ArkStream Capital: A deep dive into zero-knowledge investment opportunities about the blockchain scaling and privacy protection (2)
Ray
Zero-knowledge proof and scaling
At the moment, the starting point of all blockchain design is essentially around the block. Transactions constitute block data, consensus mechanism determines block generation, validation and sequence. Considering the perspective of transactions, the transaction is initiated by the user’s private key signature through the network broadcast and then enters the whole network transaction memory pool. The block constructor/MEV (maximal extractable value)searcher/sequencer select the certain transaction, and the transaction list is submitted to the block constructor. Block constructor/block producer submits the block to the network. The block validator verifies the legal validity and then confirms the on-chain process. If we think from the perspective of the block, the block needs to complete three procedures which are construction, submitting on-chain and confirming on-chain. The decentralized design mechanism will increase the cost and security of each link in the whole network to achieve machine trust. The longest legal blockchain is named as canonical chain/layer1 network/base layer chain/Layer 1.
In the field of software design and development, the design patterns have single responsibility, design frameworks have hierarchical architecture and design principles have high cohesion and low coupling. The whole theory and guidance aim to refactor software with modular thinking. The modularity of blockchain can be divided into three major levels: data availability (data level), logic execution (execution level), and consensus mechanism (consensus level). If scaling corresponds to these three levels, then there will be data level scaling, execution level scaling, and consensus level scaling. For simplification, it can be divided into on-chain scaling and off-chain scaling based on whether the base chain changes or not. On-chain scaling solutions include increasing block size, sharding, and consensus mechanism adjustment. Off-chain scaling solutions include segregated witness, state channel, sidechain, Plasma and Rollup. The outbreak of DeFi and the prevalence of NFT have greatly increased scaling demand on the Ethereum network, on December 2021, Vitalik Buterin published “Endgame”, which describes the future of Ethereum will coexist with centralized block production, decentralized verification and multiple Rollup. Under the strong support of Vitalik Buterin, Rollup has become the mainstream off-chain scaling solution on Ethereum. Among the many subdivided Rollup projects, they can be categorised as Optimistic Rollup (ORU) and ZK Rollup (ZKR) based on types of technology, the main difference between the two is the solution to ensure transaction validity are different, ORU uses game-based fraud-proof, ZKR uses mathematic zero-knowledge proof.
Whether Optimistic Rollup or ZK Rollup, they all have to process lots of transactions and support the general computation of smart contracts while inheriting Ethereum’s security and data availability. Optimistic Rollup compresses a large amount of transaction data and then submits compressed transaction data and state root to Ethereum. In addition, the Optimistic Rollup network has the role of challengers, they can perform fraud-proof on submitted data on Ethereum, and then invalid transactions will roll back through Optimistic Rollup. As for ZK Rollup, when processing a batch of transaction data, the zero-knowledge proof is used to ensure the validity of transaction data and directly submit proof to Ethereum, the final consistency is instantly achieved. In terms of general computation of smart contracts, Optimistic Rollup directly uses Ethereum’s EVM while ZK Rollup team either develops zkVM or adopts the path of zkEVM. So dApp projects can be seamlessly migrated in Optimistic Rollup, while in ZK Rollup, most of them need to make small or big changes.
There are special network participants in different types of Rollups, ORU has challengers who propose fraud-proof, and ZKR has computational provers and aggregators who can perform computing and aggregate zero-knowledge proof. Layer2 obtains the base layer network security and data availability by processing a batch of Rollup transactions in the second layer network and submitting them to the specific smart contract on the base layer network. At this moment, the degree of decentralization of the base layer network and block verification mechanism will become the valid endorsement for the second layer network transaction.
In the layer 2 network technical projects and architectures, compared with the game model of ORU, it seems that ZKR which adopts zero-knowledge proof and can be mathematically verified will have more technical advantages, but the latter develops relatively slow and consumes more time, therefore, a lot of bold and forward-looking projects are being conducted in this area. Next, we will explore various ZKR-related projects.
