Year in Review: 2020 laid the groundwork for zero knowledge proofs
By Evan Shapiro, O(1) Labs CEO
Zero knowledge proofs have been around in the industry for a while now. As a technical buzzword, they’ve done very well. But in terms of production systems, we haven’t seen very much. In 2016, we got ZCash. The space has seen scattered releases since then, but it has fallen far short of the cambrian explosion seen in regular smart contracts and decentralized apps. Recent advancements in ZKPs may change all of that.
What are Zero Knowledge Proofs?
Zero knowledge proofs are a class of cryptographic primitives, including zkSNARKs and STARKs. They operate in relation to programs analogously to how a summary relates to a book: providing both efficiency and privacy through leaving out information present in the original full program. The awesome thing about them is that they provide an unforgeable cryptographic proof that the claims in the zkSNARK “summary” truly reflect the information and computation of the underlying program. This enables a powerful feature set for privacy, efficient verification of large computations, and better decentralization-preserving scale for protocols.
While very powerful, and highly relevant towards cryptocurrency, ZKPs have seen many challenges towards real world deployment, between logistical difficulties deploying trustworthy systems, a lack of developer friendly programming languages, and limited tools available for producing and verifying zero knowledge proofs. This has limited the extent to which they’ve been practical to develop and deploy in real production systems.
What has changed
2020, however, has quietly seen the advancements take place for a new wave of ZKPs to launch into the world. The dozen or so teams working on ZKPs have made immense progress. These changes have been under the hood, but they greatly improve the practicality, efficiency, and ease of use of zero knowledge proofs.
These improvements have already started translating into usable product launches. Efficient transaction solutions have shown up on Ethereum with zkSync and Aztec. And we saw the first zero knowledge game show up on browsers with zkga.me’s dark forest. My own team’s project, Mina, has incorporated all of these new underlying cryptographic improvements and is nearing release.
All of these projects are set to launch in 2021 and offer massive improvements to the crypto space in terms of decentralization-preserving scale, access, privacy, and verifiability.
Quietly improving in the background
The primary source of improvements for zkSNARKs has been a theoretical one around a topic responsible for much of the confusion around zkSNARKs and their trust guarantees: The Trusted Setup, or Ceremony.
The trusted setup is a set of steps that was required to produce secure SNARKs. Individuals would generate randomness to inject into the cryptographic parameters of the new SNARK. If they were all to collude, together they could attack the system, which meant that any trusted setup required a lot of people to ensure that at least one person would not collude.
When ZCash launched in 2016, performing a trusted setup was required for any new SNARK program, or modifying any existing one. This presented a huge logistical challenge. Launching any new network, but more critically, updating an existing one, would take many weeks to coordinate and complete. In the case of a network vulnerability, this was an extremely risky proposition.
Fortunately, over the last few years, the requirements for launching a production zkSNARK program has incrementally improved, culminating this year in efficient recursive SNARKs without a trusted setup. This provides the technical background for developers to finally treat zkSNARKs like normal cryptographic primitives, think hash functions or public keys, a huge advancement for zkSNARK usability.
Eliminating the trusted setup has enabled and sped up the second advancement: easier programmability for zkSNARKs. When the first production SNARK systems came online in 2016, their programmability was closer to laying out a circuit in hardware than writing a program. Since then, tools have been developed that enable a programming process that is approaching the process of regular coding, paying the way for an influx of developer experimentation.
Several programming languages, including Snarky, Zinc, and Leo, have already been released, with others in development. Matter Labs’ work has made it possible for much of solidity to be directly translatable into zkSNARK compatibility. Starkware’s work is simultaneously bringing STARKs closer to normal programmability. I In the near future, programming zero knowledge proofs will be more like learning a new library, rather than a highly specialized subfield of cryptography.
The last piece of the puzzle is becoming available with good tooling for producing and verifying zkSNARKs. zkga.me has shown we can run proving and verification in the browser. For private, local computations, libraries are getting built to make it easy for developers to write programs that make and verify snark proofs, so they can run in our browsers and smartphones.
