Author: Polygon Ventures
Translation: Block unicorn
The Essence of Zero-Knowledge
Satoshi Nakamoto carefully constructed a clever solution to the ancient Byzantine Generals' Problem, which is fundamentally about how decentralized entities reach consensus or truth. This breakthrough is the Proof of Work (PoW) consensus algorithm. Miners around the world can now adjust their economic incentives, giving rise to a global consensus system. Bitcoin also enables users to control their private keys and independently verify transactions, leading to a truly decentralized custody ecosystem.
Ethereum, on the other hand, brought a new revolution to this field through the Proof of Stake (PoS) consensus mechanism, which relies on incentives and penalties for validators to maintain network security and harmony.
Distributed ledgers enforce correctness by re-executing computations on every network node, akin to reading an entire book to verify a single word. This approach leads to a computationally inefficient architecture where each node must download the latest block and execute the complete set of transactions to verify their consistency with the block.
Open computation is not only resource-intensive but also exposes a vulnerability: lack of privacy. This loophole is exploited by MEV extractors who manipulate transaction order to seek personal gain.
Recognizing these challenges, the blockchain community has shifted its focus to improving scalability and privacy. This has led to the exploration of zk-cryptography, particularly technologies like zk-SNARK (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge) and zk-STARK (Zero-Knowledge Scalable Transparent Argument of Knowledge). While these technologies differ in detail, let's leave that for later and look at a simplified explanation.
Essentially, zero-knowledge proofs allow someone (the prover) to prove to a distrusting party (the verifier) that they possess specific knowledge without revealing any details about that knowledge.
Zero-knowledge proofs have two fundamental properties:
1. Concise data and time-saving: The efficiency of verifying the proof is higher than directly checking the original data.
2. Privacy: It does not reveal the data or content being verified to the verifier.
Although this technology emerged in the 1990s, its initial applications were primarily limited to privacy solutions. IBM used ZK to create its identity mixer Bluemix in 2010, while Microsoft's election protection tool utilized ZKP (Zero-Knowledge Proof) to achieve verifiable private elections.
ZKP's ability to compactly verify off-chain computations has sparked research into scaling solutions for platforms like Ethereum. Last year, over $725 million flowed into ZK technology for blockchain, highlighting its increasingly important position.
While ZKP is mathematically complex, developers can integrate ZK cryptography into applications much like using public-key cryptography. Ongoing research focuses on developing state-of-the-art provers and verifiers, emphasizing efficient proof generation and fast verification.
Blockchain relies on crucial off-chain data, such as asset prices or information from other blockchains. Traditionally, off-chain data sources (oracles) like Chainlink have played the role of trusted data transmission, utilizing a set of economically incentivized validators to ensure data accuracy and integrity.
ZKP adds a new dimension of trust to the field of cryptoeconomics. Using ZKP, these applications can irrefutably prove the legitimacy of off-chain data and computations, acting as vigilant "supervisors" outside the blockchain.
ZK Landscape: Expansion
General Rollups
With the rapid growth of Ethereum, transaction costs for ERC20 tokens and ERC721 NFTs often soar to the range of $5 to $15, prompting a reconsideration of how scalability can be achieved without compromising decentralization.
Enter the era of Rollups: Ethereum strategically shifted to a modular, Rollup-centric framework, comprising three distinct layers: 1) Data Availability (DA) layer, 2) Execution layer, 3) Settlement layer.
Currently, two types of Rollups are under development: Optimistic Rollup and ZK Rollup, providing Layer 2 scaling solutions that can execute transactions off-chain and settle on the Ethereum chain while inheriting its security.
Both types rely on sequencers to receive user transactions, batch them (each batch can contain 100 transactions), and generate proofs to commit to the Ethereum mainnet. Optimistic Rollup relies on watchers to detect fraudulent transactions within a dispute resolution window, while ZK Rollup uses validity proofs to ensure transaction validity without on-chain verification.
Execution Layer: Execution and state storage occur within a Rollup-specific virtual machine (VM). Each ZK Rollup has a sequencer for ordering transactions and provers for creating proofs of intermediate computations. These "validity proofs" use minimal data and are then submitted to the Ethereum mainnet for smart contract verification.
