Zero Knowledge Proof: ZK Snarks, ZK Rollups, zkEVM
Zero Knowledge Proof
Among cryptocurrency users, there is an opinion about the anonymity of transactions carried out on the blockchain. But sometimes this anonymity is imaginary – it is enough to link the wallet address with its owner once and track the actions of the “suspect” through the chain of transactions.
On the Bitcoin blockchain, all transactions are publicly available, so this is not difficult. Already, the NSA has developed a program that analyzes the chain of transactions and activity on the Internet, comparing people and their Bitcoin wallets. In this way, they even figured out the wallets of Satoshi Nakamoto.
The chain of transfers can be hidden using mixers for Bitcoin – these are BitMixer and CoinJoin. Anonymity is also provided by the ring signature of the transaction – it is used in Monero. But there is also a completely different idea of data protection and information confidentiality – Zero Knowledge Proof or evidence of zero knowledge.
zk-SNARK Technology
When people in the cryptocurrency space say “zero knowledge proofs,” they are usually referring to a specific type of proof: zk-SNARKs. With its help, you can completely hide all data: from which address the payment went, where it came and how much money was transferred. It also allows you to prove that the transaction actually took place and the correct amount is in the recipient’s account. Using ZK Proof, you can prove that something is true, without presenting any other information, including secret information.
How it works?
The mathematics behind zk-SNARKs is difficult to understand, but let’s try to provide analogies to understand how this system works.
Imagine that you meet someone on the street, and they claim that they know your cat – it is stuck in a tree in the yard, and you urgently need to go with him to rescue her. You are worried about your cat, but at the same time you feel some kind of mistrust. You need to make sure that this stranger is, in fact, a neighbor you can trust. So you’re asking questions that he should know the answer to if he actually saw your cat. Assuming you’re asking the right questions, the protocol you just came up with is an example of a zero-knowledge proof. You, the verifier, verify that the stranger or prover actually saw your cat. You do this interactively, coming up with questions that are difficult to prepare in advance and as many as necessary to confirm the event. That’s all. A zero-knowledge proof is when a prover convinces a verifier that it has secret knowledge without revealing that knowledge directly to the verifier.
Or, let’s say your brother has a safe containing his favorite silver rhinestone inflatable woman. And there is a not very trusting friend to whom you boasted, but who demands proof. Evidence that you can open this safe. You simply go to the safe and enter the code for the safe, covering it with your free palm. And then you show your friend that the safe has opened. That is, you proved that you know the code to the safe, but you did not reveal the code itself to him. That is, he received proof and no more information. This is Zero Knowledge Proof.
ZKP was invented back in 1985. One of its creators, Silvio Micali, is also the creator of the Algorand blockchain. However, only recently they began to actively use it in real life, because before that they thought it was rocket science, but with the advent of blockchains it found application.
Zero Knowledge Proof (ZKP) is a protocol in cryptography, and cryptography is the science of privacy. Essentially, ZKP is a way to protect data privacy. Some compare ZKP to a bank statement, which does not reveal all the data, but only answers “Yes” or “No” questions. For example, “Is there at least 600 bucks in this account?” However, no one can find out where this money came from in the account and other details.
Where is this applied? Zero Knowledge Proof is now implemented in the Zcash cryptocurrency and its forks (Zclassic, ZenCash). Ethereum introduced zk-Snark in the Metropolis update being rolled out. The Komodo platform also uses this technology.
There are two main types of ZKP: Zk-SNARK and Zk-STARK
Zk-SNARK
Zk-Snarks stands for “Zero-Knowledge Succinct Non-Interactive Argument of Knowledge.”
- Succinct – Compressed: The size of the proof in zk-SNARKs is small compared to the size of the statement being proven. As I said, you need the bare minimum of information.
- Non-interactive: There is virtually no interaction between the reviewer and the person being reviewed. They exchange only evidence that a certain statement is true.
- Argument: ZK-SNARKs are considered computationally reliable, meaning that a dishonest verifier has a very low chance of successfully fooling the system without having the knowledge (or witnesses) to back up their claim.
Let’s explain it like this:
For example, John invests 1 ETH in a smart contract that he enters into with Jim. Jim must complete a specific task, upon completion of which he will receive 1 ETH from the smart contract.