Starkware: the technical service provider who developed Cairo circuit programming language and its zkVM based on self-developed protocol STARK. Their product line includes dedicated StarkEx and general StarkEx. StarkEx is positioned as a layer 2 network scaling engine that serves special implementation needs. It has served many projects, such as Sorare, Immutable, dYdX (V3), DeversiFi (rhino.fi), Celer, etc. Currently, it also has more than 600 million US dollars of TVL, transaction volumes and other business data reached more than 200 million.
StarkNet: it is a universal, composable and decentralized ZKR. The core participant of the entire StarkNet: StarkNet OS, STARK Prover and Blockchain Dispatcher. StarkNet OS plays a role similar to EVM on Ethereum, which undertakes task assignments of transaction ordering and transaction zero-knowledge proof computation. STARK Prover is the prover of zero-knowledge proof, it is also responsible for computing proof. Blockchain Dispatcher is the communication bridge between L1/L2.
StarkNet’s official gateway StarkGate has been released and will open limited deposit and withdrawal experience opportunities with a limited amount and non-scheduled time. Now the total number of bridged assets is about 775 ETH. The Cairo language style tends to be in between Golang and Python, the native type of newly added circuit programming language: Field Element (felt), there are only a few general libraries for developers, mainly provided by the official team, it does not support the direct compilating deployment of Solidity code, before deployment, it requires to be converted into Cario code by using Warp translator, part of Solidity features can’t be supported, SHA256 is the one being mostly influenced. StarKNet ecological projects include wallet, DEX, DAO and many other racing tracks, focusing on native projects, which have a low overlap rate with Ethereum’s app projects, please go to the official ecological network for more detailed information. We can see that there is no frequent transaction number from the block browser, the monthly transaction number is about 115.
StarkNet has released several Alpha versions, currently, it is in the Constellations stage, decentralised StarkNet OS and StarkNet Prover are being researched and implemented.
zkSync: based on PLONK protocol (1.0 version) and self-developed RedShift protocol (2.0 version/future) which is transparent and does not require trusted setups, zkSync is the ZKR support Solidity/Vyper programming zkEVM. zkSync 1.0 released SyncVM that can pair with Zinc circuit programming language before, but now they are stagnated and shifted to zkEVM that can support Solidity/Vyper programming zkSync 2.0. Now it is in the zkSync 2.0 network iteration testing stage, in the next 100 days both the mainnet will be released and zkEVM open source will be achieved. Apart from on-chain zkRollup solutions, zkSync will also launch the off-chain data zkPorter solution. zkSync 2.0 uses the Operator and the design of the System Contracts to complete the contracts deployment function and communication function from L2 to L1. The current Operator is run by the zkSync team and will be decentralized in the future. Since zkSync claims the compatibility of EVM bytecode, as a community-driven project, zkSync has received support from many well-known Ethereum dApp project supporters, such as 1inch, Yearn Finance, Aave, Chainlink and The Graph, etc.
The zkSync ecological projects can be inquired through the official ecological website, the live staus include wallets, derivatives exchanges and bridges. From the block browser, it can be seen that there are 100,000 submission confirmed blocks, and the total number of transactions surpasses 10 million, with an average of 100 transactions per block. zkSync 2.0 testnet has been running for 6 months now, and it has always been implementing the realization of zkEVM and compatibility of JSON-RPC on Ethereum. zkSync 2.0 version may be the fastest ZK Rollup that can be compatible with zkEVM, after going online, it will greatly reduce the user threshold and attract more users to use the L2 network.
Scroll: native zkEVM project, the ZKR that integrates with various pre-research technologies (polynomial commitment, LookupTable, Recursive Proof) and GPU/ASIC hardware acceleration. L2 network of Scroll consists of Node (Replayer, Sequencer, Coordinator) and Roller, as well as the corresponding Bridge and Rollup smart contracts on L1. It is recommended to read the official article about understanding their architecture, which is very easy to understand. Here we briefly explain a bit about it: Sequencer receives L2 transaction and processes L2 transaction lists, constructs blocks and state roots, Coordinator monitors blocks and distributes block monitoring stacks to Roller, the Roller computes circuits of zkEVM and generates aggregated proof, then returns it to the Coordinator, finally, Coordinator submits to the L1 Rollup contracts through Replayer, Replayer also undertakes the function of communication bridge for L1/L2. Since Scroll and the Ethereum foundation PSE (Privacy & Scaling Explorations) have jointly studied the existing problem of privacy and scaling, so the Scroll zkEVM solution is quite native. It can be seen from open source code repositories that the zkEVM solution is consistent with PSE, as the Node of L2 will be implemented based on Go-Ethereum (Geth). Recently, Scroll has registered on the Pre-alpha testnet.
