Polygon Presents: Lessons Learned in Zero Knowledge

Earlier this month, Polygon participated in a series of dev-focused discussions about Polygon zkEVM, the value of source-available and auditable Zero Knowledge (ZK) proving systems, as well as the different approaches to implementing the cryptographic concepts underlying ZK-powered tooling. Joining Polygon was the team from Scroll, whose ZK Rollup is currently in pre-alpha testnet, as well as members of the Ethereum Foundation.

The accelerated progress of performant ZK proving systems is testament to the collaborative nature of the field. Over the last 18 months, the top-tier cryptographers and research mathematicians building ZK tools have worked together to achieve many successes (and some failures). With Ethereum’s ZK-powered future in sight, Polygon’s Hermez team is making available all they’ve learned launching the Polygon zkEVM.

The entire series is being recorded, and so stay tuned to the Polygon Blog for the highlights (and lowlights) of building the zkEVM. 

Circuit Arithmetization for Zero Knowledge Proofs

https://www.youtube.com/watch?v=ofDcWqZAGK4

Participants: Polygon’s Jordi Baylina and Scroll’s Ye Zhang 

For a ZK proof to be verified as valid, it must first satisfy a set of polynomial constraints. Those polynomial constraints are partially a result of the circuit arithmetization, which is the method for writing a program inside of an arithmetic circuit. It is one of the first design decisions a dev faces when building a ZK rollup. In this discussion, Baylina presents on PIL + zkEVMs (state machines, zkASM, recursivity, and aggregation) and Zhang on Plonkish + KZG + Halo2.  

Fibonacci Example

https://www.youtube.com/watch?v=luMnF1fHeIk

Participants: Polygon’s Jose Muñoz-Tapia and Scroll co-founder Haichen Shen

Muñoz-Tapia illustrates the design principles for Polygon zkEVM using a simplified example, a Fibonacci circuit in PIL. As a contrast, Shen renders the same circuit in Halo2. 

zkEVM Architecture and Workflow

https://www.youtube.com/watch?v=qbR5pwmRxKY

Participants: Polygon’s Jordi Baylina and Carlos Matallana and Scroll co-founder Haichen Shen

This discussion takes a high-level view of system architecture for a ZK prover, the inherent tradeoffs among different approaches, and the optimizations available when connecting the components of a Zero Knowledge proving system. Polygon’s team discusses Ethereum’s MULMOD opcode, and Shen contributes relevant data on Scroll’s ZK Rollup. 

Lessons Learned: Polygon zkEVM and Scroll’s ZK Rollup

https://www.youtube.com/watch?v=gCKh6ySXYTU

Participants: Barry Whitehat and Edu, of the Ethereum Foundation; Polygon’s Jordi Baylina, and Aurel, of Scroll 

For this last session, members of the Ethereum Foundation lead a discussion about the importance of auditable source-code when building tools for a trustless platform. What benchmarks can we use for evaluating a ZK proving system? Baylina offers the lessons Polygon learned during testnet, including common (and uncommon) bugs, and frameworks for evaluating the soundness and stability of Polygon zkEVM.

Website | Twitter | Developer Twitter | Studios Twitter | Telegram | Reddit | Discord | Instagram | Facebook | LinkedIn