Zero-knowledge technology is a subset of cryptography that is helping blockchain projects overcome the scaling and privacy limitations inherent to many Layer-1 blockchains. The technology enables blockchain projects to facilitate greater transaction throughput, protect user data while still being able to verify identities, and support complex computation, while also allowing enterprises to adopt blockchain technology while protecting their intellectual property. Underpinning all of these use cases is zero-knowledge proofs.
What are zero-knowledge proofs (ZKP)? ZKPs enable someone to prove they know or have a piece of data without revealing the underlying information. A “prover” creates a proof using knowledge of a system’s inputs and a “verifier” confirms the proof was calculated correctly, even though the verifier cannot see the information. Essentially, zero-knowledge proofs make it possible to verify the validity of a dataset while preserving the privacy of the data itself.
In this article, we explore some of the unique advantages of zero-knowledge-based solutions, how blockchain projects are utilizing zero-knowledge technology to help developers build advanced dApps that scale the Web3 ecosystem while protecting user privacy.
I. Why Does Zero-Knowledge-Based Matter?
Zero-knowledge solutions grant developers a way to leverage the security of an existing layer-1 blockchain like Ethereum while enabling dApps to scale through higher throughput and faster transactions, protecting users’ personal information by keeping it hidden off-chain, and lowering the cost for end-users by publishing transactions in batches. Ultimately these advantages enable projects to build advanced dApps that rival the performance and functionality of Web2 systems while maintaining the benefits of decentralization.
Zero-Knowledge-Based Protocols vs. Optimistic Rollups
Optimistic rollups are an alternative layer-2 technology used by prominent scaling solutions. As of 29 June, 2022, according to the analytics site L2Beat, optimistic rollups account for 74.3% of TVL stored on Ethereum layer-2 networks, with zero-knowledge-based solutions accounting for 25.9%.
The fundamental difference between zero-knowledge scaling solutions and optimistic rollups is how transactions are verified. Optimistic rollups use fraud proofs that are only generated when disputing a state change published on the layer-1 blockchain, while zero-knowledge solutions post validity proofs after every batch is published on-chain. This means that zero-knowledge-based protocols always have a valid state, with the trade-off of consuming more gas to verify validity proofs on the base chain.
However, combining zero-knowledge rollups with off-chain data can increase gas consumption efficiency. These more efficient zero-knowledge-based solutions are known as Validiums and Volitions. Critically, they are also able to prove a state is valid without revealing the underlying data. This can help drive enterprise adoption of public blockchains as organizations can protect user information and trade secrets.
Another difference between the two different types of layer-2 solutions is their capital efficiency. In optimistic rollups, the standard window for transactions to be finalized and for withdraws to be processed is one week, while users can withdraw funds in around ten minutes from zero-knowledge solutions.
II. Types Of Zero-Knowledge-Based Solution
Architecture
- zk-Rollups
Zero-knowledge rollups bundle many transactions together and post them to the layer-1 blockchain with a proof verifying the validity of that computation. The proofs that get published on-chain are known as validity proofs and can be either SNARKs or STARKs. When these proofs are verified on the layer-1 blockchain, the zero-knowledge rollup has a new state.
- Validium
Validiums combine validity proofs with off-chain data storage to enhance scalability. Validity proofs are still published on the base chain, while data is stored off-chain. This significantly improves throughput and lowers gas costs.
While this is a far more efficient and scalable architecture than zk-rollups, it presents the risk that malicious actors make data unavailable and users may be unable to withdraw their funds.
This data-availability problem is being overcome with proof-of-stake-type systems that use crypto-economic incentives to help ensure data is stored by many different nodes and always available. It’s important to note that while these malicious actors could stop transactions, they cannot directly steal user funds.
- Volitions
Volitions combine both zk-rollups and validiums and allow users to choose (hence the name) between either scaling solution as they share a single state root. Even if there was a successful malicious attack on the validium side of the volition, funds on the zk-rollup side would still be safe.
This enables entities willing to pay higher fees for the higher security guarantees of a zk-rollup to natively interact with participants who prefer the lower transaction costs of a volition, such as on a DEX where a market maker is providing hundreds of millions of liquidity while a retail trader may only have a few small positions open.
Validity Proofs
- SNARKs
SNARK stands for “zero-knowledge succinct non-interactive argument on knowledge.” A SNARK is a type of cryptographic proof that is small in size and easy to verify. SNARKs generate a cryptographic proof using elliptical curves, which assume that it’s infeasible to find the discrete logarithm of a random elliptic curve element from a publicly known base point. Computing elliptic curves is less computationally expensive than computing hashing functions used by STARKs, which is why SNARK-based protocols can be more gas efficient.
