Introduction
This article does not focus on the technical details of ZK technology, but on describing the application direction of ZK as much as possible. The iteration of ZK technology is still in progress, but the implementation of technology needs to be carried by applications. We will start from the applications closest to users The layer gradually penetrates into the underlying EVM, L2, cross-chain bridge and public chain.
first level title
Brief History
In 1985, Goldwasser, Micali and Rackoff proposed the Zero-Knowledge Proof model for the first time. To be precise, this is an interactive zero-knowledge proof model, which allows multiple interactions between the two parties without exposing the premise of the information itself. Next, verify the authenticity through specific techniques.
In 1991, Manuel Blum, Alfredo Santis, Silvio Micali, and Giuseppe Persiano proposed non-interactive zero-knowledge proof, which is known as a non-interactive proof method, that is, under the condition that only one final verification is performed between the two parties , to verify the authenticity of the information,
The progress brought about by non-interactive zero-knowledge proof is huge. First, the number of interactions between the two parties is reduced to a fixed time, so that offline verification and public verification can be carried out. The former lays the foundation for the effectiveness of Rollups, and the latter is a coupling area The broadcast mechanism of the block chain can avoid the waste of resources caused by multiple calculations.
The Zcash that appeared later was also the first time that the SNARKs technology route was used on a large scale. A separate privacy coin became a bridge between peoples ZK technology and the blockchain.
first level title
Generalization of ZK technology: starting from a dedicated L2, but will eventually shine on the entire blockchain
It is appropriate to describe zero-knowledge proof technology as a late bloomer. Such a cryptographic algorithm that originated in the 1980s did not really begin to come into play until 30 years later. With the advent of algorithmic privacy coins, ZK technology has also begun to combine more with blockchain technology.
At this time, Ethereum is still struggling on the edge of survival, but expansion is already a long-term planning idea. With the de facto failure of the Plasma solution, Ethereum began to turn to the Layer 2 Roll up solution. ZK also experienced SNARK, PLONK and STARK And other more engineering iterative versions have built the ZK Roll up family that is now ecologically prosperous.
Privacy and scaling, Tornado Cash and L2, respectively, have become equivalent to the use and practice cases of this technical term.
image description
image description
Image credit: R 3 PO
These three requirements conflict with each other. The better the compatibility, the better the compatibility needs to be calculated off the chain to improve the performance; the pursuit of decentralization requires as much verification as possible on the chain, which will reduce the performance and increase the cost of compatibility; if we want to achieve the best Good compatibility will lose verification performance.
first level title
image description
image description
Image credit: R 3 PO
In The Three-Body Problem, Yun Tianming conveyed three rules of survival in the dark forest to the earth compatriots through three fairy tales familiar to the Trisolarans:
Surrendering, hiding oneself, and artificially lowering the level of civilization are tantamount to issuing a safety statement to the hunters lurking in the forest;
Run the road, develop the curvature engine technology, and get rid of the fixed thinking that the earth is home, where the earth is home;
Fight, develop interstellar civilization, and beat the Trisolarans to the ground. If you meet a stronger civilization, you will be stronger when you meet the stronger;
image description
image description
Image source: L2Beat.com
ZKs information package knowledge feature is very suitable for inter-chain communication, cross-chain DEX and other fields that require encryption of knowledge, but information transmission needs to be open.
Let’s take Loopring as an example. Although it calls itself L2, it is a specific L2 solution that focuses on transactions and payments. It uses the zkSNARKs route. According to its official documentation, it puts more verification work off-chain , the verification information stored on the chain should be as concise as possible.
For the highest throughput, we only support off-chain balances. These are balances stored in Merkle trees. Users can deposit and withdraw tokens to our smart contract and their balance will be updated in the Merkle tree. In this way, we can transfer tokens between users by updating the Merkle tree off-chain, without the need for expensive token transfers on-chain.
The advantage of this is that a ZK solution that can work in a specific field is designed. In essence, it uses ZK technology to use Roll up as a single application solution. The real development of this model is to use dYdX developed by StarkEx, which has become a derivative track faucet.
first level title
ZK Rollup: The midpoint of the dream
image description
image description
Image credit: R 3 PO
The L2 Rollup track is neither the underlying public chain nor the upper-layer application, and it exists very strangely in the overall encryption structure. Correspondingly, Ethereum is actually the only one, and the rest of the public chains are essentially Ethereum. Squares pending compatibility chain.