Most ZK Rollups are compatible with the Ethereum Virtual Machine (EVM) to support Ethereum smart contracts. This flexibility allows developers to smoothly migrate Ethereum-based applications to Layer 2 (L2) platforms. However, challenges remain, including proof efficiency, blockchain performance, and opcode compatibility.
Storage Layer: In terms of storage, most Rollups, including Polygon's zkEVM, Scroll, zkSync Era, and Linea, tend to push data in compressed formats to the Ethereum calldata. This approach ensures liveliness, allowing users to recreate the state from Ethereum and bypass the Rollup when needed.
Block unicorn note: "calldata" is a data area in Ethereum smart contracts. It is a special area for storing input data, including parameters passed when calling contract functions. This data is typically read-only, meaning it cannot be modified and can only be used for reading. On Ethereum, developers usually use the "calldata" area to handle input parameters for contract functions, while the "storage" area is used to store contract state.
However, some zk-Rollups, such as Starknet's Validium, Matter Lab's zkPorter, and Polygon's Miden, store their data on different DA layers protected by Data Availability Committees (DAC). Solutions like EigenDA and Avail embody this approach, aiming to increase throughput while still enjoying the security guarantees of the Ethereum blockchain.
The EigenDA plan aims to scale throughput to 10 megabits per second (Mbps)
Settlement Layer: ZK Rollups submit the new Rollup state and "validity proofs" to verification smart contracts on Ethereum. These validators check the validity proofs to ensure the correctness of state transitions in the offline virtual machine and record new state transitions.
The verification process may require significant resources, with the gas cost for a single proof ranging from 300,000 to 5,000,000. Verification time may also be lengthy, approximately 10 seconds. Rollups typically periodically publish proofs to Layer 1 to reduce the cost of each transaction through batch processing.
ZK proofs cannot be used for consensus or transaction ordering within the Rollup. Typically, sequencers make consensus decisions based on their individual rule sets, many of which follow a first-seen principle. Efforts are underway to decentralize sequencers, with some being implemented, such as shared ordering generators like Espresso.
MEV-Based Rollup
As previously discussed, there are challenges when working with L2 EVM (Layer 2 Virtual Machine), which may limit computational efficiency. Ethereum's native functions, such as hash functions, are often incompatible with ZK technology due to their resource-intensive nature. ZKSync removed support for some of these opcodes as they realized that most of the cost came from these expensive operations.
Unlike the EVM, which focuses on the Ethereum instruction set, zkVM-based Rollups provide flexibility to run software compatible with various computer architectures. These virtual machines have broader capabilities to run different computer instructions, such as RISC-V and WebAssembly, and generate ZKPs for computation.
Starknet is a pioneer in the zkVM-based rollup field. It developed Cairo, a specialized low-level programming language closer to assembly language. Polygon's Miden uses its own assembly language closer to Move, while Delphinus and Fluent are dedicated to rollups based on the WASM language. Fluent and ZKM allow developers to build applications using general-purpose programming languages such as Rust, TypeScript, C/C++, and Go.
zkVM-based rollups redefine Ethereum's capabilities by promoting the development of applications that are difficult to develop in traditional account systems (Ethereum account system). Solutions using zkVM-based rollups make it easier to develop applications.
For example, Miden adopts a client-side proof model, where each account acts as a smart contract, and users are responsible for creating ZKPs on their client devices. These ZKPs are then submitted to the Miden rollup to update the global state. This approach allows for parallel execution of transactions and enhances privacy, as operations such as token transfers and NFT exchanges can occur without affecting the public state.
Rollup Framework
Several teams have embarked on simplifying the development of Zero-Knowledge (ZK) Rollups, opening the doors to more developers. These innovative frameworks provide developers with a comprehensive set of components, including sequencers, validators, Data Availability (DA) layers, and consensus layers.
Developers using these frameworks gain a significant advantage, inheriting the robust security of Ethereum while retaining the freedom of choice. They can choose to deploy native tokens or utilize Ether (ETH), and have the flexibility to interact with external validators or implement custom validator rules.
Sovereign Labs and Polygon are actively developing software development kits (SDKs) to enable anyone to create ZK Layer 2 (L2) Rollups with predefined rule sets and strong liquidity interoperability.
