Original title:ZKPs in Web 3: Now and the Future
Original Author: Mohamed Fouda, Qiao Wang
Original compilation: ChinaDeFi
Original compilation: ChinaDeFi
Zero-knowledge technology (ZK for short) is an enabling technology that will not only transform Web3, but other industries as well. It is a general purpose technology with a large number of use cases. We are in the early stages of figuring out all the use cases this technology can enable. Some obvious ZK use cases already have practical applications, such as enabling transaction privacy and data compression, aka Rollup. However, many potential use cases and technological advancements are still required for ZK to achieve mainstream adoption.
In this article, we will first review different applications of ZKPs. There will then be a discussion of what could enable the next phase of this technology, as well as ideas for some of the startups that could benefit from it.
ZKP application
Zero-knowledge proofs (ZKPs) have found a strong foothold in the crypto industry since their invention. ZKPs do have some "magic" that makes this technology very exciting. At a high level, ZKPs allow entities to prove to the rest of the world that they know a piece of information, or that they have correctly completed a task, without revealing that information or revealing the details of the task's execution. The magic math of ZK allows us to trust knowledge or trust that execution is complete by inspecting the resulting ZKP. Therefore, the first and most consistent use case for ZKPs is in privacy-focused encrypted networks. ZKP is also used to provide proof of validity of Ethereum L2 transactions on Ethereum L1 to introduce the concept of ZK-Rollup. Additionally, ZKPs have found other niche applications in different projects.
Privacy-focused payments and agreements
ZKP natively protects privacy, especially in a decentralized network that lacks a centralized institution that can serve as a source of truth. ZKP allows Web3 users (Provers) to prove to network validators (Verifiers) that their transactions are valid, while they do not need to reveal transaction details such as transaction amount, sender or receiver address.
ZKP was originally developed to support a covert function in the Zcash network, namely private payments, and has since been extended to other networks. Implementing a private payment network includes:
Privacy-focused L1: Zcash, Horizon, Aleo, and Iron Fish
Privacy Smart Contracts on Universal Chain: Tornado Cash
Privacy-focused L2: Aztec
ZK-Rollup Verification
Another major use case of ZKP is to generate Rollup validity proofs on the underlying L1. General Rollup decided not to use the privacy feature of ZKP, so that the throughput can be optimized, that is, more TXs can be proved. In this trade-off, ZKP is only used as a proof of the correctness of L2 transaction execution.
Generating ZKPs to prove the correct execution of arbitrary smart contracts is difficult since some general functions cannot be efficiently proven. Solving this problem requires specialized VMs that can be efficiently verified using the underlying ZK circuitry. Due to this complexity, ZK-Rollup initially only supports payments or a single application, for example, a DEX that can easily generate ZKP. Examples here include ZKSync 1.0 and Loopring. Since then, general-purpose zkEVM implementations have started appearing on the market, including Starknet, zkSync 2.0, Polygon zkEVM, and Scroll. Currently, all ZK-Rollups are on Ethereum, but it is possible to implement ZK-Rollups on other chains, including Bitcoin. However, implementing a Bitcoin Rollup would require changes to the Bitcoin opcode and hard fork the chain, which is generally unpopular with the Bitcoin community.
Other ZKP applications
Mina
In addition to privacy-focused applications and Rollup, we also found other applications in other blockchain protocols. This section describes these use cases.
Filecoin
Mina uses ZKP to compress the blockchain state to a small size (~22 KB). To achieve this, Mina uses recursive ZKPs, which are ZKPs of other ZKPs. When a block is generated in the Mina network, ZK-SNARK is used to generate a proof of the block to ensure its validity. When a new block references a previous block, the new block's ZKP validates all previous blocks while maintaining a constant size.
Celo Plumo
Filecoin uses ZKP to ensure that storage providers are correctly storing the data they claim to store. This process is called Proof of Replication (PoReb). During this process, storage providers generate ZKPs to prove that they are storing a unique copy of the data, that is, without reference to a copy maintained by another provider. Furthermore, using ZKPs reduces the storage provider's bandwidth requirements since the proof size is much smaller than the stored data.
Dark Forest
Celo Plumo uses ZKPs to create ultra-lightweight web clients that can be used on phones and other resource-constrained devices. Although the client is lightweight, it guarantees the correctness of the state it accesses.
Dark Forest is the most popular application in the field of ZKP games. While the use of ZKPs fits the privacy use case, its application to create games of imperfect information is indeed rather unique, going beyond the financial application of ZKPs in payment networks.
The development trajectory of ZKPs and their applications
Before 2016, ZKPs were only a research topic, discussed only in a few academic circles. This all changed when the Zcash founding team created the first production-ready implementation of a ZKP variant, ZK-SNARK, to support shielded/private transactions in the Zcash network. With real-world use cases, interest in ZKPs grew, resulting in better ZKP variants, which became the basis for many of the projects discussed in Section 1. However, further ZKP development is required for the technology to achieve mainstream adoption.
