OGGlossary OSSolana vocabulary rebuilt for builders.
ENPT-BRES
ZK Compression

BLS12-381 Syscall

A Solana runtime syscall that exposes elliptic curve operations on the BLS12-381 pairing-friendly curve, including point addition, scalar multiplication, multi-scalar multiplication, and pairing checks. BLS12-381 is widely used in modern ZK proof systems, Ethereum 2.0 signatures, and other cryptographic protocols. This syscall enables on-chain verification of BLS signatures and ZK proofs that use the BLS12-381 curve without the prohibitive compute cost of a pure BPF implementation.

IDbls12-381-syscall
Plain meaning

Plain meaning

Start with the shortest useful explanation before going deeper.

A Solana runtime syscall that exposes elliptic curve operations on the BLS12-381 pairing-friendly curve, including point addition, scalar multiplication, multi-scalar multiplication, and pairing checks. BLS12-381 is widely used in modern ZK proof systems, Ethereum 2.0 signatures, and other cryptographic protocols. This syscall enables on-chain verification of BLS signatures and ZK proofs that use the BLS12-381 curve without the prohibitive compute cost of a pure BPF implementation.

Mental model

Mental model

Use the quick analogy first so the term is easier to reason about when you meet it in code, docs, or prompts.

Think of it as a building block that connects one definition to the larger Solana system around it.

Technical context

Technical context

Place the term inside its Solana layer so the definition is easier to reason about.

Compressed state, proofs, and scale-oriented storage patterns.

Why builders care

Why builders care

Turn the term from vocabulary into something operational for product and engineering work.

This term unlocks adjacent concepts quickly, so it works best when you treat it as a junction instead of an isolated definition.

AI handoff

AI handoff

Use this compact block when you want to give an agent or assistant grounded context without dumping the entire page.

BLS12-381 Syscall (bls12-381-syscall)
Category: ZK Compression
Definition: A Solana runtime syscall that exposes elliptic curve operations on the BLS12-381 pairing-friendly curve, including point addition, scalar multiplication, multi-scalar multiplication, and pairing checks. BLS12-381 is widely used in modern ZK proof systems, Ethereum 2.0 signatures, and other cryptographic protocols. This syscall enables on-chain verification of BLS signatures and ZK proofs that use the BLS12-381 curve without the prohibitive compute cost of a pure BPF implementation.
Related: ZKP Syscall (alt_bn128), Zero-Knowledge Proofs (ZKP), Syscall (System Call)
Glossary Copilot

Ask grounded Solana questions without leaving the glossary.

Use glossary context, relationships, mental models, and builder paths to get structured answers instead of generic chat output.

Open full Copilot workspace
Explain this code

Optional: paste Anchor, Solana, or Rust code so the Copilot can map primitives back to glossary terms.

Ask a glossary-grounded question

Ask a glossary-grounded question

The Copilot will answer using the current term, related concepts, mental models, and the surrounding glossary graph.

Concept graph

See the term as part of a network, not a dead-end definition.

These branches show which concepts this term touches directly and what sits one layer beyond them.

Branch

ZKP Syscall (alt_bn128)

The alt_bn128 syscalls are native BPF VM system calls added to the Solana runtime (via SIMD-0041 and related proposals) that expose elliptic curve operations on the BN254 curve (also known as alt_bn128) — specifically point addition, scalar multiplication, and pairing checks — enabling on-chain programs to verify Groth16 zk-SNARK proofs within practical compute unit budgets. Without these syscalls, implementing the pairing-based verification of a Groth16 proof purely in BPF bytecode would require hundreds of millions of compute units, far exceeding the 1.4M per-transaction limit; with the syscalls, a full Groth16 verification costs on the order of 200,000–400,000 compute units. Light Protocol's on-chain verifier and Solana's Token-2022 Confidential Transfers both depend on the alt_bn128 syscalls, making them a critical piece of Solana's ZK infrastructure.

Groth16Solana Virtual Machine (SVM)
Open term
Branch

Zero-Knowledge Proofs (ZKP)

A zero-knowledge proof is a cryptographic protocol by which a prover convinces a verifier that a statement is true — for example, that a state transition is valid — without revealing any information beyond the truth of the statement itself, satisfying the properties of completeness, soundness, and zero-knowledge. In Solana's ecosystem, ZKPs are used by ZK Compression (via Groth16 SNARKs) to prove correct state transitions for compressed accounts without storing full account state on-chain, and by the Token-2022 Confidential Transfers extension (via ElGamal encryption and range proofs) to prove token balances are non-negative without revealing the actual amounts. Solana's BPF VM exposes the alt_bn128 elliptic curve syscall to make on-chain Groth16 proof verification computationally feasible within the 1.4M compute unit budget.

