Zero Knowledge Proof (ZKP) is probably the most hyped term in blockchain today. Before we dig deeper into why there is a lot of buzz, one should know that ZK is arguably one of the most important innovations in Computer Science in the last 40 years. ZKPs offer unique properties that make them essential components of various blockchain scaling and privacy solutions.
The beauty of ZKPs is that they are used to prove to one party (the verifier) that another party (the prover) possesses some knowledge without revealing the knowledge itself or any other information that might be used to reconstruct it. The only information conveyed is that the prover does possess this knowledge.
ZKPs can be used to generate cryptographic proofs that some computation is done by following a set of predefined rules. These rules are generated programmatically and also verified automatically.
ZKPs have two major use cases in blockchain
- Privacy in computations
- Scaling by offloading verifiable computation to third party
Privacy in computations
Preserving privacy in blockchain computations is a major concern. What if there is a way in which a transaction can be verified without knowing what the transaction is? ZKPs exactly do this; they help hide some or all of the input information around a computational statement and still verify the transaction’s validity.
All major L1s are meant to be fast and secure, so they cannot afford to take a lot of computational overhead. Ethereum, for example, is very limited in its capacity to do complex computations on-chain. If there is a way where all of this computational load can be offloaded to third parties, then throughput on Ethereum would be exponentially higher. However, offloading computation to a third party is not as easy as it seems. ZKPs solve this problem, and many of today’s ZK-based scaling solutions are trying to scale Ethereum by offloading computation.
Different types of ZK Solutions
Several cryptographic proofs have emerged concerning zero knowledge.SNARKs and STARKs are the most popular among them.
SNARK stands for
Succinct – Proofs size and verification time are significantly smaller
Non-interactive – Prover and verifier do not need to communicate back and forth, they just need to complete the initial trust setup
ARguments – Proof that prover generates is considered to be computationally strong
Knowledge – Malicious prover cannot cheat the system without possessing sufficient knowledge to support that statement.
SNARKs need a trusted setup which is done via a trust ceremony between the prover and verifier. A trusted setup creates all the parameters that decide the rules of the game.
Problems with SNARKs –
- Anyone who knows the parameters from the trusted setup can fake the proofs
- Coordinating a trusted setup is a complex task
- Trusted setup needs to be done whenever there is a change in the program.
To solve these problems, there are two approaches:
- Transparent Setup: The trust setup phase sets a CRS (Common Reference String). If the CRS is leaked, the ZK-proof systems will not be hurt. Fractal, Halo, SuperSonic and ZK-STARK use this approach. The problem with this approach is that the size of the proofs may be too large for the blockchain.
- Universal Setup: The multi-party setup done by reputed parties can be used as a blueprint and used as a trusted setup. Marlin, SuperSonic-RSA, and Plonk use this approach. For example, ZKSync didn’t create a trusted setup, but borrowed it from the existing universal setup.
STARKs were created by Eli-Ben Sasson, a professor at the Technion-Israel Institute of Technology. STARK stands for Scalable Transparent Argument of Knowledge. STARKs do not require an initial trusted setup (hence, the “T” for transparent), because they rely on leaner cryptography through collision-resistant hash functions. This approach also eliminates the number-theoretic assumptions of SNARKs that are computationally expensive and theoretically prone to attack by quantum computers.
STARKs rely on a transparent setup, which eliminates a single point of failure for the whole system. One major downside of STARKs is the size of the proofs, but the computation cost is lower for big transaction batches, thus allowing higher scalability.
Although both SNARK and STARK are based on the ZKP, they differ in how data is handled. How data is stored, either on-chain or off-chain, decides the trade-off between scalability and security.
When data is stored on-chain, security is still maintained by the underlying blockchain without any other actions from the client side. Storing data on-chain will guarantee that no malicious actor outside the blockchain can access the funds. ZK-based solutions that keep data on-chain are referred to as zkRollups.
