ZKPs in Web3: Present and Future

Author: Mohamed Fouda, Qiao Wang; Translator: Dazai; Source: SEEDAO

Zero-knowledge technology, or zk for short, is a technology that can revolutionize not only Web3, but other industries as well. As a general technology, zk has many use cases, and we are in the early stages of exploring the application of this technology. Some obvious zk cases have found practical applications, such as enabling private transactions and data compression, also known as rollup. Of course, if zk is to be adopted by the mainstream, it needs the support of more potential use cases and technological progress.

In this article, we will first review the different applications of ZKP. Then, we will discuss the direction of the next stage of development of this technology and some entrepreneurial ideas that can benefit from this technology. We encourage builders based on these ideas to contact or apply to join the Alliance founder community. Alliance is willing to support and fund founders in this direction.

ZKP Application Panorama

Zero-knowledge proof (hereinafter referred to as ZKPs) has occupied an important position in the cryptocurrency industry since its invention. ZKPs really make this technology exciting like magic. At a high level, ZKPs allow an entity to prove to the rest of the world that they know a piece of information or have performed a task correctly without revealing the information or telling the details of the task execution. The mathematical magic of zk allows us to trust the execution of this information or task by checking the generated ZKP. Therefore, the first case that best fits the application of ZKPs is the privacy-focused cryptographic network. Zero-knowledge proofs (ZKPs) are also used to provide proof of validity of Ethereum L2 transactions on Ethereum L1, introducing the concept of zk rollups. In addition, ZKPs have been found in other specific applications in different projects.

Privacy-centric payment solutions and protocols

ZKPs are a natural way to achieve privacy, especially in decentralized networks that lack a central authority that can serve as a source of truth. ZKPs allow Web3 users (i.e., provers) to prove to network validators (i.e., verifiers) that their transactions are valid. That is, they have enough balances to spend without revealing transaction details such as transaction amounts, sender or receiver addresses.

ZKP was originally developed to support private payments in the Zcash network, and then expanded to other networks. Deployed privacy payment networks include:

• Privacy-focused L1s: Zcash, Horizon, Aleo, and Iron Fish

• Privacy-focused smart contracts on general-purpose chains: Tornado Cash

• Privacy-focused L2s: Aztec

ZK ROLLUPS VERIFICATION

Another major application of ZKPs is to generate validity proofs of rollups on the underlying L1. General-purpose rollups are optimized for throughput, i.e., proving more TXs by not leveraging the privacy features of ZKPs. In this trade-off, ZKPs serve only as proof of correctness of L2 transaction execution.

Generating ZKPs to prove the correct execution of arbitrary smart contracts is difficult for some general functions that cannot be efficiently proved. Solving this problem requires implementing specialized virtual machines (VMs) that can be efficiently proved through underlying zero-knowledge circuits (zk circuits). Given their complexity, zk rollups initially only supported payments or single applications, such as decentralized exchanges, where ZKPs could be simply generated. Examples here include zkSync 1.0 and Loopring. Subsequently, general-purpose zkEVM implementations began to appear on the market, including Starknet, zkSync 2.0, Polygon zkEVM, and Scroll. Currently, all zk rollups are on Ethereum, but can also be implemented on other chains, including Bitcoin. However, Bitcoin's rollups implementation would require changes to Bitcoin's opcodes and a hard fork chain, which is often unpopular with the Bitcoin community.

Other zero-knowledge proof applications

In addition to privacy-centric applications and rollups, ZKPs have also been used in other blockchain protocols. This section will introduce these applications.

Mina

Mina uses ZKPs to compress the blockchain state to a very small size (about 22 KB). To achieve this, Mina uses recursive zero-knowledge proofs, that is, zero-knowledge proofs of other zero-knowledge proofs. When a block is generated in the Mina network, zk-SNARKs are used to generate a proof of the block to ensure its validity. Since the new block references the previous block, the zero-knowledge proof of the new block verifies all previous blocks while maintaining a constant size.

Filecoin

Filecoin uses ZKPs to ensure that storage providers are correctly storing the data they store. This process is called Proof of Replication (PoReb). During this process, storage providers generate ZKPs to prove that they are storing a unique copy of the data. That is, without referencing a copy maintained by another provider. ZKPs provide guarantees for Filecoin users who want to achieve a certain level of redundancy and availability. In addition, because the size of the proof is much smaller than the data stored, using ZKPs can reduce bandwidth requirements for storage providers.

