Application of zero-knowledge proof technology

What is Zero Knowledge Proof

Zero-Knowledge Proof (ZKP) is an important part of modern cryptography. It refers to the prover's ability to convince the verifier that a hypothesis is correct without providing the verifier with any useful information.

**Zero-knowledge proof is essentially an agreement involving two or more parties, that is, a series of steps that two or more parties need to complete a task. **The prover proves to the verifier and makes the verifier believe that he/she knows or has a certain message, but will not disclose any information about the proven message to the verifier during the proof process. In layman's terms, the prover can not only prove what he wants to prove, but also disclose "zero" information to the verifier at the same time.

There are already many Chinese materials that have introduced more concepts of zero-knowledge proofs, so I won’t go into details here.

The main application of zero-knowledge proof in the blockchain field

Two important features of zero-knowledge proof technology are the main factors for its application in the blockchain field:

1. **Zero-knowledge proof can protect the privacy of data and prove its validity without disclosing data information. **
2. **Zero-knowledge proof can prove a large amount of data by generating a small amount of proof, which plays an important role in compressing the amount of data and improving performance. **

Therefore, the two directions of zero-knowledge proof are: privacy protection and blockchain expansion. The following are respectively described:

privacy protection

Privacy protection has always been an extremely important concept in blockchain, representing the ability to protect transactions and participants in a distributed network.

Blockchain has always advocated anonymity, participants do not need to use their real names in most transactions, but can reuse public key hashes as transaction identifiers to identify transactors. However, these transactions are pseudonymous rather than truly anonymous. By default, every transaction of a user is public, and once a user's address is locked, it can be used to review the source of funds, calculate the position of the position, and even analyze the user's on-chain activities.

Zero-knowledge proof technology can confirm the validity of transactions by submitting proofs without revealing any information, and realize the complete anonymization of transaction information. In the development stage of encryption that emphasizes privacy issues, many developers are committed to the exploration of private public chains. The privacy protection and data compression capabilities of zero-knowledge proof are the main reasons for becoming a public chain component technology. During this time, projects like Zcash and Monero have achieved exceptional results. Taking Zcash as an example, Zcash initially adopted the Pinocchio protocol and switched to the Groth16 proof system in 2019.

Zcash wallet addresses are divided into hidden addresses and transparent addresses. Transactions between transparent addresses are no different from Bitcoin (BTC) transactions: the sender, receiver, and transaction amount are all publicly visible; transactions between hidden addresses also appear on the public blockchain, but the address of the transaction , fund amount and memo fields are encrypted, and zk-SNARK will prove the validity of the transaction according to the network consensus rules; in addition, transactions can also be made between hidden addresses and transparent addresses.

Zcash is audit and regulatory friendly while preserving transaction privacy. The sender and receiver of a hidden address transaction can disclose transaction details to third parties for witnessing, compliance or auditing needs.

Scalability

The "impossible triangle" is an eternal problem faced by L1 blockchains such as Ethereum. Different chains always find a balance between decentralization, security and scalability.

Ethereum focuses more on decentralization and security, so it has to face scalability limitations. High gas fees and long transaction confirmation times on Ethereum severely impact user experience. Therefore, its core development team and community have been exploring various scalability solutions.

There are two ways to scale a blockchain:

1. **Scale the L1 blockchain itself, either by increasing the block size or by sharding. **The nodes in the blockchain network are divided into several relatively independent shards.

The processing scale of a single shard is small, and even only stores part of the network state. But in theory, under the condition that multiple shards process transactions in parallel, the throughput of the entire network will be improved. However, this approach sacrifices decentralization. 2. **Transfer the transactions on the L1 network to the L2 layer, L2 collects the transactions, and then sends them to the L1 network for settlement. **This way, you only pay gas once per batch of transactions, instead of paying gas per transaction.

As a result, gas costs are shared equally among all transactions, effectively reducing the cost per transaction. In this way, L1 becomes the settlement layer for all transactions executed on L2. L2 scaling solutions can solve L1 scalability issues without sacrificing decentralization and security.

Of course, the L2 scaling solution has also experienced the evolution from state channel to Plasma and then to Rollup. Currently, Rollup is the most mainstream and potential L2 solution.

Rollup refers to performing complex calculations and state maintenance off the chain first, and then saving data related to state changes on the chain by using cheaper CALLDATA through contract calls, and summarizing and packaging a large number of transactions into one transaction , and finally improve TPS on the premise of ensuring data availability.

The common denominator of Rollup solutions is the emphasis on the availability of on-chain data. That is to say, anyone can restore the global state based on the data saved on the chain, thereby eliminating security risks caused by data availability issues.

In addition to compressing the calculation amount on the chain, another aspect of zero-knowledge proof is to ensure the correctness of data.

The ZK Rollup solution started in the second half of 2018. The key to this solution is ZK. The state change of each ZK Rollup solution requires a zero-knowledge proof provided and verified by a contract on the main chain.

