Since the beginning of this year, ZK (Zero-Knowledge Proofs, zero-knowledge proof) is undoubtedly one of the most frequent industry words we have seen. Whether it is Vitalik's remarks that ZK will become a major technological revolution in the future, or the latest progress of projects such as StarkWare and zkSync, the ZK narrative is highly anticipated in 2022.
The research on zero-knowledge proofs was first proposed by MIT professors Shafi Goldwasser, Silvio Micali and cryptography master Charles Rackoff in an academic paper in the 1980s - "Knowledge Complexity of Interactive Proof Systems". Through zero-knowledge proof, the prover can prove the authenticity of the information to the verifier without revealing the information itself. Twenty or thirty years ago, the brain hole of this computer theorist was considered "unreliable" by the outside world. In the past ten years, ZK technology has developed rapidly, and the ideas in the original paper are becoming a reality.
From a technical point of view, ZK is an agreement between the prover and the verifier. The prover can let the verifier confirm that a certain proof is valid without revealing any information other than the proof itself. This is the "zero-knowledge" part of the proof - there is no knowledge or information to support this proof, other than the proof itself. That's why this technology is all the more important.
From an application point of view, ZK has two very important directions:
Privacy - ZK achieves the privacy of information. In a transaction, if you need to prove that you have some unspent asset, but you don’t want to expose the entire source and whereabouts of the asset, ZK can solve the information leakage caused by transaction transparency in blockchain platforms such as Bitcoin, such as transfer address and amount;
Scalability - if a block takes a long time to verify directly, one person can verify and generate a proof instead, and other people in the network can quickly verify the proof, instead of everyone taking a long time to direct verification;
There are two main types of ZK: zkSNARK (succinct non-interactive zero-knowledge proof) and zkSTARK (succinct fully transparent zero-knowledge proof). The concept of zkSNARK was first proposed by scholars in 2013, and it is now relatively mature. Zcash is the first blockchain project to apply zkSANRK technology.
ZK technology has been used in major Rollup solutions to solve the scalability and high handling fee problems of Ethereum. StarkWare, zkSync (from Matters Lab), Aztec, Loopring are currently the main players in the zk-rollup field.
How to better understand the significance of this cryptography technology? We need to start with consensus. The economics behind high transaction costs on Ethereum is consensus: consensus must be expensive, because cheap consensus is not trustworthy.
Assuming that there are 10,000 nodes, each node does the same calculation, so the results are very reliable, and the consensus results will not be affected by the dishonesty of a small number of nodes. This is why the blockchain can be decentralized - to build trust through algorithmic means.
However, the cost of consensus lies in the repeated calculation of 10,000 computers, which is 10,000 times more expensive than on 1 computer. This is the biggest problem of all consensus protocols, whether it is PoW or PoS.
And ZK is a way to reduce costs in essence - we can run calculations on one computer, and other computers use cryptography to verify the reliability of calculations, and there is no need for repeated calculations. On expensive chains such as Ethereum, verifying the correctness of calculations is cheaper and saves gas than repeated calculations.
This is why everyone is optimistic about zk-Rollup. zk-Rollup is built on the L1 main chain. It packages multiple transactions into one and submits them to the Ethereum main chain, and is quickly verified by the main chain through zero-knowledge proof (SNARK or STARK), instead of letting the main chain process each transaction separately. In this way, the size of each transaction will be compressed, and the cost of zero-knowledge proof verification will be allocated to each transaction, thus saving Gas fees and improving TPS.
Privacy is another important application area of ZK. From the perspective of information theory, privacy is a problem of information leakage. To ensure privacy on the chain, the data on the chain must be encrypted through cryptography solutions, so that there is no correlation between each transaction record on the chain. Through ZK, calculations can be verified without revealing any information about the input and the calculation itself, which is currently the only tool that guarantees privacy on the chain from cryptographic means.
A very important point in the concept of Web3.0 is that users truly own their identity and data ownership. At present, all information on the blockchain (addresses, transfer records, etc.) is public, and user information can be easily obtained through machine learning and big data mining. And nothing less. Although blockchain users do not currently have a broad and strong sense of privacy, if they want to realize the vision of Web3.0, people must have the power to have their own privacy on the chain. It may not be required, but it must be optional.
In order to improve the privacy leakage problem in the blockchain network, in 2014, several cryptography experts used zkSNARK on the basis of Bitcoin code to create Zcash, the first blockchain project that can achieve complete anonymity. zkSNARK can verify the legitimacy of transactions without revealing any sensitive data (amount, address, etc.), providing users with a higher level of privacy when using encrypted assets for transactions.
Zero-knowledge proof is first and foremost a cryptographic protocol. One party (the prover) can convince the other party (the verifier) that he knows the solution to a mathematical problem without disclosing the solution.
In private transfers, proofs need to be created to verify that "a previously unspent asset is sent from one user's address to another, their hidden account addresses are updated with corresponding balance changes, and the asset It will not be spent by the first user.” Zcash can anonymize user and transaction information as much as possible, while at the same time, the transaction can still be effectively verified by the network consensus.
Certain conditions must be met for anonymous transactions to proceed smoothly. For example, Zcash requires users to issue a "commitment" and a "nullifier".
Commitment refers to the unspent balance on the Zcash chain. Just like the Bitcoin network, nodes on the Zcash network maintain individual account balances to prove that funds are available to spend. If a user wants to send ZEC, they need to issue a commitment to prove "Look, I have this money" (however, the exact amount will not be announced). The nullifier is used to indicate that the same amount of funds has been reserved.