Lumoz takes a comprehensive approach, empowering development teams with full sovereignty over their Rollup through dedicated Proof of Work (PoW) consensus, a dedicated proof network, and communication channels with other Rollups.
LayerN adopts a hybrid zk-OP (OP Rollup-ZK Rollup) architecture, promising transaction fees a thousand times cheaper than Ethereum.
Eclipse recently released a universal L2, as a demonstration, combining modular elements—Solana's execution engine publishes DA to Celestia and uses Risc0 to generate ZK proofs for settlement on Ethereum. These experiments drive the development of modular arguments aimed at combining Solana's high-performance Ethereum Virtual Machine (EVM) with Ethereum's security.
Rollup as a Service
Rollups-as-a-Service (RaaS) simplifies the Rollup framework and software development kits (SDKs), providing an abstraction layer for easy deployment, maintenance, and creation of custom, production-ready application-specific Rollups.
RaaS liberates developers from the complexity of infrastructure management and monitoring network performance, allowing them to focus on building the application layer. Tasks that once required a significant amount of engineering time now become a simple 10-minute, code-free deployment process.
They can be seen as the AWS (Amazon Web Services) of Rollups, simplifying the deployment and development process of Rollups.
Platforms like Vistara and Gateway allow users to freely combine various modular components, creating personalized Rollups that meet their needs in seconds (Vistara and Gateway can be seen as an opportunity to create a Rollup public chain).
This modular approach enables developers to precisely tailor ZK Rollups to their unique objectives. From the execution virtual machine (VM) and data availability (DA) layer to sequencers, bridges, and verifiers, developers can flexibly choose components that suit their needs.
Dedicated Rollups
While general Rollup technology has seen significant development, there are limitations to scaling due to competition for L2 block space and rising L1 batch publishing costs. Specific dApps require custom features, such as DeFi needing fast finality, games needing low latency, and enterprise blockchains needing privacy, necessitating application-specific Rollup technology.
In this regard, Starknet's ecosystem is at the forefront, having processed over 418 million transactions, with applications like dYdX, Sorare, and Immutable leveraging application-specific Rollups built using Starkware's Starkex technology. Starknet's operators aggregate transactions, batch process them, and provide ZK proofs to the Ethereum main chain to ensure security and reduce costs.
Loopring, a ZK Rollup technology, focuses on DeFi use cases, providing functionality similar to Block Trade for instant execution of CEX-level liquidity. Myria, another ZK Rollup technology, focuses on gaming applications, emphasizing low transaction costs. Recently, Canto announced a transition to an L2 focused on using Polygon's chain development toolkit for handling real-world assets.
Privacy
As Web3 technology rapidly expands, attracting millions of users, privacy concerns persist, especially for institutions, banks, and enterprises, which often find themselves bound by legal requirements to protect their financial transactions.
ZK proofs provide an added layer of protection, an initial use case popularized by zCash. Zcash uses zk-SNARKs to prove transaction validity without revealing any information about the sender, receiver, or transaction amount. Wallet balances are not stored in plaintext but as "commitment notes."
This encryption technology allows users to conceal detailed information about their transactions while still proving they have sufficient funds and adhere to protocol rules:
Value privacy: It confirms that the total coins entering the transaction (inputs) equal the total coins leaving the transaction (outputs) without revealing the actual amounts.
Spending authority: It cryptographically proves that the sender has the right to use specific inputs they own, confirming their authority to spend those tokens, helping prevent unauthorized spending of those tokens.
Preventing double spending: It proves that the tokens have not been spent previously, preventing double spending.
Privacy-Focused L1 Protocols
Many protocols, such as Aleo, Aleph Zero, Ironfish, and Mina, are further pushing boundaries, focusing on privacy-centric L1 solutions. Unlike Ethereum's account-based framework, these protocols adopt modified versions of the Bitcoin Unspent Transaction Output (UTXO) model.
Consensus models: These privacy-centric protocols all adopt different consensus models. For example, Aleo uses a Sustainable Proof of Work (SPoW) mechanism where "work" involves generating zk proofs rather than resource-intensive mining. Ironfish uses a proof of work (PoW) model similar to Bitcoin, generating tokens only through mining, without an initial coin offering (ICO). Originally designed as an L1 solution, Aztec has transitioned to an L2 framework, settling on the Ethereum network.
