Zero-Knowledge Proofs Explained

With several ZK-based projects announcing their milestones, it looks like we may finally be on the verge of a real blockchain revolution.

It’s common knowledge that blockchains don’t scale. As much as we’d love to see them used massively, it’s impossible for now due to their technical limitations.

We first saw it in 2007 when Bitcoin’s popularity skyrocketed, and its congestion reached a previously unseen level. Now, the same is happening on Ethereum where gas price has increased 30–50 times compared
to the “boring times”.

To solve the problem, countless companies have been working on scalability solutions, but for a long time, this sphere hasn’t seen any promising projects close to market launch. However, it looks that finally, a real revolution might be just around the corner, with the game-changer being the zero-knowledge cryptography

Zero-Knowledge Proofs Explained

Zero-knowledge cryptography has been an object of great interest in the blockchain community for several years now. ZK proofs are used to prove to one party (the verifier) that another party (the prover) possesses some knowledge but without revealing the knowledge itself. The only information conveyed and proven to the verifier is that the prover does possess this knowledge.

Imagine Victor and Peggy that went to the park to juggle balls. Victor is color-blind, so he doesn’t distinguish red and green colors. Peggy, on the other hand, sees the difference between them.

Source: Zero-Knowledge Blockchain Scaling, Ethworks
Source: Zero-Knowledge Blockchain Scaling, Ethworks

If they decided to take two balls⁠, green and red, Victor wouldn’t see any difference between them. If Peggy wanted to prove to him that she does see the difference, she’d ask him to grab one ball in each hand and put them behind his back. Then, he’d repeatedly switch them in his hands and display one to Peggy, asking if it’s different from the previous one.

Peggy would always be able to tell if the one he’s displaying is different because she distinguishes red and green colours. Thus, Victor can be pretty sure that Peggy knows the difference between the balls although, for him, they’re identical. The color of each ball is never revealed to him, which forms a zero-knowledge proof.

Scaling Blockchain with Zero-Knowledge Proofs

Zero-knowledge proofs can be used to generate cryptographic proofs that some computation has been performed outside of a blockchain in accordance with predefined rules. As they’re significantly smaller than the data they represent, verifying them is much cheaper than verifying the transaction data itself. 

Scalability solutions based on zero-knowledge proofs leverage two types of computer programs: the prover and the verifier. While the first one is responsible for generating them, the second one — no surprise here — handles the verification. 

As zero-knowledge proofs don’t reveal anything about the transactions they represent, the verifier doesn’t learn anything about users’ transfers. It’s responsible merely for checking whether the proof has been generated according to the rules. Due to that, even if the prover turns malicious and creates a fake proof, this proof will never get verified positively. 

Thanks to the distinct roles of the prover and the verifier, ZK-based scalability solutions’ third-party servers don’t need to be trusted. Verifiers accept only valid proofs, which eliminates the possibility of a collusion. 

Different Approaches to Zero-Knowledge Scaling

The ongoing ZK-based projects approach the scalability issue from various sides. Although there are not many of them (yet), we can already distinguish three distinct types of architectures: zkRollup, validium, and volition

What they differ in is mainly the data availability issue. Transaction data and information about users’ balances may be held on the blockchain or outside of it, which results in the fundamental trade-off between scalability and security.

Source: Zero-Knowledge Blockchain Scaling, Ethworks
Source: Zero-Knowledge Blockchain Scaling, Ethworks

Storing data on-chain is as secure as having assets directly on Ethereum. It makes the data available any time, so when a scalability solution provider’s server ceases to exist or turns malicious, users may construct a proof that they hold a certain amount of tokens and withdraw them directly from the smart contract. ZK-based solutions keeping data on-chain are referred to as zkRollups.

The solutions storing data off-chain weaken Ethereum’s security guarantees by introducing the data availability problem. When a scalability solution provider stops collaborating, users cannot withdraw their funds unless they have other access to the data representing their balances. The solutions storing data outside the main chain are called validiums

Validiums offer lower security, but also provide higher scalability. Such solutions aren’t subject to their blockchain’s limitation, which allows for higher transaction throughput than in the case of on-chain storage.

Recently, another hybrid solution has been proposed. It would allow users to pick whether the data will be stored on-chain or off-chain for every single transaction. Such scalability solutions are referred to as volitions.

There’s Much More Than That

If you’d like to learn more about how the above solutions work or what scalability products have already been launched to the market, download Ethworks’ report on zero-knowledge scaling. It explains the mechanisms behind zkRollups, validiums and volitions with an overview of the most interesting ZK-based projects. And all that in plain English!

Newsletter

Get Best Crypto Deals

Leave a Reply