L2 is not exclusive to Ethereum. In theory, Bitcoin’s lightning network is also a kind of L2, but only Ethereum’s L2 can be called a track. Chain, Optimistic Rollup, ZK Rollup and other routes; from a horizontal perspective, ZK Rollup alone also develops the differences between ZK VM and ZK EVM, SNARK and STARK. The intuitive performance is that there are many projects and different opinions.
But in essence, Rollup is the basic narrative of the sub-public chain level. Its own operation cannot directly make profits, but depends on the functions and ecological effects of applications on it. For example, zkSync focuses on Gitcoin transfer payment, and dYdX relies on StarkEx The built application chain is proving the similarity of the public chain of the rollup narrative.
first level title
zkSync: Towards an EVN Compatible ZK Snark Solution
Basic Information:
Developed by: Matter Labs
TVL: 52 M, 170 M (maximum)
Transfer fee: 0.1 U
Technical Paradigm: ZK-SNARK
Team information:
Alex Gluchowski Co-founder and CEO
Danil Lugovskoi Senior Software Engineer
Funding History:image description
image description
image description
image description
Image credit: @ZK_Daily
Ecological panorama:At present, there are a total of 70 + applications. After 2.0 is launched, compatibility with EVM features may lead to a further increase in the number of applications
ZigZag:The order book DEX based on zkSync is an earlier DeFi application that supports zkSync.
ZigZag is a decentralized non-custodial order book transaction protocol. Since zkSync is an expansion solution based on the ZK Rollups architecture, it only transfers calculations and state storage to the off-chain. In simple payments, transactions and other application-specific ZigZag has an advantage in use cases and can provide users with transaction services with close to zero fees. At the same time, ZigZag also provides services such as bridges and NFT markets (not yet online).
ZigZag first received a donation of US$100,000 in October last year, and launched three trading pairs of ETH/USDT, ETH/USDC, and USDC/USDT on zkSync 1.0 in the same month. According to the Gitcoin donation page, ZigZag also received donations totaling nearly $300,000, making it one of the most popular projects in Gitcoin’s 12th round of donations at the time.
The ZigZag bridge service is another core product of the project, which currently supports asset exchange between Ethereum and zkSync, and also launched a cross-chain bridge from zkSync to Polygon.
ZigZag will also launch an NFT market on the zkSync mainnet before.
ZigZag also established the ZigZag DAO when it announced the launch of the token, and then the DAO will determine the possibility of token use cases, revenue sharing, etc.
secondary title
zkSync 1.0
zkVM compatibility level, mainly used for payment and transfer, the most successful use case is to support 98% of Gitcoin donation channels.
secondary title
zkSync 2.0
zkEVM will be fully supported, zkSync 2.0 will be launched on the main network within 100 days, and ZK proofs for EVM smart contracts in real-time production environments will be launched in autumn.
2022.10.29 Ethereum Layer 2 expansion solution zkSync released the 2.0 mainnet Baby Alpha version
2022.10.18 zkSync, the Ethereum Layer 2 expansion solution, has completed Milestone 3: Proof Merging (Milestone 3: Proof Merging), and released the zkSync end-to-end validator on the test network. Through the integrated validity proof, zkSync 2.0 is officially launched on Running zkEVM on the public testnet and will demonstrate a fully working ZK-rollup 11 days before the mainnet launch.
2022.9.7 Ethereum Layer 2 expansion solution zkSync 2.0 mainnet open project registration
2022.8.31 The zkSync 2.0 testnet has completed the dynamic fee upgrade, which is currently estimated based on the expected system resources required and charged based on actual usage. The dynamic fee upgrade includes a new fee model, abstract support for Paymasters accounts, and EIP-1559 support, and other updates include Vyper programming language support, zkEVM compatibility improvements, Hardhat compiler plugin binaries functionality.
2022.5.25 Layer 2 cross-rollup bridge Orbiter Finances test network added support for Ethereums second-layer solution zkSync 2.0.
