Polygon Presents: Lessons Learned in Zero Knowledge

Polygon Labs
November 29, 2022
Polygon Solutions
Image source: Dribbble

Earlier this month, Polygon participated in a series of dev-focused discussions about Polygon zkEVM, the value of source-available and auditable Zero Knowledge (ZK) proving systems, as well as the different approaches to implementing the cryptographic concepts underlying ZK-powered tooling. Joining Polygon was the team from Scroll, whose ZK Rollup is currently in pre-alpha testnet, as well as members of the Ethereum Foundation.

The accelerated progress of performant ZK proving systems is testament to the collaborative nature of the field. Over the last 18 months, the top-tier cryptographers and research mathematicians building ZK tools have worked together to achieve many successes (and some failures). With Ethereum’s ZK-powered future in sight, Polygon’s Hermez team is making available all they’ve learned launching the Polygon zkEVM.

The entire series is being recorded, and so stay tuned to the Polygon Blog for the highlights (and lowlights) of building the zkEVM

Circuit Arithmetization for Zero Knowledge Proofs


Participants: Polygon’s Jordi Baylina and Scroll’s Ye Zhang 

For a ZK proof to be verified as valid, it must first satisfy a set of polynomial constraints. Those polynomial constraints are partially a result of the circuit arithmetization, which is the method for writing a program inside of an arithmetic circuit. It is one of the first design decisions a dev faces when building a ZK rollup. In this discussion, Baylina presents on PIL + zkEVMs (state machines, zkASM, recursivity, and aggregation) and Zhang on Plonkish + KZG + Halo2.  

Fibonacci Example


Participants: Polygon’s Jose Muñoz-Tapia and Scroll co-founder Haichen Shen

Muñoz-Tapia illustrates the design principles for Polygon zkEVM using a simplified example, a Fibonacci circuit in PIL. As a contrast, Shen renders the same circuit in Halo2. 

zkEVM Architecture and Workflow


Participants: Polygon’s Jordi Baylina and Carlos Matallana and Scroll co-founder Haichen Shen

This discussion takes a high-level view of system architecture for a ZK prover, the inherent tradeoffs among different approaches, and the optimizations available when connecting the components of a Zero Knowledge proving system. Polygon’s team discusses Ethereum’s MULMOD opcode, and Shen contributes relevant data on Scroll’s ZK Rollup. 

Lessons Learned: Polygon zkEVM and Scroll’s ZK Rollup


Participants: Barry Whitehat and Edu, of the Ethereum Foundation; Polygon’s Jordi Baylina, and Aurel, of Scroll 

For this last session, members of the Ethereum Foundation lead a discussion about the importance of auditable source-code when building tools for a trustless platform. What benchmarks can we use for evaluating a ZK proving system? Baylina offers the lessons Polygon learned during testnet, including common (and uncommon) bugs, and frameworks for evaluating the soundness and stability of Polygon zkEVM.

Website | Twitter | Developer Twitter | Studios Twitter | Telegram | Reddit | Discord | Instagram | Facebook | LinkedIn