Zero-knowledge proofs (ZKP): principle and applications
Optimistic and Zk technologies to increase the scalability of the Ethereum blockchain. Source: Pixabay
We occasionally hear about zero-knowledge proofs (or ZKP) in the cryptocurrency realm, which allow for the anonymization of certain transactions. Let’s take a look at what zero-knowledge proofs are, how they operate, and how they’re employed.
Cryptographic algorithms are responsible for the creation of Bitcoin and the cryptocurrencies that make up the ecosystem that we are so interested in. These have highly specific functions and are designed to satisfy specific demands, such as the autonomous administration of a wallet. We can thereby establish that we own our bitcoins without having to reveal our identities via keys, transaction signatures, and other procedures. As a result, Bitcoin was created, a system that was neither anonymous nor pseudonymous.
Could we, however, go one step farther and set up anonymous transactions? Other cryptographic bricks, such as zero-knowledge proofs, would then be required.
What are zero-knowledge proofs or ZKP?
Zero-knowledge proofs (ZKP), also known as proofs with zero disclosure of knowledge in French, are protocols that allow an actor to demonstrate the reality of a situation without having to reveal any information about it. For example, this might demonstrate to a user that he holds bitcoins without revealing his signature or public address. This can also be used to prove identity without having to divulge it outside of the context of crypto-currencies. We’ll go over these two very important instances in more detail later, but first, let’s look at where these protocols came from.
The term “zero-knowledge proof” is relatively new, yet it clearly has nothing to do with the current bitcoin ecosystem. This word was first used in a scientific publication in 1989 by three specialists — Shafi Goldwasser, Silvio Micali, and Charles Rackoff – who explained several topics connected to cryptographic proofs. These proofs have now become a topic of research in cryptography on their own.
How do ZKPs work?
Because ZKPs are tailored to individual situations, there are numerous procedures available. Indeed, each instance necessitates a different scenario, and the protocol is tailored to these factors.
However, because ZKPs are based on general principles, there are several instances to demonstrate how they operate.
How to solve this problem of scalability?
Higher transaction capabilities can be built into a blockchain. However, the fundamental problem of this approach is that “bigger block” blockchains are intrinsically more difficult to validate and risk becoming more centralized.
To mitigate this risk, developers can improve client software efficiency or utilize technologies such as sharding to split the task of generating and validating the chain over different nodes. This approach is being implemented by the ” Ethereum 2.0 ” project.
It is also possible to change how the blockchain is utilized. Users do most of their activity off-chain through so-called “level 2” protocols, often known as “layer 2”, rather than placing all of their action directly on the blockchain.
The main chain then has a smart contract with only two missions: processing deposits and withdrawals, and checking proofs that everything that happens outside the main chain follows the rules. There are numerous methods for performing these proofs, but they all have one thing in common: verifying proofs on the main chain is far less expensive than computing them off the chain.
What are the main layer 2 protocols?
State channels, Plasma, and rollups are the primary protocols aiming at fixing the Ethereum blockchain’s scalability problem by adding a second layer. The first two solutions are Level 2 layer representations in “full” form.
Plasma and state channels do aim to transfer data and computations off the mainchain, however this creates security concerns because these transactions do not take use of the Ethereum mainchain’s security.
Rollups are a type of level 2 representation that is “hybrid.” That is, they offload the processing while keeping certain per-transaction data on the blockchain. As a result, in addition to exporting a portion of the computation and validations outside of the chain, the data kept on the chain is compressed to reduce its size and gas consumption.
As a result, although a traditional transaction on the Ethereum main chain costs on average 45,000 Gwei, it only costs 300 Gwei when carried and compressed thanks to a rollup.
How does a rollup work?
Rollups use Merkle trees, just like other blockchains, especially Ethereum. As a result, all of a rollup’s data must potentially be contained in a Merkle tree that serves as a state reference.
Each rollup solution thus benefits from a smart contract that can be located on the network’s main chain, which holds the rollup’s root state and concretely constitutes the contract’s code. This considered valid state serves as the foundation for judging future states.
As a result, only the state’s root is broadcast on the main chain, and anyone can recalculate all of the tree’s branches and leaves starting from this point.
Users can post a block, which is a group of transactions in the form of a Merkle tree, together with the root of the old and new state, when new transactions are recorded on the second layer of the network. The proposed root state and its prior state will be validated by the rollup smart contract on the chain, and if they match, the new root state will become the rollup’s current state.
However, it is now critical to understand what occurs when a malicious actor broadcasts a fake root state that should not be recognized by the network. There are several methods available, as well as various types of rollups, the most noteworthy of which are Optimistic Rollups and ZK Rollups.
What are Optimistic Rollups?
The projects linked to Optimistic Rollups are evolving to the point where their general operation may be seen. Funds are maintained on an on-chain smart contract, while off-chain transactions are aggregated and published in a compressed manner to the Ethereum main chain using this technology. Optimistic Rollups are based on a “validity game” in terms of security. Two actors coexist in this situation:
Aggregators whose purpose is to collect transactions and announce the change of state on the main chain;
Transmitters who make transfers and post their transactions on the network.
