Introduction on zero-knowledge proof and layer 2 solutions for Ethereum. (Introduction)

Zero-knowledge proof is an authentication method in which no content of the information is given or any additional data. This makes the communication secure and ensures the privacy of the users, by not sharing any data also means that no information can be stolen through the transaction, Personally Identifiable Information (PII) is often stored in databases vulnerable to hacks. Anonymous payments, identity protection, and password authentication are examples of how this is used and could be used, but often using a zero-knowledge proof requires more computational power thus making the transaction more expensive. 

Ethereum is a widely spread blockchain only second to Bitcoin in popularity, a base blockchain we refer to as Layer 1. Three conditions must be met to create a perfect blockchain: decentralization, security, and scalability. A simple blockchain can only achieve two out of the three requirements leading to the so-called blockchain trilemma. Ethereum sacrificed scalability in favor of decentralization and security. It can only handle around 1 million transactions per day, high usage of the network will cause an increase in the gas price. This is where Layer 2 solution comes in, increasing scalability without needing to sacrifice decentralization and security.

Layer 2 is a separate blockchain that extends Ethereum. Rollups are a new kind of solution, bundling hundreds of transactions and sending one to the main Ethereum network. There are two approaches to rollups, optimistic and zero-knowledge rollups. Optimistic rollups consider all transactions to be valid and challenge them after if needed. Zero-knowledge rollup validity is computed off-chain and proof of validity is sent to the main network. We will delve further onto zero-knowledge rollups. Optimistic rollups are more popular than the zero-knowledge counterpart. Zero-knowledge rollups are usually incompatible with the Ethereum EVM, a turing complete virtual machine that runs all ethereum smart contracts and computes the state of the ethereum network, making it challenging to work with and complex to develop on top of it.

Zero-Knowledge Proof (ZKP)

"What we call a zero-knowledge proof is what verifies the transaction, their proofs are classified into two types: interactive and non-interactive. Interactive proof needs constant communication between the prover and the verifier. Non-interactive proof only requires one exchange of information. Because non-interactive proofs require fewer resources to confirm the truth of the prover’s claims, they are preferred over interactive ones. The two most noteworthy ones are zk-SNARKs and zk-STARKs

zk-SNARK

Zero-knowledge Succinct Non-interactive Argument of Knowledge is the most used zero-knowledge proof. We elaborate on the meaning of each word to understand how they work.

• Zk: no additional information is provided other than the validity of the claim. 
• S: succinct means that the proof is small. 
• N: non-interactive, a single transaction is needed to verify the validity.
• ARK: argument of knowledge stands for computational soundness, making faking information impossible unless the malevolent body has unlimited computational power. This means that an operational quantum computer is capable of faking proofs.

For zk-SNARKs to function, a trusted setup is required in order to generate proofs. A group of people participate to generate the data, and only one has to keep the secret to maintain the trusted setup and keep the output secure. The randomness changes depending on the secrets added by each participant. “Well-executed setups like this are often considered "close enough to trustless" in practice.” - Vitalik Buterin. 

zk-STARK

Zero-knowledge Scalable Transparent Argument of Knowledge is a more recent model introduced in 2018. We will also elaborate on the meaning of each acronym:

• Zk: same as in zk-SNARKs, stands for the validity of the information without knowing other information.
• S: scalability, zk-STARKs allow for increased scalability as it doesn’t rely on trusted setups to keep the output secure.
• T: transparent, specifying the difference between zk-STARKs and zk-SNARKs, eliminates trusted setups by relying on publicly available randomness.  
• ARK: same as in zk-SNARKs, but using a different computation model. Favoring collision-resistant hash functions over trusted setups.

STARKware is the pioneer of the zk-STARK protocol in Ethereum.

Differences

These two solutions are very similar to each other but differ in three major points: decentralization, scalability, and security. These differences are caused by the use of a trusted setup and the use of off-chain computation. Zk-SNARKs parameters for randomness are held by a small group of people, this approach increases centralization and also leaves them vulnerable to an attack by quantum computing.  Zk-STARKs use off-chain computation to generate proofs. Zk-SNARK proofs are smaller in size, but they are slower to generate because of the higher computational demand, although they require less gas and are faster to verify because of the smaller size. Zk-STARKs are more scalable than Zk-SNARKs but might be unreliable during periods of low throughput in the Ethereum mainnet.

Polygon ZKVerse

Polygon is one of the most popular Layer 2 solutions for Ethereum, a Proof of Stake sidechain, a side blockchain running in parallel to Ethereum, it doesn’t inherit the security and decentralization of the main network. Due to its popularity, it also has reached its limit and become congested as it doesn’t provide infinite scalability. Back in August 2021 Polygon merged with Hermez as part of its plan to expand a become a zk-rollup solution for Ethereum. It has since been renamed into Polygon zkEVM. Polygon is developing other zk solutions such as Polygon Miden, Polygon Zero, and Polygon Nightfall.

