Polygon Presents: Lessons Learned in Zero Knowledge
Earlier this month, Polygon participated in a series of dev-focused discussions about Polygon zkEVM, the value of source-available and auditable Zero Knowledge (ZK) proving systems, as well as the different approaches to implementing the cryptographic concepts underlying ZK-powered tooling. Joining Polygon was the team from Scroll, whose ZK Rollup is currently in pre-alpha testnet, as well as members of the Ethereum Foundation.
The accelerated progress of performant ZK proving systems is testament to the collaborative nature of the field. Over the last 18 months, the top-tier cryptographers and research mathematicians building ZK tools have worked together to achieve many successes (and some failures). With Ethereum’s ZK-powered future in sight, Polygon’s Hermez team is making available all they’ve learned launching the Polygon zkEVM.
Circuit Arithmetization for Zero Knowledge Proofs
Participants: Polygon’s Jordi Baylina and Scroll’s Ye Zhang
For a ZK proof to be verified as valid, it must first satisfy a set of polynomial constraints. Those polynomial constraints are partially a result of the circuit arithmetization, which is the method for writing a program inside of an arithmetic circuit. It is one of the first design decisions a dev faces when building a ZK rollup. In this discussion, Baylina presents on PIL + zkEVMs (state machines, zkASM, recursivity, and aggregation) and Zhang on Plonkish + KZG + Halo2.
Participants: Polygon’s Jose Muñoz-Tapia and Scroll co-founder Haichen Shen
Muñoz-Tapia illustrates the design principles for Polygon zkEVM using a simplified example, a Fibonacci circuit in PIL. As a contrast, Shen renders the same circuit in Halo2.
zkEVM Architecture and Workflow
Participants: Polygon’s Jordi Baylina and Carlos Matallana and Scroll co-founder Haichen Shen
This discussion takes a high-level view of system architecture for a ZK prover, the inherent tradeoffs among different approaches, and the optimizations available when connecting the components of a Zero Knowledge proving system. Polygon’s team discusses Ethereum’s MULMOD opcode, and Shen contributes relevant data on Scroll’s ZK Rollup.
Lessons Learned: Polygon zkEVM and Scroll’s ZK Rollup
Participants: Barry Whitehat and Edu, of the Ethereum Foundation; Polygon’s Jordi Baylina, and Aurel, of Scroll
For this last session, members of the Ethereum Foundation lead a discussion about the importance of auditable source-code when building tools for a trustless platform. What benchmarks can we use for evaluating a ZK proving system? Baylina offers the lessons Polygon learned during testnet, including common (and uncommon) bugs, and frameworks for evaluating the soundness and stability of Polygon zkEVM.