Polygon (MATIC): it was proposed as the side chain of Ethereum at the beginning, but after the change of strategy, Polygon merged and acquired multiple L2 solution projects, then started to carry out large-scale scaling explorations, here, we will briefly introduce several zk L2 solutions.
Polygon zkEVM (Hermez): Hermez 1.0 adopts the PoD (Proof of Donation) consensus mechanism of the decentralized bidding model and the major payment function L2 generated by ZKR. The main network was launched in March 2021, and the block browser has generated batches of transactions intermittently. Hermez 2.0 is adjusted to L2 of the zkEVM solution, the consensus mechanism is upgraded to PoE (Proof of Efficiency). The L2 architecture diagram of Hermez 2.0 is shown down below, we can see that the framework is very similar to Scroll, we won’t restate the L2’s basic process of interaction between roles of all parties. The core role in zkEVM is zkProver (it is just like Roller of Scroll), let’s take a look at the internal composition of zkProver. In zkEVM, the state flow is expressed in the polynomial form (referring to the virtual machine part from the previous article, the polynomial form/constraint can be understood as the circuit of zero-knowledge proof).
zkProver contains Main State Machine Executor, Secondary State Machines (STARK Recursion Component), STARK Builder (CIRCOM Library) and SNARK Builder (zk-SNARK Prover), the parentheses are just another form of understanding refers in the figure.
1. Main State Machine Executor: it uses zkASM (zero-knowledge Assembly) to interpret transaction EVM bytecode and set polynomial constraints, at the same time, Polynomial Identity Language is also used for coding polynomial constraints.
2. Secondary State Machines: it separates the zkEVM transaction corresponding state flow, and uses multiple corresponding state machines to compute and verify the validity of transactions.
3. STARK Proof Builder: it is a proof that is computationally generated and in accord with STARK polynomial constraints (fast computation)
4. SNARK Proof Builder: a SNARK proof that computes STARK size (reduce the proof size), PLONL/Groth 16 is tentative.
As for the introductions of Hermez zkASM/PIL, all can be found in the official documents, which are complete, and the code repositories for all function blocks are open source and constantly maintained.
In summary, Hermez 2.0 is the L2 that combines Plonkup Lookup, STARK protocol of Starkware and adopts zkEVM of new assembly solution with decentralized PoE consensus. It is planned to release the Q3 testnet in 2022 and the mainnet in 2023.
Polygon Zero: the L2 is based on self-developed Plonky2 with Plonk protocol and FRI technology, it is also compatible with zkEVM. The name was changed from Mir project which Polygon spent 400 million dollars to buy. Zero’s information is mainly viewed from Mir’s official website and Polygon’s blog. It is claimed that Zero supports recursion, it is efficient and fast, and the proof size is small. The project code repository has always been updated and contains the EVM module. Due to the lack of information and long time period, it is temporarily unknown what the future roadmap of Zero is, at the moment, the architecture of Plonky 2 may tend to be a more technical service-oriented framework, the open-source of Plonky 2 has been announced recently.
Polygon Miden: this L2 is based on STARK protocol, supports muti-language development (including Solidity), compatible with EVM, it also launches the circuit programming language Miden Assembly and Miden VM. Miden VM is the evolutionary version of Distaff, which integrates the Winterfell system-proof library from Facebook open source. From the architecture diagram of the official website, Miden has the design of Operator, but we can’t find any official information or documents about EVM compatibility, L2 routes and progress. Miden’s current code repositories are mainly VM, and there is no introduction and implementing solutions for compatible EVM.
