Original: “Are zero-knowledge proofs (ZKPs) the future of blockchain?” by ALTAN TUTAR, SAMUEL THOMAS, LINDSEY LI, DIVESH PUNJABI, ETHAN KURZWEIL – Bessemer Venture Partners
Compiled by: Cecilia, bfrenz DAO
Imagine a next-generation secure internet where your personal information is protected from the moment you log in. In this new internet, your data will stay on your own device and you will have full control over your information, eliminating the risk and fear of theft or fraud. We believe that a future Internet infrastructure that prioritizes security and privacy may arrive sooner than expected.
Today’s web infrastructure is designed to extract data from every interaction and store it in centralized data stores. Companies then use this data to analyze users’ online behavior and will target advertisements for profit, with little value to users. Of course, data sharing is also essential to the functionality of many Internet applications. From search engines to social media platforms to e-commerce sites, data sharing enables a variety of online activities that we rely on in our daily lives.
But many Internet users increasingly want a private Internet. This requires new infrastructure in which users do not share their data with applications by default, but still benefit from web-powered online applications. This can be achieved by performing computations on the client side and then attesting to a central entity or computer. Zero-knowledge proofs (ZKPs) and protocols are leading candidates to become the base layer of the new Internet infrastructure, where privacy is the default.
This isn’t just a futuristic fantasy; the vast potential in this field is building up. Steel DAO’s newly formed cryptocurrency research arm has been tracking the space and in 2022 has seen more than $725 million flow to “pure player” companies that specialize in building zero-knowledge proof solutions. The two largest rounds were Aleo and Matter Labs’ $200 million round, followed by Aztec’s $100 million round. Other companies include Scroll, RiscZero, Elusiv, and Mina Protocol.
This research on ZK comes from Bessmer Venture Partners, a well-known American investment institution. This article will explain in an understandable way what ZKPs and zkEVMs are, and focus on three main categories of innovation in this field: privacy, scalability, and novel applications, as well as their potential and obstacles to overcome.
What is a zero-knowledge proof?
A zero-knowledge proof (ZKP) is a method of verifying a statement or computation without revealing any information about the statement itself. For example, if a website that sells alcoholic beverages to consumers wants to verify that the consumer is over 21 years old, the ZKP can answer a “yes” or “no” question without revealing the consumer’s actual age or any other identifying information . Typically, a ZKP involves two parties: a prover and a verifier. Provers are responsible for proving claims, and verifiers are responsible for verifying claims. These proofs are solved through computationally intensive mathematical equations, originally developed by researchers Shafi Goldwasser and Silvio Micali at the Massachusetts Institute of Technology and Charles Rackoff at the University of Toronto.
While these proofs are technical in nature, the use cases they address are actually quite common. For example, say we are applying for a loan. In today’s reality, applicants need to disclose their proof of funds, credit score, and other relevant information to the bank to prove their eligibility for a loan. Applicants need to trust the bank not to misuse sensitive and personal information. But with ZKP, people can apply for a loan without disclosing any sensitive data. This has the potential to fundamentally change the way we approach privacy in the real and virtual worlds, extend existing base chains, and advance other (currently niche) applications, such as decentralized artificial intelligence.
We believe that the promotion of ZKP in the next few years will be driven by the following three factors:
- Continuous improvements to the Zero-Knowledge Ethereum Virtual Machine (zkEVM);
- Increasing user awareness and demand for data privacy;
- Continued use of Layer-2 scaling solutions.
What is zkEVM? Why is it worth paying attention to?
zkEVM is an EVM-compatible virtual machine that can run ZKP computations. The Ethereum Virtual Machine (EVM) is the runtime environment for smart contracts deployed on Ethereum. In other words, ZKPs can now interact with smart contracts on Ethereum, enabling the development of a wider range of privacy-enabled use cases, including ZK-rollups (zero-knowledge rollup protocols). Rollups are a scaling solution that can process multiple transactions off-chain and then batch them into one transaction on Ethereum, reducing the cost and time of processing transactions. Prior to this, ZKPs were not compatible with smart contracts on Ethereum and had to be developed for specific applications (e.g. payments, token swaps). In this article, we examine the privacy and scalability applications of ZKPs in more detail.
