The motivation for this base layer is to build a fast, anonymous-by-default L2 that can support a zero-knowledge scripting language for custom financial applications.
It is NOT designed to be a new cryptocurrency but rather a safe haven for other cryptocurrencies to be exchanged privately amongst non-cooperative parties.
Twilight builds on 4 key constructions:
  1. 1.
    QuisQuis: An account-based system, that works like a UTXO model, where every account is one-time use. Every transaction creates new accounts and moves value from the previous account to the new one.
  2. 2.
    ZkVM: A stack machine for encrypted values. It is originally built for a UTXO-based network, taking a covenant-like approach for locking UTXO with some spending condition in a contract.
  3. 3.
    Utreexo: A hash based accumulator proposed for Bitcoin. It allows you to reference to the global state with under a kilobyte proof.
  4. 4.
    Tendermint core: A BFT-style state replication engine, that allows ledger-based apps to use custom cryptography.


These constructions allow the base layer to achieve:
  • Cryptographic finality: State transition is immediately finalized without waiting for a prover to submit a proof at some delay. This allows every block to update the accumulator for instant interoperability with other chains.
  • Confidentiality + anonymity + not a delegated prover: Confidentialtity hides your amount with a commitment. Anonymity hides your identity with an anonymity set. And since proof generation is not computationally demanding, it can be generated in your browser without delegating and revealing secret witness to a prover.
  • Parallelizable Verification LockTx can be verified in parallel in 1-2ms on a single core. QuisQuis/UnlockTx can be parallelized too and takes about 10ms for verification.
What it doesn't achieve:
  • Succinct Verification Zk-S*arks are succinct to verify, though the proof generation is relatively slow, which hinders trading experience on an exchange when the price moves every 300~350ms. Bulletproofs prover is pretty fast, though verifier has a linear verification time, which can be parallelized.
  • EVM Compatibility The base layer does not support EVM and is designed to be stateless by supporting a stack-based scripting language.
Last modified 2yr ago