0x00. General
Vitalik wrote an article “The different types of ZK-EVMs” to introduce the main zkEVM solutions in Aug 2022:
The core goal of all the solutions is the same: to use ZK-SNARK technology to make cryptographic proofs of execution of Ethereum-like transactions, either to make it much easier to verify the Ethereum chain itself or to build ZK-rollups that are (close to) equivalent to what Ethereum provides but are much more scalable. Vitalik worried zkVM may have a “not compatible“ issue and all the solutions are focused on zkEVM. However, if we look forward, the future is blockchain needs to connect Web2 and grow to real Web 3.0. zkWasm should be one of the best solutions since it’s friendly to Web 2.0 developers and supported by multiple JavaScript engines and runtime environments that make it executable in most modern browsers. Many Web 2.0 software can use blockchain as their decentralized account system and settlement ledger layer.
In general, zkEVM continued current blockchains, zkWasm will be a great addition to make the Web 3.0 future, not just building so many different blockchains, we should build different zkWasm app rollups connecting with Web 2.0.
0x01. TL; DR
- Ethereum is the Data Availability (DA)+ Settlement + Consensus base layer which is the characteristic of a distributed ledger, zkWasm rollup is more suitable than eWASM for Ethereum to build Web 3.0.
- zkEVM continued current blockchains, zkWasm will be a great addition to make the Web 3.0 future.
- Build Rollups with zkWasm, not just Blockchains
- On-Chain Contracts + Off-Chain Virtual Machine (VM) + WASM Composability
0x02. zkEVM + zkWasm is the future of Web 3.0
Connecting Web 2.0 and Web 3.0, we don’t need so many different blockchains, AppRollups will be enough since blockchain is a distributed ledger to ensure the account system is credible. Obviously, Ethereum is definitely one of the best account systems as a Data Availability (DA)+ Settlement + Consensus base layer. zkEVM can have good compatibility with the DeFi ecosystem, while zkWasm will be more suitable for large-scale gamefi, socialfi, and more complex ecosystems.
0x03. ZKP, Zero-Knowledge Proof
ZKP, zero-knowledge proof or zero-knowledge protocol, is a method of proving the validity of a statement without revealing anything other than the validity of the statement itself. It first appeared in the 1985 paper “The knowledge complexity of interactive proof systems [GMR85]” by pioneers Shafi Goldwasser, Silvio Micali, and Charles Rackoff. They provide a definition of zero-knowledge proofs that is widely used today:
“A zero-knowledge protocol is a method by which one party (the prover) can prove to another party (the verifier) that something is true, without revealing any information apart from the fact that this specific statement is true.”
Or in simpler terms: “I know X, which I’m not going to tell you, but I can prove to you that this statement involving X is true.”
The zk-SNARK (Succinct Non-Interactive Arguments of Knowledge) is probably the most popular form of zero-knowledge proof, first coined in the 2011 Bit+11 paper. By 2013, zero-knowledge proof could be used in real-life applications thanks to the Pinocchio PHGR13 paper which made zk-SNARKS applicable for general computing, though at a slower pace. The Groth16 algorithm proposed in 2016 greatly reduced computational complexity and made zk-SNARKS so efficient, it is still the standard used today.
However, a trusted setup is essential for the security of these zero-knowledge protocols. An initial process used to generate the cryptographic parameters is necessary in order to be able to run the zero-knowledge protocol. A third party does this to ensure that the cryptographic parameters are random, unpredictable, and secure.
Bulletproofs (BBBPWM17) were subsequently introduced in 2017, and zk-STARKs (BBHR18) in 2018. Differing from their predecessors, they are types of range proofs that do not require an initial trusted setup. The 2019 PlonK paper implemented the Universal Zero-Knowledge proof algorithm, which meant that the trusted setup only needs to be initiated once, while in comparison, Groth16 required every circuit to have a separate trusted setup.
Thanks to developments in the field, zero-knowledge proofs have transitioned from being purely theoretical to having useful real-life applications in blockchain, secure communications, electronic voting, access control, and gaming. As they continue to be put into commercial use, there will be even more exciting developments to advance the technology.
Nowadays, zk-SNARKS, zk-STARKS, PLONK, and Bulletproofs are still the main methods of zero-knowledge proofs and have their own advantages and disadvantages in proof size, proof time, verification time, etc. The zkVM solution is explicitly designed to be ZK-SNARK-friendly.
0x04. WASM, WebAssembly
WebAssembly — or Wasm — is a relative newcomer to the family of web technologies (JavaScript, HTML, CSS), becoming an officially recognized W3C standard in December 2019.
WebAssembly introduces a new runtime into the browser, one which works alongside, and in close collaboration, with the JavaScript runtime. It is relatively lightweight in comparison, with a small instruction set and a strict isolation model (WebAssembly has no I/O by default). One of the primary motivators for developing WebAssembly was to provide a compilation target for a wide range of programming languages (C++, Rust, Go etc.), allowing developers to write new web applications, or port existing applications, with a wider toolset.
No matter Web 2.0 or Web 3.0, Wasm supports more and more:
0x05. zkWasm = zkp + WASM
zkWasm already has a significant achievement that Delphinus lab open source their codes.