Redefining the network layer: In addition to consensus, these protocols rethink the network layer, advocating for peer-to-peer data exchange to maximize privacy protection. For example, Ironfish uses a combination of WebRTC and WebSockets to establish connections with nodes. Users can establish direct connections, conduct transactions, create zk proofs for rule compliance, and settle transactions on the blockchain while protecting their privacy.
Privacy-Focused L2 Solutions
Meanwhile, projects like Aztec and Ola are dedicated to enhancing privacy protection on the Ethereum network by enabling ZK Rollups with private accounts and encrypted transactions. Both projects are developing their own zkVM, placing a strong emphasis on managing private accounts rather than just Ethereum compatibility.
ZK Applications
Applications leverage the privacy capabilities of ZKP to introduce trust into off-chain data and computations. Most use cases can be summarized into the following categories:
a. Confidential secret sharing: ZK technology empowers users to confidentially share secrets without trust through settlement layers. Well-known applications like zkMail and zkVoting protocols facilitate end-to-end encrypted data sharing, ensuring strong privacy.
b. On-chain confidential identities: ZK applications enable users to create on-chain confidential identities in a composable manner, surpassing the limitations of traditional data obfuscation methods like mixers.
c. Off-chain security guarantees: Leveraging ZK technology provides robust off-chain security guarantees, ensuring the integrity and expected state of a large amount of off-chain data and computations.
d. Interoperable trust: Oracles and bridges supported by ZK technology play a crucial role in bridging off-chain data to blockchain networks, maintaining cryptographic integrity.
Privacy Middleware
Unlike creating entirely new blockchains with native privacy features, privacy middleware protocols introduce privacy mechanisms into existing blockchain networks. These platforms introduce a privacy layer, acting as intermediaries between user addresses and anonymous or "stealth" addresses, providing a practical way to enhance privacy.
Tornado Cash, inspired by the Zcash privacy model, deployed an Ethereum-based smart contract to manage user balances stored in stealth addresses. Using zero-knowledge proofs, the protocol verifies the integrity of each transaction, ensuring users cannot withdraw funds beyond their account balance after mixing funds. However, Tornado Cash faces regulatory challenges as malicious actors abuse its privacy features for illicit activities.
To comply with regulations, industry leaders like Vitalik Buterin and Ameen Soleimani are pushing for next-generation privacy pool models that balance strong privacy and regulatory compliance. These models explore various approaches:
Blacklist screening: Capable of prohibiting deposits from addresses on the FATF (Financial Action Task Force) blacklist, ensuring the protocol is only used for legitimate privacy-enhancing activities.
User-controlled view keys: Users retain read-only keys that can selectively be shared with regulatory authorities. These keys verify fund sources and tax obligations while confirming funds do not come from blacklisted addresses.
Server-controlled view keys: In this setup, the protocol retains the ability to view all user funds and transactions, providing selective disclosures to regulatory authorities to enhance compliance.
Platforms like Panther and Railgun offer shielded tokens obtained by depositing funds into these platforms to acquire protected assets usable on blockchains like Ethereum, BSC, Polygon, Solana, and others.
Nocturne utilizes multi-party computation (MPC) and account aggregators (AA) to create a layer of stealth addresses. Unlike minting zk assets, these addresses are used for interactions with the protocol. Users deposit funds into a deposit manager, which mixes all user funds and provides a stealth address for each application interaction. DApps never have access to the source of these addresses, enhancing privacy.
Nocturne's deposit filter checks compliance before approving transactions
DEX
To meet the growing demand for secure and private asset trading in the institutional space, development teams are actively exploring decentralized exchanges (DEX) based on zero-knowledge technology. Unlike automated market makers (AMMs), zero-knowledge-based DEXs employ order books, offering a range of advantages including enhanced liquidity, feeless trading, unlimited trading pairs, diverse order types, and user-friendly interfaces.
Take Brine as an example, Brine adopts a hybrid model, effectively dividing its operation into off-chain and on-chain parts:
Off-chain part: In the off-chain part, Brine manages wallet data and real-time status of all orders and transactions, playing a crucial role in efficiently executing orders and maintaining the latest order book.