2022.3.10 zkSync upgrade version 2.0 portal, including support to pay Gas fees with any ERC 20 tokens not limited to ETH, adding block explorers, etc. Users can apply for test tokens for trial use.
first level title
StarkNet: After dYdX ran Cosmos, StarkNet wrote ZK-EVM with Cairo
Basic Information:
Publisher: StarkWare
TVL: 1.26M, 1.5M (highest)
Technical paradigm: ZK-STARK, ZKVM mode, its own programming language Cairo is not compatible with solidity, but optimized to write ZK-EVM
main products:
StarkEx, a ToB service, provides dedicated Rollup technology services for each application. It has been officially launched on the Ethereum mainnet since 2020. It is relatively mature, and the most typical representative is dYdX.
The general-purpose L2 StarkNet can deploy any smart contract, unlike StarkEx, which requires custom development for specific applications. StarkNet was launched on the testnet in June last year and the Ethereum mainnet in November last year.
image description
image description
Image source: L2BEAT.COM
Team information:
Lianchuang and Chairman Eli Ben-Sasson received a Ph.D. in Theoretical Computer Science from Hebrew University in 2001, specializing in cryptography and zero-knowledge proofs. He is one of the inventors of the STARK proof system and has participated in the establishment of several encryption projects, including Zcash. Prior to co-founding StarkWare, Eli was a professor of computer science at the Technion-Israel Institute of Technology.
Lianchuang and CEO Uri Kolodny received a bachelors degree in computer science from Hebrew University and an MBA from MIT Sloan. Uri is a serial entrepreneur who has co-founded several technology companies, including OmniGuide, a medical device company, and Mondria, a big data visualization development tool. Previously, Uri served as an EIR (pre-entrepreneur-in-residence) in two Israeli VCs, and also worked as a McKinsey analyst.
Lianchuang and its chief architect, Dr. Michael Riabzev, is a doctoral student led by Eli Ben-Sasson and a co-inventor of the ZK-STARK protocol.
Lianchuang and Chief Scientist Alessandro Chiesa, and Eli Ben-Sasson co-founded Zcash and teach at the Department of Computer Science at UC Berkeley.
Funding History:A total of $225 million in financing has been raised.
Brief evaluation:
STARK technology is difficult to develop, but it has broad prospects and is resistant to quantum attacks. This is the main reason why its TVL is low but it can obtain huge financing;
The departure of dYdX caused serious damage to it, but MakerDAO and Aave will continue to deploy in the future. In the long run, it is suitable for applications with unique requirements on security;
StarkNet can carry a large amount of calculations, which is very beneficial for developing games, such as @LootRealms, @TheDopeWars, etc. are preparing to go online;
In the end, StarkNet wrote the first ZK-EVM for the first time, earlier than any solidity-compatible L2 competitor. StarkWare will also open source its programming language Cairo 1.0 in Q1 of 2022. The first version of the Cairo 1.0 compiler is planned for Available early Q1 next year, with a focus on supporting all existing features of StarkNet in Cairo 1.0.
Ecological development:
On November 29, StarkNet announced its Mainnet alpha upgrade to v 0.10.2 and released a performance roadmap.
Major progress will include sequencer parallelization, a new Rust implementation of Cairo-VM, a reimplementation of the sequencer in Rust, and the roadmap is geared towards improving TPS.
image description
image description
first level title
dYdX runs to the application chain
dYdX will develop a decentralized off-chain order book and matching engine, and transfer from Ethereum to dYdX-specific application chain, and plans to open source dYdX V 4 by the end of this year.
The derivatives trading protocol on Ethereum currently realizes expansion and low-cost requirements through StarkEx on StarkWare. However, in June 2022, dYdX announced the V 4 plan, which will use the Cosmos SDK and Tendermint to develop its own application chain.
Messari statistics show that Uniswap and dYdX account for 44% and 38% of the DEX market, respectively.
Regarding why it left the Ethereum ecosystem, dYdX mentioned that the team is not satisfied with the current transaction speed of 10 transactions per second and the order/cancellation performance of 1000 transactions per second, and expansion needs to build a centralized off-chain order matching system, which is different from The positioning of dYdX decentralized exchange does not match. Therefore, in V 4, dYdX will build a decentralized off-chain order system, taking into account both performance and concept.
first level title
Immutable: L2 on L2
Founded in 2018, Immutable owns the NFT trading card game Gods Unchained and the NFT expansion solution ImmutableX (using StarkWare solutions) specially designed for Web3 games, and promotes the development of the NFT world through the NFT game development studio Immutable Studios.
