“Rollups” are the core layer 2 protocol technology for Ethereum. Many rollup solutions use a zero disclosure proof of concept method. Such technologies are combined into a group called ZK rollups.
The use of rollups allows for high transaction privacy and scaling of the Ethereum core network: multiple transactions are combined into a single packet that is validated in the first-level blockchain.
There are several popular layer 2 protocols in the Ethereum ecosystem based on ZK: StarkNet, zkSync, Loopring, Polygon Miden and others. There is also a separate technology called Optimistic Rollups, which is used in the L2 platforms Arbitrum One and Optimism.
How does zero-knowledge proof works?
The Zero-Knowledge Proof (ZKP) method was formulated by scientists Shafi Goldwasser and Silvio Micali in their 1985 article “The Complexity of Knowledge of Interactive Proof Systems“. They proposed a way to prove the validity of a message without revealing its details.
This involves generating a special “proof” that allows the verifier to verify that the source data is correct. The sender must perform a series of calculations that will be correct if he has the necessary knowledge. The verifier knows the value of the correct answer, which allows him to confirm the validity of his ownership of the information. Thus, both parties have limited information about the content of the message.
To illustrate the method, consider a situation in which a color-blind person is shown two balls. One is red and the other is green, but the person can’t tell the difference.
You need to prove the opposite without naming the colors of the balls. To do this, you give the objects to your partner, who hides them behind his/her back. Then he/she takes out one ball and shows it to you. Then they hide it and repeat the process. You have to answer the question whether he/she changed the ball behind his/her back. Since you know the correct answer, you’ll prove yourself right after a series of experiments. However, you do not have to reveal any additional information.
How is zero-knowledge proof used in ZK rollups?
The ZKP (zero-knowledge proof ) method created a group of technologies collectively called ZK rollups, which are the basis of many key layer 2 protocols in the Ethereum ecosystem today. Vitalik Buterin called ZKP the most important technology for scaling the main blockchain platform.
Rollups are packets of multiple transactions, with the data from each transfer compressed. Such “rollups” provide proof to the underlying first-level network (in this case, Ethereum), allowing it to validate all the transactions in the packet without having to verify each one. After verification, the packet is included in one of the blocks. A single rollup packet can contain thousands of transactions, but a minimum amount of data is placed in the layer 1 blockchain.
Three elements make ZK rollups work:
- An L2 protocol virtual machine that groups transactions;
- A verifier smart contract that verifies packets;
a module that sends packets to the first-level blockchain and updates the state. - The layer 2 network node performs basic verification of incoming transactions. After receiving a certain number of transfers, it combines them into a packet and generates a ZK proof-of-concept.
The packet verifies the smart contract deployed in the first layer network. It also provides input and output to the L2 blockchain.
“Rollups” also include user balances in the L2 network, represented as a Merkle tree. Its root is stored in the contract, allowing you to track changes in the state of the network. The values that confirm each transaction are also passed to the first-level blockchain. The data includes the Merkle root, which is computed in several steps. Intermediate values are written to the blockchain confirming each transfer in the batch.
What are the benefits of ZK Rollups technology?
Initially used in anonymous cryptocurrency projects, ZKP has found wide application as an Ethereum scaling solution in recent years.
ZK rollups allow users’ data to be processed without revealing private information about them. In particular, the algorithm can check the availability of funds without showing the user’s balance. These features are important for companies that need to protect their customers’ personal information.
In addition, using solutions based on ZK-Rollups significantly reduces transaction fees. Multiple transfers are bundled into one package, with all data compressed – for example, using an index instead of an address. This allows less information to be stored in the first-level blockchain. Costs are shared among all senders, so each user pays less.
What types of ZK rollups are available?
There are many implementations of ZK rollups, the most popular being ZK-SNARKs (and its variant Plonky2), ZK-STARKs, zkSync, and others. Each of these technologies differs in the size of the “proof” and the computational effort required to verify it.
- ZK-SNARK produces a proof that is small in size and easy to verify. To create a proof using elliptic curves. Computing their values is less expensive than hashing, so the algorithm is less expensive. The method requires that the proof be destroyed immediately after it is sent. For the algorithm to work, the node generates a public and a private key, and then destroys the private key. The public key is used to generate another pair of keys. The private key is then used to generate the confirmation and the public key is used to verify it.
- ZK-STARKs generate a proof that does not require any interaction between the verifier and the verifiable. Data validation takes less time, making the technology more scalable. The algorithm uses hashing, making it resistant to a quantum computer attack.
- zkSync is an L2 protocol based on the rollup algorithm of the same name. The platform allows the transfer of assets and supports smart contracts. The algorithm has a low gas limit per transaction, not exceeding 500 Gwei. The main advantage of zkSync 2.0 is its compatibility with the Ethereum Virtual Machine.
What projects use ZKP rollups and optimistic rollups?
There are several popular solutions in the Ethereum ecosystem today that use ZKP:
- The StarkNet platform. Based on its private version called StarkEx, the main DeFi protocols are Rhino, Immutable X, dYdX and Sorare.
- Mina protocol is a lightweight blockchain that uses ZK-SNARK technology to create blocks of 22 Kb in size. The platform allows to execute smart contracts and run decentralized applications.
- LoopRing – a decentralized trading protocol using an order book. Implemented on the Ethereum network, it uses ZK proofs to work.
- Polygon Miden – a rollup based on zk-STARKs that works with a special Miden VM.
In addition to ZKP-based rollups, there is also a group of solutions called Optimistic Rollups. The difference between them lies in the way transactions are validated: in Optimistic, transaction packages are considered valid, while transactions are only validated if someone has challenged them.
ZKP retain data in the underlying network after each transfer is validated. This ensures that the technology maintains the current state of the network. At the same time, unlike ZK rollups, Optimistic Rollups-based protocol withdrawals require a fraud check that can take up to two weeks. The specified timeframe determines the timing of the withdrawal to the first-level blockchain. However, the need for data validation in ZK rollups increases resource consumption and financial costs.
Optimistic rollups are based on two popular L2 Ethereum protocols – Arbitrum and Optimism.
What is a Validium?
There are complex solutions – validiums. It is a compromise technology that combines proofs stored at different levels. The proofs are sent to the underlying blockchain and the data is stored outside of it. The solution reduces fees, but it requires external storage. If the latter fails, users will not lose money, but they will not be able to complete transactions.