Celo Plumo

Celo Plumo uses ZKPs to create an ultra-light web client that can be used on mobile phones and other resource-limited devices. Although the client is very lightweight, it has guarantees about the accuracy of the state it accesses.

Dark Forest

Dark Forest is one of the most popular applications of ZKPs in the gaming space. While using ZKPs fits the privacy use case, applying it to create incomplete information games is a unique use case that goes beyond the financial applications of ZKPs in payment networks.

ZKPS and their Application Development Trajectory

Until 2016, ZKPs were a research topic discussed in small academic circles. This all changed when the Zcash founding team created the first production-ready implementation of a ZKP variant called zk-SNARK to support private transactions in the Zcash network. As real-world use cases emerged, ZKPs attracted more attention, leading to better ZKP variants that became the basis for many of the projects discussed in Part I. However, further development of zero-knowledge proofs is needed for this technology to be adopted by the mainstream.

In many ways, zero-knowledge proof (ZKP) technology is similar to AI technology and is expected to follow a similar trajectory. Just like ZKPs, AI was initially hailed as a technology that promises to solve many problems. However, initial AI algorithms were limited in functionality and computational complexity far exceeded the capabilities of available hardware. This made AI applications slow and impractical, confining AI mostly to research labs. Gradually, improvements were made by inventing new architectures, such as deep neural networks (DNNs), and leveraging graphics processing units (GPUs) to increase execution speed. This ultimately led to the breakthrough of AlexNet in 2012, which won the most famous computer vision competition, ImageNet, by a huge margin. AlexNet marked the beginning of the AI ​​era, leading to current amazing AI applications such as GPT-3, Dall.E 2, and Stable Diffusion.

The state of zero-knowledge proof (ZKP) technology today is similar to the state of early AI, a promising but still actively developed technology with long proof times due to its computationally intensive nature. By learning from advances in AI, we can identify bottlenecks that need to be addressed to advance zero-knowledge proof technology.

1. Algorithm/Circuit Improvements

In the same way that AI progressed from LeNet-5 to AlexNet to Resnet-50 to Transformer, ZKP algorithms will go through similar stages of development to achieve significant performance improvements. We have already seen progress in this area, with more advanced algorithms developed since the introduction of Zk-SNARK in 2011. In 2018, the founders of Starkware developed STARK, a ZKP approach that does not require a trusted setup and has a shorter proof generation time. This technology is the basis for several of Starkware's products, including StarkNet.

ZKPs made further progress with the launch of PLONK in 2019. PLONK is a SNARK implementation that allows multiple applications to use a single trusted setup without duplication. PLONK has facilitated the development of multiple implementations that are being used in multiple Web3 protocols such as Aztec, Mina, and Celo.

2. Optimized Execution Engine

A major limitation of ZKP is the computational complexity, which results in long proof times. For example, the zkEVM implementation recently announced by Polygon takes about 5 minutes on a 64-core server to generate a proof of computation for 500,000 gas. Improving ZKP proof times is key to mainstreaming the technology. Similar to AI, optimizing software execution engines and using specialized hardware are both necessary to achieve this goal.

Optimized Software

Many ZKP generation operations are highly parallel, which means that parallel processing, such as GPUs, can accelerate ZKP computations. Dedicated GPU libraries, such as CUDA, can be used to accelerate ZKP computations on Nvidia GPUs. Some projects are trying to develop this capability in-house, as each project uses a different ZKP algorithm. A notable example is Filecoin's implementation of the Groth16 algorithm, which leverages GPUs to accelerate the proof process. Another example is Edgeswap's use of GPUs to reduce PLONK's proof time by 75%.

Specialized Hardware

Due to the limited optimization of GPUs for ZKP proof time, another option is to use specialized hardware, such as FPGAs or ASICs. FPGAs are often used as hardware prototyping platforms before expensive specialized chips, ASICs, are manufactured. In the short to medium term, FPGAs or hybrid solutions combining GPUs and FPGAs play an important role in accelerating ZKP for rollups and privacy-focused networks. However, if ZKP technology develops to the level we expect, ASICs will eventually emerge and win this market. Currently, hardware acceleration technology for ZKPs has not been fully addressed, probably due to the diversity and fragmentation of ZKP algorithms. However, we believe that with the right business model, some startups can focus on developing this part of the technology stack and make money from it.