Immutable X adopts the Validium data storage scheme because transaction data is stored through an off-chain solution called a Data Availability Committee, rather than being stored entirely on-chain.
Immutable X is an expansion solution for NFT on Ethereum. It uses StarkWares solution. Immutable X can be regarded as an NFT market and a Layer 2 chain at the same time. Immutable X plans to deploy some projects on StarkEx to achieve complex DeFi interactions and composability.
When understanding Immutable X, it is necessary to distinguish the relationship between the Immutable X platform, the Immutable X market, and the Immutable X token. The Immutable X platform is the core infrastructure that allows users to deposit, withdraw, mint, and trade on Layer 2; the Immutable X market allows users to mint and trade NFT without Gas, developed by Immutable and provided by Immutable X to provide underlying technical support; Immutable X generation Token (IMX) is an ERC-20 utility token of the Immutable X protocol, used to reward users for their contributions to the platform.
first level title
Polygon Hermez
Strictly speaking, the combination of polygon and hermez constructs an L2 solution, and the difference between polygon and ploygon Hermez will not be strictly distinguished below.
Basic Information:
Producer: iden 3 + polygon
TVL: 309k, 29M (highest)
Technology paradigm: ZK-SNARK, zkEVM will be launched soon, Polygon will integrate after acquisition to build a unified L2 solution.
Main composition:
On July 20, Polygon Hermez officially released and open sourced the first EVM equivalent ZK L2 (ZKR).
The key components of Polygon zkEVM Rollup are: PoE consensus algorithm, zkNode, zkProver, STARK and SNARK Proof Builder, Rollup cross-chain bridge.
PoE consensus algorithm: In order to improve security, efficiency, and decentralization, the PoE algorithm replaces the PoD algorithm of Hermez 1.0. PoE can be combined with PoS to ensure the decentralization and efficiency of Polygon zkEVM Rollup block generation. Any miner running zkNode can become a Sequencer, and any miner running zkNode and zkProver can become an Aggregator. Among them, the gas fee of the miners right to generate blocks will be traded using $MATIC.
zkNode: zkNode is the software that any miner who wants to participate in the Polygon zkEVM Rollup network needs to run. zkNode will perform tx synchronization, sorting, and verification. In addition, if you just want to know the running status of the network, but not participate, you only need to run a read-only node without running a zkNode.
zkProver: zkProver is the software that any miner who wants to participate in the Polygon zkEVM Rollup network as an Aggregator needs to run. zkProver, as the name suggests, is a prover that generates zk proofs. In essence, zkEVM is a state transition represented by a polynomial, and zkProver includes a Main SM Executor and multiple Secondary State Machines to prove the state transition.
STARK and SNARK Proof Builder: The two Proof Builders will generate STARK and SNARK proofs. STARK (PIL STARK) generates proofs for the satisfaction of the polynomial constraints of state transition batches, while SNARK (SnarkJS) generates constant size proofs for the construction of STARK proofs, which can be published on the chain at a lower cost.
image description
image description
Image credit: Polygon
Funding History:
In August 2021, Polygon acquired Hermez Network, an Ethereum ZK Rollup expansion solution developed by iden 3, for US$250 million, renamed it Polygon Hermez and incorporated it into the Polygon ecosystem.
Brief evaluation:
This is the first time a blockchain network has merged with another blockchain network, proving the technical capabilities of both teams;
Taking into account both performance and efficiency, through models such as POE, try to improve compatibility without increasing the burden on developers;
first level title
Aztec: Privacy + DeFi + L2 Three Flowers Gathering
Basic Information:
Issuer: Aztec
TVL: 3M, 14M (Maximum)
Technical paradigm: ZK-SNARK, underlying proof system PLONK
Features:
Focusing on the privacy field, it does not belong to L2 in the usual sense of building low gas fee scenarios for other applications, but more like using L2 technology to ensure privacy;
There are fewer defi products on it, and more of them are responsible for anonymous transfers on the chain similar to Tornoda Cash. Currently, only zk.money can illustrate this point;
In order to ensure privacy, there is the option of a single package certificate, which will obviously increase the gas fee, and multiple packages are not as convenient as other L2 solutions;
image description
image description
Image source: L2BEAT.COM
Team background:
CEO Zac Williamson, Ph.D. in particle physics from Oxford University, one of the inventors of PLONK, worked as a physicist at CERN (European Nuclear Research Center) and T 2 K (a particle physics experiment in Japan).