PLONK
Open term
Branch

Syscall (System Call)

The interface through which SBF programs request services from the Solana runtime, analogous to OS system calls. Syscalls provide access to operations that cannot be implemented in userspace BPF code: cryptographic functions (SHA-256, Keccak, Poseidon, secp256k1 recovery), logging (sol_log), account data access, CPI (invoke/invoke_signed), program return data, and sysvar reads. Each syscall has a defined compute unit cost.

SBF (Solana Bytecode Format)Compute Units (CU)
Open term
Next concepts to explore

Keep the learning chain moving instead of stopping at one definition.

These are the next concepts worth opening if you want this term to make more sense inside a real Solana workflow.

ZK Compression

ZKP Syscall (alt_bn128)

The alt_bn128 syscalls are native BPF VM system calls added to the Solana runtime (via SIMD-0041 and related proposals) that expose elliptic curve operations on the BN254 curve (also known as alt_bn128) — specifically point addition, scalar multiplication, and pairing checks — enabling on-chain programs to verify Groth16 zk-SNARK proofs within practical compute unit budgets. Without these syscalls, implementing the pairing-based verification of a Groth16 proof purely in BPF bytecode would require hundreds of millions of compute units, far exceeding the 1.4M per-transaction limit; with the syscalls, a full Groth16 verification costs on the order of 200,000–400,000 compute units. Light Protocol's on-chain verifier and Solana's Token-2022 Confidential Transfers both depend on the alt_bn128 syscalls, making them a critical piece of Solana's ZK infrastructure.

Open term
ZK Compression

Zero-Knowledge Proofs (ZKP)

A zero-knowledge proof is a cryptographic protocol by which a prover convinces a verifier that a statement is true — for example, that a state transition is valid — without revealing any information beyond the truth of the statement itself, satisfying the properties of completeness, soundness, and zero-knowledge. In Solana's ecosystem, ZKPs are used by ZK Compression (via Groth16 SNARKs) to prove correct state transitions for compressed accounts without storing full account state on-chain, and by the Token-2022 Confidential Transfers extension (via ElGamal encryption and range proofs) to prove token balances are non-negative without revealing the actual amounts. Solana's BPF VM exposes the alt_bn128 elliptic curve syscall to make on-chain Groth16 proof verification computationally feasible within the 1.4M compute unit budget.

Open term
Programming Model

Syscall (System Call)

The interface through which SBF programs request services from the Solana runtime, analogous to OS system calls. Syscalls provide access to operations that cannot be implemented in userspace BPF code: cryptographic functions (SHA-256, Keccak, Poseidon, secp256k1 recovery), logging (sol_log), account data access, CPI (invoke/invoke_signed), program return data, and sysvar reads. Each syscall has a defined compute unit cost.

Open term
ZK Compression

Bulletproofs

A zero-knowledge proof system that produces short, non-interactive proofs without a trusted setup. Bulletproofs are particularly efficient for range proofs — proving a committed value lies within a range without revealing it. Used in confidential transaction systems to prove token amounts are non-negative without disclosing exact values.

Open term
Commonly confused with

Terms nearby in vocabulary, acronym, or conceptual neighborhood.

These entries are easy to mix up when you are reading quickly, prompting an LLM, or onboarding into a new layer of Solana.

ZK Compressionalt-bn128-syscall

alt_bn128 Syscall

A native Solana runtime syscall providing elliptic curve operations on the alt_bn128 (BN254) curve — specifically point addition, scalar multiplication, and pairing checks. These operations are essential for on-chain Groth16 zk-SNARK proof verification, which would otherwise exceed the 1.4M compute unit limit if implemented in pure BPF bytecode. Light Protocol's compressed account verification and Token-2022's confidential transfers both depend on the alt_bn128 syscall for ZK proof verification within practical compute budgets.

AliasBN254 Syscall
Open term
ZK Compressionzkp-syscall

ZKP Syscall (alt_bn128)

The alt_bn128 syscalls are native BPF VM system calls added to the Solana runtime (via SIMD-0041 and related proposals) that expose elliptic curve operations on the BN254 curve (also known as alt_bn128) — specifically point addition, scalar multiplication, and pairing checks — enabling on-chain programs to verify Groth16 zk-SNARK proofs within practical compute unit budgets. Without these syscalls, implementing the pairing-based verification of a Groth16 proof purely in BPF bytecode would require hundreds of millions of compute units, far exceeding the 1.4M per-transaction limit; with the syscalls, a full Groth16 verification costs on the order of 200,000–400,000 compute units. Light Protocol's on-chain verifier and Solana's Token-2022 Confidential Transfers both depend on the alt_bn128 syscalls, making them a critical piece of Solana's ZK infrastructure.

Aliasalt_bn128
Open term
Related terms

Follow the concepts that give this term its actual context.

Glossary entries become useful when they are connected. These links are the shortest path to adjacent ideas.