On-chain part: The on-chain part handles state commitments and system assets. To ensure transaction security and integrity, Brine utilizes STARK provers and subsequently verifies these proofs on the Ethereum network through dedicated StarkEx contracts to ensure the accuracy of state transitions.
Brine's decentralized exchange (DEX) platform uses StarkEx services for batch processing proofs
Due to Brine's orders being stored off-chain, the platform can accommodate various order types, including limit orders and stop-loss orders. Market makers can provide liquidity and earn fees similar to those seen on centralized exchanges (CEX).
Brine's matching engine has excellent scalability, capable of handling up to 600,000 transactions per second. This surpasses the limitations typically associated with AMMs. Importantly, since only cryptographic proofs are published on-chain, traders can enjoy 100% privacy regarding their positions.
In addition to Brine, platforms like Zkex and Satori are causing a stir in the market by using similar mechanisms to facilitate trading of derivatives and perpetual contracts.
Interoperability
Bridging data and assets between two blockchains typically relies on trusted validator groups or trusted multi-signature custodians to ensure accurate data transmission. This reliance on external validation has led to significant security vulnerabilities, as seen with breaches affecting bridges like Nomad, Wormhole, and Ronin, resulting in cumulative losses of over $1.5 billion. These traditional bridges often rely on external committees to lock assets on the original chain and mint corresponding assets on the target chain.
The introduction of zero-knowledge (ZK) lightweight clients represents a revolutionary advancement, with these lightweight clients using ZK proofs to verify consensus changes on the source chain. Running lightweight clients for the entire blockchain would require significant computation, so ZK bridges send proofs of zkSNARK consensus changes to the execution layer of the target chain, which then verifies the correctness of the consensus changes using the ZK proofs. This approach significantly reduces the computational cost of running nodes, achieving interoperability without relying on trust assumptions.
For example, Succinct is developing a lightweight client called Telepathy, which can verify Ethereum's consensus with a gas consumption of just 300,000. These lightweight clients can support various functionalities on the target chain, including:
Using Zero-Knowledge (ZK) technology to allow arbitrary messages to be sent between different blockchains, which can be used for coordinating or managing cross-chain deployments on different blockchains.
Reading Ethereum validator stakes and balances for Layer 2 solutions and re-staking protocols.
Providing liquidity bridging between chains without relying on lock/mint protocols.
Accessing Chainlink oracle data from Ethereum to the target chain for use by Layer 2 automated market makers (AMM) and DeFi protocols.
Polyhedra and zkLink focus on building liquidity bridges between multiple blockchains. Unlike maintaining their own liquidity pools on each connected network, zkLink aims to aggregate liquidity and merge tokens for all dApps using the zkLink infrastructure. This helps improve liquidity across different blockchains, allowing tokens to freely flow between various applications.
Oracles and Co-processors
Oracles can be divided into two main types:
1. Input Oracles - Bringing off-chain data to on-chain environments (e.g., Chainlink price data feeds)
2. Output Oracles - Passing on-chain data to off-chain environments for advanced computations (The Graph)
Smart contracts have inherent limitations, especially in handling complex computations such as floating-point operations, intensive calculations, or statistical analysis. This is where output Oracles come into focus, addressing these computational challenges by offloading these tasks to external systems.
Based on collateral, Oracle operations like Chainlink and The Graph run a set of validators who are rewarded to import real-world data (e.g., price or weather data from CEX) and perform computations on that data. However, there are security issues when the total collateral is lower than the potential value at risk. Hackers can exploit this imbalance to manipulate Oracle data, leading to frequent attacks and arbitrage opportunities.
This is where ZK Oracles, especially in the output Oracle domain, come into play. They verify off-chain computations using zk proofs to ensure they are performed as expected. This has given rise to a new category called co-processors.
HyperOracle is driving the development of "trustless" Oracles by utilizing specialized Oracle nodes that generate zero-knowledge (zk) proofs along with transmitted data sent to validator contracts on the Ethereum blockchain.
This approach transforms the security model into a "1-to-N" model, where even if one node submits correct data, validator contracts can detect any discrepancies. This setup ensures 100% computational integrity of off-chain computations while reducing finality to just 12 seconds, matching Ethereum's block time.