Polygon Nightfall: An enterprise-class L2 that focuses on privacy, it is mixed with both Optimistic and ZK types of Rollup. Essentially, it is still an L2 of ORU, but it combines ZKP technology to enhance privacy protection. Nightfall was established by Ernst & Young in partnership with Polygon to explore the area of enterprise-class blockchain. The mainnet is planned to release in 2022.
Mina: in addition to L2, there are some other projects based on ZPK to explore scaling on L1, such as Mina, a lightweight blockchain (L1) developed on recursive SNARK. The SNARK proof that maintains the latest block in the whole blockchain network can ensure the validity of the entire blockchain and the size is maintained at 22KB. The network has Archive Node which can maintain complete data, the block producer which implements consensus mechanism and produces blocks, and finally the SNARK producer which processes computation of zero-knowledge proof. Mina proposes to use zkApp written in TypeScript, in order to achieve the corresponding zkApp business logic, developers have to implement the internal Prover and Verifier functions. Mainnet of Mina was launched in March 2021, and the network architecture is similar to L2 batch transactions. The Archive Node is equivalent to the maintainer of the data availability layer, the block producer is equivalent to the sequencer, SNARK producer is similar to Roller of Scroll or zkProver of Hermez 2.0, but zkApp’s application and positioning are relatively limited, it does not have the versatility as zkVM, and it does not support zkEVM. We will follow up on the iterative progress of Mina’s zkApp.
In summary, the technical development in ZK scaling is still in rapid growth, especially in zkEVM implication, L2 network architecture implementation and decentralized transformation. Judging from the top 20 burning Gas contracts of ETHGasstation in the past 30 days, the projects are mainly Opensea、DeversiFi、Uniswap、USDT、USDC、Metamask Swap、Axie Infinity、NFT Worlds, etc. For L2 to be widely implemented, it must be supported by projects with high-frequency trading scenarios, such as DEX, NFT, MarketPlace, GameFi and financial derivatives etc. Although some ecology of L2 projects is in the lead, however, the implementation of zkEVM is very likely to overtake, which will lead to the reshuffling of the L2 racing track. The implementation of zkEVM will be beneficial to attracting migration of current L1 projects, many Web3 developers are expecting to build disruptive products on Ethereum with higher interactive frequency.
Zero-Knowledge proof and Privacy
If Web 3 represents the awakening of individual sovereignty, then privacy will be a necessary part of Web3. The development of the industry, composability of DeFi and socialising changes brought by NFT have made us realize that asset ownership is more secure and convenient compared to centralized custody, and fully transparent information on the chain has further stimulated the demands for privacy protection. However, what we do to protect privacy and to what extent when facing continuous upgrading monitoring policies of many countries, is a topic that needs to discuss. Recently, the American ministry of finance issued a policy to directly sanction Ethereum ecologic privacy payment platform Tornado Cash, which has caused the interacted address of Tornado Cash to be blacklisted by USDC issuer, as well as Tornado website pages, GitHub code repository, official telegram group, official discord were shut down. We believe that everyone has the right and desire to protect their privacy, the abusive use of privacy products does not mean that they are wrong in the first place, the original intention of privacy products is to protect conventional payment transfer and payment privacy. It is undeniable that manipulation of the products by criminals/hackers has brought many problems, however, the key is not to ban privacy products, but to find methods to balance privacy and legal compliance, such as ZCash tried to balance with the global AML/CFT anti-money laundering standards, and asset compliance tool provided by Tornado Cash.
There are different scenarios for privacy implementation solutions (privacy payment, privacy transaction and privacy universal computation) in the current crypto industry, the specific solutions are different due to different usage, there are mainly six categories:
1. Coin Shuffle CoinJoin/Mixer: it is mainly used for privacy payment. Based on the UTXO model, essentially the system creates multiple token transfers with the same amount of input and output to achieve hidden payment. Indeed, hidden payment can be achieved to a certain degree, however, if we need to address analysis and control, we can control all withdrawal addresses of output. To overcome the problem of coin shuffle problem, Dash coin proposed the concept of a privacy payment layer, it is a mixture that allows the privacy payment layer to participate in deposit addresses, and it also reduces the association between deposit and withdrawal addresses. Tornado is combined with ZKP to cut off the association between deposit and withdrawal addresses.