Joe Andrews, CPO product director, holds a bachelors degree in materials science from Imperial College London, and worked as CTO at Radish, a catering startup in Silicon Valley.
Chief scientist Ariel Gabizon, Ph.D. in computer science from the Weizmann Institute in Israel, worked as a researcher and engineer in Zcash and one of the inventors of PLONK.
Funding History:A total of two rounds of financing have been completed, with a total of 19.1 million US dollars of financing. It should be noted that the time between the two financings is very long, and the team is still very patient.
Development History:
2022-09-16 Aztec Network has completed a partial integration with the revenue protocol Yearn. Currently, users can deposit from Aztecs ZK Rollup to Yearns DAI and ETH treasury.
2022-09-09 More than 6 million DAI have been deposited in Aztec Network, 1900 Rollup transactions have been generated on the network and there are more than 110,000 accounts.
2022-08-16 The private multi-signature protocol Nucleo has started internal testing on the ZK Rollup-based privacy and expansion solution Aztec Network, using multi-signature and zero-knowledge cryptography technology, allowing users to conduct private transactions and private DeFi by viewing the key , private fundraising and other operations, and have auditability.
2022-07-07 Aztec Network announced the launch of Aztec Connect, a decentralized zero-knowledge network with native smart contract privacy. Aztec Connect enables anyone to add privacy to Ethereum applications through two easy-to-use tools, the bridge contract (an interface that connects Ethereum smart contracts to Aztec Rollup) and the SDK (a front-end toolkit) . In addition, Aztec has also relaunched zk.money as a privacy DeFi aggregator, allowing anyone to use DeFi applications such as Lido, Curve, and Element, Aztec said, complete privacy and cost savings of up to 100 times.
2022-03-25 In the updated SDK, the number of internal Rollup proofs is increased, and a final submitted Rollup proof can contain 896 transactions.
2022-02-28 Aztec has put forward a proposal to integrate with Compound. Aztec plans to use zkRollup to process user transactions in batches to reduce the gas cost of operations such as user deposits on L1.
Product Architecture:
Aztecs product system is: based on the underlying PLONK certification system, it realizes anonymous transactions between accounts, and realizes private interactions with Defi projects through the grafting of gateway contracts.
Privacy Architecture:
UTXO model is used to ensure privacy. In Aztecs data structure, the state of all notes is stored in two Merkle Trees, one of which is the note tree (note tree), which stores all generated notes, and the other is the nullifier tree ( Abandoned tree), which stores all destroyed tickets.
first level title
Scroll: the most compatible general-purpose L2 supported by the Ethereum Foundation
Issuer: Scroll
Test network status, no data yet
image description
image description
Financing status:
Financing status:According to the founder, the financing has been completed by the end of 2021, and the official announcement was made in April this year.
team member:
Ye Zhang: Undergraduate at Peking University. He has been working on ZK proofs since 2018. Before that, he mainly studied zk proof hardware acceleration and zk cryptography algorithm principles. Later, his Ph.D. was also in the direction of zk, but now he has quit and is working on Scroll full-time. matter.
Sandy Peng graduated from the University of Cambridge and worked in the Hong Kong Securities Regulatory Commission in research. In 2017, he began to work in the investment of Web3 projects. Currently, he is in charge of BD, financing, ecology and other matters at Scroll.
Haichen Shen studied in Yaoban, Tsinghua University as an undergraduate, and graduated from the University of Washington with a doctorate. His doctoral research direction is biased towards the field of underlying systems (including GPU, PL, compiler and other cross-cutting directions). After graduation, he worked in Amazon to build machine learning systems and other aspects.
Features:
Scroll will be more similar to Ethereum’s native execution method. Scroll block nodes will directly reuse the code of Ethereum’s first-level nodes. Scroll’s bytecode-level compatibility can fully adapt to various upgrades of Ethereum, including code upgrades such as EIP
Scroll will work closely with the Ethereum Foundation, because many codes are jointly developed by us, and they may directly use this set on the Ethereum network in the future.