ZK Compressionzkp-syscall

ZKP Syscall (alt_bn128)

The alt_bn128 syscalls are native BPF VM system calls added to the Solana runtime (via SIMD-0041 and related proposals) that expose elliptic curve operations on the BN254 curve (also known as alt_bn128) — specifically point addition, scalar multiplication, and pairing checks — enabling on-chain programs to verify Groth16 zk-SNARK proofs within practical compute unit budgets. Without these syscalls, implementing the pairing-based verification of a Groth16 proof purely in BPF bytecode would require hundreds of millions of compute units, far exceeding the 1.4M per-transaction limit; with the syscalls, a full Groth16 verification costs on the order of 200,000–400,000 compute units. Light Protocol's on-chain verifier and Solana's Token-2022 Confidential Transfers both depend on the alt_bn128 syscalls, making them a critical piece of Solana's ZK infrastructure.

Open term
ZK Compressionzk-proofs

Zero-Knowledge Proofs (ZKP)

A zero-knowledge proof is a cryptographic protocol by which a prover convinces a verifier that a statement is true — for example, that a state transition is valid — without revealing any information beyond the truth of the statement itself, satisfying the properties of completeness, soundness, and zero-knowledge. In Solana's ecosystem, ZKPs are used by ZK Compression (via Groth16 SNARKs) to prove correct state transitions for compressed accounts without storing full account state on-chain, and by the Token-2022 Confidential Transfers extension (via ElGamal encryption and range proofs) to prove token balances are non-negative without revealing the actual amounts. Solana's BPF VM exposes the alt_bn128 elliptic curve syscall to make on-chain Groth16 proof verification computationally feasible within the 1.4M compute unit budget.

Open term
Programming Modelsyscall

Syscall (System Call)

The interface through which SBF programs request services from the Solana runtime, analogous to OS system calls. Syscalls provide access to operations that cannot be implemented in userspace BPF code: cryptographic functions (SHA-256, Keccak, Poseidon, secp256k1 recovery), logging (sol_log), account data access, CPI (invoke/invoke_signed), program return data, and sysvar reads. Each syscall has a defined compute unit cost.

Open term
More in category

Stay in the same layer and keep building context.

These entries live beside the current term and help the page feel like part of a larger knowledge graph instead of a dead end.

ZK Compression

State Compression

State Compression is Solana's technique for storing the cryptographic fingerprint (root hash) of a Merkle tree on-chain while keeping the actual leaf data off-chain in the Solana ledger's account data logs, reducing the cost of storing large datasets by orders of magnitude. A compressed NFT collection of 1 million items costs roughly 50 SOL to mint versus ~12,000 SOL with standard SPL accounts, because only a single Concurrent Merkle Tree account occupies on-chain storage. Any data change requires updating the root hash and supplying a Merkle proof to the on-chain program, which verifies inclusion without reading the full dataset.

Open term
ZK Compression

ZK Compression

ZK Compression, pioneered by Light Protocol, extends Solana's state compression model beyond NFTs to general-purpose compressed accounts by using zero-knowledge proofs (specifically Groth16 SNARKs verified via the alt_bn128 syscall) to prove the validity of state transitions without storing full account state on-chain. Compressed accounts live in on-chain Merkle trees but their data is reconstructed from the Solana ledger by indexers like Photon, enabling developers to build applications that use thousands of accounts at a fraction of the normal rent cost — often 1,000x to 5,000x cheaper than regular accounts. The protocol introduces compressed tokens, compressed PDAs, and a system of nullifiers to prevent double-spends while maintaining Solana's throughput.

Open term
ZK Compression

Compressed Account

A compressed account is a Solana account whose state is stored as a leaf in an on-chain Concurrent Merkle Tree rather than as a dedicated on-chain account, making it 100–1,000x cheaper to create and maintain because no rent-exempt lamport balance is required per account. Compressed accounts are identified by a hash of their data and position in the tree; to interact with one, a client must supply a Merkle proof (or rely on the canopy) showing the leaf is part of the current tree root, which the on-chain program verifies before processing the state change. Light Protocol's compressed account model supports arbitrary data, discriminators, and owner programs, making it a general-purpose replacement for expensive on-chain accounts in high-volume use cases.

Open term
ZK Compression

Concurrent Merkle Tree

A Concurrent Merkle Tree (CMT) is a specialized on-chain Solana data structure that allows multiple state updates to the same Merkle tree within a single block without conflicting, by recording a changelog buffer of recent root transitions that validators use to reconcile parallel proof submissions. A CMT is parameterized by its maximum depth (max_depth, determining tree capacity of 2^max_depth leaves), max_buffer_size (number of concurrent changes the changelog can track, directly controlling how many operations per slot the tree can safely absorb), and an optional canopy_depth. The SPL Account Compression program manages CMTs, and they are the foundational storage primitive for both Metaplex compressed NFTs and Light Protocol compressed accounts.

Open term