To understand how to improve this technology further, we can draw on similar technologies, such as artificial intelligence. In many respects, ZKP technology is similar to AI technology and is expected to follow a similar trajectory. Like ZKPs, AI starts out as a promising technology that can solve many problems. However, the original artificial intelligence algorithms were limited in power, and the computational complexity far exceeded the capabilities of existing hardware. This makes the development and use of AI applications slow and impractical, keeping AI confined to research labs. Improvements are now being made by inventing new architectures such as DNNs and leveraging GPUs to increase execution speed. This eventually led to breakthroughs such as AlexNet in 2012, which won the most famous computer vision competition, ImageNet, by a huge margin.
AlexNet was the beginning of the AI era, giving rise to current AI applications such as GPT-3, Dall.E 2, and Stable Diffusion.
The state of ZKPs today is similar to the state of AI in its early days, a promising technology that is still under active development, but is computationally intensive and takes too long to verify. From the experience of AI, we can determine that there are some problems that need to be solved for ZKP technology to take off.
Algorithm/circuit improvement
In the same way that AI evolves from LeNet-5 to AlexNet to Resnet-50 to Transformer, the ZKP algorithm will go through stages of development that will lead to significant improvements in performance. In fact, we have already seen progress in this regard. Since the introduction of ZK-SNARKs in 2011, we have developed more advanced algorithms. In 2018, the founders of Starkware developed STARK, a ZKP method that does not require a trusted setup and has a shorter proof generation time. This technology is the basis for several Starkware products, including StarkNet.
ZKP development continued in 2019 with the introduction of PLONK, a SNARK implementation that allows many applications to use a single trusted setup without duplication. PLONK has spurred the development of multiple implementations that are used by several Web3 protocols such as Aztec, Mina, and Celo.
Optimized Execution Engine
A major limitation of ZKPs is computational complexity, which leads to long proof times. For example, the zkEVM recently released by Polygon achieved a proof of generation of 500k gas calculations in 5 minutes on a 64-core server. Improving ZKP verification time is the key to the mainstreaming of ZKP technology. Similar to AI, an optimized software execution engine and the use of specialized hardware are necessary to make this happen.
optimization software
Many ZKP generation operations are massively parallel, which means that parallel processing, such as GPU, can accelerate the calculation of ZKP. Dedicated GPU libraries such as CUDA can be used to accelerate the computation of ZKP on Nvidia GPUs. Since each project uses a different ZKP algorithm, several projects are trying to develop such algorithms in-house. A notable example here is Filecoin's implementation of the Groth16 algorithm, which uses GPUs to speed up the proof process. Another example is Edgeswap's use of GPUs to reduce PLONK's proof time by 75%.
dedicated hardware
Since GPUs generally allow limited improvement in ZKP verification time, our other option in this case is to use dedicated hardware such as FPGAs or ASICs. FPGAs are often thought of as a hardware prototyping platform prior to the manufacture of application-specific chips (ie, ASICs). FPGAs, or hybrid solutions combining GPUs and FPGAs, can play an important role in accelerating ZKP for centralized and privacy-focused networks in the short to medium term. However, if ZKP technology develops to the level we expect, ASICs will eventually win this market. Currently, hardware acceleration of ZKPs has not been fully addressed, possibly because of the diversity and fragmentation of ZKP algorithms. However, we believe that with the right business model, some startups can focus on developing and monetizing this part of the technology stack.
software abstraction layer
In order to unlock the potential of ZKPs, several abstraction layers and tools need to be built. These abstractions are necessary to simplify the development process of ZKP applications, and should allow each group of developers to focus on what they do best. For example, application developers should not worry about the low-level details of ZK circuits and how they work. Using the AI analogy again, by creating multiple layers of abstraction, AI can make huge strides. Using these abstractions, AI application developers don't need to worry about hardware resource allocation. Frameworks like TensorFlow and PyTorch abstract all these low-level details.
The ZK development stack is not as complete as the AI development stack. However, building these abstractions requires some effort. At the bottom of the stack there are low-level ZKP libraries such as PLONK and STARK. Above this layer, high-level languages like Noir try to abstract away the underlying ZK cryptography and help application developers focus on application logic. Circom, another popular ZKP language, sits between these two layers because it can be used both to create complex ZK backends and to develop ZKP-based applications.
Another example of ZKP abstraction in Web3 is StarkWare's Cairo language, which allows developers to implement generic smart contracts that use STARK proofs under the hood. To provide a further abstraction, Nethermind's Warp tool allows Solidity developers to convert their Solidity code directly to Cairo. Using Warp, Uniswap V3 code can be converted to Cairo with minimal changes to the original Solidity code.
