A Gentle Introduction to Zero Knowledge Proofs
Welcome to “Polygon ZK” – a content series dedicated to exploring the world of Zero Knowledge (ZK) proofs. This technology has recently emerged as one of the key solutions that will allow the Ethereum network to accommodate its next billion users. Unfortunately, ZK is as promising as it is arcane. In this blog series, we will break things down in plain language.
Polygon is home to an unparalleled conglomeration of cutting-edge Zero Knowledge research: Polygon Hermez, Nightfall collaboration with EY, Polygon Miden and the newly announced Polygon Zero. Polygon ZK will tap this inhouse expertise to deliver a series of posts that are both informed by the latest frontline experience and accessible to a lay reader. We will introduce essential concepts, explain where this technology is heading, what kind of impact to expect and when. But let’s start at the very beginning: what is Zero Knowledge and why should you care?
For the past few years, the most pressing question for the Ethereum community has been how to increase the network’s capacity to handle more transactions. The skyrocketing popularity of new applications in decentralized finance (DeFi) and non-fungible tokens (NFTs) brought with it congestion and soaring fees, known as gas. The solution is to push computation to what is called Layer 2, a collective term for scaling solutions that live outside the Ethereum Mainnet but still rely on it for security. That’s where Zero Knowledge does its magic.
Moon Math & Finding Waldo
Zero Knowledge proofs are a way to prove that you know something, without revealing what you know or how. In a cryptographic setup, this means that someone needs to prove they know something (prover) and someone else needs to verify that it’s true (verifier).
Imagine one of those Where’s Wally (or Where’s Waldo in North America). Say Bob asks Alice to prove that she knows where the cheeky character is. Alice agrees, but doesn’t want to tell Bob where exactly Waldo/Wally is, or how she found him. Alice can do it by copying the page, cutting the character out and presenting that as proof.
That’s a ZK Proof in a nutshell. A group of MIT researchers introduced the concept in 1989, but the actual science behind it is so complex that until recently it has been considered “moon math.” Three decades later, their ideas are being applied to solve blockchain challenges like scalability, security and privacy. We are now witnessing a Cambrian explosion of ZK approaches, each with its own merits and potential applications.
Sounds neat, but how does this help scale Ethereum again? Meet ZK Rollups.
Rollin’, Rollin’, Rollin’
Rollups are Layer 2 protocols built on top of Ethereum. They’re called rollups because they “roll” lots of transfers “up” into one single transaction. Shifting computation off-chain helps reduce congestion on Ethereum and reduce overall gas costs for users. Rollups still pay fees to record their transaction bundles on Ethereum, but the cost per transaction is significantly cheaper because it's shared among many users.
In a ZK Rollup, a smart contract processes and verifies that all the bundled transactions are valid off-chain. That validity proof is publicly recorded on-chain, immortalizing it forever on an Ethereum block. (The other main rollup flavor is called Optimistic, because it assumes there is no foul play and relies on challenges known as fraud proofs.)
ZK Rollups have a number of advantages:
- Because validity proofs themselves are much smaller than the data they represent, validating a block is faster and cheaper.
- There are also moves underway to reduce gas fees for the specific type of data used by rollups. Ethereum’s co-founder Vitalik Buterin has called it a “quick-and-dirty solution” that will speed rollup adoption.
- Rolled up transfers are processed in a parallel computing way, which encourages decentralization.
- There are no delays in moving funds from Layer 2 to Ethereum, a process that could take up to a week for Optimistic Rollups.
- Abstracting transaction details in a validity proof also has positive implications for privacy further down the road.
ZK Rollups are not without their challenges:
- For starters, some flavors of ZK must go through a laborious and fraught initialization phase called “Trusted Setup Ceremony.” (For a truly epic example, check out Radiolab’s piece on Zcash’s pioneering effort.)
- ZK proofs also require beefy computers to run and need a great deal of data optimization to reach their scaling potential, all of which may limit the number of users who can become verifiers.
- Quantum computing potentially poses a threat, but some flavors of ZK are more future-proof than others.
As these obstacles are overcome, ZK Rollups will become an essential part of a modular blockchain architecture that many believe is the future of Web 3.0 infrastructure. We at Polygon are convinced that ZK cryptography will be our vital asset for years to come.
Polygon’s ZK Thesis
Polygon is so bullish on the future of ZK, we made it a centerpiece of our strategic vision in the Zero Knowledge Thesis published in August. As part of that mission, we have committed $1 billion, a significant portion of our treasury, to our ZK-related efforts.
We have already taken several major steps toward building this exciting ZK future. The first was the merger with Hermez Network (now Polygon Hermez). This was followed by the announcements of Polygon Miden and Polygon Nightfall, a privacy-focused rollup built in collaboration with EY. The newest addition to our family will be revealed at zk day on Dec. 9.
So tune in to our blog to keep up with the most exciting experiments in this space.
Let’s bring the world to Ethereum!