What Is a zkEVM?
A zero-knowledge Ethereum Virtual Machine (zkEVM) is a virtual machine that executes smart contract transactions in a way that’s compatible with both zero-knowledge-proof computations and existing Ethereum infrastructure. This enables them to be part of zero-knowledge rollups, layer-2 scaling solutions that increase transaction throughput while lowering costs.
A layer 2 is EVM compatible if it can run programs created for Ethereum environments without modifying the underlying smart contract logic. This makes layer 2s compatible with existing Ethereum smart contract patterns, token standards, and tooling. Being EVM compatible is important for the widespread adoption of these layer 2s, as it enables developers familiar with Ethereum’s Solidity programming language to build highly scalable applications using the same battle-tested tools they’re used to.
In this article, explore how zkEVMs work, the challenges of building a zkEVM, the advantages of zkEVMs, various types of zero-knowledge projects, and more.
How Does a zkEVM Work?
A zkEVM replicates the Ethereum environment as zero-knowledge rollup, bringing the Ethereum developer experience and existing tooling to a highly scalable and secure layer 2. This enables devs to seamlessly bring existing dApps and smart contracts to the new environment, or easily build new applications.
zkEVM Execution Environment
The EVM executes smart contracts and computes the state of the Ethereum network after each new block is added to the chain. It parses human-written Solidity code, translates it to computer-legible bytecode, and then updates the Ethereum state. It governs the specific rules around changing state and defines the smart contracts that developers can write.
A zkEVM is a new kind of EVM on which smart contracts can run. It takes the initial state, computes transactions, and outputs a new, updated state and an accompanying zero-knowledge proof. Because zkEVMs are based on Ethereum’s EVM, developers are able to easily port Ethereum dApps and tokens to the zkEVM.
zkEVM Proving Circuit
Zero-knowledge proofs (ZKPs) are a way for one party to cryptographically prove to another that they possess knowledge about a piece of information without revealing the actual underlying information.
The proving circuit of a zkEVM produces zero-knowledge proofs that verify and validate the transactions, proving that user transactions were computed correctly and the new state is correct.
zkEVM Verifier Contract
On Ethereum, every transaction must be verified by every node. In contrast, zero-knowledge rollups are a layer-2 scaling solution that “roll up” a large batch of transactions and verify their correctness with a ZKP published on a layer-1 blockchain like Ethereum. This increases throughput and reduces costs while maintaining security.
Layer-2 zero-knowledge rollups submit validity proofs to a verifier smart contract deployed on the underlying layer 1. They use the zero-knowledge proof submitted to check that the outputs are correct based on the initial state, verifying that the updated state is correct without having to process all transactions individually.
Challenges in Building a zkEVM
Zero-knowledge proofs and the Ethereum Virtual Machine are technologies that were developed separately, and have only recently been brought together to create zkEVMs. To get them to work together, there are a number of challenges and innate inefficiencies to be overcome.
Stack-Based Architecture
The EVM uses a stack-based architecture that follows the last in, first out (LIFO) principle, with the last data added to the call stack the first to be removed. This model is simple and easy to use. However, when creating a zkEVM, a register-based model, where data is stored in virtual CPU registers, would be more effective for the high-performance computing and zero-knowledge computations that zkEVMs typically require.
Opcode Complexity
Unlike typical virtual machines, the EVM uses special opcodes to instruct the EVM to do something when executing a smart contract, such as CALL, DELEGATECALL, REVERT, and INVALID. This adds complexity that makes it more difficult to understand exactly what the EVM is doing.
Storage Overhead
The EVM uses a Merkle Patricia Trie to organize data and a Keccak hashing function to help track that data by turning it into hashes. This has a high proving overhead as it takes a lot of computation to check the hashes are correct.
Proving Costs
Generating zero-knowledge proofs is a resource-intensive process that requires specialized hardware.
Exploring the Advantages of zkEVMs
zkEVMs have a number of advantages over layer 1s and other layer-2 rollups.