Things get complicated when the tasks Jim must complete are multi-layered and confidential. Let’s say you have entered into a smart contract with John. Now you will only receive payment if you complete tasks A, B and C. What if you don’t want to disclose details of A, B and C because they are confidential to your company and you don’t want competitors to know what you need to do?
Zk-Snarks helps prove that these steps were taken in a smart contract without revealing what those steps actually are. Zk-Snarks can simply reveal part of the process without showing the whole process and prove that you are honest in your statements The most striking example of ZK-SNARK is $ZEC (Z-cash).
The biggest problem with using ZK-SNARKs compared to ZK-STARKs is that a trusted setup is required. A trusted setup requires a certain set of calculations to be performed before ZK-SNARK can be used for proof. These calculations create two keys – a verification key and a proof generation key. The key for generating evidence is quite large for applications that are used in the blockchain – it takes up about a hundred gigabytes.
ZK-SNARKs are not quantum resistant. That is, quantum computers, when they appear, could greatly undermine their security.
Zk-STARK
ZK-STARK is an alternative to ZK-SNARK. It is considered a more efficient version of the technology – potentially faster and cheaper.
Zero-Knowledge Scalable Transparent Argument of Knowledge
There are two key differences:
Scalable: When the witness size is larger, ZK-STARK generates and verifies evidence faster than ZK-SNARK. As witness size increases, STARK evidence exhibits only a slight increase in verification and verification time (in SNARK, verification and verification time increases linearly with witness size).
Transparent: ZK-STARK generates public parameters for confirmation and verification using verifiable randomization rather than trusted configuration. Therefore they are more transparent than ZK-SNARK.
Thus, ZK-STARKs are more reliable than ZK-SNARKs, but they generate larger evidence than ZK-SNARKs, which typically results in higher verification costs. However, in some cases, such as when examining large datasets, ZK-STARK may be more cost-effective than ZK-SNARK.
ZK-Snark’s security is based only on hashes.
ZK-Rollups
Rollup is a scalability solution for the Ethereum network when transactions are carried out on the external chain (L2 layer). So, there is the main Ethereum blockchain – aka “Layer 1” or Layer 1 or L1. It’s not the fastest and not the cheapest.
To save money and speed up, the developers came up with an add-on over the main Ethereum network, that is, a second layer, also known as Layer 2 or L2. This add-on is called rollup and it interacts with the main Ethereum network through smart contracts. That is, on the second layer, transactions will cost less and go faster. And then many such transactions are simply combined into one and sent to the main Ethereum network.
ZK-Rollups are rollups, which are based on Zero-Knowledge proof. In addition to ZK-roll up, there are also Optimistic Rollups, such as Optimism and Arbitrum. ZK Rollup is more of a foundation for the future, they still need to develop a little. The two most famous ZK rollups are zkSync and StarkNet.
zkSync
Matterlabs released a ZK-Rollup called zkSync v1 in 2020 and it was based on SNARK. In 2022, they released zkSync v2, which now supports EVM – Ethereum Virtual Machine, making it compatible with smart contracts. Here you can get acquainted with their ecosystem – https://ecosystem.zksync.io/.
StarkNet
This is a competitor to ZkSync, which is already based on the STARK protocol. This is their main difference. You can find it here: https://starknet.io/what-is-starknet/.
The main difficulty of StarkNet is for developers who have to use the Cairo programming language. ZkSync supports off-chain transactions, which provides much higher throughput than on-chain transactions, while Starknet does not. This means more transactions can be processed per second, resulting in faster confirmation times and lower fees.
ZkSync also has a folding mechanism that allows multiple off-chain transactions to be merged into a single on-chain transaction, further reducing costs and increasing system scalability. Starknet has its own folding mechanism, but based on STARK.
In terms of compatibility, ZkSync is compatible with existing Ethereum tools and infrastructure (via EVM), making it easier for developers and users to integrate with existing applications and wallets. Starknet is a standalone solution and is not compatible with existing Ethereum tools and infrastructure.