Development progress:
The pre-alpha testnet already has some pre-deployed applications. For example, the Uniswap v2 contract can already be deployed on the testnet, allowing users to perform some functions such as transfer between L1 and L2, swap and other user-level interactions. However, it is currently only open to users who have joined the whitelist.
The alpha testnet allows anyone to interact on the test network without permission. In addition, developers can also deploy contracts on the network without permission. The alpha-testnet is expected to be launched in the near future.
The complete testnet is expected to be launched by the end of this year. At that time, it will support the generation of a complete test proof (proof). The current proof part has included most of the opcode and storage read and write access, and some remaining circuits are still under development due to the progress of the project. gradually improving.
Intuitively understand the difference between the two, mainly because Scalability (scalability) is the focus of STARK, which is oriented to more traditional high-concurrency and low-latency scenarios, and its security will be higher, such as games, social, NFT and other directions. Its overall development is very difficult.
first level title
ZK-EVM: compatible with everything
Will another public chain replace Ethereum?
At present, it seems that Ethereum is a special existence without rivals. The competition of public chains other than Bitcoin lies in ecology, not in specific technical indicators such as TPS. Although the PoH (proof of history) mechanism adopted by Solona ensures thousands of TPS, However, the degree of decentralization cannot be guaranteed. Frequent downtime is obviously more expensive than Gas Fee. Downtime is a problem of user experience, and expensive is a poor mistake.
With the fall of FTX, Solona, which was deeply bound to it, also brought disaster to Chiyu. The soBTC minted on it is essentially a promise. Whether there is BTC one-to-one support or not, it seems impossible to verify at present, in other words , the Solona DeFi ecosystem is close to extinction.
Solana was not defeated by the Move public chain from the same school, but died by the biggest stakeholder. From this point of view, it is no different from EOS, and will eventually become a dust of history.
After this battle, all public chains must seriously consider the compatibility with Ethereum. Whether it is Ripple’s sidechain compatible EVM route, or the Layer 2 ZK VM/ZK EVM dispute, it is a kind of challenge to Ethereum itself. Reinforcing effect.
The EVM and Ethereum development ecology is friendly enough for developers. Developers only need to develop for EVM once, and they can rely on the security of the Ethereum main network to ensure their own security and operating efficiency without having to think too much about the adaptation of other public chains. .
Solidity is not perfect, and EVM is not lacking in room for improvement, but as more and more public chains are compatible with EVM, just like the development of iOS, with the support of ARM chip architecture, it can be used directly on Mac, iPad and iPhone. Seamless flow, greatly reducing the workload of developers.
The EVM is compatible with the Solidity language level. Developers use the API provided by Infura to interact with the main network, and use Truffle to develop, test, and deploy smart contracts. The development kit is readily available to complete the adaptation of the EVM. After that, Dapp can run on any EVM-compatible public chain.
image description
image description
Source: vitalik.eth
ZK EVM, close to the original EVM mode of operation, the stronger the compatibility, but the performance will be severely limited, such as Scroll,
The difference between ZK VM and Ethereums native EVM is greater, the stronger the performance, the worse the compatibility, such as Polyon Hermez.
epilogue
epilogue
The development of Ethereum’s route has reached a critical moment. Turning left will lead to a modular route of horizontal expansion, and turning right will lead to a stacked pattern of vertical layering.
Under the current competitive landscape, TPS and EVM compatibility have become two must-haves. The Rollup route proves that the efficiency of ZK can take into account the security of the public chain level and the proof speed of L2.
However, in terms of EVM compatibility, to what extent it is compatible with Ethereum has become a dilemma. High compatibility will lead to a performance crisis, but reduced compatibility will also lead to a security crisis. The Cario solution given by StarkWare is more suitable, but it also puts forward far more than general requirements for development capabilities.
In short, it is currently the crossroads of Ethereum, and even the entire public chain structure. Let us wait and see where it will go in the future, and whether this will be the main theme of the next decade.
Disclaimer: There are risks in the market, and investment needs to be cautious. Readers are requested to strictly abide by local laws and regulations when considering any opinions, viewpoints or conclusions in this article. The above content does not constitute any investment advice.
Disclaimer: There are risks in the market, and investment needs to be cautious. Readers are requested to strictly abide by local laws and regulations when considering any opinions, viewpoints or conclusions in this article. The above content does not constitute any investment advice.