Secure Scalability
Unlike Ethereum, zkEVMs don’t have to follow Ethereum’s consensus protocol rules. However, all layer-2 transactions on a zkEVM are still verified on the underlying layer 1 through the use of validity proofs. This means zkEVMs can optimize for speed and transaction throughput without compromising security.
Low Cost
Layer-2 rollups post batches of transactions to a layer-1 blockchain like Ethereum. Optimistic rollups must post all transaction data on-chain, including signatures, which can lead to high gas costs. However, zkEVMs only need to publish final state changes on-chain, as the zero-knowledge proofs guarantee the validity of all transactions within the batch. This lower cost is passed on to applications and end users of the zkEVM.
Fast Finality
Finality is the moment when a blockchain transaction cannot be altered, canceled, or reversed. With optimistic rollups, a competing layer-2 architecture, there is a one-to-two week challenge period for transactions before network participants have objective proof of their validity and they can be finalized. In contrast, zero-knowledge rollups are finalized as soon as they’re posted on the underlying layer-1 blockchain. Faster finality is important for traders who need to move assets around the DeFi ecosystem quickly, helping attract liquidity and improve capital efficiency.
Network Effects
EVM compatibility enables zkEVMs to leverage Ethereum’s existing developer ecosystem, extensive tooling, documentation, code libraries, and battle-tested infrastructure. Moreover, Avalanche, Polygon, and other blockchains use EVM environments, further entrenching EVM as a standard across Web3.
Types of zkEVMs
The following categories were identified by Ethereum founder Vitalik Buterin. In general, the lower-numbered types are more compatible with Ethereum infrastructure, while the higher-numbered types have faster proving times.
Type 1 (Fully Ethereum-equivalent)
zkEVM type 1s don’t change any part of the current Ethereum system to make it easier to generate zero-knowledge proofs. This makes them fully compatible with all Ethereum-native applications and enables tools like block explorers and execution clients to be reused. However, certain parts of the Ethereum protocol require a large amount of computation to generate zero-knowledge proofs, leading to long proving times for zkEVMs.
Type-1 projects:
Type 2 (Fully EVM-equivalent)
Type-2 zkEVMs aim to be fully compatible with existing Ethereum applications but make minor modifications to make proof generation faster and development easier. While the proving time is faster, current implementations are still considered to be too slow.
Type-2 projects:
- Scroll and Polygon Hermez are aiming to create type-2 zkEVMs, although they are currently closer to type 3.
Type 2.5 (EVM-Equivalent Except for Gas Costs)
Increasing the gas costs for specific operations can improve the proving times for some of the most difficult proof generation scenarios. However, this can break some applications and requires developer modifications.
Type 3 (Almost EVM-equivalent)
Type-3 zkEVMs sacrifice some EVM features to enable easier application development and proof generation, such as changes to precompiles, VM memory, the stack, and how smart contract code is treated. While most Ethereum applications will work in this environment, some may need to be rewritten.
Type-3 projects:
Type 4 (High-Level-Language Equivalent)
Type-4 systems take code written in a high-level language such as Solidity or Vyper and compile that to a language that is designed to be friendly with zero-knowledge proofs. Essentially, they’re equivalent to the high-level language but not the actual EVM. This enables much faster proof generation and reduces costs, although contracts may not have the same addresses.
Type-4 projects:
- zkSync 2.0
- Nethermind’s Warp (a compiler from Solidity to Starkware’s language Cairo, which will turn StarkNet into a type-4 system)
Conclusion
Limited transactions and high gas fees have limited the ability of Ethereum and other blockchains to scale successfully. zkEVMs bring the Ethereum experience and its existing infrastructure to highly scalable and low-cost layer-2 rollups, all while maintaining the underlying security by generating on-chain proofs. Ultimately, by combining zero-knowledge proofs and an Ethereum Virtual Machine, zkEVMs overcome the previous limitations and provide the scalable and secure infrastructure needed to achieve widespread Web3 adoption.