ZkEVM
ZkEVMs, short for Zero-Knowledge Ethereum Virtual Machines, are zk-rollups that offer full compatibility with the Ethereum Virtual Machine (EVM). This means that existing applications running on Ethereum or any EVM-compatible blockchain, such as Polygon and Avalanche, can be easily migrated to a zkEVM with minimal or no modifications to the original code.
Historically, Ethereum has held the majority of Total Value Locked (TVL) in the blockchain space, accounting for over 50% of the TVL at any given time. Consequently, Ethereum developers have shown keen interest in exploring competing Layer-1 (L1) chains that are EVM compatible.
In contrast, zk-rollups like StarkNet, which are already live on the Ethereum mainnet, have not experienced significant adoption due to their lack of compatibility with the EVM and the absence of large decentralized applications (Dapps) on their platform. Consequently, crypto users are eagerly exploring alternatives in the zkEVM market, especially after the surge of announcements from key zkEVM projects in early 2023.
One notable player in the zkEVM space is Polygon. While rollups typically rely on the security of the parent L1 chain, Polygon is a sidechain that maintains its own security. Despite this distinction, Polygon has been highly successful, gaining prominence during the DeFi summer of 2020 and securing partnerships with major companies like Starbucks, Adidas, Prada, Reddit, and Stripe. Polygon has made significant scaling efforts, acquiring zk-rollup project Hermez and the zk-focused project Mir. However, it is Polygon’s zkEVM, which debuted on March 27, 2023, that has generated the most excitement. Polygon claims to have the fastest proving system in the world, thanks to its integration with Polygon Zero’s technology. Additionally, Polygon zkEVM utilizes recursive STARKs, a technique that allows multiple proofs to be combined into a single large proof, resulting in cost reductions and lower latency.
ConsenSys, a well-known blockchain company founded by Ethereum co-founder Joseph Lubin, is also actively involved in the zkEVM space. They released a private beta of their zkEVM testnet in late 2022 and are planning to launch a public beta on March 28, 2023. ConsenSys’ zkEVM is based on zkSNARK technology but employs a novel lattice-powered prover that addresses some of the drawbacks associated with traditional zkSNARKs. Importantly, ConsenSys’ zkEVM eliminates the need for a trusted setup, which has long been considered a weak point of zkSNARKs.
Scroll, a lesser-known company, entered the zkEVM scene with its debut on the Goerli testnet on February 28, 2023, following extensive testing on its pre-alpha testnet. Similar to ConsenSys, Scroll has addressed the limitations of the zkSNARK design and implemented fixes. They utilize a modified version of ZCash’s “Halo2” code, which enables protocols to leverage zkSNARKs’ small proof size and fast proof verification without requiring a trusted setup. Scroll’s architecture is designed to be as compatible with the EVM as possible, and they actively contribute to the community-built zkEVM layer.
Another notable player is ZkSync, developed by Matter Labs, a team dedicated to advancing Ethereum through zk-proofs. ZkSync initially released zkSync 1.0, which has since been rebranded as zkSync Lite, but lacked smart contract support. This limitation was addressed in zkSync 2.0, which introduced smart contract capabilities through the Zinc language. Recently, zkSync 2.0 announced its rebranding as zkSync Era, offering not only smart contract support but also Account Abstraction. Account Abstraction allows for more flexible authentication logic, gasless transactions, and improved wallet recovery. ZkSync Era utilizes the PLONK system, based on zkSNARKs, for its proofs, enhancing the security and upgradability of the trusted setup.
Lastly, Taiko, a company established in 2022, aims to be a Type 1 zkEVM, providing full Ethereum-equivalence rather than just EVM compatibility. Taiko employs zkSNARK proofs for its rollup and has designed its protocol to minimize the need for proofs, focusing only on cross-layer transactions such as bridging. This approach significantly reduces the time required for proof generation, addressing a key drawback of zkSNARKs. Taiko is also exploring bridge solutions that eliminate the need for full zk-proofs.
The competition among zkEVM solutions in 2023 is intensifying, with various projects launching their mainnets. Notably, many of these solutions offer the potential for airdrops. Additionally, efforts are being made to bridge the programming language gap, with projects like StarkNet considering transpilers. With zkEVMs vying for dominance in the zk-rollup space, the remainder of 2023 promises to be an exciting period of development and innovation.