- STARKs
STARKS stands for “zero-knowledge scalable transparent argument of knowledge.” It’s a type of cryptographic proof that requires little to zero interaction between the prover and the verifier. The key advantages of STARKs over SNARKs are that they have fast prover times and are easier to scale as they offer more computing power. Also, using hash functions makes them quantum resistant.
Notably, STARKs were invented by Eli Ben-Sasson, the co-founder of StarkWare, the team building StarkEx and StarkNet.
III. Zero-Knowledge Blockchain Projects
zk-SNARK Based Projects
- Loopring
Loopring is a zkRollups layer 2 which supports order-book style trading without taking custody of users’ assets. Loopring is a decentralized exchange protocol and an “automated execution system” built on Ethereum that will allow its users to trade assets across exchanges. It isn’t a decentralized exchange. Rather, it facilitates decentralized exchanging through ring-sharing and order matching. It allows for high-throughput, low-cost trading and payment on Ethereum.
- zkSync 2.0
Similar to StarkNet, zkSync 2.0 is a layer-2 Ethereum scaling solution that uses a volition architecture that supports smart contracts. zkSync uses zk-SNARKs to validate transactions and uses a zkPorter, a proof-of-stake system, for data availability. The main difference between zkSync 2.0 and StarkNet, besides their validity proof, is that zkSync 2.0 is EVM compatible.
- Zcash
Zcash, previously named ZeroCash in reference to the zero-knowledge proof used to support its privacy-preserving transactions, is one of the earlier crypto assets and helped pioneer the use of zero-knowledge technology in the industry.
- Mina
Mina protocol is said to be the lightest zk-SNARK-used blockchain in the world since its size is designed such that it will remain constant even with the increase in usage. Mina has managed to have created a unique solution to this problem. The Mina Protocol has a fixed size of 22kb and thus, anywhere anyone can easily access Mina Protocol through their mobile phones or desktops, which makes it a much better experience and also brings forward newer opportunities for apps for developers to build.
zk-STARK Based Projects
- Immutable X
Immutable X, an NFT platform that facilitates the minting and trading of NFTs and tokens, is using an application-specific zk-rollup with StarkEx. The platform has supported tens of millions of NFT mints and trades all with low fees, even during periods of network congestion on Ethereum.
Immutable X will also launch on StarkNet. Instead of posting its proofs directly to Ethereum, Immutable X will publish them on StarkNet which will then be recursively posted on Ethereum through StarkNet’s rollup. Immutable X can then leverage StarkEx to launch app chains on top of StarkNet, essentially providing projects with a layer-3 scaling solution.
- StarkNet
StarkNet is a general-purpose platform that enables developers to deploy smart contracts on an Ethereum-based zk-rollup. Both of the prominent Ethereum dApps Aave and Maker are set to launch on StarkNet. Notably, StarkEx zk-rollups can be launched on top of StarkNet to increase an application’s scalability.
To take full advantage of the advanced computation and scalability that’s possible with STARKs, StarkWare has created a new highly efficient and turing complete programming language for generating STARK proofs called Cairo. That means that StarkWare needs to bootstrap a developer ecosystem with documentation, frameworks, and accompanying tooling.
- StarkEx
StarkEx is a layer-2 scalability solution built on Ethereum that uses STARK proofs to validate self-custodied transactions, enabling trading and payment applications to be built on top of it. Projects built on StarkEx such as DeversiFi, Sorare, and dYdX have generated hundreds of millions of transactions and hundreds of billions worth of dollars in trading volume. However, StarkEx does not support smart contract functionality that enables fully-featured dApps.
IV. Conclusion
Together with layer-1 blockchains and decentralized oracle networks, zero-knowledge proofs are set to transform the blockchain industry by enabling projects to build highly scalable, cost-efficient, and advanced applications while preserving users’ privacy.
While there are other layer-2 solutions that may provide a better architecture for certain applications, zk-rollups, validiums, and volitions are set to capture a large volume of users among both individuals and enterprises as the blockchain industry moves towards mass adoption.
Personally, the author claims that the crypto market at the moment, is still not capable of onboarding new streams of users and pulling huge liquidity into the market. However, scaling solutions, supporting the mainchain while maintaining the decentralization of the network and privacy for users, is really the beginning of a new era for crypto.
And the applications of zero-knowledge proof will become an indispensable and integral part towards the goal of mass adoption for the entire crypto market as well as blockchain industry.