Another challenge addressed is Axiom providing a trustless mechanism for accessing historical state data on Ethereum. Due to Ethereum's stateful nature, smart contracts can only access the current state and rely on centralized off-chain Oracles to access historical state data.
Axiom addresses this by providing zero-knowledge proofs to verify the authenticity of block headers, states, transactions, and receipts from past Ethereum blocks.
Herodotus specializes in providing storage proofs, which are essentially ZK proofs, to confirm data inclusion in L1 (Layer 1) and L2 (Layer 2) state roots. Developers can build cross-chain applications, such as lending applications that provide collateral on one chain for loans on another, and gaming applications that utilize NFT assets on another chain.
Identity/Personal Identity Proof
The privacy guarantees of ZKP have created opportunities for designing new cryptographic primitives for various aspects of identity: location proofs, ownership proofs, voice proofs, education, experience, medical data, KYC.
Sismo is a great example in this field of ZKP. The team is developing ZK Badges, allowing users to selectively share their personal data with Web3 applications and other users. ZK Badges are tokens bound to the soul, categorizing them into specific groups based on their personal data. For example, users can prove they are long-term Ethereum users, contributors to a specific GitHub repository, or U.S. citizens by generating verification-condition ZK proofs. Upon proof verification, Sismo grants users badges corresponding to their personal data. The badges mark the user's identity without actually revealing any sensitive information.
Worldcoin represents another innovative application of ZKP, establishing World ID as an open and permissionless identity verification protocol. The protocol utilizes iris biometric recognition technology for precise identity verification, converting high-resolution iris scans into compressed form through convolutional neural networks. These data are inserted into their Semaphore ZKP implementation to generate an identity commitment, which is stored in the World ID contract.
To prove their identity, users provide their World ID, which is then checked against the entire list to verify membership, granting access to useful functionalities such as voting and one-time airdrops.
Worldcoin claims to destroy iris images after hashing, but there is no completely reliable method to verify the destruction of the images.
Verifiable Computation
Computational proofs are a cryptographic technology that allows one party to prove to another that a specific computation has been performed correctly without disclosing any sensitive information about the input, output, or the computation itself.
Risczero's virtual machine generates ZKP computation receipts when running code on its machine, creating an "execution trace" that allows anyone to verify a record of the machine's state at each clock cycle during the computation, while maintaining data privacy, akin to having a digital notary when computing on the RISC-V architecture.
This opens up many possibilities, such as:
1. Verifying computations without disclosing all details: Using ZK Proof of Exploit, white-hat hackers can report real-time vulnerabilities in smart contracts without disclosing the confidential details of the vulnerabilities. Additionally, ZK Proof of Storage used by Filecoin can ensure that miners store copies of data at any given time.
2. Verifying the authenticity of media: Distinguishing genuine images from tampered ones has become an escalating challenge, fueling the spread of fake news. The Content Authenticity and Source Alliance (C2PA) has proposed a standard for verifying the source of images to ensure they are indeed authentic and captured in the claimed context. The standard requires cameras to "digitally sign" each photo and attach a series of claims about the photo (e.g., location, timestamp). However, before these images are published on the internet, they may undergo resizing, cropping, and enhancement, which could alter these claims. Boneh and his team have implemented ZKP for various photo edits, including cropping, transposing, flipping, rotating, and adjusting contrast/brightness. As a result, any user can easily check the evidence to verify the authenticity of news reports without relying on "community annotations."
3. Verifying financial information: Individuals can transform their KYC data into ZK proofs on their client devices and share them with Dapps without disclosing sensitive information to meet compliance requirements. Additionally, banks can sign ZK proofs to confirm the integrity of credit scores. While fintech applications rely on Plaid to verify such data, permission is required from banks to set up such integrations.
Protocols like Reclaim, zkPass, and Chainlink's DECO bypass these permission requirements, storing financial data as composable ZK proofs usable by any Dapp. These protocols work as proxies between website servers and client devices, generating TLS receipts to ensure the accuracy of data. They allow the import of various data without trust, such as Github repositories, Facebook posts, bank balances, land records, tax documents, and game achievements, all recorded as on-chain ZK proofs. These protocols liberate Web2 data from centralized, permissioned servers and transform them into composable Web3 credentials.
