Article: Joseph Bonneau
Translation: DAOSquare
Editor's Note: Field Notes is a series where we report on important industry, research, and other activities in the field. In this issue, Joseph Bonneau, a research partner at a16z crypto and assistant professor at New York University, attended the 11th zkSummit held in Athens on Wednesday, April 10th, and recorded notes. The event, hosted by the Zero Knowledge podcast, had approximately 500 attendees and featured four presentations in a single day. Below is a summary of Bonneau's report, covering the latest in zero-knowledge hardware, SNARK performance, and auction network design, including some mentions of Jolt, a new approach to SNARK design by the a16z crypto research and engineering team, which is already 2 times faster than the current state-of-the-art technology, with more improvements on the way.
ZK Hardware
Support for hardware-assisted proof generation has long been a community goal. The first two talks on the main stage outlined current developments in this area.
Justin Drake, a researcher at the Ethereum Foundation, provided an overview of ZK hardware, including a taxonomy of companies in the field. The list includes companies using general-purpose hardware (such as Ulvetanna), companies manufacturing custom hardware (including Accseal, Cysic, and Fabric), and companies running decentralized proof networks (such as Aleo). He predicted that the "endgame" for zkVM, such as Jolt enhanced by Binius (a hardware-optimized SNARK verification system), and other upcoming optimizations and dedicated hardware, could achieve a 1000x computational overhead and may impact the final, battle-tested version of Ethereum. He also predicted that hardware will primarily focus on non-ZK succinct proofs, with most proofs packaged in Groth16. He also mentioned that the Ethereum Foundation will announce a competition to formally verify provers and verifiers, with a prize of $20 million.
Jim Posen, co-founder of Ulvetanna, discussed Binius and the general concept of designing proof systems and hardware simultaneously. Binius uses binary tower fields and sumcheck protocols, and Jolt is also based on this protocol. An interesting conclusion drawn from early tests of Binius is that the hash function Groestl (SHA-3 runner-up) outperforms Keccak (official SHA-3 standard) in performance, so using Groestl in certain applications may be advantageous.
Decentralized Prover Networks
Many in the field envision a future where large-scale statement proof generation (e.g., correctness of a batch of transactions in Rollup) is completed by a competitive, decentralized professional prover market.
Uma Roy, co-founder of Succinct, discussed the upcoming prover network by Succinct. She introduced various potential mechanism designs for decentralized prover networks and predicted that designs based on competition (first prover wins) or mining (first prover wins, modulo randomness) would not yield good results. She said that the design goals should be, in order, minimal cost, maximum latency, and censorship resistance. She predicted that issuance/staking models might work, but auction models are most likely to succeed, eventually resembling today's block construction. She said that Succinct is building a general auction network to support multiple zkVM proofs, not just Succinct's own SP1, such as Jolt/Lasso.
Wenhao Wang, a PhD student at Yale University, discussed a new paper on prover network economics, which was published on the morning of the presentation day, co-authored by him, Ben Fisch (Espresso Systems), and Ben Livshits (Matter Labs). Wenhao mentioned that bilateral auctions are easily susceptible to collusion between provers and bidders, and they introduced an alternative mechanism called Proo-phi, introducing new matching trades and proof mechanisms. Proof-phi requires setting capacity parameters, which seems to be a key open design issue.
Daniel Kales, co-founder and CTO of TACEO, discussed prover markets supporting multi-party computation (MPC), especially using MPC to maintain privacy between small clients with private witnesses and large provers without trust. He discussed how we choose combinations of proof systems for linear operations (such as the Fast Fourier Transform algorithm), which are relatively cheap in MPC and can minimize costs.
ZK Credentials
Three different sessions discussed efforts to build zero-knowledge credentials from existing identity systems. Each relies on different existing identity systems.
Aayush Gupta and Sora Suegami, co-founders of ZK Email, discussed proof of ownership of ZK email addresses. These rely on knowledge of DKIM signatures for emails sent to specific addresses, and DKIM has been widely deployed by major email providers (though primarily as an anti-spam measure). Many applications can use ZK proofs to verify if a user controls an email address, including applications for sending funds to email addresses and anonymous reporting.
Alin Tomescu, a research scientist at Aptos Labs, discussed Aptos Keyless, which interacts with traditional web2 identities using OpenID connect. OpenID connect is a technology that supports "log in with Facebook, Google, etc." for third-party websites. Aptos Keyless interacts with existing OpenID providers and proves that users control a given address, enabling applications such as sending funds to Google or Facebook accounts.
Michael Elliot and Derya Karli of zkPassport discussed how to build anonymous credentials from existing e-passports. For example, users can prove that they hold a US passport and are over 25 years old without revealing their passport number or exact age.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