2. Ring Signature: the ring is formed by multiple addresses, and the certain signature of an address in the ring can trigger the ring signature without relying on the other addresses, privacy is the signature addresses in the ring are achieved, it is also the earliest solution of Monero coin.
3. Homomorphic encryption: directly computing and outputting the ciphertext. We think that this technology is cutting-edge, similar to zero-knowledge proof, but the expenses for operating ciphertext are very large. For this technology, The exploring project of Sunscreen is currently founded by Polychain Capital and Coinbase Ventures.
4. Secure Multi-Party Computation(MPC): with no participation from a trusted third party, it allows for multiple participants to compute in a safe and nondisclosure environment. Chairman of Wanxiang Blockchain initiated PlatON which has been researched and used for a very long time in this field.
5. TEE (Trusted Execution Environment): Trusted Execution Environment is similar to the concept of a black box, that passes the input into TEE, then after TEE processes the result, the output is encrypted. Now Oasis and Secret Network are mainly using this technology.
6. ZKP: utilizing zero-knowledge proof to implement private payment and privacy general computation. The new projects of privacy payment include Iron Fish, PoW network + UTXO+model + zkSNARK of Groth16, the design is very similar to ZCash, but it doesn’t mention whether it supports privacy programming. Aleo, Aztec and Espresso are the most well-known privacy general computing projects.
After the introduction of basic implementation solutions, we now select some zero-knowledge proof-related projects to study and discuss.
Tornado Cash: we often see the introduction explains users make a deposit to Tornado, obtain the deposit note, and then any user (address) can withdraw money by using the deposit note, thus privacy payment transaction is achieved. However, this is only from the perspective of the user, it does not reflect the deep core of Tornado. There are two ways for Tornado to achieve privacy technology: confuse the fund’s whole deposit and withdrawal pool of funds flow, and cut off the ZKP association with the deposit and withdrawal address.
The Coin Shuffle pool is relatively easy to understand, so we focus on the analysis of ZKP.
Since Tornado’s front-end website and code repository are now closed, it is hard to find official information, so we analyse the transaction code and contract code on the chain. There are only two operations that users need to do with Tornado: deposit and withdrawal. These are all done through the Tornado Cash routing contract, which will call the contract with a specific deposit amount (1ETH/10ETH, etc.). the deposit operation Tornado returns to user Note and submits Commitment to the chain. Deposit operation submits Proof, Root and NullifierHash to the chain. These parameters are generated by Tornado’s centralized code constructor, it is key to understand ZKP.
We compare Tornado to a bank responsible for deposits and withdrawals, and Ethereum to a public vault, it will be easier to understand the user’s operation processes in Tornado:
1. Deposit: user fills out a deposit form, and the bank uses a specific safe (Commitment) to keep the deposit form and generate two random passwords, one is for locking up the safe, and another one is for recording the flow state of funds, and then, place a locked safe with flow state of funds in a certain secret random location (Root). Bank returns the safe, random code and safe location to the user (Note).
Withdrawal: the user tells the bank about the random code and safe location, and the bank can compute to know: secret random location of the safe (Root), the flow state of funds (NullifierHash), and the unlocking password (proof) of the safe. When everything is checked and confirmed, completing the withdrawal and update the state of funds flow; by using the Mixer and zero-knowledge proof, Tornado implemented the privacy payment function on the mainnet of Ethereum, and after issuing the token, TVL has reached a volume of 1 billion US dollars, it is shown that there is a huge impact and user demand.