4. Verifying the authenticity of large-scale models: Giza, Space and Time, and Modulus Labs are working on verifiable algorithm integrity, focusing on zero-knowledge machine learning (ZKML). Algorithms have a significant impact on our daily lives, driving everything from online searches and social media to personalized recommendations, controlling our attention and shaping our beliefs. Given their importance, transparency and openness of these algorithms are crucial, as users have the right to know how these algorithms work and how they are used.
ZKML technology allows users to verify if platforms like Twitter are truly using the algorithms they claim, by providing encrypted proofs for the final output score of individual posts. Zero-knowledge proofs offer a promising path for holding tech companies accountable, with applications not limited to social media but also encompassing fields like artificial intelligence and healthcare.
Privacy Computing
ZKP itself is very powerful, but when combined with other cryptographic technologies such as multi-party computation (MPC), fully homomorphic encryption (FHE), and trusted execution environments (TEE), they open up new areas of security and privacy design.
Renegade is developing an on-chain dark pool to ensure traders have complete privacy both before and after executing trades. In traditional setups, when two parties wish to exchange information and assets, they must rely on a central server to decrypt and process the data. However, if either party learns the output and terminates the connection before the token exchange, it could lead to information leakage and market manipulation.
To address this issue, Renegade introduces a peer-to-peer gossip network with multiple relays. When traders seek to execute trades, relays identify counterparties and establish a multi-party computation connection to protect trade information from third-party exposure.
Multi-party computation (MPC) is an encryption technology that allows multiple parties to collaboratively compute a function's output without revealing their inputs. Traders can exchange assets without disclosing their entire balance, and this core functionality forms the basis of a complete dark pool, eliminating the need for trusted operators. However, the MPC protocol itself cannot guarantee the validity of input data. Renegade generates a zk-SNARK proof in MPC computations to ensure that traders' balances align with their claims. Traders can run relay nodes on Renegade to maintain complete privacy. Fully homomorphic encryption (FHE) empowers the cloud to compute on encrypted data, protecting sensitive information from third-party access. Meanwhile, ZKP provides a means to prove the correctness of computations through concise verifiable proofs. The fusion of MPC, FHE, and ZKP has opened the doors to new applications. zkHoldem, by generating ZK proofs for each shuffle and deal, has fundamentally transformed on-chain poker games, ensuring provably fair gameplay. By also implementing MPC technology, zkHoldem elevates the integrity of on-chain games by hiding players' cards even from their servers. Proof systems involve a set of rules and procedures in a two-party protocol that allows a prover to convince a verifier of the truth of a statement. Developers can use various ZKP systems, each with its unique advantages and challenges: zk-SNARK (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge): Advantages: Compact proof size; fast verification. Disadvantages: Requires a "trusted setup" - a one-time initialization that, if mishandled, could enable fake proofs. zk-STARK (Zero-Knowledge Scalable Transparent Argument of Knowledge): Advantages: No trusted setup required; resistant to quantum threats. Disadvantages: Larger proof size; higher computational requirements. Bulletproof: Advantages: Avoids the need for a trusted setup; relatively smaller proof size. Disadvantages: Verification and creation are more time-consuming than zk-SNARK. PLONK: Advantages: Efficient arithmetic operations and simplified setup. Disadvantages: Still under research and not fully validated. Domain-specific languages (DSL) translate abstract logic into circuit representations that can be used by proof systems. These languages express higher-level logic in a form very close to assembly language. For example, Aztec's Noir is compatible with multiple proof systems, making it a good choice for developers. However, the complexity of these languages also poses a barrier, making circuit design challenging for most developers. A wave of innovation is sweeping the ZKP field, with many teams developing more advanced languages to abstract away the complexity of assembly language. Two examples are SnarkyJS, a TypeScript framework tailored for the Mina blockchain, and Polylang, another TypeScript framework developed by Polybase Labs in collaboration with Miden's virtual machine. Overall, ZK tools primarily pursue three core goals: versatility, user-friendliness, and performance. Solidity is not suitable for generating ZK representations, so the Starknet team created Cairo specifically for creating STARK-based