3. Software Abstraction Layers

To unlock the potential of ZKPs, multiple abstraction layers and tools need to be built. These abstraction layers are necessary to simplify the ZKP application development process, while allowing each group of developers to focus on what they do best. For example, application developers should not worry about the low-level details of zero-knowledge circuits and how they work. Again, comparing AI, the huge progress in artificial intelligence has been made possible by the creation of multiple abstraction layers. Using these abstraction layers, AI application developers do not need to worry about neural network architecture or hardware resource allocation. Frameworks such as TensorFlow and PyTorch abstract all these low-level details.

The ZK (zero-knowledge proof) development stack is not as mature as the AI ​​stack yet. However, some work is underway to build these abstraction layers. At the bottom of the stack there are low-level ZKP libraries such as PLONK and STARK. Above this layer, high-level languages ​​such as Noir attempt to abstract the underlying ZK cryptography and help application developers focus on application logic. Circom is another popular ZKP language that sits between these two layers as it can be used both to create complex ZK backends and to develop ZKP-based applications.

In Web 3, another example of zero-knowledge proof (ZKP) abstraction is StarkWare's Cairo language, which allows developers to implement general smart contracts that use STARK proofs. To provide further abstraction, Nethermind's Warp tool allows developers to convert Solidity code directly to Cairo. Using Warp, Uniswap V3 code can be translated into Cairo with almost no modification to the original Solidity code. Job opportunities brought by ZKP Based on the discussion of possible development paths of ZKP, we have identified some ZKP-related startup ideas that we hope to explore with the founders. These startup ideas are divided into two categories: tools and applications.

• ZKP Tooling ZKP Tools

1. Advanced Development Framework

Similar to Tensorflow and PyTorch in AI, advanced ZKP development frameworks are critical to unlocking innovation at the application level. These frameworks need to:

• Abstract the complexity of the underlying ZKP backend

• Support a variety of ZKP backends and hardware environments, such as CPUs and GPUs

• Allow efficient debugging and testing

• Provide a rich development environment, including examples and tutorials

In the Ethereum ecosystem, the closest examples are Hardhat and Foundry, but they probably won’t support zkEVMs or ZKPs anytime soon. Instead, existing abstract languages ​​like Cairo may eventually fill this gap.

2. ZK rollup SDK

zk rollups are becoming increasingly popular and can enable application-specific L2 for games or high-throughput DeFi protocols. In this case, ZK Rollup mainly performs execution and settlement, while consensus and data availability will be handled by L1. However, enabling ZK Rollup dedicated to applications is still very complex. We believe that startups that provide developer-friendly SDKs to launch custom zk rollups will solve real business needs and become valuable businesses by providing developer tools, developer services, sequence services, and supporting infrastructure.

3. ZKP Hardware Accelerator

Companies that specialize in hardware for specific purposes may eventually become companies with great value by establishing early market leadership. In the field of artificial intelligence, Nvidia has become the semiconductor company with the highest market value in North America by focusing on AI hardware. The same is true in the field of Bitcoin mining, where Bitmain, Canaan Creative, and Shenma Mining have become unicorn companies by focusing on ASIC mining machines. Companies that design and manufacture efficient ZKP hardware accelerators will follow the same trajectory.

• Application of ZKP in Web3

1. ZK cross-chain bridge and interoperability

ZKPs can be used to create validity proofs for cross-chain messaging protocols, in which cross-chain messages can be quickly verified on the target chain. This is similar to how ZK Rollup is verified on the underlying L1. However, for cross-chain messages, the complexity is higher because the signature schemes and encryption functions to be verified between the source and target chains may be different.

2. ZK full-chain game engine

Dark Forest proved that zero-knowledge proofs can make on-chain games with incomplete information possible. This is essential for designing more interactive games because players' actions remain private until they decide to make them public. As full-chain games mature, it is expected that zero-knowledge proofs will become part of the game execution engine. There are huge opportunities for startups that successfully integrate privacy features in high-throughput on-chain game engines.