privacy
An important mathematical property of zero-knowledge proofs (ZKPs) is that a verifier can verify the correctness of a statement in a zero-knowledge manner. Today’s applications require data to be transferred from a local computer to a central server for computation. Although ZKPs are currently gaining popularity mainly in the crypto community, the application of ZKPs goes far beyond the blockchain. In fact, large tech companies have joined the field, claiming a large number of patents related to ZKPs. From 2010 to 2021, Alibaba issued 1111 ZKP patents. Other key players such as Tencent (382 patents) and IBM (225 patents) are not far behind. Alibaba and Tencent are particularly focused on the financial services use case of ZKPs, as they can become the core infrastructure for many banking processes, including customer identity verification, loan processing, opening investment accounts, and more. We believe that innovation and change in ZKP tools and infrastructure will affect our interactions with applications with virtual and real-world workflows in three main ways.
1) Account login
Today, all applications authenticate users by storing passwords. While the Secure Remote Password Protocol (SRPP) has been using zero-knowledge proofs for some time, we haven’t seen a single startup leverage the technology to compete with Okta. This is because web-side applications are written in JavaScript, and writing SRPP is difficult on web-side applications due to immature developer tools. We believe that the authentication process of widely used applications can be redesigned by using zero-knowledge proofs to prove to the application that you own your account password.
2) Payment
Applications Today’s e-commerce sites have amassed a lot of user financial data that can be used against customers. While it sounds trivial, we think there is room to build a standardized payment API that does not reveal user data, but facilitates payments in a completely zero-knowledge manner. A privacy-first layer-2 scaling solution like Aztec, but for regular internet payments.
3) Identity authentication in the online (virtual) and real world
In nearly all online and real-world interactions, users need to verify their identity. For example, bank statements, passports and other sensitive data need to be provided to third parties when applying for a visa. With zero-knowledge proofs, when you apply for a visa, it simply sends a yes or no answer to the relevant agency, telling them whether you have the required documents. Likewise, when buying cryptocurrencies online, we need to send our “passports” and other sensitive documents to third parties for KYC/AML checks. Companies like Notebook Labs are using zero-knowledge proofs to prevent suspected bad actors from interacting with DeFi protocols. The company lets other protocols know that compliant users are compliant by issuing ZKP-verified tokens to compliant users, eliminating the need to look at users’ files.
Expect to see use cases for zero-knowledge proofs outside of the blockchain realm, although we recognize that they can uniquely scale precisely because of blockchains. Also, blockchains are anonymous by design, but they do not have privacy protection where all transactions are fully transparent. So we think a privacy preserving blockchain like Aleo is needed to solve this problem.
In addition to users’ constant quest for privacy, scalability issues also need to be addressed. Layer 1s like Ethereum face a scalability “trilemma” where a trade-off must be made between scalability, security, and decentralization. For example, the vision of Ethereum is to keep it as safe and decentralized as possible. The price may be to give up scalability, but at the same time, the use of Ethereum is growing, and the consequence is slower transactions and high fees. To this end, zero-knowledge proofs can also be used to improve scalability.
scalability
The scalability of a blockchain (such as Ethereum) can be achieved in two ways: one is to increase the transaction capacity of the block, but this will bring some risks, such as making verification more difficult; Interactions, such as batching transactions and submitting them to the main network as a single transaction. The Ethereum upper-layer network that implements this approach is called an L2 scaling solution. They allow developers to build applications that live within the Ethereum ecosystem to take advantage of its security, decentralization, and network effects, but at the same time increase transaction throughput and reduce transaction costs.
These solutions are also called rollups and come in two forms: Optimistic rollups and zero-knowledge (ZK) rollups. Optimistic rollups are “fraud proofs”, meaning that batches of transactions are considered valid for a 7-day challenge period, during which anyone can dispute the validity of the underlying transaction. On the other hand, ZK Rollups does not assume that transactions are valid by default, but serves as “validity proofs” to verify the validity of the underlying transactions. They rely on their own mathematical property – soundness. Soundness refers to the mathematical guarantee that, except for some small probability, no deceptive prover will be able to convince an honest verifier that a statement is true if it is false. This is guaranteed through well-studied cryptographic assumptions and verifiable computations, making it difficult for the prover to hack into the system through malicious means such as changing inputs.
