Talk About the Current State and Future of Zero-Knowledge Proofs with Manta Network
Recently, the Manta Network( referred to Manta as follow) team has been busy.
From September to November, the Manta Network team has been active all over the world. Whether it is the annual event of the entire Web3 industry, such as Token 2049, the sixth DEVCON Ethereum Developer Conference, or regional blockchain weeks, such as SF Blockchain Week, Vietnam Blockchain Summit 2022, Lisbon Blockchain Week and college blockchain conferences of Columbia University. All of them have left the voice of Manta’s core contributors.
In fact, with the growth of DeFi boom, the completion of the Merge of Ethereum, smart contracts and the privacy protection & computing of off-chain data have become a new rigid need. More and more top VCs and developers are still entering, the competition on the privacy track is becoming increasingly fierce. Zero-knowledge proofs have become a hot genre in recent years.
As Polkadot’s first on-chain privacy protection protocol based on zero-knowledge proofs, Manta has been supported by top investment institutions such as Polychain, ParaFi and Binance Labs. After nearly two years of development, it has become a strong player in the privacy track. It is no surprise that the industry needs the voice of Manta Network.
So in the view of the Manta team, what kind of solution does zero-knowledge proofs provide for Web3 privacy? What is the current progress? As a leader in the zero-knowledge proofs sector, what progress has been made? Oneblock+ spoke to Shumo, co-founder of Manta Network, to get answers to these questions.
The Guest of This Interview
Shumo, Ph.D. from the University of Washington, has published many papers in top academic journals in the United States. He led the research and development of Algorand’s smart contracts. Shumo has rich experience in the implementation of blockchain technology. What’s more, he is a top cryptography expert in the industry.
In the interview, Shumo explained in detail the current situation and related problems of the zero-knowledge proofs track. He explained the solution from Manta and the optimization of the underlying technology. According to him, Manta is already working on zero-knowledge proofs of Trusted Setup. Manta will soon launch the privacy payment product MantaPay, and more privacy products will be launched next.
In response to the chock point of the industry with a high technical threshold of zero-knowledge proofs, Manta not only completes its own emergency development tasks, but also invests part of its resources and time into the overall development of the ZK field, such as releasing the open-source ZK library OpenZL initiative and focusing part of its energy on the research of programmable privacy. For developers who want to learn zero-knowledge proofs, Shumo also gave sincere advices and thoughts.
The Latest Progress of Manta
OneBlock:As an old friend of OneBlock, we have noticed that Manta has made a lot of progress recently. Can you introduce briefly the project and share the latest progress in technology and products?
Shumo:Manta started in October 2020 and has been established for two years now. We firmly hold the idea of solving the privacy problems in the blockchain world, because all the data on the blockchain is public and permanent. Once the public key, address and personal identity on the chain are connected, you will always be in a naked state in the future. So we feel that privacy issues are the biggest constraint for blockchain to go mainstream and even to 1 billion people. That’s what Manta wants to solve.
From the perspective of technical architecture and market, we thought it was most appropriate to build a privacy layer on Polkadot. At that time, when zero-knowledge proofs were not particularly popular. Various development tools were still relatively scarce, we were very lucky to have a very strong development team. At that time, we found that none of the privacy products on the market were very easy to use, and made the first version of the testnet in three months, which was launched in August last year. And then, we iterated on two more versions of the testnet: the second version of the testnet in April this year, and the third version of the testnet in November.
From a technical point of view, Manta has a very strong cryptography team in the industry. Our zero-knowledge proofs protocol is inspired by Zcash, but at the same time much more powerful than Zcash. I conclude basically with three reasons:
First, ZCash is a single-asset privacy protocol. Manta is a multi-asset privacy protocol.
Second, Manta supports a richer asset type than Zcash, which began to only support Fungible tokens(FT). We support both FT and NFT.
Third, the implementation of Manta’s privacy protocol is much more efficient than ZCash. For example, Manta generates zero-knowledge proofs 10 times faster than ZCash.
In addition, we use Polkadot’s cross-chain protocol XCM based on the entire Polkadot ecosystem. In order to open up the privacy layer of the entire Polkadot asset.
From a product perspective, we borrow a lot of mainstream Web3 product design ideas, such as Uniswap. In addition, our product itself is relatively easy to use, and behind the application is actually the iteration of our team’s three versions of the testnet.
