Why are we unswervingly optimistic about ZK technology?

Research on zero-knowledge proofs was first proposed by MIT professors Shafi Goldwasser, Silvio Micali and cryptography master Charles Rackoff in an academic paper in the 1980s - "The Knowledge Complexity of Interactive Proof Systems". With zero-knowledge proofs, the prover can prove the authenticity of the information to the verifier without revealing the information itself. Twenty or thirty years ago, the brain hole of this computer theorist was considered "unreliable" by the outside world. In the past ten years, ZK technology has developed rapidly, and the vision in the original paper is becoming a reality.

From a technical point of view, ZK is an agreement between the prover and the verifier. The prover can let the verifier confirm that a certain proof is valid without revealing any information other than the proof itself. This is the "zero-knowledge" part of the proof - there is no knowledge or information to support this proof, other than the proof itself. That's what makes the technology even more important.

From an application point of view, ZK has two very important directions:

Privacy - ZK achieves the privacy of information. In a transaction, if you need to prove that you own an unspent asset, but you don’t want to reveal the entire source of the asset, ZK can solve the information leakage caused by transaction transparency in blockchain platforms such as Bitcoin, such as transfer addresses and amount;
Scalability - If a block takes a long time to directly verify, one person can verify and generate a proof instead, and others in the network quickly verify the proof, instead of requiring everyone to spend a long time direct verification;
There are two main types of ZKs: zkSNARKs (Succinct Non-Interactive Zero-Knowledge Proofs) and zkSTARKs (Succinct Fully Transparent Zero-Knowledge Proofs). The concept of zkSNARK was first proposed by scholars in 2013, and it is relatively mature now. Zcash is the first blockchain project to apply zkSANRK technology.

ZK technology has been used in major Rollup solutions to solve the scalability and high transaction fees of Ethereum. StarkWare, zkSync (from Matters Lab), Aztec, Loopring are currently the main players in the zk-rollup space.

How to better understand the significance of this cryptographic technique? We need to start with consensus. The economics behind the high transaction costs on Ethereum is consensus: consensus must be expensive, because inexpensive consensus cannot be trusted.

Suppose there are 10,000 nodes, and each node does the same calculation, so the result is very reliable, and the consensus result will not be affected by the dishonesty of a small number of nodes. This is also why blockchains can be decentralised - building trust through algorithmic means.

However, the cost of consensus lies in the repeated computation of 10,000 computers, which is 10,000 times more expensive than on 1 computer. This is the biggest problem with all consensus protocols, whether PoW or PoS.

And ZK is a way to essentially reduce costs - we can run calculations on one computer, and other computers use cryptographic methods to verify the reliability of the calculation, and there is no need to repeat the calculation. On more expensive chains like Ethereum, verifying the correctness of a computation is cheaper and less gas-efficient than recomputing.

This is why everyone is optimistic about zk-Rollup. zk-Rollup is built on the L1 main chain. It packs multiple transactions into one and submits it to the Ethereum main chain, and is quickly verified by the main chain through zero-knowledge proofs (SNARK or STARK), instead of letting the main chain process each transaction separately. In this way, the size of each transaction will be compressed, and the cost of zero-knowledge proof verification will be allocated to each transaction, thus saving Gas fees and increasing TPS.

Privacy is another important application area of ZK. From the perspective of information theory, privacy is a problem of information leakage. To ensure privacy on the chain, it is necessary to encrypt the data on the chain through a cryptographic solution, so that there is no correlation between each transaction record on the chain. Through ZK, the calculation can be verified without revealing any information about the input and the calculation itself, which is currently the only tool that guarantees on-chain privacy from cryptographic means.

A very important point in the concept of Web 3.0 is that users truly control their own identity and data ownership. At present, all the information on the blockchain (addresses, transfer records, etc.) is public, and it is very easy to obtain user information through machine learning and big data mining. Compared with the Web2.0 era, the privacy issue is greater And no less. Although there is currently no broad and strong sense of privacy among blockchain users, if the vision of Web 3.0 is to be realized, people must have the power to have their own on-chain privacy. It may not be required, but it must be optional.

In order to improve the privacy leakage problem in the blockchain network, in 2014, several cryptography experts used zkSNARK to create the first blockchain project Zcash that can achieve complete anonymity based on the code of Bitcoin. zkSNARK can verify the legitimacy of transactions without revealing any sensitive data (amount, address, etc.), providing users with a higher level of privacy when transacting with encrypted assets.