It’s vital to note, however, that the publication of these declarations is not subject to any cryptographic proof. The aggregator does indeed aggregate the transactions and determines the new state of the rollup’s Merkle tree root. His suggestion will only be considered valid when it has been published for seven days. The verification takes place throughout this time. Anyone who can compute the published state’s root can check whether the latter is correct.
After 7 days, if no one objects, the changes are permanently recorded on the Ethereum blockchain. If someone disagrees with the new state, they can sue the aggregator by releasing the genuine root and recovering some of the collateral that the dishonest aggregator had deposited as collateral. This technique is referred to as ” optimistic ” since it ensures that the network and states are trustworthy as long as at least one genuine validator exists.
The primary downside of Optimistic Rollups is that they are far less scalable than ZK Rollups or Plasma. These rollups do, in fact, have a 7-day withdrawal time from the rollup to the Ethereum blockchain. Due to the length of the verification process, it can be highly inconvenient to use. The key issue, however, is the optimistic security architecture, which requires that a majority of honest validators and at least one aggregator who does not censor transactions exist.
What are ZK Rollups?
The ZK Rollups, also known as Zero-Knowledge Rollups, inherit the particular qualities of the rollups, allowing them to aggregate hundreds of off-chain transactions while publishing a cryptographic proof of the state of the balances at the end of these transactions on the main chain. In a system that uses rollups, two sorts of users coexist:
Transmitters who make transfers while putting their transaction on the network;
Relayers who collect data from transactions and generate the SNARK proof when there are enough of them formed by a rollup to indicate the difference between the condition of the accounts before and after the rollup.
To become a carrier, a user must deposit funds as collateral on the rollup smart contract to ensure that no transactions are altered or withheld. If he makes a mistake, a portion of his collateral will be imputed. In theory, this method appears to be great because the costs are incredibly low and it is faster than Plasma or Optimistics Rollups. The information held on the main chain is lowered by ZK Rollups, which logically increases the scalability of the Ethereum network.
However, ZK Rollups, like any technology, have substantial downsides. Because zero-knowledge proofs are difficult to compute, this solution’s scalability capabilities are limited. Finally, certain attacks can be catastrophic against ZK Rollups, particularly when initializing the rollup or constructing the first state, because the initial configuration of a ZK Rollup is dependent on an unprovable state of trust.
What are the differences between Optimitic Rollups and ZK Rollups?
Here’s a table that shows how Optimitic Rollups and ZK Rollups differ in terms of priorities:
Fixed cost of gas per batch
Gas cost per transaction
Off-Chain Compute Costs
Little cost per batch
High mathematical complexity
About 1 week
Very fast (just wait for the next batch)
Easier, because close to the main network
Differences between Optimistic and Zk Rollups – Source: Crypto.org
Rollups can mostly be divided into two categories: optimistic and zero-knowledge (ZK).
In the event of a challenge, optimistic rollups presume that the transactions are genuine by default and just execute the calculation through a fraud-proof. Basically, when you make a transaction, you also lock up a portion of your ETH, so if the authenticity of your transaction is questioned and your fraud is exposed, you lose a portion of it. This procedure could take up to a week. Instead, ZK rollups compute off-chain and submit validity proof to the chain. ZK rollups combine hundreds of off-chain transfers and provide cryptographic proof (SNARK). This is referred to as validity proof, and it is displayed on layer 1.
What are the limits of rollups?
There are still many gray areas in the design of rollups, as well as other issues that must be solved. We can specifically mention:
User onboarding: because rollups are used by few decentralized applications and few users are aware of them, few platforms support them.
Pre-confirmation security: For speedier user experiences, several rollups include “pre-confirmation,” in which the sequencer immediately promises that a transaction will be included in the next batch and the sequencer’s deposit is destroyed. He breaks his promise. However, the economic security of this paradigm is limited by the inability to make promises to multiple actors at the same time.
Applications of ZKPs
ZKPs have a wide range of applications because they are not limited to crypto-currency or decentralized identity systems, which we shall look at later. Indeed, they can participate in the transmission of sensitive information without acknowledging sources, such as the assessment of various countries’ armed forces. Finally, as we will see, they are commonly employed in the context of blockchain platforms.
The use of a ZKP protocol, for example, can make cryptocurrency transactions anonymous. Indeed, several blockchains that promise to be anonymous use ZKP methods to ensure their users’ confidentiality. However, some of these methods can be included in smart contracts to allow anonymity within existing platforms. This is the case with Tornado Cash, which recently released its version 2 and which we covered on TheSurferInvestor. This service successfully anonymizes Ethereum transactions by using evidence without disclosure.
However, where ZKP protocols really shine is in the context of decentralized identities. Indeed, one of the issues with decentralized identities is the selection and limitation of shared data. Nobody wants to reveal some sensitive data to everyone, and medical data is at the top of the list.
