Zero-knowledge technology is a subset of cryptography that is helping blockchain projects overcome the scaling and privacy limitations inherent to many layer-1 blockchains. The technology enables blockchain projects to facilitate greater transaction throughput, protect user data while still being able to verify identities, and support complex computation, while also allowing enterprises to adopt blockchain technology while protecting their intellectual property. Underpinning all of these use cases is zero-knowledge proofs.
What are zero-knowledge proofs (ZKP)? ZKPs enable someone to prove they know or have a piece of data without revealing the underlying information. A “prover” creates a proof using knowledge of a system’s inputs and a “verifier” confirms the proof was calculated correctly, even though the verifier cannot see the information. Essentially, zero-knowledge proofs make it possible to verify the validity of a dataset while preserving the privacy of the data itself.
In this article, we explore some of the unique advantages of zero-knowledge-based solutions, how zero-knowledge blockchain projects are using zero-knowledge technology such as zkSNARKs and zkSTARKs to help developers build advanced dApps that scale the Web3 ecosystem while protecting user privacy, and how Chainlink trust-minimized services help makes these protocols more decentralized, reliable, and secure.
Why Use Zero-Knowledge-Based Networks?
Zero-knowledge solutions grant developers a way to leverage the security of an existing layer-1 blockchain like Ethereum while enabling dApps to scale through higher throughput and faster transactions, protecting users’ personal information by keeping it hidden off-chain, and lowering the cost for end-users by publishing transactions in batches. Ultimately these advantages enable projects to build advanced dApps that rival the performance and functionality of Web2 systems while maintaining the benefits of decentralization.
Comparing Zero-Knowledge Solutions and Optimistic Rollups
Optimistic rollups are an alternative layer-2 technology used by prominent scaling solutions. As of 29 June, 2022, according to the analytics site L2Beat, optimistic rollups account for 74.3% of TVL stored on Ethereum layer-2 networks, with zero-knowledge-based solutions accounting for 25.9%.
The fundamental difference between zero-knowledge scaling solutions and optimistic rollups is how transactions are verified. Optimistic rollups use fraud proofs that are only generated when disputing a state change published on the layer-1 blockchain, while zero-knowledge solutions post validity proofs after every batch is published on-chain. This means that zero-knowledge-based protocols always have a valid state, with the trade-off of consuming more gas to verify validity proofs on the base chain.
However, combining zero-knowledge rollups with off-chain data can increase gas consumption efficiency. These more efficient zero-knowledge-based solutions are known as validiums and volitions. Critically, they are also able to prove a state is valid without revealing the underlying data. This can help drive enterprise adoption of public blockchains as organizations can protect user information and trade secrets.
Another difference between the two different types of layer-2 solutions is their capital efficiency. In optimistic rollups, the standard window for transactions to be finalized and for withdraws to be processed is one week, while users can withdraw funds in around ten minutes from zero-knowledge solutions.
To learn more about the differences between optimistic rollups and zero-knowledge protocols, watch this recent video on the future of Ethereum layer 2s with leaders from Offchain Labs, Polygon Hermez, Matter Labs, Metis DAO, and Optimism:
Types of Zero-Knowledge-Based Solutions
Zero-knowledge rollups bundle many transactions together and post them to the layer-1 blockchain with a proof verifying the validity of that computation. The proofs that get published on-chain are known as validity proofs and can be either SNARKs or STARKs. When these proofs are verified on the layer-1 blockchain, the zero-knowledge rollup has a new state.
Validiums combine validity proofs with off-chain data storage to enhance scalability. Validity proofs are still published on the base chain, while data is stored off-chain. This significantly improves throughput and lowers gas costs.
While this is a far more efficient and scalable architecture than zk-rollups, it presents the risk that malicious actors make data unavailable and users may be unable to withdraw their funds. This data-availability problem is being overcome with proof-of-stake-type systems that use cryptoeconomic incentives to help ensure data is stored by many different nodes and always available. It’s important to note that while these malicious actors could stop transactions, they cannot directly steal user funds.
Volitions combine both zk-rollups and validiums and allow users to choose (hence the name) between either scaling solution as they share a single state root. Even if there was a successful malicious attack on the validium side of the volition, funds on the zk-rollup side would still be safe.
This enables entities willing to pay higher fees for the higher security guarantees of a zk-rollup to natively interact with participants who prefer the lower transaction costs of a volition, such as on a DEX where a market maker is providing hundreds of millions of liquidity while a retail trader may only have a few small positions open.
SNARK stands for “zero-knowledge succinct non-interactive argument on knowledge.” A SNARK is a type of cryptographic proof that is small in size and easy to verify. SNARKs generate a cryptographic proof using elliptical curves, which assume that it’s infeasible to find the discrete logarithm of a random elliptic curve element from a publicly known base point. Computing elliptic curves is less computationally expensive than computing hashing functions used by STARKs, which is why SNARK-based protocols can be more gas efficient.
STARKS stands for “zero-knowledge scalable transparent argument of knowledge.” It’s a type of cryptographic proof that requires little to no interaction between the prover and the verifier. The key advantages of STARKs over SNARKs are that they have fast prover times and are easier to scale as they offer more computing power. Also, using hash functions makes them quantum resistant.
Notably, STARKs were invented by Eli Ben-Sasson, the co-founder of StarkWare, the team building StarkEx and StarkNet.
Zero-Knowledge Proof Blockchain Projects
zk-STARK Based Projects
StarkEx is a layer-2 scalability solution built on Ethereum that uses STARK proofs to validate self-custodied transactions, enabling trading and payment applications to be built on top of it. Projects built on StarkEx such as DeversiFi, Sorare, and dYdX have generated hundreds of millions of transactions and hundreds of billions worth of dollars in trading volume. However, StarkEx does not support smart contract functionality that enables fully-featured dApps.