After the testnet has reached a relatively satisfactory level, we have recently started working on zero-knowledge proofs Trusted Setup and opened up the Trusted Base to the community. More than 10,000 people have signed up. The principle is that as long as one person in 10,000 people is honest, then the credibility of the zero-knowledge proofs circuit is guaranteed. After the Trusted Setup ceremony, the first version of the privacy payment product — MantaPay, will be launched.
OneBlock:As the first on-chain privacy parachain on Polkadot, what advantages do you think Polkadot has over other ecosystems in trying to carry out zero-knowledge proofs privacy?
Shumo:First of all, Polkadot is very decentralized, but also ensures high performance. Second, its high performance is not exchanged for sacrificing decentralization. The third point is Polkadot Substrate’s modular development tools, which are very development-friendly.
Trusted Setup of Zero-Knowledge Proofs
OneBlock:Can you tell us more about the details of Trusted Setup?
Shumo:In the zero-knowledge proofs circuit, you need to have a public key to generate a zero-knowledge proofs circuit, the public key actually corresponds to a private key. If a person gets the private key corresponding to the public key of the zero-knowledge proofs, then he may forge the zero-knowledge proofs. That is a technical detail that needs to be considered at the beginning of the design of the zero-knowledge proofs protocol.
What should we do so that the private key of this public key is not known to others?
We now need a Trusted Setup, applied to a multi-party secure computing cryptography protocol, that is, the private key is divided into several parts. Each participant who gets the private key fragment is called toxic waste. We designed software in Trusted Setup, which will throw away each participant’s toxic waste. If you destroy your share, there is no attacker who can use the toxic waste. If 3,000 people participate, as long as one of them is honest, then the entire private key is completely confidential and cannot be used for evil.
More information about the trusted settings of Manta, please refer to:https://docs.manta.network/cn/docs/concepts/TrustedSetup
Expertise and Focus on Zero-Knowledge Proofs of Manta
OneBlock:At the recent ZK House event, the Manta team met with a brand new look of p0xeidon labs. What is the relationship between p0xeidon labs and Manta? What are the different missions between them?
Shumo: Manta is a Project. p0xeidon labs is equivalent to Manta’s development entity, which supports Manta’s operation. There will be more development in the future, including SDK and Manta API. We will also do some longer-term research and research. For example, we have done a new research project — p0xeidonVM, focusing on how to do programmable privacy research.
OneBlock:ZKP is a relatively new technology. The discussion on Web3 has only gradually increased in the past year. Why did Manta firmly choose zero-knowledge proofs technology instead of other privacy technologies such as TEE as a technical solution when it was founded? Can you share your thoughts about it?
Shumo:Everyone knows that there is a timeline for technological development, from immature to mature. I personally have been paying attention to zero-knowledge proofs since 2018, and 2019 was a very important turning point for me. When I was a research scientist at Algorand, which has the strongest cryptography team in the industry. The founder of Algorand was Turing Award winner and MIT professor Silvio Micali. He is also the inventor of zero-knowledge proofs.
What is not known is that Algorand also had Craig Gentry, the inventor of fully homomorphic encryption at that time. The team had a very strong cryptography atmosphere. Everyone believed that zero-knowledge proofs are the future trend when communicating.
After leaving Algorand, I went to the University of California Santa Barbara as an assistant professor working on compilers for zero-knowledge proofs. So I had been doing zero-knowledge proofs before I started Manta.
The reason why Manta has firmly chosen zero-knowledge proofs technology, from the beginning, is because of the general trend. The whole society is developing in the direction of restlessness, and the entire blockchain system is solving the trust problem. At present, zero-knowledge proofs have two major application directions:
The first is rollup, which packages transactions to provide proof for verification.
The second is privacy protection, and the main privacy technologies are zero-knowledge proofs and trusted execution environments (TEE).
However, we believe that TEE is not suitable for implementing privacy in a decentralized environment. A viable execution environment cannot fundamentally solve the problem of privacy. In the long run, zero-knowledge proofs turn on-chain ciphertext transactions into reality. They are the only solutions to on-chain privacy.
OneBlock:What are the subdivisions of zero-knowledge proofs technology at present? How does Manta’s technology approach innovate on ZKP?
Shumo:Now the application of zero-knowledge proofs is very extensive. If you had asked me this question two years ago, I would probably have answered you zk-SNARK and zk-STARK. But now zero-knowledge proofs that specific technical development is already modular. zk-SNARK and zk-STARK are just polynomial promises.
