This article takes you on a journey to explore zero-knowledge proofs and discover the new potential of ZK.
Compiled by: LXDAO
Zero-Knowledge Proofs (ZK) technology, with its outstanding privacy protection capabilities, has become a shining star in the field of data security and has even topped the list of hot topics in the encryption industry. However, the depth and complexity of ZK technology have deterred many learners who are eager to explore this field. In this LX sharing session, Guo Yu, the founder of Anbi Lab, was invited to share his insights and forward-thinking, allowing us to review the exciting content of this issue together and unlock the infinite possibilities of ZK 🚀
The gap between theory and practice: Where are the application scenarios for ZK?
Guo Yu pointed out that among the various branches of cryptography, the practical application of ZK has been quite sufficient. However, compared to theoretical research, the practical application of ZK is often based on relatively immature and unverified protocols due to its engineering and rapid product iteration. Currently, most of the learning materials for ZK are theoretical, mainly for two reasons:
Currently active ZK researchers are mostly focused on theoretical research, with fewer engaged in engineering practice. In terms of output, it is evident that ZK theoretical research has a much shorter production cycle than engineering practice. For example, many engineers, due to their different backgrounds, need a relatively long time to learn the underlying algorithms/mathematics and actively practice when polishing products, which can give the impression that what we see is mostly theoretical.
The rapid development of the industry and the high-speed iteration of products have made some engineering content easily replaceable by other protocols in specific application scenarios, or gradually fade from people's view. Therefore, although the technical threshold for ZK has decreased significantly, theoretical development always precedes practical application.
If you want to practice ZK, you can collect some good reference materials, such as high-quality engineering code, and imitate, use, or make simple modifications to it to understand its purpose and operating principles. If you have additional requirements and want to try modifying the code to improve its performance, you need a deep understanding of the code to make modifications. Furthermore, if you have a new idea and want to create a product from scratch, it will require a significant investment and dedicated learning. However, whether it is theory or practice, imitation is the main approach. As our skills improve, we will find ourselves capable of doing more. When we understand and master the underlying principles, we will also have the courage to do more.
In the past decade, ZK engineering practice has made significant progress and continues to develop rapidly. The theory of ZK has also entered a state of vigorous development. However, this has also brought some obstacles to learning, such as where to start learning and how to learn. Especially in cryptography, there is a lot of bottomless data, but you don't know its purpose or the source of the algorithms. As for the application scenarios of ZK or what good applications there are, they are actually quite limited, and many application-level products are still in the concept verification stage. However, overall, the emergence of new things will bring more hope and require more people to conduct experiments and explore the right path for the entire industry.
ZK off-chain applications and monetization paths
Guo Yu replied that ZK has enormous potential for future development, but when it comes to monetization, it relies more on the product itself to genuinely solve core problems and meet market needs/pain points in order to generate income.
Currently, for ZK off-chain applications, applications with clear and specific needs are more promising, such as wallets, bridges, Layer 2, and off-chain calculations for smart contracts. Based on his years of learning experience, the blockchain has already put forward many specific needs in its development process, such as scalability, storage, and protocol issues such as the scarcity of nodes and how to effectively compress transmission volume. Of course, there are also issues unrelated to blockchain, such as privacy protection, which is not purely a technical problem but more of a social issue. The definition of privacy and the level of acceptance of privacy by everyone are part of a game.
More focused applications, such as Ethereum state explosion, data availability of node quantity, increasing more validators, solving MEV problems, including the security, complexity, and cross-chain bridge security of on-chain contracts, generally have good development prospects for meeting these needs or solving these problems.
What is CRS, and why does ZK need it?
Guo Yu pointed out that the so-called CRS (Common Reference String) is the basis for Prover & Verifier not trusting each other out of thin air, but rather trusting each other based on even a consensus as small as a single bit.
For example, in the basic concept of ZK, there is a concept called a circuit, which is the process of computation that Prover & Verifier must agree on and make public to everyone. Given that Verifier is aware, Prover calculates the privacy parameters and proves the integrity of the computation process, where the circuit must be made public, and only the input parameters can be hidden from the Verifier. This circuit itself is also part of the consensus, so before Prover, both parties must reach a consensus, which should be in the CRS. Currently, we are all using the ZK-SNARK (Zero Knowledge Succinct Non-interactive ARguments of Knowledge) protocol, which basically covers CRS.