Aztec: the zk-Rollup Layer2 network that mainly focuses on privacy protection and privacy asset interoperability, adopts self-developed Plonk protocol, and has launched zk.money privacy payment product, recently they launched connection bridge Aztec Connect, in the future, they will launch Plonk Rollup scaling layer2 network. In the Plonk Rollup layer2 network, the circuit programming language Noir will be launched to support privacy smart contracts. The Plonk requires a protocol to proceed with Trusted setups, however, Aztec adopts MPC (Secure Mutil-Party Computation) to solve Trusted setups. The MPC’s trusted setup is endorsed by various trusted and well-known public figures. Aztec completed the ignition ceremony MPC trusted setup in January 2020. Products iterative route is advanced layer by layer, from the early zk.money to the recent Aztec Connect, and the future Plonk Rollup, the Aztec team tries to improve step by step for the team, also optimize and adjust the protocol corresponding to Plonk(TurboPlonk, UltraPlonk). In the Aztec 1.0 period, a great introduction was given about its protocol, now it is the Aztec 2.0 period, and there are not many overall network designs that can be found on the official website, so we continue to use the Aztec 1.0 documents for study purposes.
zkAsset: privacy asset, introduced in EIP172, is used to convert the open and transparent assets of Ethereum into privacy assets. After confirming the assets are transferred to the Note registry through zero-knowledge proof, the corresponding zkAsset will be minted, which is similar to Secret’s Shield assets (just like Tornado Cash deposit processes, but, Aztec added a privacy concept on the chain).
Aztec Cryptography Engine (ACE): distributing proofs to the updated Note registry state of verification and proof-based verified results. All types of Validators (Join Split, Bilateral Swap Validator……): validator tools (similar to SDK) enable developers to interoperate and integrate with privacy assets. For example, Join Split can be separated and merged with Note.
After the launch in June 2021, Aztec TVL peaked at 14 million US dollars and is now stable at 4 million US dollars. Compared to Tornado, the Layer2 privacy network is much less popular, which may be limited by the higher threshold to a certain degree. Affected by the Tornado event, other privacy products that interact with the Ethereum mainnet have also been implicated, this may be a discussion topic for future developers.
Aleo: Aleo is a new layer1 blockchain network that adds privacy functions to users and transactions while taking into account programmability, The built-in SnarkOS (decentralized operating system), is similar to the role of EVM. The concept of ZEXE (zero-knowledge Execution) is very similar to the TEE definition but is implanted with zero-knowledge proof. There are optional privacy models to provide a complete set of toolchains to developers. Leo Language, Aleo Studio (IDE), Aleo Package Manager. The latest incentive testnet is adjusted from pure PoW consensus to PoSW (Proof of Succinct Work), which converts the zero-knowledge proof computation into a condition to generate blocks. Aleo’s blockchain browser can now check the state of transition of verification, and the proof of zero-knowledge proof computation and transaction record.
Espresso: Espresso is researched and improved based on features of Aleo and Aztec, it is also based on ZK Rollup L2 and L1 dual-layer network with configurable asset privacy. configurable asset privacy allows asset creators to set privacy checking rules and asset freezing rules, such as receiving and sending addresses of the asset, sending and receiving numbers and holding numbers. They also proposed their own VERIZEXE corresponding to the concept of ZEXE, also the optimized PLONK version corresponding to Aztec’s TurboPlonk and UltraPlonk, and named Rust implementation code as Jellyfish which is open sourced. Currently, Espresso’s L1 network is under development, configurable assets privacy is tested in the testnet of Ethereum, or it can be experienced through the official website installation package.
Zecrey: a two-layer network that supports L2 for multi-chain ZKR, and L1 with cross-chain functionality and privacy protection. But it does not support zkEVM/zkVM. the privacy of L1 is based on the obfuscated fund pool of the BulletProofs optimized version (LNCS)/Sigma protocol, which provides users with functions of private transfer and privacy transaction. L2’s ZKR uses the PLONK protocol. Referring to the official white paper architecture diagram, there is a big part of ZKR design for L1/L2, and we need to analyse and study them.
Layer-2 Committer: collect and construct L2 blocks.
Block Monitor: L2 Block state updater.
Prover Network: A computing Network for ZKP proof after L2 transaction Rollup.
TSS-based Verifier Network: a network of verifiers that collects proofs of Prover Network and submit them to the L1 smart contracts.