3. Identity solutions

Zero-knowledge proofs can open up multiple opportunities in the identity field. They can be used for reputation or to connect Web 2 and Web 3 identities. Currently, our Web2 and Web3 identities are separate. Projects such as Clique connect these identities by using oracles. Zero-knowledge proofs can take this approach a step further by enabling anonymous links between Web2 and Web3 identities. This can enable use cases such as anonymous DAO membership for those who can prove expertise in a specific field using Web2 or Web3 data. Another use case is unsecured Web3 borrowing based on the borrower's Web2 social status, for example, the number of Twitter followers.

4. Application of ZKP in Regulatory Compliance

Web3 enables pseudo-anonymous online accounts to actively participate in the financial system. In this sense, Web3 provides widespread financial freedom and inclusion to the masses. As Web3 becomes increasingly regulated, ZKPs can be used for compliance verification without destroying the pseudo-anonymity of users. ZKPs can be used to prove that a user is not a citizen or resident of a sanctioned country. ZKPs can also be used to prove the qualifications of investors or meet any other KYC/AML (anti-money laundering) requirements.

5. Web3 native privacy debt financing

Debt financing in traditional finance is often used to support growing startups to accelerate their development or open up new business areas without raising additional venture capital. The rise of Web3 DAOs and pseudo-anonymous companies has created opportunities for Web3 native debt financing. For example, using ZKPs, DAOs or pseudo-anonymous companies can obtain non-collateralized loans at competitive interest rates by proving their growth indicators without revealing the borrower's information to lenders.

6. Private DeFi

Financial institutions typically keep their transaction history and exposure information private. However, when used on-chain (i.e., DeFi protocols), it becomes more challenging to maintain this privacy due to the continuous advancement of on-chain analysis technology. One possible solution is to develop privacy-focused DeFi products to protect the privacy of protocol participants. One protocol that attempts to implement this is Penumbra's zkSwap. In addition, Aztec's zk.money provides some private DeFi profit opportunities by obfuscating user participation in transparent DeFi protocols. Generally speaking, protocols that successfully implement efficient and privacy-focused DeFi products can attract institutional participants and obtain considerable transaction volume and revenue.

7. ZKPs for Web3 Advertising

Web3 promotes users to have ownership of their own data, such as browsing history, private wallet activities, etc., and makes the monetization of this data beneficial to users. Since data monetization may conflict with privacy, ZKPs can play an important role in controlling which personal data can be disclosed to advertisers and data aggregators.

8. Sharing and monetization of private data

Many of our private data can have significant consequences if shared with the right entities. For example, personal health data can be crowdsourced to help researchers develop new drugs. Private financial records can be shared with regulators and watchdogs to identify and punish corruption. ZKPs can enable the private sharing and monetization of such data.

9. Decentralized Intelligence Organizations

ZKPs can incubate decentralized intelligence agencies. In these agencies, intelligence operators, data scouts, and spies can be part of the network without interacting with or knowing each other. Participants can use ZKPs to prove their knowledge of certain intelligence data before receiving private payments corresponding to the data exchange. Such a system can also promote collaborative and composable ways to enrich or interpret the collected data while protecting the privacy of participants.

10. Privacy Governance

With the popularity of DAOs and on-chain governance, Web3 is getting closer to direct participatory democracy. A major flaw in current governance models is the non-privacy of participation. ZKPs can solve this problem at its root. Governance participants can vote without revealing how they voted. In addition, ZKPs can limit the visibility of governance proposals to DAO members, allowing DAOs to build competitive advantages.

Summary

ZKP technology is one of the most innovative technologies in the Web3 space, providing multiple opportunities for groundbreaking protocols and companies. At Alliance, we hope to be a core driver of this development and continue to support and fund founders building in this space.

Thanks to Shumo Chu, Carter McAlister, and Adam Porter for their feedback on this article.

Other Resources

Hardware Acceleration of Zero-Knowledge Proofs: https://www.paradigm.xyz/2022/04/zk-hardware

Speed ​​of Decentralization: Progress in Zero-Knowledge Proofs: https://a16z.com/2022/04/15/zero-knowledge-proofs-hardware-decentralization-innovation/

ZK-SNARK: Updatable Setups on the Blockchain: https://iohk.io/en/blog/posts/2022/09/01/zk-snarks-updatable-setups-on-the-blockchain