nexus.xyz/