Truebit on Nervos


Truebit is a blockchain enhancement which enables smart contracts to securely perform complex computations in standard programming languages (e.g. C/C++/Rust). It can operate at a fraction of the cost of native gas. Any DApp can issue a computational task, and reputationless Miners receive token rewards for providing solutions.


Truebit ranks among the earliest experiments in both cryptoeconomics and WebAssembly architecture (WASM). It currently exists as a fully-functional, high-performance, Soldity-compatible system. The platform enables DApps to leverage complex cryptographic primitives and other operations which exceed the gas limit. Truebit has led many popular community initiatives, including #ArtProject, ETH Prize, and Merry Merkle.


We will adapt the Solidity-based version of Truebit for Nervos in order to enhance the functionality of CKB smart contracts. Truebit fits within Nervos’s design theme of conserving computational resources and is compatible with the platform’s Rust-based architecture. Along the way, the Truebit team may design and develop Solidity adaptation tools in conjunction with Nervos’s own Polyjuice initiative.

Technical specification

The components we propose to port onto Nervos are as follows.

  • On-chain stepper for simulating transitions between WASM snapshots and smart contract rules for “verification games”
  • Truebit’s “incentive layer” providing smart contract interface and cryptoeconomics for issuing and solving tasks
  • Truebit-OS command line client and filesystem
  • Token layer for pricing tasks

The whitepaper and token model provide more context for these technical contributions. Note that we can reuse some parts of Truebit’s existing off-chain interpreter and Toolchain for the CKB version. We will flesh out specs based on advice from Nervos’s core team and conclude integration with code testing and audits.


As far as I know, Truebit has been set to solve the gas limit problem on Ethereum. But on CKB, the layer1 is not used to do those calculations, verification on-chain and calcualtion off-chain. So what is meaning for CKB to use Truebit?

There is no doubt that Truebit maybe be useful on Nervos’s Layer2.

I think It is Layer2 protocol instead of Dev Infrastructure, what does it could bring to Nervos infrastructure development?

Truebit intersects multiple categories of the current call, including:

  1. Smart contract language and tooling
  2. Interoperability
  3. Cryptographic primitives

We will develop new tools and techniques for generating Nervos smart contracts through the course of this ambitious, pioneering initiative. As indicated above, we foresee synergy with Polyjuice. Second, interoperability has been a primary application of Truebit since its inception. Truebit enables Ethereum smart contracts to check Dogecoin’s scrypt proof-of-work, a key ingredient in any two-way peg joining these two blockchains. Scrypt is one example of a cryptographic primitive which lies outside the reach of native smart contracts, however there are many others (for example, see “bilinear pairings” on Truebit-OS GitHub). Truebit allows smart contracts to conveniently integrate cryptographic primitives written in standard programming languages.

Could you be more specific on a technical level and what you will do?

  • How synergy with Ployjuice?
  • What you will do on interoperability? Like Bitcoin SPV enables CKB scripts to check Bitcoin’s proof -of-work. Would you enable CKB scripts to check Ethereum’s proof-of-work or even more?
  • Be more specific on how Truebit will allow smart contracts to conveniently integrate cryptographic primitives written in standard programming languages?
1 Like

Given that Truebit is already implemented in Solidity, can you provide the thinking behind porting Truebit to Rust and re-working the architecture for the cell model versus directly building for Polyjuice?

1 Like

Polyjuice is a tool for converting Solidity code into CKB.

@mathoticus It may be difficult to immediately convert Truebit smart contracts to Polyjuice given the preliminary state of that tool. While building Truebit directly to CKB architecture might prove a faster path to production, supporting the Polyjuice interface could benefit other existing Ethereum projects that wish to operate on Nervos. Truebit’s smart contracts may serve as an interesting pilot for Polyjuice as the interface develops.

@stwith One can use Truebit to check most proof-of-works, including Ethereum’s Ethash or Litecoin’s Scrypt. For proof-of-works whose verification involves lower computational complexity, such as Bitcoin, one could instead perform verification directly within the native smart contract. Even in this simpler case, however, one might still find it handy and perhaps more reliable to compile the original source code to a Truebit task rather than re-engineering it into a smart contract script. In order for a DApp’s smart contract to verify a proof-of-work hash using this method, the DApp would call to the Truebit smart contract, citing the appropriate task code and hash input, and then Truebit would reply back to the DApp with the hashed data.

Let us consider a second example for integrating a cryptographic primitive. Today’s Nervos Talk post, zkp-toolkit-ckb, includes a proposal for developing a Rust-based version of a zero-knowledge protocol known as bulletproofs. Bulletproofs avoid the unfortunate trusted setup requirement common to most SNARKs but may require more compute resources for verification than native smart contracts can afford. By pairing Truebit with bulletproofs, one can obtain zero-knowledge proofs on-chain without trusted setup. Once one has compiled the code for bulletproof verification into a Truebit task, any DApp can cite that task together with an arithmetic commitment and a corresponding bulletproof and in return receive from Truebit confirmation that the bulletproof certificate is valid.