From the perspective of zero-knowledge proofs system, there is basically the difference between zk-SNARK and zk-STARK. zk-STARK’s proven performance is better, but the volume of zero-knowledge proofs is relatively large, the data on the chain is relatively large. The verification fee will be slightly more expensive. Another difference is that zk-STARK does not rely on the initial trust setting, which zk-SNARK requires.
From the perspective of the specific application of zero-knowledge proofs, there are basically three mainstream applications, the first is privacy. The second is compressing computation that should be on the chain is transferred to the off-chain. It is used more on ZK Rollup, such as ZK Rollup focused on the application, like Immutable X and ZKsync V1. And there is also this ZK Rollup of EVM, like Polygon ZK EVM, Scroll or ZKsync V2.
The third is not to do privacy or expansion, but to argue for something. For example, ChainLink’s recent DECO can prove your off-chain status on-chain, such as the balance of your bank account. Now there are also many zero-knowledge proofs applications, such as anonymous social, anonymous voting and so on. I think the application space is still relatively broad, these three applications are developing in a better direction from my point of view.
Regarding Manta’s innovation based on ZKP, the difference between Manta and ZCash at the product level mentioned earlier. From a performance point of view, Manta redesigned a lot of the implementation details of the privacy protocol, using a more friendly Hatch function for zero-knowledge proofs — POseidon hash makes the entire cryptography protocol more streamlined. Optimized and upgraded on top of classic privacy techniques such as the FH-ECC algorithm, zero-knowledge proofs are currently generated 10 times faster than Zcash.
As Web3 is an open world, the needs of users have also begun to diversify. Early privacy projects such as Zcash only support the privacy protocol of a single asset, which cannot meet the differentiated needs of users.
OneBlock:Like the Ethereum Foundation, 0xPARC and many other overseas academic research institutions are paying close attention to the development of zero-knowledge proofs. As the industry’s top cryptography experts, you are also very active in overseas Web3 academia. Can you share the focus of attention of your own and these overseas academic institutions? Or the latest zero-knowledge proofs research direction?
Shumo:There is a branch of the Ethereum Foundation called PSE (privacy and scaling exploration). This is a sub-organization with nearly 70 people, whether it is on zero-knowledge proofs infrastructure, privacy application infrastructure and programming layer infrastructure. They have done a lot of exploration and infrastructure work. Manta has also been talking to them a lot lately, looking for opportunities to work together.
One direction we’re interested in working on is that they’re doing a ZKOPRU for ZK applications. It coincides with our direction to empower more ZK applications. Besides, they’re also doing some tooling-related things.
Speaking of the key points that overseas academic research institutions are paying close attention to, we recently found on Ethereum’s Devcon that basically 20% of the topics are about ZK. And more than 50% of these 20% of the topics are actually talking about various new ZK applications.
We can see more and more applications of zero-knowledge proofs. Some are combined with Web2 products, such as with Twitter. For example, when you participate in offline event, you can anonymously complain on Twitter by scanning the QR code, which is a product based on zero-knowledge proofs and on-chain identity. There are also Web3 applications that are not combined with Web2 products. This is something we’ve seen more interestingly lately.
The Present and Future of Zero-Knowledge Proofs
OneBlock:What stage is ZKP technology currently at the application level? Why is it so difficult to develop? What are the difficulties in the popularization of zero-knowledge proofs?
Shumo:That is an interesting question. I think there are two reasons why development is difficult. The first reason is that it is very difficult, because developing with zero-knowledge proofs is not a program which can be used in various programming languages. In the process of talking to many developers, we found that what they lack is not how to use the various tools of zero-knowledge proofs. Because zero-knowledge proofs is essentially developing a new cryptography protocol, the so-called programable privacy. No matter how zero-knowledge proofs technology develops, this difficulty still exists.
If you’re interested in zero-knowledge proofs, you’d better learn some basic cryptography first. Otherwise, there may be such a situation: you write a zero-knowledge proof circuit in some programming language of zero-knowledge proofs, but that circuit itself is unsafe.
In addition, the toolchain of zero-knowledge proofs is still in the process of development. Although it has developed a lot in the past three years, it is still in the relatively early stages, and Manta has been focusing on and exploring better solutions.
We want to achieve that most dApps developers can configure privacy options without having to write zero-knowledge proofs. What Manta is doing is building a zero-knowledge proof middle layer, so that most dApps developers can directly use the zero-knowledge proof middle layer we wrote by calling the Manta API.
OneBlock:In Manta’s view, what are the most privacy scenarios for zero-knowledge proofs? Some people say that DID is the first application testing ground for zero-knowledge proofs. What do you think about this?
