What is Zero-Knowledge (ZK)?
Part 2: ZK-Rollups & ZK-VMs
This article was written by George, Tempus’ Head of Research.
In Part 1, we talked about the basics of Zero-Knowledge Proof (ZKP), and used some examples to illustrate the concept. Now let’s talk about ZK-Rollups in Ethereum.
ZK-Rollups are used extensively in Ethereum L2 as a scaling solution. They compute transactions on L2, then periodically generate cryptographic proofs via ZKPs to validate the legitimacy of transactions stored on Ethereum.
(Optimistic Rollups are another Ethereum L2 rollup solution. However, they do not use ZKPs. They instead ‘optimistically’ assume all records are valid until proven guilty by validators. Hence, they require a longer buffer time for the validation versus ZK-Rollup before committing to L1 and areless scalable.)
To illustrate how rollups work, imagine Ethereum is a highway with tolls, where the highest toll payer gets to pass first. Currently the road is clogged due to many small cars with passengers (transactions) inside. A rollup is like a bus filled with passengers, so it can afford to pay a high priority toll for the vehicle, while having great efficiency in terms of toll (gas fee) per passenger (transaction).
By offloading the computations from the limited and expensive Ethereum L1 to L2, rollups greatly reduce total gas fees.
ZKs in ZK-Rollups:
There are 2 key ZK technologies at play in ZK-Rollups, namely ZK-SNARK and ZK-STARK.
ZK-SNARK: Zero Knowledge Succinct Non-interactive ARgument of Knowledge.
Succinct — simplified data set / secret, quick verification.
Non-interactive — only one round of communication between prover and verifier is needed, instead of multiple interactions, which saves time.
Argument — process is extremely unlikely to be cheated, and so is safe.
of Knowledge — nearly impossible for the prover to generate the ZKP without access to the underlying knowledge, and so is trustworthy.
ZK-STARK: Zero Knowledge Scalable Transparent ARgument of Knowledge.
Scalable — faster than SNARK when data size is larger, takes O(N*polylog(N)), while SNARK needs O(N*log(N)) computations.
Transparent — uses a publicly verifiable randomness to generate, instead of SNARK’s shared key between prover and verifier. Allows anyone to verify, and hence is more transparent.
It is important to note a common misconception. Most ZK-Rollups are not really Zero-Knowledge Proofs. Most use ZK as a Validity Proof to ensure computational integrity when submitted to Ethereum instead of Zero Knowledge Proofs where no information is revealed.
ZK — Virtual Machine (VM)
ZK-Rollup’s core architecture is made up of 2 components:
- On-Chain Contracts — generally consists of 2 key contracts — one main contract to store rollup blocks, track deposits and monitor state updates, and another to verify the ZKPs submitted.
- Off-Chain Virtual Machine — this is the L2 where off-chain executions occur.
There are many ways for the VM to be built — the typical trade-off is between compatibility, practicality, and speed.
Although the ideal situation is to be fully compatible with Ethereum Virtual Machine (EVM), so all Solidity written contracts can run directly on the ZK-VMs. However, as EVM was not written with ZK in mind, this is very hard to execute.
Some ZK-Rollups, such as StarkNet, are working on multiple alternative solutions:
- Using a custom language such as Cairo (a programming language designed for writing provable programs where one party can prove to another that a certain computation was executed correctly) to write the off-chain VM’s infrastructure and contracts.
- Coming up with a high-level language equivalent solution for the EVM, such as building a compiler from Solidity to Cairo.
The breakthroughs in zero-knowledge and their usages have allowed the rapid expansion of L2s on the Ethereum network. ZK-Rollups such as StarkNet allow users to utilize an environment that offers significantly cheaper gas fees while retaining the security of Ethereum’s mainnet.
Zero-knowledge proofs | ethereum.org
An non-technical introduction to zero-knowledge proofs for beginners.
In StarkNet, are STARK Proofs Zero-Knowledge Proofs? - StarkNet
STARKs are defined as Validity proofs, meaning they prove computational integrity. With Validity proofs (STARKs…
For more updates on all things Tempus, visit the links below and follow us.
The information provided in this article is provided for informational purposes only and does not constitute, and should not be construed as, investment advice, or a recommendation to buy, sell, or otherwise transact in any investment, including any products or services, or an invitation, offer, or solicitation to engage in any investment activity. You alone are responsible for determining whether any investment, investment strategy, or related transaction is appropriate for you based on your personal investment objectives, financial circumstances, and risk tolerance. In addition, nothing in this article shall, or is intended to, constitute financial, legal, accounting, or tax advice. We recommend that you seek independent advice if you are in any doubt.