The state can only be changed if it is verified. That is to say, the state changes of ZK Rollup strictly depend on cryptographic proofs. (Note: For a detailed explanation of the principle of ZK Rollup, please refer to "A Clear Perspective on Layered and Cross-chain Methods" by Li Hua)

Of course, there are other rollup solutions, such as the optimistic rollup formed in the second half of 2019. It does not require rigorous validation of every state change.

It first optimistically assumes that every change is correct, and then challenges the change within a certain time limit. If the challenge is successful, it proves that there is a problem with the previous submission, the submitter will be punished, and the state will be rolled back.

That is to say, the state change of optimistic Rollup depends on economic incentives and games.

The outstanding problem of ZK Rollup is that it is difficult to achieve programmability, but the technological development in the past two years seems to break through this bottleneck, and the implementation of zkEVM can achieve programmability; the most concerned issue of optimistic Rollup seems to be when funds return from Layer 2, Due to delays during the challenge period, intermediaries are available to provide prepaid services.

Therefore, the optimistic Rollup solution is faster to implement. But zkEVM may have even more potential.

Zero-Knowledge Proof Rising Star Solution

In the early zero-knowledge proof projects, although Zcash and Monero performed well in terms of privacy protection, they can only be used as a means of value storage, and it is difficult to cooperate with other applications.

As mentioned above, with the efforts of many developers, zero-knowledge proofs can be used for general computing and combined with smart contracts to explore the greater potential of zero-knowledge proof technology. The following mainly introduces the two projects launched this year.

Aleo: General Privacy Computing Public Chain

The Aleo project was formally established in 2019, and its members include world-class cryptographers, engineers, designers, and operators from companies such as Google, Amazon, and Facebook, as well as research universities such as UC Berkeley, Johns Hopkins, NYU, and Cornell.

Aleo built the zkCloud system for protecting identities and transactions, and protected identities can interact directly with each other (such as asset transfers) or be programmed through smart contracts. In a typical public blockchain, programs are executed on a global "virtual machine" (VM) run by each network node. Therefore, every node on the network must recalculate (and collectively approve) every step of a given program, which is inefficient, slows down, and increases costs for users. zkCloud solves these limitations by separating the running of the application from the state maintenance of the blockchain (on-chain + off-chain), combined with recursive zero-knowledge proofs, enabling Aleo to achieve complete programmability and privacy protection, and With higher transaction throughput.

Aleo built a programming language called Leo, which is more friendly and provides a better environment for zero-knowledge proof application developers. Leo is a statically typed programming language inspired by Rust, designed for writing intimate applications.

At present, the Aleo network has gone through three rounds of testing, and is currently actively guiding the development of the ecology, encouraging the community to participate in the construction of ecological applications through points. Aleo is a public chain, and its Prover participates in network construction through zero-knowledge proof. In the early Test3, there were more than 400,000 graphics cards participating in the test. As a test network, this is a very large scale. Aleo originally planned to go online in the third quarter of this year. According to the current situation, it is estimated that it may go online at the end of the third quarter or the fourth quarter. Sustained attention.

Scroll: EVM's zk native solution

Scroll Tech aims to build a zk-Rollup compatible with Ethereum and build a strong proof network. After months of exploration, they have made significant technical progress.

The goals of Scroll include:

1. Build a zk-Rollup that is fully compatible with EVM. Supports direct verification of Ethereum blocks by verifying the consistency and integrity of each opcode during EVM execution. In this way, L1 smart contracts can be seamlessly migrated to Scroll without any modification.
2. Realize and standardize the outsourcing of Layer 2 certification. Scroll designs a powerful outsourcing mechanism that incentivizes verifiers to generate zero-knowledge proofs for them. The Scroll team plans to standardize this scheme for the wider field of off-chain computing. This will open a new proof market. Developers can deploy complex contracts in Scroll without considering the gas limit. Many new applications can be implemented off-chain and proofs submitted on-chain. To this end, the team also built the world's fastest GPU and ASIC prover. The long-term goal is to achieve full decentralization and reduce the impact of MEV.
3. Upgrade to a new proof system. Scroll plans to employ a new layered zero-knowledge proof system. The first layer is an efficient proof generation layer with custom circuit optimization and hardware-efficient proof algorithms. The second layer is an efficient verification layer with concise proofs and verification algorithms compatible with EVM. Compared with existing solutions, the system has the potential to support larger programs and more functions than EVM, such as privacy protection.

These advancements by Scroll Tech are significant in the field of zk-Rollup and Layer 2 scaling solutions, demonstrating their commitment to compatibility, efficiency, and decentralization.

In its Alpha test, Scroll has already connected a large number of applications, realizing its promise that EVM applications can be directly ported to Scroll. The Scroll mainnet is expected to be launched within 3 months. After the Scroll mainnet is launched, a decentralized Prover network will be further realized, which will give everyone more opportunities to participate.