You’ve probably heard a lot about ZK proofs and ZK roll-ups in the crypto-industry, but are you familiar with their function and potential? Which questions are ZK proofs solving and could this be the beginning of a new big narrative for the industry? We definitely believe so and in this article we will explain why.

Nowadays we are living in the world with the tremendous level of mistrust that exists in society right now. So can we take the power that’s there in cryptography and help bring groups of people together? Well, we’re just a step away from finding out.

So what exactly is a zero-knowledge proof?

A zero-knowledge proof is a way for a prover to convince a verifier that some statement is true and yet reveal no additional information beyond the fact that the statement is true. Hard to digest? Imagine I do have a box (prover), and I want to prove to you (verifier) I know the combination to open the box, but not to share a password with you. I can let you throw the paper with a message into the box, then open it and read the message. That way I can prove to you that I have the password, without sharing any important message away.

Cryptographers are excited about zero-knowledge not just because of its amazing mathematical properties, but also because of its incredible applicability to so many different scenarios. Let me give you a couple examples of real life applications.

• Would you like to prove to somebody that your wallet holds at least 0.3 BTC without sharing the address of your wallet?

• Would you like to have digital elections and assure it was correctly conducted, all votes counted correctly, but do not reveal the actual vote of any person?

• In medical research - Would you like to prove to the world that your drug works in some specific model without revealing the structure of the compound?

Well, all of those could be implications of usage of the zero-knowledge proofs.

Now we should have a pretty good idea about what the ZK proof means and how life-changing this technology could be. Let’s dive a bit deeper and become more technical.

Outsourced Verifiable Computation

Essentially, this is a way to establish trust quickly and efficiently. By running computations on a third party, a proof can be generated to show that the computation was done with integrity. This is important because it allows for faster off-chain computations, while still maintaining a high level of trust in distributed systems. This is beneficial for scalability and for expanding the potential applications of the system.

Private Computation

The idea is to perform computations but keep certain parts of it hidden, which is very desirable. This concept is central to several consumer-side use cases of zero-knowledge proofs (ZKPs), such as private KYC, anonymous voting, and proof of ownership or activity. For instance, ZKPs on Filecoin can be used to demonstrate accurate data storage while keeping the data itself private.

Succinctness

This is essentially a method of compressing information. The scaling properties of zero-knowledge technology come from the ability to compress information using sublinear verifier times. In the case of zero-knowledge proofs, there is a fixed number of group elements (like transactions), but the actual proof size is much smaller. This means that many transactions can be compressed into a single proof, which is what allows for the technology to scale effectively.

If you are enjoying technical heavy reading, we suggest you to check an article by Zee Prime capital, which can be found here:

https://zeeprime.capital/part-1-Can-We-Kill-Moloch-ZK-Basics-and-Virtual-Machines#what-does-the-world-look-like-post-zk-adoption

If you enjoy easier reading, this could fulfill your curiousness:

ZK-SNARKs are generally faster and produce smaller proofs than ZK-STARKs. However, they require a trusted setup which creates a potential security risk if the randomness used in generating the public parameters falls into the wrong hands. Additionally, the size of the witness can affect the performance of ZK-SNARKs.

On the other hand, ZK-STARKs are slower and produce larger proofs, but they do not require a trusted setup and have better scalability. They are also more transparent than ZK-SNARKs because they rely on publicly verifiable randomness to generate public parameters for proving and verification.

Overall, the choice between ZK-SNARKs and ZK-STARKs depends on the specific use case and requirements. For applications that require post-quantum security, no trusted setup, and better scalability, ZK-STARKs may be a better choice. However, for applications that require faster performance and smaller proof sizes, ZK-SNARKs may be more appropriate.

Simple comparison of zkEVMs can be found below:

Heavy weight reading about this can be found in Vitalik’s blog from the past:

https://vitalik.ca/general/2022/08/04/zkevm.html

As the world is much bigger than EVM and Solidity and overall Web3 space is just an insignificant drop in the sea of all developers (for now), we summarized current projects in non EVM space as well.

The ecosystem we are watching closely in the short term is definitely Starknet.

Starknet is a prominent player in its field, boasting the biggest community of developers and projects despite its Cairo roots. Thanks to the Warp transpiler from Nethermind, which allows for Solidity to Cairo loading, Starknet has gained more traction in the short to medium term, despite not being as seamless as deploying to zkEVMs with fewer types. The ecosystem's scalability features have already produced positive outcomes, such as Topology and Briq.

Others:

Delphinus zkWASM – Wasm based zk VM

zkMove – proving system Halo 2 like Scroll, promising

zkRiscV - rust based, too niche

Tritron VM – rust based, but much more promising than zkRisc

Polygon Miden The specifics regarding the node network's permissionlessness and the roll-up's tokenomics are not well-defined.