Shumo:The application of zero-knowledge proofs has been running for almost 10 years. The first application testing ground for zero-knowledge proofs is ZCash. There are also many use cases for zero-knowledge proofs, including things like LoopRing, zkSync V1 and Immutable X.
DID is certainly a good application of zero-knowledge proofs, but I think zero-knowledge proofs are very broad, not just DIDs. Any application that requires on-chain privacy requires zero-knowledge proofs. The trend is that all applications will use zero-knowledge proofs, and privacy will be integrated into the infrastructure as a feature rather than as a separate application.
OneBlock:The incident of Tornado Cash also caused a heated discussion about on-chain privacy. What is your opinion about the trend of privacy in the future Web3 industry? Can privacy and compliance coexist?
Shumo:In my opinion, the future of on-chain privacy has three directions. The first is to provide a better product for ordinary users, not just hackers. The second is more privacy-killer applications, such as DeFi tools and interactive on-chain games. The third is the need to build better tools to allow crypto asset issuers to customize different asset policies, including compliance.
The future of Web3 privacy requires a combination of all of the directions mentioned above. That is what our team is working on.
Regarding the relationship between privacy and compliance, one possible direction is to use zero-knowledge proofs to resolve the contradiction between compliance and users’ sovereign privacy. Our recently released new asset type, zkAssets, supporting customizable asset policies such as KYC rules, access rights and whether to blacklist hacked assets. At the same time, with the permission of the asset holder, zkAssets supports the disclosure of provable asset information. Specifically, holders can disclose asset transaction history to auditors without having to disclose the Spending Secret. Holders can also selectively disclose asset information that can be verified by ZK.
Compared to existing crypto assets, zkAssets brings privacy to asset owners. At the same time, zkAssets makes it easy for auditors and regulatory compliance options.
What Manta said to the developers
OneBlock:We have noticed the fact that in addition to completing various emergency development tasks, Manta also invests part of its resources and time into the overall development of the ZK field, such as releasing the open-source ZK library OpenZL initiative. Could you introduce the role of this development library?
Shumo:We are now focusing on doing zero-knowledge proofs basic libraries, which actually have many technical difficulties. To make a library, the first problem to solve is that the library is for upstream developers and must be combined with other APIs to work, which involves the problem of composability of zero-knowledge proofs circuits. We used CP-SNARK, which is a completely new thing mentioned in an article about Legosnark in 2019. Now we have the first internal CP-SNARK library running through and are doing some library development work, which is a game-changer for zero-knowledge proofs development.
Our zero-knowledge proofs basic library wants to solve the core problem of atomizing the zero-knowledge proofs circuits, that is, to break them up into many atomized blocks, so that application developers can combine these blocks in the upper layer.
This library is based on the core technology of OpenZL, but we will make some more developer-friendly improvements based on it.
OneBlock:Many members of our community are developers or development enthusiasts. What advice and experience do you have for some developers who are interested in learning ZK technology?
Shumo:First of all, everyone should be clear about what they are learning ZK for. ZK’s technology stack is deep, and it is more efficient to have a clear purpose.
The second point is that if you want to be a ZK expert, you need to start with basic cryptography content. The younger generation of cryptographers started by watching some open classes such as Stanford professor Dan Bonesh. Because that is some of the most basic things in cryptography.
The second is that you can look at the open source libraries on Github. I think it is basically these two aspects in practice. One is that you can start learning directly from the basics of cryptography. The second practical thing is to study writing code for this program.
The OneBlock+ community continues to pay attention to the latest industry news and developer hot topics. We will regularly invite outstanding projects in the industry to conduct exclusive interviews. OneBlock+ aims to build a cutting-edge news and information column for everyone. While sharing the latest technology, we also bring the successful experience and entrepreneurial perspective of the guests on the road of entrepreneurship. If you are interested in a project or technology, please leave a message in the comment area.
About OneBlock+
OneBlock+ is the first and the largest blockchain developer community in China. At OneBlock+, we provide full support for developers with their substrate studies and further set off their career paths. We host Polkadot Hackathons every season to attract top-notch developers to build and innovate for the prosperity of the ecosystem. As a greater China technology resource integrator, OneBlock+ also partners with developers, communities, business elites, and key media who have business insights and experiences in the blockchain industry to provide educational events, such as technical courses, webinars, AMAs, and offline events for the industry. Want to shape the crypto world together? Come and join us today!