If it is based on elliptic curve, there are two types. One type, like Groth16, involves a trusted setup process, which is a secure multi-party computation protocol. Once completed, this part of the consensus circuit is incorporated. The other type, such as Marlin and Plonk, does not require incorporating the circuit, but still requires incorporating some consensus content in advance.
Another type, although based on elliptic curve, depends on the discrete logarithm, which is the elliptic curve discrete logarithm problem (ECDLP). For these protocols, a transparent setup is required, and consensus must also be reached, such as choosing which elliptic curve, key generation algorithm (Generator), and prime numbers P and Q. There is also a type based on hash-based, such as Stark and Risk Zero, which also requires CRS, including the hash function, RS code (Reed-solomon codes), and so on. In general, CRS is basically necessary, but the content of CRS may be very different, and its purpose is also to reduce communication overhead and proof size, but different protocols also have certain differences.
How to translate real-world needs into polynomial expressions for ZK
Guo Yu pointed out that from a theoretical perspective, to achieve the polynomial expression of ZK, calculations are required. Whether it is scalability or privacy, it needs to be expressed using a suitable circuit, and this calculation must be fixed. This not only refers to a fixed algorithm but also includes a fixed scale of computation. When the algorithm itself is in a relatively deterministic stage and its computational complexity can be broken down, it is also easier to operate, which is also called writing a circuit.
With in-depth research on ZKEVM and the rapid development of ZKVM technology stack, there are now free-to-use open-source zero-knowledge computing platforms such as Risc Zero, SP1, zkWASM, and other different implementations, which can write ZK applications without the need to build a circuit, only through Rust construction or custom code. Therefore, making business logic ZK-friendly is becoming increasingly simple.
In addition to writing circuits, another type of computation is based on the RAM (Random Access Machine) model. We can imagine it as a virtual machine running, where the process is no longer about writing circuits but about writing state transitions. How to better express business logic as state transitions or even transform business logic into polynomials depends more on one's own abilities and accumulated experience.
Overall, there is a threshold, even for writing circuits.
Highlights of Q&A
Why is ZK needed?
Guo Yu believes that currently there is a lack of significant applications to prove its usability or effectiveness, and the emergence of ZK can better establish this trust. Additionally, ZK technology is a foundational tool for addressing trust issues in cryptography. Furthermore, in the development of blockchain, many problems have been encountered, such as the sharp decline in the number of nodes and the state explosion of Ethereum, all of which ZK has the potential to improve and solve. Therefore, for the present and the future, ZK is crucial for blockchain.
Of course, ZK also needs blockchain. Its prerequisite is to have a trusted existence, followed by trust and even protocol interaction. Blockchain is an indispensable part of the ZK trust bootstrapping process. Both complement each other and are indispensable.
Insights and experiences in learning ZK and getting started
Guo Yu replied that the motivation comes from a strong interest in the theoretical aspect. To get started, it is more about reading professional papers and basic materials, mastering essential knowledge, and in-depth learning. During this process, accumulation and gradual learning are key. Many papers lack clear context or are mixed, so it is necessary to read and even reread them to achieve a smooth understanding. Writing circuits is a practical approach, especially for finding a job. Practice more, learn from high-quality project code, and perhaps find something amazing in some inconspicuous corner. Imitate writing circuits, summarize experiences, and convert them into personal knowledge and experience.
Additionally, it is beneficial to pay attention to non-professional enthusiasts in the industry. They often popularize understandable tutorials, share their learning experiences, or personal experiences. However, due to the rapid development of the industry, it is important to ensure that the content is not outdated and to approach learning with a dialectical attitude.
For those interested in theory, it is better to focus on specific areas, mastering them first, and then using that experience to explore other learning content. Depth-first search (DFS) is better than breadth-first search (BFS). Cooperative learning is a good form, as it can help sustain and effectively facilitate learning and exploration.
To what extent should one learn ZK before seeking employment?
Guo Yu believes that now is the best time to start looking for a job and to supplement skills if necessary. Most job details are publicly available, so it is possible to try contacting and offering help with code improvements or bug finding. Furthermore, there is a high demand for good engineers, and ZK technology is developing rapidly, so lack of experience is not a problem. In fact, with the rapid turnover of technology, newcomers do not have many disadvantages.