Uqbar – built on Cairo as a rollup for ETH, but non EVM, possibly very interesting

These ratios are significant because they influence the optimal hardware for these computations. Although GPUs are commonly used, the complexity of MSMs and FFTs makes Field Programmable Gate Arrays (FPGAs) or Application Specific Integrated Circuits (ASICs) more suitable for efficient processing. Both FPGAs and ASICs are types of customizable computing hardware.

To better understand the relationship between these hardware options and ZK proofs, consider the following points:

1. FPGAs offer flexibility and can be reprogrammed, while ASICs are more efficient but static.

2. ASICs are more efficient due to their higher degree of specialization but come at a higher cost and longer development time. Additionally, their rigidity and slower development pace make them less viable for investment in the face of rapidly evolving proving algorithms. Market offerings seem to focus on generalized approaches that support multiple curves to accommodate most current systems.

3. GPUs can handle MSM relatively well, thanks to their parallelization and multicore capabilities.

4. Higher FFT demands require more customized logic, which can be provided by FPGAs or ASICs.

5. Given the rapidly changing landscape of ZK implementations, FPGAs' flexibility makes them the most attractive option at present

Overall, understanding the computational demands of ZK proofs and the role of hardware options like FPGAs and ASICs is vital for optimizing proof generation and implementation processes

Current status and interesting points:

1. The project has gone through robust testing, multiple tier-1 security audits, public contests, and bug bounties, ensuring that zkSync Era is secure enough for public use.

2. zkSync Era's main goal is to scale freedom, trustless, barrierless, and permissionless economic cooperation. It focuses on making cryptographic technology and blockchains accessible to millions of users.

3. The team has invested heavily in security, spending over a year and $3.8 million on testing and auditing all components of zkSync Era. The project has undergone seven independent security audits, three internal audits, two public security contests, and has an open-ended bug bounty program.

4. zkSync Era's unique architecture includes native account abstraction for an enhanced user experience, a powerful LLVM compiler for EVM languages, data compression for efficient data availability, and hyper scalability for mass adoption of crypto.

Now that the Mainnet Alpha is open, users and projects can bridge their funds to the system and build and deploy their code on the network.

On 27th March 2023 Polygon Labs announced the launch of Polygon zkEVM Mainnet Beta, which is permissionless, public, EVM-equivalent, fast, and open-source. This marks a significant milestone for Polygon, Ethereum, and the entire Web3 ecosystem.

Current status and interesting points:

1. Polygon zkEVM Mainnet Beta has undergone public testnets, making it a leader among EVM-equivalent ZK scaling solutions. The testnets allowed the zkEVM to become faster, cheaper, and more secure.

2. Ethereum co-creator Vitalik Buterin performed the symbolic first transaction on Polygon zkEVM Mainnet Beta.

3. The platform has attracted premier dApps like Lens and Balancer, gaming projects like Midnight Society and Oath of Peak, and infrastructure providers like ANKR, Alchemy, Sequence, and The Graph for integration at launch.

4. Polygon Labs has implemented security measures in two stages during the Mainnet Beta to ensure the highest priority on security. A dedicated Security Council will be able to upgrade Polygon zkEVM rapidly during Stage I, while Stage II will have a series of measures for user protection with greater decentralization and no Security Council with privileged access.

5. Users will be able to force transactions to Ethereum L1 in case of failures, and there's an ongoing bug bounty program with rewards increasing as the network matures.

These are the first two protocols that have already launched on mainnet, with more projects to follow their lead.

Until recently, centralized exchanges struggled to display their balances due in part to their own misbehavior, but also because revealing their wallets would expose their expertise. Similar challenges are faced by investment funds and other market players. ZKPs offer a solution to these problems.

Below are a few more detailed examples of how ZKPs can be used in complex scenarios:

Anonymous payments

Payments made with credit cards are often visible to multiple parties, including the payments provider, banks, and other interested parties such as government authorities. While this financial surveillance can help identify illegal activity, it also infringes on the privacy of everyday citizens.

Cryptocurrencies were initially created to offer users a way to make private, peer-to-peer transactions. However, most cryptocurrency transactions are publicly visible on blockchains, and user identities are either linked to real-world identities or can be connected using basic data analysis.

To address these issues, "privacy coins" such as Zcash and Monero have been developed to enable completely anonymous transactions. These privacy-focused blockchains shield transaction details, including sender and receiver addresses, asset type, quantity, and transaction timeline, by integrating zero-knowledge technology into their protocols. This allows nodes to validate transactions without requiring access to transaction data.