StarkNet is a general-purpose platform that enables developers to deploy smart contracts on an Ethereum-based zk-rollup. Both of the prominent Ethereum dApps Aave and Maker are set to launch on StarkNet. Notably, StarkEx zk-rollups can be launched on top of StarkNet to increase an application’s scalability.
To take full advantage of the advanced computation and scalability that’s possible with STARKs, StarkWare has created a new highly efficient and turing complete programming language for generating STARK proofs called Cairo. That means that StarkWare needs to bootstrap a developer ecosystem with documentation, frameworks, and accompanying tooling.
Immutable X, an NFT platform that facilitates the minting and trading of NFTs and tokens, is using an application-specific zk-rollup with StarkEx. The platform has supported tens of millions of NFT mints and trades all with low fees, even during periods of network congestion on Ethereum.
Immutable X will also launch on StarkNet. Instead of posting its proofs directly to Ethereum, Immutable X will publish them on StarkNet which will then be recursively posted on Ethereum through StarkNet’s rollup. Immutable X can then leverage StarkEx to launch app chains on top of StarkNet, essentially providing projects with a layer-3 scaling solution.
zk-SNARK Based Projects
Zcash, previously named ZeroCash in reference to the zero-knowledge proof used to support its privacy-preserving transactions, is one of the earlier crypto assets and helped pioneer the use of zero-knowledge technology in the industry.
Loopring is a DEX built on Ethereum which supports order book style trading without taking custody of users’ assets. Powered by Chainlink Price Feeds, it has served over a hundred thousand users and facilitated billions in trading volume.
zkSync is a rollup on Ethereum that, like StarkEx, supports token transfers and swaps but not smart contracts. The protocol was created by Matter Labs.
Similar to StarkNet, zkSync 2.0 is a layer-2 Ethereum scaling solution that uses a volition architecture that supports smart contracts. zkSync uses zk-SNARKs to validate transactions and uses a zkPorter, a proof-of-stake system, for data availability. The main difference between zkSync 2.0 and StarkNet, besides their validity proof, is that zkSync 2.0 is EVM compatible. 1inch, Alchemix, and Curve are planning to launch on zkSync 2.0.
ZigZag protocol is a decentralized exchange that uses an order book for ERC-20 trading pairs, unlike most DEXs, which use automated market maker designs. It’s the scalability of zk-rollups that makes the order book design feasible. Any token in zkSync’s registry can be listed on ZigZag. The protocol currently operates on zkSync 1.0 but has plans to launch on both zkSync 2.0 and StarkNet.
Mina protocol is a lightweight zero-knowledge proof blockchain project that uses SNARKs to produce blocks limited to 22kb in size. Projects can build applications on Mina with full smart contract functionality.
How Zero-Knowledge Protocols Can Increase Decentralization Reliability, and Security
Zero-knowledge protocols can strengthen their security guarantees and automate their applications with reliable and decentralized Chainlink oracle services. Protocols across the Web3 ecosystem can use Chainlink trust-minimized services to access any external API and leverage secure off-chain computation to build more advanced applications.
Zero-knowledge protocols can enhance their dApps with:
- Highly accurate market data—Chainlink Price Feeds underpin the DeFi economy with hyper-reliable and globally precise price market data that is used to support decentralized stablecoins, lending and borrowing protocols, trading platforms, and many more use cases.
- Verifiable randomness—Chainlink VRF generates randomness backed by a cryptographic proof, which is then delivered and verified on-chain. NFT platforms can use this randomness for provably fair mints, while blockchain games can use it to create unpredictable gameplay.
- Smart contract automation—Chainlink Automation is a decentralized service that can be used to automatically trigger crucial smart contract functions such as settling limit orders, executing liquidations, rebasing tokens, and more.
- Proof of reserve—Chainlink Proof of Reserve provides automated verification based on cryptographic truth for reserve assets, enabling zero-knowledge protocols to reduce risk, improve transparency, and help prevent systemic failures in DeFi.
- Cross-chain communication—The Cross-Chain Interoperability Protocol (CCIP) provides protocols with a universal, open standard with which to build secure cross-chain applications that can transfer tokens, send messages, and initiate actions across Web3.
Enhancing Any Blockchain Project With DECO
A zero-knowledge proof crypto project doesn’t have to use a zk-rollup, validium, or volition to benefit from zero-knowledge technology. Currently in development, DECO uses zero-knowledge proofs to guarantee that data remains private and tamper-proof during its delivery across HTTPS/TLS systems.
DECO-enabled Chainlink oracle nodes can prove facts about data sourced from trusted servers without revealing the data on-chain, while also proving the source of the data since the TLS chain of custody is maintained. This enables a wide range of advanced use cases, such as decentralized identity (DID) protocols such as CanDID that enable users to manage their credentials rather than relying on a third party. It could also enable a DeFi platform that supports undercollateralized loans by checking with an established institution whether a user’s credit worthiness meets their requirement, without needing to view any personal data.
Ultimately DECO provides security guarantees that enables users to securely use personal information in on-chain systems without having to make that data available on-chain.
Together with layer-1 blockchains and decentralized oracle networks, zero-knowledge proofs are set to transform the blockchain industry by enabling ZKP projects to build highly scalable, cost-efficient, and advanced applications while preserving users’ privacy.
While there are other layer-2 solutions that may provide a better architecture for certain applications, zk-rollups, validiums, and volitions are set to capture a large volume of users among both individuals and enterprises as the blockchain industry moves toward mass adoption.
If you are a developer and want to integrate Chainlink trust-minimized services, check out our documentation, ask a question in Discord, or set up a call with an expert.