All solutions that store data off-chain compromise the security of the data and pose a higher risk of data availability. Scaling solutions that store data off-chain are called validiums. When storing data off-chain, data availability is necessary and to address this issue, multi-party committees called Data Availability Committees (DAC) are created. A DAC is responsible for storing data off-chain and signing it on-chain. Although this seems to be a bit of a security risk, this upside is higher scalability and low costs.
Hybrid Data storage
Recently, StarkWare proposed a hybrid solution that could allow users to pick whether their data will be stored on-chain or off-chain. They can decide on that for every single transaction, which makes the choice dynamic. Such scalability solutions are referred to as volitions.
All of the above use cases have manifested in the crypto industry in multiple forms:
- Layer-2 scaling: A lot of ZK-based solutions are trying to scale Ethereum without compromising the security of the blockchain. Ex: StarkWare, StarkNet, ZKEVM (Polygon Hermez, Matter labs and several others are trying to do this)
- Private L1s: Several L1 chains offer privacy transactions using ZKP. Zcash is one of the famous ZK-based privacy blockchains
- Decentralized Storage: Filecoin uses ZKPs (running on GPUs) to prove that nodes in the network store data correctly.
- Blockchain Compression: Mina and Celo use ZKPs to compress the blockchain data needed to synchronize to the latest state of the chain into a small proof.
Now, if ZKPs make blockchains faster and more private, what stops everyone from implementing them and making users’ lives easier? ZKP comes with a lot of overhead, which has hindered its mass adoption. ZKPs are slow and costly. We are still in the early stages of ZK innovations and be it SNARK or STARK, we can already see the web trying to adapt it for privacy and computational side challenges. If this trend continues, we will see ZKPs become integral to blockchain solutions.
WOODSTOCK IN THE NEWS
- Woodstock partnered with Propine and Wave Financial to host a meet-up event in Token 2049 Singapore. Pranav Sharma was also on the panel that talked about “Money & Web 3.0”
- Team Woodstock also attended Messari Mainnet, SALT and DAS NYC and met our rockstar founders – Illiya from Near Protocol, Ganesh from Covalent, Mounir from Paraswap and Ram from Router Protocol.
- Prashanth Swaminathan, Partner and Head of Institutional Business, was a speaker at Converge by Walmart and Decrypt by AWS and Intel in Bangalore.
- We conducted our Masterclass #2 on “Building a successful career in Web 3.0” – Watch the recording of the session here.
- a16z has proposed a set of licenses for NFTs based on Creative Commons Model to standardize collectors’ rights.
- In a move to enhance liquidity & capital efficiency for users, Binance, the world’s largest cryptocurrency exchange by volume, announced that it would begin auto-converting existing and new deposits of USDC, USDP, and TUSD stablecoins into its native BUSD—effectively delisting three rival stablecoins.
- Puma announced Black Station — its first metaverse website experience. Unveiled during New York Fashion Week, the digital initiative features exclusive NFTs with limited edition redeemable physical sneakers as part of its ‘FUTROGRADE’ show.
- After eight years of work, the blockchain Ethereum has transitioned to a new method of verifying transactions, known as Proof of Stake(PoS). The technical upgrade, called the merge, was completed on September 15, 2022.
- Ethereum engineering firm Infura is creating a ‘Decentralized Infrastructure Network’ to launch sometime next year, the firm announced recently at the ETHBerlin hackathon.
- Tribe DAO—the entity spawned from a token merger between Rari Capital and Fei Protocol confirmed that it would repay US$80mn to the victims of the Rari hack.
- Tech giant Apple now allows NFTs to be bought and sold through applications listed on its App Store. But Apple will take 30% commission from NFTs sold as in-app purchases.
*Updated on 1st Oct 2022
Key Market Assets/Indices
If you were forwarded this newsletter and would like to receive it, sign up here.
Questions? Feedback? We’d love to hear from you! Simply reach out to us at firstname.lastname@example.org