There are various advantages of adopting ZKPs for personal data management solutions:
They are mainly GDPR compliant because the system was designed with data protection in mind.
Within the framework of open protocols, they provide users with a high level of transparency.
But, if centralized systems may provide these benefits through full disclosure of information, ZKPs allow us to go even further.
First and foremost, the information is not disclosed; this is the premise. As a result, they cannot be stored, leaving them vulnerable to attacks, or transferred to third parties that are less transparent about their use. If you’re interested in the subject, I recommend Blockchain Partner’s excellent work on it.
One application of ZKPs that is less well-known to the general public yet has intriguing promise is in scalability solutions. Zero-disclosure signatures, which are commonly used in Ethereum overlay projects, allow for a greater number of transactions to be completed in a given amount of time by transmitting only the transaction evidence. As a result, less data is distributed on the network while ensuring the confirmation of the latter’s consensus. Examples of ZKP scalability protocols exist today, most notably on top of Ethereum.
We should highlight ZK-Rollup and its implementation zkSync, an Ethereum DApp that allows for lower-cost Ethereum transactions. As a result, it is a micropayment solution with drawbacks in use. For example, we observe a rather centralized initial scheme, as well as a higher requirement for computational capacity for zero-disclosure proofs than for conventional transactions.
This finishes our discussion of zero-knowledge proofs, how they function, and the use cases that we are interested in. Today, Ethereum has the most active community on the topic of zero-disclosure proofs. However, they are not necessarily tied to blockchain technologies, but rather to trustless protocols in general. If you have any questions or comments about this article, please leave them in the comments section or on social media.
Conclusion on rollup technology
As a result, rollups represent a strong new paradigm for addressing the Ethereum blockchain’s scalability issue. They will undoubtedly form the foundation of Ethereum scaling in the near to medium term (and possibly the long term).
The Ethereum community has embraced them because, unlike prior attempts to move to Ethereum’s second layer, this one can support generic Ethereum Virtual Machine (EVM) code, allowing current applications to simply transfer to new solutions. To accomplish this, they reached an important compromise: instead of attempting to totally bypass the mainchain, they agreed to leave a tiny bit of data for every transaction on it.
There are many different sorts of rollups and many different ways to build them, ranging from Optimistic Rollups that employ evidence of fraud to ZK Rollups that use proof of validity. Sequencers (people who can submit batches of transactions to the chain) can be either centralized actors or simply ordinary users, giving them a lot of leeways.
Rollups are thus a developing technology that is now in use, and some of them (such as Loopring, ZKSync, and DeversiFi) are widely established throughout the blockchain ecosystem. This is only good news for the Ethereum network, which will progressively lose its excessive fees.
How to invest in ZkSync?
So far there is no token for the ZkSync technology or protocol. Only VC managed to invest in ZkSync. However, if you want to profit from ZkSync, you could get exposure to ZkSync via holding Eth. If zkSync succeeds, Ethereum will too
How to get the ZkSync airdrop?
I personally recommend Argent wallet, deposit, transactions, swaps as well as minting NFTs on ZkSync. Lastly, use the zigzag protocol. None of this is financial advice. Also have a look at the following guide.
When is the ZkSync Airdrop?
No one knows, but people except an L2 sommer!
How can I invest in the next scaling solution (ZK-roll up, Optimistic, Arbitrum)
So far there is no token for those protocols. I would suggest using those protocols as much as you can. E.g. using bridges, making swaps, and providing liquidity. This will increase the chances that you will get an airdrop later on.
Is Arbitrum a Zk Rollup?
No, Arbitrum is an Optimistic rollup. See a quote from their team. “We built Arbitrum as an Optimistic Rollup (OR) because we believe that OR is the best way to meet users’ realistic needs for a secure, trustless, EVM-compatible L2. We chose optimistic over ZK because of the inherent scalability and cost advantages of optimistic systems; we would still make the same choice today.”
Zero-Knowledge Proofs: Principle And Applications – Summary
The proposed root state and its prior state will be validated by the roll-up smart contract on the chain, and if they match, the new root state will become the rollup’s current state.
There are several methods available, as well as various types of rollups, the most noteworthy of which are Optimistic Rollups and ZK Rollups.
The ZK Rollups, also known as Zero-Knowledge Rollups, inherit the particular qualities of the rollups, allowing them to aggregate hundreds of off-chain transactions while publishing a cryptographic proof of the state of the balances at the end of these transactions on the main chain.
Relayers collect data from transactions and generate the SNARK proof when there are enough of them formed by a rollup to indicate the difference between the condition of the accounts before and after the rollup.
Finally, certain attacks can be catastrophic against ZK Rollups, particularly when initializing the rollup or constructing the first state, because the initial configuration of a ZK Rollup is dependent on an unprovable state of trust.
User onboarding: because rollups are used by a few decentralized applications and few users are aware of them, few platforms support them.
There are many different sorts of rollups and many different ways to build them, ranging from Optimistic Rollups that employ evidence of fraud to ZK Rollups that use proof of validity.