Tx Monitor/ Layer-2 State Monitor/ Executor: bridge for L1/L2
The timing design of ZKR from L2 to L1 is the same, and the naming and labour division for some roles are slightly different: Committer collects transactions, and constructs L2 blocks. Prover Network monitors blocks, computes proofs for Committed blocks, and TSS-based Verifier Network collects proofs and submits proofs to L1 smart contracts, Block Monitor monitors L1 block packaging, then updates after confirmation.
Zecrey is now in the testnet development stage, it has integrated Ethereum, Polygon, NEAR, Avalanche, BSC and five public chain tests. According to the official website, mainnet will launch in Q3 2022.
Manta Network:
Polkadot ecology’s DeFi privacy protocol stack (Privacy Parachain) includes the multi-asset privacy payment protocols and AMM privacy transaction protocols. Referring to the official architecture diagram, it can be used as a privacy transfer station for each parachain in the Polkadot ecosystem. The specific privacy solutions are UTXO privacy payment model based on Zcash, which added multi-asset support and privacy payment Channel technology. AMM privacy transaction is achieved by using a solution similar to ZEXE, with a built-in zero-knowledge proof circuit.
Anoma Network: Intent( intent)- centred, composable privacy protection, which has composable privacy protection, layer1 network that can be decentralized to discover counterparties and solve multi-chain atomic settlement transactions. Anoma’s architecture is based on Cosmos and uses the Tendermint BFT consensus mechanism, the first sovereign independent chain (Factual Instance) is Namda. We see Anoma as an exchange with thin orders. The intent of Anoma is equivalent to a user’s pending order, pending orders can be made public (transparent), hidden (Shielded), or encrypted (Private), and pending orders need to be settled by Anoma’s Solver, the successfully matched pending orders forms Anoma Transaction. Anoma proposes its own AnomaVM, which corresponds to the advanced functional programming language Juvix and VampIR circuit programming language, the AnomaVM built-in setting supports ZKR circuit generation and FHE (Fully Homomorphic Encryption).
Iron Fish: it is based on Zcash and Sapling protocol, using PoW as the consensus privacy payment public chain. Several rounds of incentive testnets have been carried out, it is estimated to launch the mainnet in Q4 2022.
Based on the information of the projects above, we can see that in the privacy protection area, the zero-knowledge proof is mainly used in privacy payment and privacy network scenarios, and most of them are not used alone but mixed with Mixer, TEE, MPC or other privacy protection technology.
There are still many projects in the privacy protection field that are being explored and developed, especially in the direction of user-oriented privacy applications, which can be combined and implemented in scenarios like DeFi, there is still lots of room for extension, we won’t go into details here. Back to the original topic, privacy products emerged due to the demands from clients, when we move toward Web 3.0, whether it’s the decentralized financial system based on blockchain or the futuristic Web 3.0 socialising scenarios, we all hope to move more off-chain behaviours to on-chain, which can increase the demand for user privacy protection. ZPK plays an important role in many privacy solutions, this is also the reason for us to deeply research.
The Investment Direction of Zero Knowledge Proof
In the previous chapters, we used large pieces of writing to sort out and learn about the zero-knowledge proof projects in the directions of scaling and privacy, the zero-knowledge proof related scaling and privacy projects have also won the favour of capital in the primary market, and we sorted out public financing date for both projects, it is shown in the following two figures:
It can be seen that the highest valuated ZK scaling project is Starkware, which is evaluated at 8 billion, highest valuated ZK privacy project is Aleo, which is evaluated at 1.45 billion. Considering that the narrative of privacy and scaling projects can start at the same time, even some privacy projects are two-layer networks, so it is difficult to compare the average financing amount in both racing tracks. If only considering the highest valuation, the scaling track has higher recognition than the privacy track. In the scaling track, Starkware has various advantages in the protocol, circuit language zkVM and service projects etc. Undoubtedly it is favoured by the capital market. In addition, other scaling projects featuring zkEVM compatibility have also gained favour from the capital market. Within the privacy track, Aleo has advantages in circuit language and developer toolchain, which is more popular than Aztec the developer of PLONK and PLookup, it also shows that the capital market places more emphasis on commercial landing projects.
