The Value Chain of ZK-everything
Zero Knowledge Cryptography (ZKC) is among the most vital innovations in computer science over the last half century.
Recent advances in ZKC research and technological stack have been instrumental in making the foundation of the future industry forming around the demand for computational integrity loom in bold outlines to any observer daring to stare into the abyss of its mathematical complexity.
While the full extent of implications of wide adoption of ZKC primitives are yet not well understood, it is all but certain that it will produce innumerable advances in industries, such as cybersecurity , ML and AI , and, of course, the wider blockchain space .
As any industry, ZKC revolves around the market for its core product, the computational integrity, and thus can be decomposed into the elements of its value chain. Every nexus of the value chain and their derivatives power the ZKC-powered products and hence understanding it is instrumental in assessing the ultimate profit generating potential and flows of residual value of and within this emerging industry.
The focus of this memo is applications of ZKC in Distributed Ledger Technology (DLT). From this vantage point we have the following view of the investable segments of ZKC value chain:
1. Mathematical Research
The mathematical research on optimization of algorithmic complexity makes the generation and verification process of ZK proofs faster and cheaper. These advancements provide more decentralized alternatives to reliance on computation of proofs on servers and other centralized contexts. One of the leading examples is the invention of zkSNARKs, where proofs are only a few hundred bytes, making it easy for verifiers to quickly check a proof’s validity. Later on zkSTARK got rid of the trusted setup and made the entire system trustless, at the expense of the proof size.
2. Software Base Layer
Currently, prominent examples of ZK base layers are Circom, Zokrates and Starkware’s Cairo. Recent advances in this layer improve efficient computation and compatibility with EVM.
These libraries abstract away the underlying cryptography in the initial set up, proof generation, and verifier creation. In this way one can build ZKP applications more efficiently, without the need to understand in detail all math aspects. Many such libraries have been created in the last few years.
For ZK rollups that aim to achieve EVM-compatibility, many standard libraries and frameworks used for development in Solidity can be reused. Since achieving EVM-compatibility is inherently difficult, many other languages optimized for ZKP processes have been created and each comes with its own set of libraries. Examples include Circom with circomlib from iden3 and Zokrates with its Standard Library.
4. Protocol-Level Infrastructure
Protocol-level infrastructure is that required for communication and trusted execution. It provides a consensus mechanism for ZK prover and verifier and a platform for running proof validation in ZK applications.
Blockchains, such as Ethereum and its EVM derivatives and side chains, are especially relevant because of their immutability, transparency and decentralization. Blockchain applications benefit from ZK privacy complementing their public nature. Furthermore, new blockchain scaling options are unlocked by the complexity reduction of ZK validation compared to recomputation.
5. Protocol-Level Infrastructure AAS
Protocols can be beneficial for developers and applications when it comes to leveraging the scaling or privacy capabilities of ZKP.
ZK rollups offer a much higher throughput than Layer-1 blockchains and much faster finality than other scaling technologies like Plasma side chains or Optimistic rollups. Prominent rollups include zkSync, Scroll, and Polygon ZK.
When it comes to privacy, currently most services only offer private transfer of tokens. Prominent protocols are Tornado Cash, Railgun, Aztec. The only service that offers privacy on smart contract level is StarkEx from StarkWare which streamlines the use of ZP validation of application-specific state transition. Some projects leveraging this technology are dYdX and Celer.
However, different applications using StarkEx currently cannot interact with each other in a private manner.
ZKC enables next-generation functionality within applications as compared to their non-ZK counterparts. Advantages include privacy, scalability, and decentralization.
Privacy is enhanced as users can prove statements without disclosing personal information. Examples are mixing protocols and Zero-Knowledge KYC.
Further scalability is achieved from the complexity reduction in validating a proof, compared to recomputing. This allows zkRollups to process more transactions in the same security context provided by validators of the base chain. Batching multiple user transactions into one ZK proof further reduces costs for users .
Decentralization is improved as central entities required for confidentiality or trust can be replaced by ZK smart contracts.
More efficient computation of ZK proofs can be achieved by using GPUs, ASICs, and FPGAs. At the moment there is little to no standardization of system parameters and choice of proof system. A few advantages of FPGAs over GPUs and ASICs are recognized:
- Power Efficiency — GPUs need to be paired with a host device and as a result the power consumption can be over 10 times higher than that of FPGAs.
- Cost of Hardware — High demand for GPUs globally further widens the already existing price gap between GPUs and FPGAs, and GPUs, which outclass FPGAs in Giga Floating Point Operations Per Second (GFLOPS) per dollar (GPUs being a magnitude lower in GFLOP/$), being in short supply forces people to utilize the more price inefficient FPGAs.
- Writing Multiple Times — As compared to ASICs which embed the “write-once” logic, FPGAs enable the re-flashing of an arbitrary amount within one second. This is important — if a ZK proof logic needs to be changed, with an ASIC the entire process has to be restarted. This prevents the utilization of the same hardware across different blockchains with various proof systems.