smart contracts. Ethereum's ambitions include integrating ZK-EVM into its core protocol through Type 0. However, this ambition comes with a series of challenges, as Ethereum was not designed to be ZKP-friendly, and generating proofs for Ethereum blocks is computationally expensive. RiscZero recently announced their Zeth project, which can prove various aspects of Ethereum, including each EVM opcode and EIP, as well as block construction, but there is still a long way to go before formally integrating ZK into Ethereum. As the gaming industry rises, significant advancements in software and hardware development have changed personal computers and gaming consoles. In 1993, Nvidia entered the market, focusing on GPUs customized for 3D acceleration to cater to the burgeoning gaming market. With the rise of artificial intelligence and machine learning (ML), Nvidia realized the enormous potential of its GPUs in accelerating complex computations in these fields. As a result, they shifted to reposition GPUs to enhance the efficiency of AI and ML tasks, ultimately capturing 95% of the AI chip market.Similarly, we anticipate that zero-knowledge (ZK) technology will usher in a new era of specialized silicon hardware. These hardware components - including GPUs, FPGAs, and ASICs - will be designed to accelerate the generation and verification of proofs while maintaining cost-effectiveness. Generating ZK proofs on user hardware is extremely slow, but maintaining privacy is necessary. For example, hashing 10KB of data using SHA2 on a mobile device takes only a few milliseconds, but generating a ZK proof for this data would require at least 2 minutes. Hardware acceleration teams, such as Ingoyama and Cysic, can generate proofs in the cloud using dedicated hardware and return the proofs to users. Protocols that require a large amount of ZK computations can also collaborate with dedicated hardware providers to ensure optimal performance and competitive pricing. For example, Ulvetenna operates an FPGA cluster built specifically for ZKP rollup computations. These startups offer a variety of options, from online software as a service (SaaS) models to selling dedicated hardware to organizations. Some also provide consulting services to design custom circuits for specific application needs. **Proof Market** For emerging developers in need of ZK proofs, establishing contracts with specialized hardware suppliers and finding cost-effective solutions may pose significant challenges. Proof markets such as RiscZero's Bonsai, Nil's Proof Market, and Marlin's Kalypso act as bridges, connecting startups in need of ZKP generators with companies providing proof generation services. These markets focus on two key aspects of proof generation: related costs and the time required to generate proofs. 1. **Client-side Proofs:** Individuals seeking to generate ZKPs to protect their privacy and shield their sensitive information from centralized entities. Their best option is to generate ZKPs on mobile devices or laptops, but due to the time required, they are seeking to offload these tasks to dedicated accelerators. Researchers are actively exploring private delegation methods using protocols like DIZK, aiming to ensure that no single worker can access the complete secret, maximizing privacy and security. 2. **Server-side Proofs:** Startups requiring large-scale proof capabilities, such as a decentralized exchange (DEX) that generates proofs for all transactions flowing through its system and requires rapid processing to eliminate latency in its application performance. At Polygon Venture, we have been fortunate to closely follow the development of ZK technology. This journey has allowed us to collaborate with pioneers like Jordi and Daniel, delving into the inner workings of this transformative technology. In the cyclical stages of bear and bull markets, infrastructure often emerges during the trough, preparing for the subsequent recovery. Looking back at previous bull markets, ZK technology was only in its infancy. Fast forward to today, it is truly inspiring to see the exponential growth of ZK applications, significant advancements in ZK scalability, and the development of an expanded trustless computing paradigm. "The pace of ZK technology development is incredible; applications that seemed unrealistic a few years ago are now a reality. New ZK projects can choose from a variety of libraries, DSLs (domain-specific languages), zkVM, and other tools." - Daniel Lubarov, PLONKY2 We are transitioning into an era where once unassailable centralized institutions are increasingly being questioned. While centralized giants like Google, Twitter, and Meta have the power to plan and censor, a palpable wave of significant change is brewing. Like any promising technology, ZK also faces challenges. Ensuring the security of ZKP will take time, reminiscent of the early smart contract vulnerabilities in Ethereum. Despite these obstacles, ZK inherently carries a promise - a promise to fundamentally change the way we interact and build trust with each other.免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