Instead of putting all activity on the blockchain directly, apps perform the bulk of their execution activities off-chain which can be verified by the zk proving network. Only the multiple zkProofs aggregate into one root and upload to the base layer (Ethereum etc.).
There is a smart contract in the base layer, which only has two tasks: processing deposits and withdrawals, and verifying proof that everything happening off-chain is following the rules. Verifying the proofs on-chain is much cheaper and more efficient than computing and storing everything on-chain. Not everything is worth on-chain.
Meanwhile, use Wasm to have good connecting and updating from Web 2.0
The main concept is:
On-Chain Contracts + Off-Chain Virtual Machine (VM) + WASM Composability
The ecosystem can be:
The main data flow can be:
eWASM was also one of the many innovations that Ethereum is looking to implement to make its jump to Ethereum 2.0. Many believe that eWASM will help create an ecosystem that’s fast, scalable, and flexible, encouraging developers to build complex smart contracts on top of Ethereum 2.0’s protocol. However, there are so many challenges that impact the progress and the Ethereum Foundation needs to concentrate on the critical path. Vitalik updated the roadmap on his Twitter on Nov 5, 2022, and eWASM was not mentioned.
Even though eWASM was not mentioned in the updated roadmap, its advantages are still significant. EVM’s primary purpose was to ensure correctness, even if it came at the expense of efficiency. Lane Rettig, an Ethereum developer, believes that the EVM was created theoretically, rather than practically, since it doesn’t seem ideal for real-world application. Every single node in the EVM has to run with complete accuracy. On the other hand, WASM emphasizes efficiency and speed as it has been built for real-world usage, which it achieves by easily translating actual coding logic. Nick Johnson agrees that the EVM is “optimized for theoretical purity, rather than practical use.” He explains how although the EVM is “very internally consistent… it’s not built with real-world implementation in mind.” By comparison, Wasm was written closer to real hardware instructions, which makes it more efficient at translating actual coding logic. The fact that Wasm instructions can directly map one-to-one to the instructions used by a machine will allow for significant improvements in performance over the EVM.
Here are some benefits of using eWASM over EVM:
- Performance*: eWASM offers better performance compared to EVM, as it uses WebAssembly, which is designed to be faster and more efficient than the EVM bytecode. WebAssembly provides near-native performance, which can lead to significant improvements in the speed and scalability of the Ethereum network.*
- Interoperability*: eWASM offers better interoperability than EVM, as it supports multiple programming languages, including C++, Rust, and AssemblyScript. This enables developers to write smart contracts in their preferred language, which can lead to better code quality and developer productivity.*
- Security*: eWASM offers better security than EVM, as it includes several security features, such as memory sandboxing, which isolates smart contracts from each other and prevents them from accessing each other’s memory. Additionally, eWASM offers better protection against common smart contract vulnerabilities, such as reentrancy attacks and integer overflows.*
- Flexibility*: eWASM offers better flexibility than EVM, as it supports dynamic linking, which enables smart contracts to be composed of multiple modules that can be updated independently. This can lead to better code organization and easier maintenance of smart contracts.*
- Community Support*: eWASM has gained significant support from the Ethereum community, with several major Ethereum clients, including Geth and Parity, already implementing eWASM support. This means that developers will have access to a wide range of tools and resources when building smart contracts with eWASM.*
However, is it really necessary to use eWASM to replace EVM in Ethereum? There were also many concerns about doing it, especially impacted on what Ethereum already achieved. It should be the main reason eWASM was not mentioned in the updated roadmap.
There are 6 concrete milestones:
- Merge: proof-of-stake consensus related
- Surge: rollups and sharding related
- Scourge: avoid centralization due to PoS and MEV related
- Verge: Verifying blocks (a SNARK) related
- Purge: simplify the protocol, eliminate technical debt and limit costs related
- Splurge: everything else
we have realized that the main function of Ethereum is definitely one of the best-distributed ledgers as a Data Availability (DA)+ Settlement + Consensus base layer. It doesn’t need to do so many hard fork changes. zkWasm rollup is more suitable than eWASM for Ethereum to build Web 3.0.
Build Rollups with zkWasm, not just Blockchains
0x06. Reference
https://jhc.sjtu.edu.cn/~hongfeifu/manuscriptb.pdf
https://delphinuslab.com/wp-content/uploads/2023/04/zksummit-presentation-zkwasm-game-1.pdf
https://vitalik.ca/general/2021/01/05/rollup.html
https://vitalik.ca/general/2021/01/26/snarks.html
https://vitalik.ca/general/2022/08/04/zkevm.html
https://twitter.com/VitalikButerin/status/1588669782471368704
https://github.com/DelphinusLab/zkWasm
https://sapphireventures.com/blog/whats-up-with-webassembly-computes-next-paradigm-shift/
https://almanac.httparchive.org/en/2022/webassembly
https://www.circularise.com/blogs/zero-knowledge-proofs-explained-in-3-examples
https://github.com/privacy-scaling-explorations/zkevm-specs/blob/master/specs/introduction.md
https://blog.metaalgo.in/ewasm-in-eth-20
https://medium.com/chainsafe-systems/ethereum-2-0-a-complete-guide-ewasm-394cac756baf
https://blog.pantherprotocol.io/ring-signatures-vs-zksnarks-comparing-privacy-technologies/