Source: https://vitalik.ca/general/2021/01/05/rollup.html
ZK-rollup can process transactions faster and does not require a 7-day challenge period like optimistic rollup. Therefore, users do not have to wait 7 days to withdraw their funds. Nonetheless, optimistic rollups currently account for roughly 80% of the total value locked (TVL) in the L2 scaling market. Historically, zero-knowledge proofs have not been compatible with smart contracts. As such, applications built using ZK-rollup are only suitable for limited, application-specific use cases, such as the layer-2 decentralized exchange dYdX and the protocol for payments and transactions, Loopring. Therefore, developers opted for optimistic rollups because they are compatible with general-purpose applications.
Today, with improvements to the zkEVM, this historical limitation is being addressed. Now, general-purpose applications can take advantage of the security and efficiency of ZK-rollup because they are EVM-compatible and can interact with smart contracts. Therefore, we believe that in the next few years, ZK-rollup is expected to take over the L2 scaling market, especially since infrastructure tools are being built to improve the experience of developing general-purpose applications with zkEVMs, such as StarkWare, Polygon, MatterLabs, and Scroll.
Having said that, zkEVMs are still relatively new and are being built with varying degrees of Ethereum compatibility and performance. Overall, the highest level of compatibility is (1) equivalent to Ethereum, and the lowest level is (4), where smart contract code (such as Solidity) is compiled into a ZK-friendly language. For example, teams like Privacy & Scaling Exploration, the research arm of Ethereum, are pursuing the highest level of compatibility, at the cost of reduced performance, because they are not necessarily intended to be in production in the near future.
Instead, companies like StarkWare have deployed StarkNet, which is considered one of the most complete and performant zkEVMs, but requires the use of a new native programming language, Cairo, to support ZKP computations on the EVM. As such, it requires developers to learn how to execute smart contract code in a custom environment, which is a challenge for adoption. Projects such as Polygon’s Hermez, Matter Labs’ zkSync2.0, and Scroll are looking to address these areas of friction to expand developer use.
Source: https://vitalik.ca/general/2021/01/05/rollup.html
In addition to further improving zkEVMs, there are other challenges to the widespread adoption of ZKPs, including providing better infrastructure and reducing the complexity of understanding and using them.
current difficulties to overcome
On the hardware side, developers need to improve the parallel processing capabilities of graphics processing units (GPUs) or design specific hardware, such as application-specific integrated circuits (ASICs), to continue reducing the time and resources required to prove statements.
Although many advances have been made in mathematical algorithms, such as the introduction of PLONK, we believe that new algorithms will continue to emerge, ultimately leading to faster and better solutions. Additionally, there are many more layers of abstraction that need to be built if we want this field to really take off. Although this has attracted the attention of many developers and users, it is still a fairly complex area in general, requiring a lot of effort to build and interact with.
Finally, given the inherent complexity of zero-knowledge proofs, regulators and even users may be wary — the recent ban on Tornado Cash, for example, reinforces the false notion that all those seeking anonymity are malicious actors.
Despite the difficulties, we are excited to see companies overcome these obstacles in different and innovative ways.
Innovative Practical Use Cases
Although ZKP technology was proposed as early as 1989, the popularity of cryptography has driven innovation, and horizontal use cases and applications have increased significantly in the past few years. For example, decentralized storage provider Filecoin uses PoReps, or Proofs of Replication, to verify that storage providers actually store the data they claim to store. By using ZKP techniques, verifiers can verify this information more quickly without compromising security, trust, or confidence.
Another exciting application area is gaming, where on-chain games like Dark Forest are leading the way in ZKP-based innovation. A central feature of this is what game theorists call “incomplete information,” the idea that most of the virtual universe is hidden unless players explore it. Another key feature is that players can explore this universe by sending proofs to the blockchain that the movement is valid, but without revealing their coordinates in the universe.
Finally, Chainlink and Teller are building a proof-of-concept for “undercollateralized loans.” The one-sentence explanation is that Teller proves that the user’s offline bank account balance exceeds a dynamic threshold specified by the requested loan amount without actually revealing their bank account details.
ZKP Market Overview
Incomplete market graph in the field of zero-knowledge proofs Source: BVP
ZKP has a promising future
Despite the many challenges in this space, cryptographic infrastructure will continue to evolve and grow. Development activity remains strong, and companies continue to invest in backend and consumer-facing crypto opportunities, making it feel like ZKP “spring” is imminent. We are excited about the future of ZKPs as it appears to be a key technological milestone towards building a more decentralized web. While there are still some hurdles and mass adoption is yet to come, ZKPs are driving a privacy-first rebuild of the internet and advancing the adoption of other blockchain applications and use cases.