ZKP Entrepreneurial Opportunities
Based on the discussion of possible development paths of ZKPs, we have identified some entrepreneurial ideas related to ZKPs. Concrete ideas can be divided into two groups: tools and applications.
ZKP tool
Advanced Development Framework
abstracts the complexity of the underlying ZKP backend;
Support for various ZKP backends and hardware environments, such as CPU and GPU;
Support for various ZKP backends and hardware environments, such as CPU and GPU;
Efficient debugging and testing can be carried out;
Provides a rich development environment with examples and tutorials.
ZK-Rollup SDK
ZK-Rollups are increasingly popular to enable application-specific L2 for gaming or high-throughput DeFi protocols. In this scenario, ZK-Rollup will mainly do execution and settlement, while L1 will handle consensus and data availability. However, launching an application-specific ZK-Rollup is still very complex. We believe that startups that provide a developer-friendly SDK to publish custom ZK-Rollups will solve real business needs and can become valuable by providing development toolkits, developer services, sequencer services, and supporting infrastructure enterprise.
ZKP Hardware Accelerator
ZKP Hardware Accelerator
Specialty hardware companies that target specific use cases and establish early market leadership prove to be very valuable companies. That was the case in the AI space when Nvidia specialized in AI hardware and became the most valuable semiconductor company in North America. The same goes for Bitcoin mining, with Bitmain, Canaan, and Whatsminer becoming unicorns by specializing in ASIC mining. Companies designing and manufacturing efficient ZKP hardware accelerators will likely follow the same trajectory.
ZKP Web3 application
ZK bridge and interoperability
ZKP can be used to create proof of validity for cross-chain messaging protocols, where cross-chain messages can be quickly verified on the target chain. This is similar to how ZK-Rollup is verified on the underlying L1. However, for cross-chain messaging, the complexity is higher since the signature scheme and encryption function to be verified may differ between the source and target chains.
Game engine on ZK chain
Dark Forest proves that ZKP can enable on-chain games with incomplete information. This is critical for more interactive game design, where player actions are kept secret until they decide to make them public. As the games on the chain mature, we hope that ZKP will become part of the game execution engine. The opportunity is enormous for startups that successfully integrate privacy features into high-throughput on-chain game engines.
identity solution
ZKPs hold multiple opportunities in the identity space. They can be used for reputation or linking Web2 and Web3 identities. Currently, our Web2 and Web3 identities are separate. Projects such as Clique connect these identities through the use of oracles. ZKPs can take this approach a step further by enabling anonymous linking of Web2 and Web3 identities. This enables the use case of anonymous DAO members for those who demonstrate domain-specific expertise using Web2 or Web3 data. Another use case is unsecured Web3 loans based on the borrower's Web2 social status (eg number of Twitter followers).
ZKPs for Regulatory Compliance
Web3 enables anonymous online accounts to actively participate in the financial system. In this sense, Web3 achieves great financial freedom and inclusion. As Web3 regulations increase, ZKPs can be used for compliance without breaking anonymity. ZKP can also be used to prove investor identity or any other KYC/AML requirements.
Native Web3 Private Debt Funding
TradeFi debt financing is typically used to support growing startups to accelerate their growth or launch new lines of business without raising additional venture capital. The rise of Web3 DAOs and anonymous companies has created an opportunity for Web3 native debt financing. For example, through the use of ZKPs, DAOs, or anonymous companies can obtain unsecured loans at competitive rates based on proof of their growth metrics, without revealing the borrower's information to the lender.
Private DeFi
Financial institutions typically do not disclose their trading histories and exposures. Meeting this is challenging when using on-chain protocols, such as DeFi protocols, due to continuous advances in chain analysis. One possible solution is to develop privacy-focused DeFi products that protect the privacy of protocol participants. One protocol that is trying to realize this vision is Penumbra's zkSwap. Additionally, Aztec’s zk.money offers some private DeFi money-making opportunities by obscuring the DeFi protocols that users participate in. In general, successful implementations of efficient and privacy-focused DeFi product protocols can generate significant revenue from institutional participants.
ZKP for Web3 Ads
Web3 drives the trend of letting users own their own data, such as browsing history, private wallet activity, and more. Web3 also supports the monetization of this data for the benefit of users. Since data monetization can be at odds with privacy, ZKPs can control which aspects of personal data are permitted to be disclosed to advertisers and data aggregators.
Sharing and monetization of private data
Much of our private data can have a big impact if shared with the right entities. Personal health data can be crowdsourced to help researchers develop new medicines. Private financial records can be shared with regulators and watchdogs to detect and punish wrongdoing. ZKPs enable the private sharing and monetization of this data.
DAOs and on-chain governance are being popularized, and a major flaw of the current governance model is the non-privacy of participation. ZKP is the basis for solving this problem. Governance participants can vote without revealing how they voted. In addition, ZKP can limit the visibility of governance proposals to DAO members, allowing DAOs to establish a competitive advantage.
in conclusion
Original link