If Alice wants to send Bob a sum of ZEC, she needs to use a commitment to prove that she has the right to use the funds, and she needs a nullifier to prove that these amounts of money have been reserved for Bob (of course, without revealing Bob's identity under the premise). The transaction sender encrypts the private information and puts it directly into the transaction chain, and the receiver decrypts it in a certain way to obtain the private information.
Anonymous transfers rely on hash encryption like Bitcoin, but zkSNARKs add a privacy layer on top of it.
zkSNARK can not only be used for anonymous transactions between encrypted assets, but also can be used to help more and more applications achieve privacy. In the Web3 era, we have seen the explosion of DeFi, NFT, GameFi, SocialFi and other application layers, and the behaviors on the chain are becoming more and more abundant. Simple anonymous transfers can no longer meet people's needs for privacy.
Imagine that based on ZK technology, many bold ideas can become possible. For example, the completely decentralized private message board allows users to prove their credibility without revealing their specific identities: "I am a US official", "I am a Twitter KOL with 100,000 fans"; We can also hide the player's location in the MMO game on the chain, and achieve a truly decentralized "cryptographic fog of war". Similar things are already being done by Dark Forest. There are many other examples like this, and you can use your imagination to your heart's content. But as some people have predicted, the next generation of Ethereum dapps may not be improvements on the basis of the original application, but from something new that has never been seen before.
Of course, ZK technology is still in its early stages, and there are still many areas worthy of exploration and improvement, but it is foreseeable that more and more blockchains will run ZK verifiers on the chain in the future.
Due to the high difficulty of ZK technology, there are not many projects that use ZK technology to solve blockchain privacy issues. We are familiar with ZCash, TornadoCash, Aleo, etc., and Manta is the first zkSNARK-based Web3 privacy in the Polkadot ecosystem. Protection projects, Manta's main products include MantaPay, a private payment, and MantaSwap, a private AMM DEX.
With the help of interoperability between Polkadot parachains, MantaPay can convert Polkadot and parachain assets into privacy assets, so that users can enjoy the anonymity brought by privacy assets while using various encapsulated stablecoins, BTC and other assets .
MantaPay's private payment products are very different from the current decentralized applications based on smart contracts on Ethereum. Manta Network itself is a network layer that provides more flexibility in terms of speed, cost and functionality. Manta has its own UTXO-based wallet address system, and users can store, transfer and exchange private assets, which can achieve comprehensive privacy in the true sense. For example, a user can send 10 and 2 privacy DOTs to different people respectively. On Tornado Cash, a private transaction can only be extracted as a public transfer and cannot be dispersed.
In addition, Manta's fee structure is not limited by the ETH POW consensus, but as a network layer specially established for private transactions, which can provide users with a lower-cost transfer experience.
MantaSwap, a privacy exchange protocol based on AMM and zkSNARK, can complete decentralized transactions between private assets similar to Uniswap and Curve while satisfying the privacy of transaction addresses. (For more introduction about MantaSwap, please refer toWhy do we need a private version of Uniswap?)
Manta Network is committed to building a better Web3 world through privacy protection. Manta's product design starts from first principles, and provides end-to-end privacy protection for blockchain users through leading cryptographic architectures such as zkSNARK. While protecting privacy, Manta is interoperable, convenient, high-performance and auditable, allowing users to conduct private transfers and transactions between any parachain assets. Manta's vision is to provide more convenient privacy protection services for the entire blockchain world.
References:
【1】The Knowledge Complexity of Interactive Proof Systems
By Shaff Goldwessar, Silvio Micali, Charles Rackoff
【2】Privacy Coins and zk-SNARKs: How Do They Work?
https://decrypt.co/resources/privacy-coins-and-zk-snarks-how-do-they-work
【3】Six Moonshot ZK Applications
https://gubsheep.substack.com/p/six-moonshot-zk-applications
About Manta Network
Manta Network is committed to building a better Web3 world through privacy protection. Manta's product design starts from first principles, and provides end-to-end privacy protection for blockchain users through leading cryptographic architectures such as zkSNARK. While protecting privacy, Manta is interoperable, convenient, high-performance and auditable, allowing users to conduct private transfers and transactions between any parachain assets. Manta's vision is to provide more convenient privacy protection services for the entire blockchain world.
Manta's founding team consists of multiple cryptocurrency veterans, professors, and academics whose experience includes Harvard, MIT, and Algorand. Manta’s advisors include Hypersphere Ventures co-founder Jack Platts, Polychain partner Tekin Salimi, former Web3 Foundation co-founder Ashley Tyson, Consensys’ Shuyao Kong.
Manta's investment institutions include Polychain, ParaFi, Binance Labs, Multicoin, CoinFund, Alameda, DeFiance, and Hypersphere, etc. Manta is also a grant recipient of Polkadot's official Web3 Foundation, a member of the Substrate Builder Program, and a member of the Berkeley University Blockchain Accelerator.
Telegram Chinese: https://t.me/mantanetwork_zh
Manta:https://manta.network/
Twitter:https://twitter.com/MantaNetwork
Medium:https://mantanetwork.medium.com/
Telegram:https://t.me/mantanetwork
Telegram Chinese: https://t.me/mantanetwork_zh
Discord:https://discord.gg/ZtSuSKRy8X