- Supply Chain Efficiency — GPUs have become more and more difficult to source efficiently due to their large demand and currently restrictive supply of raw materials. ASICs usually take over a year to design, manufacture and distribute. At the moment companies such as Xilinx enable even retail consumers to purchase their products with delivery lead time between 1 and 4 months.
ZK for Blockchains
The application of the ZK technology in the blockchain industry is far-reaching and profound, paving the way for the development of next-generation solutions enabling wider adoption of the blockchain technology. Zero Knowledge Proofs possess properties that render them vital components of blockchain scaling and privacy solutions, including ZK rollups such as StarkNet, private ZK rollups like Aztec, and Layer 1 blockchains like Mina, Filecoin & Aleo. ZK can be utilized towards:
- Enhancing/Creation of Privacy of Layer-1 Solutions — Zcash and Mina currently allow users to hide information about senders, receivers and the amounts using ZKPs, and Aleo has this feature enabled by default.
- Scaling of Layer-2 Solutions — StarkWare has built StarkNet — a smart contract platform which uses a VM that runs ZK-friendly code, while Aztec is a Layer-2 which is more catered towards private (no information about users’ transactions is disclosed) interactions with originally public smart contracts and dApps. All in all, ZKPs enable blockchain scaling without erosion of security by outsourcing Layers-1’s transaction processing to Layer-2.
- Compression of Blockchain Size — Blockchains like Celo and Mina utilize ZKPs to compress the blockchain data into a small proof and in this way speeding up the sync to the newest state of the chain significantly.
- Development of Decentralized Storage — Filecoin (using GPUs) is a prime example, where ZKPs are utilized to ensure that network nodes store the correct data.
Case study: zkCertificate
To show what kind of applications and advantages are unlocked by ZK technology for blockchains, we take a look at the concept of zkCertificates, in short zkCerts.
zkCerts are tokens stored on a blockchain, that allow the holder to create ZKPs of statements about real world certificates, such as ID cards, university diplomas and vaccinations. They provide self-sovereign identity and combine compliance and privacy in a way that was not possible without ZKC.
The concept is a generalization of zkKYC proposed in a paper by Pauwels. zkKYC is an impactful example of zkCerts with direct application for Defi protocols used on blockchains. Traditionally, companies offering financial services need to fulfill know-your-customer (KYC) processes to allow governments to investigate eventual cases of anti-money-laundering (AML) and counter-terrorist-financing (CTF). zkCerts fulfill this need by preserving the customer’r privacy by using ZKPs. The ZKP only shows the required statement and disclose zero knowledge about the remaining personal details of the customer to the company. Therefore personal data can not be abused or leaked.
To create a zkCert, the holder of a real world certificate presents it to a provider who is verifying the validity before issuing the zkCert as on-chain token. This token is bound to the on-chain address of the holder and not transferable (soul-bound). It is stored as a hash in a merkle tree. Merkle trees are data structures holding a list of leaf hashes that are recursively hashed together into a single root hash. The existence of a zkCert in a merkle tree can be proven by the holder in a ZKP without revealing which concrete zkCert was used. This works by including the following computations in the ZKP:
- Hashing zkCert details and a secret nonce into the leaf hash to show that the prover is the holder of the zkCert
- Reconstructing the merkle tree root to show that the zkCert was issued on-chain
- Checking the provider’s signature, so that the verifier of the proof can look up the provider’s reputation
- Depending on the use case, additional statements about the data included in the zkCert data, such as the age of the holder being over 18
- To satisfy AML/CTF requirements, the ZKP can also include the creation of an encrypted message. This message consists of the ID and provider of the zkCert. It can only be decrypted by the entity responsible for AML/CTF investigations and allows them to contact the provider to uncover the holder’s identity.
The counter party verifies this ZKP in a smart contract and checks that the public inputs of the proof match the on-chain state.
zkCerts are designed in a general way to represent arbitrary certificates, statements and achievements. Because they can be used without compromising privacy, they remove most risks of working with personal data on public blockchains. Thus the identity of blockchain addresses can be closer connected to real life accountability and credibility. This makes the decentralized society (deSoc) envisioned by Weyl, Ohlhaver and Buterin simpler to achieve and safer to use.
A project building on the concept of zkCerts to achieve such a deSoc is Galactica. It uses zkCerts as a foundational building block to provide solutions for
- Reputation considering real world qualifications proven with zkCerts
- Meritocratic governance ensuring with zkKYC that each human only votes once
- Compliant Defi based on zkCerts
Follow Occam DAO’s social media channels to stay up to date with the latest news:
Telegram Official Community — https://t.me/occamfi_com
Telegram Announcements — https://t.me/occamfi
Medium — https://medium.com/occam-finance
Twitter — https://twitter.com/OccamFi