WTF are Zero Knowledge Proofs?
Braeden Norris and Elton Chang co-authored this post.
A Major Advancement in Cryptography
Zero knowledge (zk) technology represents a major advancement in cryptography by solving the problem of validating information with minimal trust. We have spoken to builders and investors who are excited about the prospect of zk technology and its effect on the web3 landscape. Participants emphasize how early the application of this technology is and the potential ability it has to improve security, scalability, and interoperability.
Early applications of zk technology have focused on improving the privacy and security of blockchains. Currently, most development of zk technology is occurring around scalability on Ethereum. ZK technology allows for scaling modern payment throughput and unlocks use cases previously unachievable by blockchains.
What are Zero Knowledge Proofs?
Zero knowledge proofs allow a prover to convince a verifier that a statement is true without giving explicit information or details about the statement. This key property of zk proofs allows a party to prove the information to others without sacrificing the security of that information or themselves.
A fun way to conceptualize zk proofs is as a game of “Where’s Waldo?”. Imagine that you want to prove that you know where Waldo is hiding in a particular picture but do not want to give away his location. Using zk principles, we could take a board two times the size of this picture, and arrange the picture with Waldo somewhere behind it, such that the picture’s positioning is not known. Then we can create a small pinhole to show that we have found Waldo. Since the picture's location behind the board is unknown, an observer only knows that we found Waldo, but not his location in the picture. This simple example illustrates the power of zk technology and its ability to transform consensus broadly.
Types of Zero Knowledge Proofs
Two main types of proofs are being implemented across the zero knowledge ecosystem. Each proof system has tradeoffs, and teams continue to modify proof standards creating new systems such as PLONK.
SNARK (succinct non-interactive argument of knowledge)
- SNARKs represent one of the oldest zk proof systems and were introduced in 2012 by UC Berkeley cryptography researchers.
- The first use of zkSNARK technology was with the Zerocash protocol, which presented itself as a “privacy-preserving” version of Bitcoin.
- SNARKs have a robust developer ecosystem because they are the oldest proof system; however, they require a trusted setup.
- A trusted setup generates secrets by multiple independent parties, which must be completed before proving information using a SNARK proof. This setup process is required for each different type of program being applied to SNARKs. If you want to learn more about the process and math around trusted setups, see this article.
PLONK (permutations over Lagrange-bases for oecumenical non-interactive arguments of knowledge)
- PLONKs were introduced in 2019 by cryptography researchers as an improvement on the SNARK proof system by providing a universal trusted setup.
- A universal trusted setup means that every program has the same setup procedure, representing a more secure mechanism than traditional SNARKs.
STARK (scalable transparent argument of knowledge)
- STARKs were introduced in 2018 by cryptography researchers from multiple universities as a method of achieving higher throughput when considering zk applications like rollups.
- STARKs require no trusted setup and allow for higher throughput than SNARKs, but this scalability means much larger proofs that cost more gas.
Early Traction and Rollups
Most of the traction surrounding zero knowledge technology has occurred around scaling solutions that act as Layer-2 (L2) networks and use Ethereum’s Layer-1 (L1) for consensus. Over the past few years, valuations for zk-rollup projects have increased dramatically. This rollup-centric view of Ethereum is strengthened by the network’s transition to proof of stake and planned upgrades.
A zk-rollup is a L2, meaning transactions are executed outside the L1 (off-chain). However, the validation takes place on an L1 like Ethereum. This state of the L2 rollup is maintained on the L1 chain using a smart contract. Off-chain computation is done in which all transactions for a certain period on the rollup are combined into a bundle and are verified using zk technology. This bundle of state and transactions is then submitted to the L1 through the rollup’s smart contract and verified by the validity proof.
A problem with adopting zk-rollups by developers as an L2 scaling solution is due to many implementations lacking Ethereum Virtual Machine (EVM) compatibility. EVM compatibility means that Ethereum developers do not have to change the smart contract code that runs on Ethereum L1 to deploy to the rollup. Many creators of zk-rollups claim they have full EVM compatibility, but Vitalik points out that only one team is working on what he defines as “type 1 EVM compatibility”.