In the secondary market, due to the large fluctuation in currency prices, the ATH liquidity is insufficient, so we simply refer to the range of FDV. The ZKR scaling projects have not issued coins yet, we use (ORU) projects as a benchmarking. The FDV of OP is between 2 billion to 9.5 billion; while on the privacy protection track, ZCash is between 1.5 billion to 4.5 billion, Oasis is between 700 million to 5.9 billion, Tornado has dropped from 3 billion when it was initially launched to only 90 million. From this, we can see the recognition of the scaling track in the secondary market is on the same level as the public chain, as for the privacy track, the attitude is relatively conservative.
Due to the constant innovation and breakthrough of ZK technology at the academic research level, and the constant progress and implementation in engineering practice, therefore, it has always been favoured by investment institutions. It does not just stop here, apart from two major racing tracks mentioned in this article, ZK can also be used in other scenarios, such as lightweight blockchain (Mina), decentralized identity (Polygon ID) and privacy oracle machine (Deco of Chainlink). From many well-known ZK projects, we can observe the projects developing routes and ecological developing routes, these routes are more or less built on layer 2 public chain. Similar to the research & development stack of the public chain, ZK projects related technological stack involves all aspects: zero-knowledge proof protocol, circuit programming language, language application library/package, language development and debugging tool (IDE), zkVM/zkEVM design implementation and finally the mechanism of decentralization, etc.
When facing scaling and privacy projects which use zero-knowledge proof, we refined some simple thinking lists, in summary, it is used for communicating and learning with projects.
1. Different zero-knowledge proof protocols have their pros and cons, what are the reasons for choosing them?
2. Suppose that in zkVM type of projects, how to efficiently and safely design a developer-friendly circuit programming language?
3. Suppose that in zkVM type projects, how to build a set of developer ecological toolchain products?
4. Suppose that in zeEVM projects, do they support the seamless migration of smart contracts in the EVM chain, and are there restrictions for calls between contracts?
5. When ZK computes proof, how to use FPGA/GPU hardware to accelerate?
6. In projects, what role do prover and verifier play? Is it centralized and controlled? will there be decentralized design changes in the future?
7. Consensuses mechanism, token economic design, compliance design and other issues.
Zero-knowledge proof is a high-tech which requires time to settle, it cannot be achieved in one day, and the rapid entry of capital cannot bring quick development in fundamental technology. Therefore, when choosing projects, we tend to choose ZK projects with mature ecology or projects with strong academic research organisations. Bitcoin is a peer-to-peer electronic cash payment system, and Ethereum is the world computer of smart contracts, everything is so similar, ZKP started from the exploration in the payment field, and it is moving toward the general computation field. As users and participants in the crypto industry, we look forward to seeing more excellent ZKP projects, if you have any good ideas, please feel free to contact us.
References
https://mirror.xyz/0x8C4d5E90196325FB22Fff37C97D7984a37e51D11/dhOEzNXqotPftpjf2gh7Hz7qZwu3lQRWYmlE_sSe7is Panoramic interpretation Web3 status quo and evolution logic and typical players | privacy track chain catcher
https://docs.starknet.io/docs/intro
https://v2-docs.zksync.io/dev/
https://scroll.mirror.xyz/nDAbJbSIJdQIWqp9kn8J0MVS4s6pYBwHmK7keidQs-k
https://docs.hermez.io/zkEVM/Overview/Overview/
https://mirprotocol.org/blog/Scalability-on-Mir
https://aztec-protocol.gitbook.io/zkproofs-proposal/
https://docsend.com/view/ntcsmt7meu84gcqk Zecrey: A Turn-key Solution for Cross-chain and Privacy
https://eprint.iacr.org/2021/743.pdf MANTA: a Plug and Play Private DeFi Stack
https://github.com/anoma/whitepaper/blob/main/whitepaper.pdf Anoma: a unified architecture for full-stack decentralized applications