If we are using ZKVM, such as on-chain solutions like Starknet (STRK), do we still need to write circuits?
Guo Yu pointed out that currently, these virtual machines (VMs) need to provide special instructions for system calls or special interfaces. If a calculation is repeated, compiling it directly into VM instructions can lead to significant expansion. Therefore, commonly used instructions are usually circuitized. After circuitization, the distributed chain trace specified by the VM proof will be much shorter. Additionally, treating it as a circuit can help with preprocessing and is more efficient than a trace.
In a very few proof systems, there are some circuits in the calculation. For the same algorithm, only the parameters are different. In normal circumstances, without intervention, it would produce ten times the hash circuit when looping ten times. However, there is a type of proof technology that can parallelize these ten circuits and generate additional optimizations after parallelization, which are quite significant. Therefore, the current VM design principle can consider allowing users to write specific functions that need to be executed as circuits and integrate them together. However, currently, it mainly relies on the VM to provide this functionality.
Additionally, there is a technology called the Folding scheme, which can compress repeatedly concatenated circuits into one, making the proof process particularly memory-efficient but also placing higher demands on writing circuits. In summary, whether to learn or write depends strongly on your benefits, but theoretically, it is possible to compile without much thought and call directly through ZKVM.
Apart from integrating with blockchain, are there other possible directions for ZK?
Guo Yu believes that privacy protection may be one direction, but there are doubts about the demand for it. Even in Web3, people are not very concerned about their privacy, let alone in traditional industries. In academia, there are many directions that combine ZK with non-crypto, such as Zero-Knowledge Machine Learning (ZKML), ZK databases, and using ZK for anonymous voting. However, whether these can really solve practical problems and whether they are a pain point remains to be confirmed. When driven by urgent and practical needs, the results will be more visible. For example, the development of ZKEVM actually originated from EVM. The entire Ethereum needs to be compatible with EVM on Layer 2. Although EVM did not perform very well, when the related technology was transplanted to ZKEVM, relatively good results were achieved.
In the current stage of blockchain, what value does technology and business scenarios provide?
Guo Yu replied that if we are discussing the demand in the Crypto world, it has many uses. For example, decentralized identity (DID) in identity authentication and privacy protection on social networks. The key point is to find a scenario that truly meets user needs and characteristics to make it successful. Therefore, if you are doing business, it is beneficial to keep an eye on the current situation of ZK. Currently, the technology conditions have already reached or are close to some simple scenarios.
An audience member, Stone, added that under the current operating mode, the entire consumption of resources, bandwidth, or storage is very high due to the establishment of trust or consensus. Through ZK, the efficiency can be increased exponentially, which means that at least in terms of technology, its value is very high, and once its technological value is demonstrated, the scenario value will certainly be reflected accordingly.
Guo Yu added that the current development of ZK actually has a problem: it lacks a clear direction, making it difficult to speculate or foresee. The development of ZK has forked in many directions, and it is impossible to know which fork will move forward or whether there will be a fork. This has led to a huge gap between those who develop applications and those who work on theory. For example, those working on theory find it difficult to know the pain points in application scenarios and can only imagine and construct application scenarios in their papers. However, at the same time, the threshold for ZK is constantly increasing, making it difficult for product and business developers to understand what it can do and what it is capable of. Therefore, those developing applications can learn more about basic concepts and common tools, such as some common ZK tools and documents, to understand how much business logic it can prove and how the computational load is. It does not require a deep understanding of ZK, just a basic understanding of its concepts, what it can do, and what it is not good at solving. In conclusion, both complement each other, contributing to the prosperity and development of blockchain.
Conclusion
Through this LX sharing session, it is believed that everyone has gained a more comprehensive and in-depth understanding of the development, application, practice, and entry-level learning of zero-knowledge proofs (ZK). With the continuous development of the industry, the ongoing innovation and breakthroughs in ZK technology, it is also believed that ZK will demonstrate tremendous development potential and broad application prospects. At the same time, this will inject new vitality into the encryption industry and even the entire Web3 development. In the future, we look forward to continuing to work together with everyone to explore ZK and build a more secure, efficient, and transparent digital world!
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