Applications
Outside of scaling solutions, teams in zero knowledge are working on unique problems focused on privacy, interoperability, and security. Privacy projects relate to the first application of zk within Web3 with Zerocash. Users of blockchains want privacy features that allow them to interact with financial applications on-chain (DeFi) without the usage history being publicly available. Interoperability solutions aim to fix the inherent trust assumption issues many token bridges face with elements from zk technology. Outside of web3, companies are exploring how zk technology could be used in the context of security.
Privacy
- Aztec is a zk-rollup focused on the privacy of transactions and users, raising $22M. They use a PLONK proof system to build a private DeFi network that maintains privacy while also being compliant and auditable. Instead of focusing on EVM compatibility, Aztec is building Noir, a Rust-based privacy programming language.
- Polygon Nightfall is a hybrid zk-optimistic rollup focused on privacy that is part of Polygon’s Ethereum scaling solutions. Nightfall uses optimistic technology for scaling low-cost transactions and zero knowledge technology for the privacy of transactions. Polygon is also working with Ernst & Young on Nightfall, who originally started work on the project in 2019 to make its customers’ transactions on Ethereum private.
Interoperability
- Succinct Labs uses the succinctness property from SNARKs to secure cross-chain communication and bridging. By using the succinctness property, the computational overhead needed to prove the consensus of a source chain on a destination chain is substantially reduced. Eventually, Succinct Labs plans on proving consensus and state transitions, similar to running a full node but with much lower overhead.
Outside of Web3
- Cloudflare is experimenting with zero knowledge technology to prove security keys for hardware are authentic when verifying with the WebAuthn standard. By using a zk proof, users only need to prove that their security keys are authentic and do not attest to values in the way required without using the proof.
Implications
Zero knowledge technology harkens back to web3’s infancy when novel consensus mechanisms were designed around cryptographic principles. While scalability-based zk projects have received a large amount of venture funding, new opportunities will present around the application layer of scaling solutions. The most popular applications on L1 protocols, such as Uniswap and Aave, are good candidates for expansion to zk-rollups. New applications focused on use cases such as payments, and social networking may be developed because of the increase in throughput facilitated by zk-rollups.
In light of the myriad of bridge exploits that have stolen over one billion dollars, we see zero knowledge technology being applied to interoperability solutions. Most of the bridge hacks are due to bad trust assumptions related to the centralization of validators. One of the most secure bridging technologies is Cosmos’ inter-blockchain communication protocol (IBC). The IBC specification relies on checking the consensus of a source blockchain on the destination chain. This means that IBC’s trust assumptions rely on the correct source chain consensus and the destination chain correctly verifying that source consensus. While this solution is much more secure than other bridges, it requires higher on-chain computing due to the verification process. As discussed above, Succinct Labs uses the succinctness property of zkSNARKS to reduce the computational overhead used to verify consensus and is essentially implementing IBC gas-efficiently. We believe new projects will emerge that implement aspects of zk proofs around high-trust scenarios, much like what Succinct Labs is doing for interoperability.
There has been an explosion in zero knowledge technology and projects working on turning theory into products. While breakthroughs have been made for proof systems and their application to general-purpose rollups, the largest L2 solutions by total value locked are optimistic-based rollups. We believe that zk-based projects have inherent advantages compared to optimistic rollups in scalability and trust assumptions, and their usage will expand naturally over time.
Applying zk proofs beyond scalability and focusing on interoperability and security are areas where we hope to see new projects being developed. Zk proofs represent a breakthrough in computer science, and their application to Web3 can bolster the industry's long-term success.
Notes
Special thanks to Uma Roy (Succint Labs), Eshita Nandini (Messari), and Nick Plante (dLab) for their thoughtful feedback.
Elton Chang is an Investor, and Braeden Norris is a Developer and Researcher at Propel. Propel is an early-stage venture fund investing in the new financial economy. For a full list of investments, please visit our portfolio page. We'd love to hear from you if you’re a builder working on zero knowledge or adjacent technologies. Reach out to chat!
None of the above is investment, business, legal, or tax advice, and none of the financial information that might be contained has been verified or officially endorsed by Propel VC. Full disclosures can be found here.