Crypto’s analogues of cloud marketplaces are coming online as well to provide capacity for the expected demand in SNARK proving. Matter Labs’ zkSync achieves distributed snark proving by delegating SNARK production to its consensus nodes, and my team’s project, Mina, will provide it through Mina’s snarketplace, its marketplace for buying and selling SNARK proofs.
Enabling the future of protocols and apps
These under-the-hood developer improvements will have a large impact on the space. Here’s a few places we should expect to see that impact start to take place. Some of these protocols have already seen teams building early versions on them, while others are likely to soon see such development.
This new wave of zkSNARKs will provide many novel features to new and existing protocols. For starters, efficient verification will provide real decentralization-preserving scale with none of the complexity tradeoffs of optimistic rollups, channels, or sharding. They can be applied to existing chains through layer 2s like zkRollups to provide increased efficiency to the underlying layer 1 as seen with zkSync. Or they can be applied to create entirely succinct chains with better scalability at the layer 1, like Mina.
Succinct blockchains also will greatly decrease the difficulty of running a full node on phones and browsers. This is a necessity for people in countries with restrictive governments. But it will also be beneficial in countries with open internets by decreasing reliance on centralized actors and enabling “crypto-as-a-utility.” This shift would be analogous to how net neutrality removes corporate influence in the internet generally.
zkSNARKs efficient verification will also greatly improve the state of bridges in the crypto ecosystem. Chains will move towards full verification of each other for trustless bridges, either through verifying the headers of other chains or leveraging fully succinct protocols like Mina.
App developers will also have new tools available to them. Privacy has been talked about for a long time, but it’s finally ready now. Developers will be able to build private voting apps, safely prove sensitive personal information to smart contracts, build DEXs with frontrunning protection, and build new games with novel mechanics like zkga.me.
Developers will also be able to verify computations far more efficiently. This will mean SNARK-enabled protocols like zkSync or Mina will be far cheaper to run large computations on than a layer 1 like Ethereum. And, they’ll be able to host much larger computations than base layer 1 blockchains. While I wouldn’t bet on fully verified deep neural networks on crypto quite yet, things like fully on-chain order books as seen with some of StarkWare’s work will be efficiently executable on these chains.
The improvements we’ve seen in zkSNARKs have been mostly foundational, and in the same way people knew the internet would be a big deal but couldn’t make exact predictions on search engines, we’ll have to see what happens. But in the same way video phones did eventually become reality, I strongly believe we’ll see the following come to fruition sooner rather than later.
- Increasingly practical DeFi: zkSNARKs will make it possible for off-chain assets and information to make it on-chain in a trustless, efficiently-verifiable, and composable way. This will allow DeFi to scale to real world engagement and usage.
- We will have on-chain identity with fine-grained selectivity of disclosure. Users will be able to disclose their personal identity selectively: to a voting app, their community, to a token sale, their country, and to a social network, only a proof that they’re not a bot with all else anonymous.
- Scaling on Ethereum will start shifting over to a SNARK-scaling narrative. Despite the success of Ethereum 2.0’s launch, it will be many years before the full protocol is ready and launched, and in the meantime, zkRollups will take over as today’s (and potentially tomorrow’s) solution to scaling Ethereum.
- We won’t see non-crypto companies put ZKPs in production yet. But once they’ve seen ZKPs prove themselves out in production on crypto, we may see non-crypto companies start talking about using them for privacy. And many of those companies will likely end up building their ZKP solutions on top of cryptocurrencies, which will be great for the space as a whole.
A final prediction
One final prediction: while 2020 will be looked back on as the quiet year that laid the groundwork for SNARKs, 2021 will be looked back on as the year ZKPs came into their own and began disrupting the space. ZKPs will renew and remake crypto, as crypto itself marches closer to primetime. This will happen as a sort of necessary internal disruption within crypto before the bigger disruption can take place.
These improvements go back to the beginning of the ecosystem with the introduction of blockchain with bitcoin. The immediate reaction to the bitcoin whitepaper was “how will this scale?” and “how will this get on many devices?” These were closely followed by questions along the lines of, “wouldn’t it be better if the chain wasn’t fully transparent?” and “can we add computation efficiently?” Crypto has been grappling with such questions for a long time. Zero knowledge proofs provide an answer, and we should look forward to them making a difference soon.