Zero-knowledge proofs are also being used to anonymize transactions on public blockchains. For instance, Tornado Cash is a decentralized, non-custodial service that leverages zero-knowledge proofs to conceal transaction details and safeguard financial privacy on the Ethereum network. Nonetheless, because these privacy tools are optional, they are often associated with illegal activities. To solve this problem, privacy needs to become the default on public blockchains in the future.

Identity protection

Identity protection is currently a concern as personal information is at risk in current identity management systems. Zero-knowledge proofs can address this by allowing individuals to validate their identity without revealing sensitive information.

Zero-knowledge proofs are especially beneficial for decentralized identity systems, where individuals can control access to their personal identifiers. For instance, zero-knowledge technology can enable a user to prove their citizenship without disclosing their tax ID or passport details.

Authentication is another area where zero-knowledge proofs can simplify the process for both users and platforms. Instead of requiring users to provide personal information, such as names and email addresses, users can generate a ZK-proof using public and private inputs to authenticate their identity. This enhances the user experience and eliminates the need for organizations to store large amounts of user data.

Verifiable computation is crucial to improving processing speeds on blockchains without reducing security. To understand this, it's essential to know the differences in proposed solutions for scaling Ethereum. On-chain scaling solutions, such as sharding, require extensive modification of the blockchain's base layer. However, this approach is highly complex, and errors in implementation can undermine Ethereum's security model.

Off-chain scaling solutions, on the other hand, don't require redesigning the core Ethereum protocol. Instead, they rely on an outsourced computation model to improve throughput on Ethereum's base layer. The off-chain execution model works by processing transactions on a separate chain and returning the results to be applied to Ethereum's state.

The main advantage of off-chain execution is that Ethereum doesn't have to do any execution and only needs to apply results from outsourced computation to its state. This reduces network congestion and also improves transaction speeds. The chain needs a way to validate off-chain transactions without re-executing them, or else the value of off-chain execution is lost.

This is where verifiable computation comes into play. When a node executes a transaction outside of Ethereum, it submits a zero-knowledge proof to prove the correctness of off-chain execution. This proof, called a validity proof, guarantees that a transaction is valid, allowing Ethereum to apply the result to its state without waiting for anyone to dispute it.

Zero-knowledge rollups and validiums are two off-chain scaling solutions that use validity proofs to provide secure scalability. These protocols execute thousands of transactions off-chain and submit proofs for verification on Ethereum. Once the proof is verified, the results can be applied immediately, allowing Ethereum to process more transactions without increasing computation on the base layer.

Reducing bribery and collusion in on-chain voting

Blockchain voting schemes offer several advantages, such as being fully auditable, secure against attacks, resistant to censorship, and free from geographical constraints. However, even on-chain voting schemes are not immune to collusion. Collusion refers to coordinating to limit open competition by deceiving, defrauding, and misleading others, and it may take the form of a malicious actor influencing voting by offering bribes. For instance, Alice might receive a bribe from Bob to vote for option B on a ballot, even if she prefers option A.

Bribery and collusion limit the effectiveness of any process that uses voting as a signaling mechanism, especially where users can prove how they voted. This can have significant consequences, especially where the votes are responsible for allocating scarce resources. For example, quadratic funding mechanisms rely on donations to measure preference for certain options among different public good projects. Each donation counts as a "vote" for a specific project, with projects that receive more votes getting more funds from the matching pool.

Using on-chain voting makes quadratic funding susceptible to collusion. Blockchain transactions are public, so bribers can inspect a bribee's on-chain activity to see how they “voted.” Thus, quadratic funding ceases to be an effective means for allocating funds based on the aggregated preferences of the community.

To address this issue, zero-knowledge proofs can be used to protect voter privacy in on-chain voting schemes. By using a zero-knowledge proof, Alice can prove that she voted without revealing her vote to anyone, including Bob. This way, bribery and collusion can be reduced, and the voting process can remain effective. Additionally, zero-knowledge proofs can be used to ensure that the voting results are accurate, without revealing individual votes or preferences.

There is an interesting article about how ZKps can fight against missinformation.

https://medium.com/@boneh/using-zk-proofs-to-fight-disinformation-17e7d57fe52f

The potential of information compression technology to improve the scalability of state machines and cater to a larger user base is evident. However, what remains unclear is what will drive users towards web 3 in the first place.

The use of zero-knowledge proofs will redefine data management by allowing users to meet compliance requirements and verify information without compromising personal data or trade secrets. The adoption of zero-knowledge solutions in the blockchain space is rapidly scaling the ecosystem and improving user privacy. Ultimately, the enhanced privacy, security, and efficiency of digital systems will have a far-reaching impact across various industries, including blockchain networks, voting systems, and supply chains.

This really restores and also goes far beyond the earliest hopes people had for crypto as basically “backend payment system for web2”. It can be truly revolutionary and that's also why we consider ZKPs as a truly dominant future narrative we need to be prepared for.