2019 has been a big year in the Zero Knowledge research space.
Great progress has been made on zkSNARKs, zkSTARKs – two well-known knowledge-proof cryptography protocols – universal configurations, optimizations, etc.
During the year, new protocols such as Sonic, Plonk, Slonk, Marlin, SuperSonic, Halo and Fractal were released. The month of September was nicknamed SNARKtember, followed by SNARKtober, SNARKvember and SNARKcember… the last 2 being names unfortunately less catchy, but no less stuffed with new research.
And alongside these technical advancements, a host of new use cases have emerged. Long heralded primarily as a method of ensuring confidentiality in cryptographic networks, Zero Knowledge Proofs (ZKP) are proving useful in solving a number of “Big Blockchain Challenges”. In fact, today we see the proposed ZKPs as a key to creating effective scaling solutions, as proofs of validity, for cryptographic verification or certification, as well as to make possible improvements to the system. interoperability between chains, storage and a host of other decentralized web components.
On the Zero Knowledge Podcast, we interview practitioners, researchers and engineers working on these systems every week. Below are some of the use cases that started to emerge through these conversations.
ZKP for privacy
I think right now we all agree that true privacy is at the heart of blockchain adoption, especially if the goal is to get businesses, small companies or even individuals use cryptocurrencies in their daily life.
ZKPs are well known for providing true cryptographic privacy to otherwise non-private blockchains. The first popular use of ZKPs in blockchain was to create private token balances, as well as to protect transactions and general blockchain activity from outside observers. The Zcash armored token model is probably the most well-known version of this. In Zcash, zkSNARKs allows you to move your tokens from a transparent state to a protected private state, where only you can track your activity and see your balance. In protected accounts, you can also transfer tokens privately.
Another more recent example is ZKP powered mixers that live on another existing blockchain, such as Tornado.cash and Miximus built on Ethereum. In the Miximus case, a user makes an ETH deposit in a smart contract, creating a one-time commitment in a Merkle tree. To withdraw, the user provides proof of his knowledge of his unique undertaking (the secret) using a ZKP but does not reveal this undertaking.
ZEXE, another specially designed privacy protocol that also has zkSNARKs at the core of its construction, is both private and programmable and makes verification of transactions constant. Unlike Zcash, there is no transparent (or not private) state. A key introduction with ZEXE is the ability to offer data confidentiality as well as what they describe in the document as “function confidentiality”, ie confidentiality regarding the purpose of a transaction. With most of the existing ZK constructs built on Ethereum using smart contracts, it’s easy to see if a particular transaction is for a private token versus a private DAO – so there’s no privacy feature.
With the Mixmus example above, there may be an additional loss of privacy due to the use of smart contracts which may expose information about a user’s gas payments. ZEXE addresses these issues and uses ZKPs to attest to the correctness of the transaction without revealing internal blockchain details.
The developers behind the AZTEC protocol, meanwhile, are also striving to provide this privacy feature over pre-existing non-private networks, their work making smart contracts themselves private. The goal is to make confidentiality programmable and therefore to make the purpose of transactions (as well as the underlying data) private – even when this happens on Layer 2.
ZKP for scaling / compressing
An interesting feature of a zero-knowledge proof is its ability to prove the validity of a data set. With this in mind, new scaling approaches were explored and attempted in 2019 using ZKP.
These currently fall into 2 camps: (1) using off-chain transaction sets written to the mainchain using ZKP or (2) using recursion – recursive SNARK aliases – to shrink the chain (and thus check it faster).
In the first category, we find ZK Rollup. In this plasma-like construct, there is a batch of off-chain transactions that must be committed on-chain. Unlike Plasma (or Optimistic Rollup), where the economic stake and the mechanics of game theory are used to get the parties to act correctly, the idea here is that the user is forced to prove, using d ‘zero-knowledge proof that his behavior is correct according to the protocol.
However, the ZK Rollup (as well as other ZKP constructs built using smart contracts) still has the downside of using zkSNARKs over general purpose computing, such as running EVM. It is a process that remains difficult and requires a lot of resources. That said, we are already seeing the ZK Rollup model as the basis for Matter Labs’ user-centric zkSync scaling protocol, used to create Decentralized Exchanges (DEX), as well as similar constructs using STARKs (au location of SNARK) as proof of validity. from the StarkWare team.
The second type of scaling is to reduce the chain using recursive SNARKs – that is, SNARKs combined and further reduced – while being validated – by a SNARK. These SNARKs are then further “Snarkified” until you have a superior SNARK that proves the validity of the multitudes of SNARKs it contains.
Essentially, you can use this technique to compress a blockchain into a single proof – which proves the validity of the underlying SNARKs (which in turn proves the validity of other underlying SNARKs, etc.). O (1) Labs is the company that mainly works on this technique, but we are also seeing this technique being tested at Filecoin and Zcash.
ZKP as verification / certification
Another property of ZKPs (especially when combined with other techniques such as MPC) is their ability to provide “selective disclosure”.
ZKPs can prove the existence of a secret without revealing it. In other words, some characteristics / characteristics of a secret can be revealed as “true” without revealing anything else. This selective disclosure could be incredibly useful in creating compliant systems.
For example, proving that some private information is the right kind of information, whether it is in a particular range, or is another set of data.
This is essential if we are to design compliant crypto systems, or more specifically, systems that follow a set of laws or require some sort of verification / certification.
As a concrete example, you can use a ZKP to prove that certain addresses can be found on a whitelist without revealing which addresses are tested or which are whitelisted. All that is disclosed is that the addresses match. But this concept can be exploited beyond cryptocurrencies or financial systems: it could also be used to improve or replace real-world certification systems.
Companies like Qedit and Findora are focused on developing these systems, but we’re seeing this use case popping up in the space, especially in projects involving more traditional corporate clients.
ZKPs in interoperability
The least explored (yet very exciting) use case for ZKPs is interoperability.
Building on some of the features that make ZKPs useful for scaling, these remain mostly research topics for now, but also reveal to us an even wider scope of the potential benefits of ZKPs. To think about how ZKPs could be used for interoperability, we look at compressing key building blocks in cross-constructs or using proof of validity between chains.
Here are some of the questions and ideas that we thought about: Could we use ZKPs to provide some privacy in the movement of tokens between chains? Could we take the “off-chain-to-chain” idea of ZK rollup but move the tokens from one chain to another with ZKPs as proof of validity? Could you use something like Bolt, which provides a lightning-like private build, to move things from one chain to another in private? Could ZKPs be integrated into a tBTC type construction?
One of my favorite examples of improved interoperability comes from Celo. Building on some advancements presented in the Zexe article, they used ZKPs and recursion to make thin clients lighter, i.e. compressing the size of the thin client so that they could potentially run on mobile. It would also have very good benefits for cross-chain builds, especially those that rely on thin clients and bridges.
So to conclude: As we look forward to new developments in the ZK space this coming year, we’re sure to learn more about the ways we can use ZKPs to add benefits to existing blockchains, and eventually uncover new features of this seemingly simple but deceptively powerful cryptography.
Thanks to Tarun Chitra, Rob Habermeier, Christopher Goes and Howard Wu for their contributions to this article.
Anna rose is the co-host of the Zero Knowledge Podcast, a show that covers Zero Knowledge research and the decentralized web. She is also the host of the biennial Zero Knowledge Summit
© 2021 The Block Crypto, Inc. All rights reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial or other advice.