Polygon is setting aside one billion dollars from its treasury for zero-knowledge development exploring the different implementations of zero-knowledge on Ethereum. Polygon zkEVM is the zkEVM implementation (Using both SNARK and STARK), Polygon Nightfall is an optimistic rollup with a bit of zero-knowledge mixed (hybrid), Polygon Miden is the STARK VM implementation and Polygon Zero is the SNARK implementation. 

Classification of zkEVMs

PolygonEVM, Scroll, and Zksync are different projects trying to build a zkEVM for Ethereum. All of them try to improve the scalability of the Ethereum network mostly using zk-SNARK technology, but their subtle difference makes them very different in terms of practicality and speed. The following framework was created by Vitalik Buterin. 

Type 1 (fully Ethereum-equivalent)

Type 1 zkEVMs are designed to be fully compatible with Ethereum, without the need to change Ethereum systems. They also allow Layer 1 itself to be scaled. Because Ethereum wasn’t designed taking into account zk incorporation many parts require a very long time for a zkEVM to prove. There is no current way to get around these inefficiencies unless with the creation of ZK-ASICs. 

ZK-EVM Community Edition is the most relevant type 1 zkEVM, currently under development by community contributors.

Type 2 (fully EVM-equivalent)

Type 2 zkEVMs try to be equivalent to the EVM but not equivalent to Ethereum. Different data structures cause these differences. It aims to be compatible with all Ethereum applications but adds minor changes to make it faster and easier to develop. Type 2 zkEVM is faster than Type 1 zkEVM because it eliminates a lot of the zk adverse cryptography that the Ethereum stack uses, but they are still relatively slow.

Scroll zkEVM and Polygon zkEVM are both trying to build a type 2 zkEVM but because there is a lot of complicated precompiles not yet implemented they are still considered type 3 zkEVM.

Type 2.5 (EVM-equivalent, except for gas costs)

Type 2.5 zkEVMs are very similar to type 2 zkEVMs, improving on time by using more gas. Changing other things will cause it to become a type 3 zkEVM.

Type 3 (almost EVM-equivalent)

Type 3 zkEVMs are almost equivalent to the EVM, some equivalence is sacrificed to improve speed and easier development on the EVM. Precompiles are removed from the EVM as they are harder to implement on the zkEVM. This change causes some applications to be incompatible and needs to be rewritten as they rely on the precompiles or other changes on the EVM

Scroll zkEVM and Polygon EVM are type 3 zkEVM but they are trying to implement precompiles to move into type 2.5 and type 2.

Type 4 (high-level-language equivalent)

Type 4 zkEVMs forfeit the goal to be EVM equivalent and compile source code written in a higher language to a language that is designed to be zk-SNARK friendly. This solution creates very fast proofs and cuts costs but introduces a lot of incompatibilities.

ZkSync is a type 4 EVM. Nethermind’s Warp project, solidity to Cairo compiler, will turn StarkNet into a de-facto type 4.

Polygon zkEVM

We are reaching the end of the article, this article was written to celebrate Polygon zkEVM testnet launch on the 10th of October. Big de-fi projects like Uniswap and AAVE joined the testnet and are looking into the option of implementing it on the mainnet. 

As briefly stated before Polygon implements both STARK and SNARK structures to maximize benefits from both worlds. EVM bytecodes are compiled into micro opcodes, firstly STARK is used to prove the transactions (faster proofs, O (N * poly - log(N)) then a SNARK circuit is used to verify the proof generated by the STARK circuit, and then submitted to the Ethereum network (smaller file size), we can consider that we are submitting a proof of proof.

A Comparison with other zkEVMs

Scroll is the zkEVM most closely resembling polygon EVM. It wants to fully map the Ethereum opcode to the zkEVM. This would allow Ethereum native smart contracts to be fully executed without modifying the bytecode. The major difference is that it doesn’t try to implement both STARK and SNARK, using only SNARK technology.

The other major competitor is zkSync, a type 4 EVM, it uses an intermediary language and the bytecode is completely different and designed for its zkVM(not related to Ethereum). It is also only using SNARK.

Closing thoughts

Zk-rollups can become the most used rollup solution with the development of zkEVM which allows smart contracts to run on the EVM. It will eventually overtake optimistic rollups as they are more secure and user-friendly.

EVM is considered a legacy and obsolete system compared to newer L1 blockchains that are being developed. A switch to a zkEVM and a migration of the whole ecosystem to a zkEVM rollup-based ecosystem will greatly enhance performance and security. It is currently an arms race to see which solution can reach the developers faster and be implemented the fastest. 

However, we cannot conclude that whoever wins the race will be crowned as the champion, more often than not technology is not only enclosed in its own bubble. Users are the most important part of anything, beautiful code and clever design shouldn’t be the end goal, but rather solving problems and providing value. Why are Google Play and App Store the leading stores with the number of apps? Simple answer: User. Developing for those platforms simply reaches more users even if Amazon App Store might have better features for the developers and easier development. Developers will mainly develop for Google Play and then develop for the Amazon App Store if they have excess time left (both are available for Android devices). Bottlenecks in blockchain technology are usually never technical ones, but rather depend on the widespread adoption of it, Polygon zkEVM will also depend on its users.