High-Level Concept
A ZK-rollup (ZK stands for zero-knowledge) is a layer 2 scaling solution for blockchain networks. This type of rollup enables the bundling of multiple transactions into one and confirm that all of them are valid, without revealing any of the details about those transactions. In other words, it’s a way to demonstrate that you know a secret without showing it. All computations are performed offchain and only a hash of the results of that computation is stored onchain and can be verified by anyone.
While that’s the TL;DR, below we’ll provide an overview of rollups, discuss the pros and cons of ZK-rollups, explore the history of zero-knowledge proofs, highlight a few projects utilizing ZK-rollup technology, and conclude by outlining potential use cases.
Rollups Introduction
There are two types of rollups with different security models: Optimistic and Zero-knowledge.
Optimistic rollups assume transactions are valid by default and only run computation via a fraud-proof. Fraud proofs are a type of proof submitted by a verifier that challenges a transaction state.
Zero-knowledge rollups run computation offchain and submit a validity proof to the chain. Validity proofs are ways to scale Ethereum using cryptography.
The infographic below tabulates the difference between the two.
Benefits of ZK-rollups
Increased privacy: They enhance privacy and security because not all information needs to be stored onchain, only a hash. Therefore, sensitive information remains confidential and information can still be validated and verified. This is only possible because of ZKPs (zero-knowledge proofs), cryptography, and the math behind it. You no longer need to trust intermediaries or any particular person or entity. You just need to trust the math and that is cryptographic truth.
Faster Settlement: Once the proof is submitted and verified, the funds and transactions are instantly confirmed, allowing for quicker withdrawal or access to your assets.
Security: ZK-rollups are considered more secure than other layer 2 solutions because they use zero-knowledge proofs to ensure that transactions are valid and that states onchain and offchain are consistent.
Disadvantages of ZK-rollups
With regards to proof generation, they are computationally and memory intensive.
Some implementations of zero knowledge such as trusted setup are prone to misuse if the prover and verifier act dishonestly.
Zero-knowledge proofs use the statement (called a ‘witness’) as input to generate a succinct proof of its validity. This witness is the secret information shared between the prover and verifier and used to generate the proof. If the witness were to be leaked or compromised, any malicious actor could potentially use it to generate fake proofs.
Now that you know what ZK-rollups are and their potential benefits, let us take a look at some of the projects doing exciting things with them. But first some background.
Background
ZKPs were first introduced in the 1980s by three MIT researchers, Shafi Goldwasser, Silvio Micali, and Charles Rackoff, in their paper, The Knowledge Complexity of Interactive Proof-Systems.
In recent years, the concept of zero-knowledge proof has gained popularity with the rise of blockchain technology, particularly in the context of privacy-enhancing technologies like Tornado Cash and Zcash, and more recently in scaling solutions like zkSync 2.0.
Below is a non-exhaustive list of some of the major projects working with ZK-rollups.
Projects
zkSync is a trustless protocol for scalable low-cost payments on Ethereum, powered by ZK-rollup technology. It was made by Matter Labs, an engineering team scaling Ethereum with zero-knowledge proofs. They did a full alpha launch of zkSync Era on Mainnet in March 2023. Currently, according to L2 Beat, they have a TVL (Total Value Locked) of $392M.
Polygon Hermez is the team at Polygon behind zkEVM, an open-source ZK-rollup optimized for secure, low-cost, and usable token transfers that use Ethereum for security. They launched zkEVM in March 2023.
Loopring is an exchange and payment protocol on Ethereum. They use ZK-SNARKs. Despite their production use, ZK-SNARKs are still new and experimental cryptography. ZK-SNARKs require a trusted setup ceremony to operate. A trusted setup ceremony is a procedure that is done once to generate a piece of data that must then be used every time some cryptographic protocol is run. To learn more, L2beats has a good write-up.
ImmutableX has migrated to Polygon and is now known as Immutable zkEVM. It is a solution for games that offer EVM compatibility, low cost, massive scale, and Ethereum security. You can join the Immutable Community here.
StarkNet was the first L2 network over Ethereum to use ZK-rollups. They are a permissionless, decentralized ZK-rollup that launched in September 2022. They use the STARK cryptographic proof system. In a nutshell, STARKs do not rely on a trusted setup and have simpler cryptographic assumptions and thus are more secure even against quantum computers, according to Vitalik. How STARKs differs from SNARKs is beyond the depth of this article, but if you would like to know more, check out this post from Consensys that delves into the core differences between these two different zero-knowledge technologies, both from a cultural and technical perspective.
Aztec Network is an open-source layer 2 network that aims to bring scalability and privacy to Ethereum. They launched in March 2021. Noir, a domain-specific language for SNARK knowledge-proof systems was created by the same team as Aztec. This article doesn’t discuss the zero-knowledge programming languages available, but you can check out this article for further info on that. Also, note that Aztec shut down its payments product earlier this year.
Aleo is a layer 1 blockchain that’s zero-knowledge by design. In other words, it is private by default. They are in their third wave of testing with testnet3.
Use Cases
Anonymous Payments: Transactions on the blockchain are transparent by default. Zero-knowledge technology is used to conceal transaction specifics, such as sensitive account and balance information thereby enhancing user anonymity and transaction privacy.
Decentralized Identity: Identity systems today require personal data to be revealed and for good reason. Zero-knowledge proofs offer a secure way to allow parties to verify they are who they say they are without having to reveal sensitive information. With current DID projects like Gitcoin Passport, individuals decide what information they want to share and with whom.
Compliance: Privacy Pools protocol, as mentioned in this Elsevier paper. The proposal discusses proving regulatory compliance without having to reveal their entire transaction history.
Fighting Disinformation: eg. image provenance as described in this article by Dan Boneh and Trisha Datta, Stanford University Applied Cryptography Group.
Authenticity: On a related note to the fourth use case, C2PA (Coalition for Content Provenance and Authenticity) proposed a standard that relies on digital signatures to verify image provenance, using ZK proofs to fight disinformation.
There is a wealth of resources available online that provide more information about ZK-rollups. Here are a few notable sources that you can refer to for more information, just to name a few:
Incomplete Guide to Rollups: Vitalik Buterin shares his reasons why ZK-rollups are expected to be a cornerstone of Ethereum scaling in the short, medium, and long term. He discusses the different kinds of scaling technologies, the math behind them, the current challenges of rollups, and the numbers behind them. Here’s a video version of the guide.
Ethresear.ch: forum where civilized discussions are held between Ethereum researchers and developers to discuss various topics to further Ethereum research.
Different groups such as the Developer Guild and Writers Guild in the BanklessDAO Discord discuss topics around zero knowledge and ZK-rollups. We’re always looking for people to join the conversation, learn, and contribute.
5 Levels of Zero Knowledge Proofs from Wired.
From Zero to More Knowledge
At a high level, ZK-rollups rely on mathematics and cryptography (zero-knowledge proofs) which is a way for one party to prove that a statement is true to another party without revealing any information that the other party didn’t already know. To gain more knowledge about ZK-rollups, be sure to check out the additional resources for readers to dive deeper into this technology, and stay tuned for future content diving and dissecting this fascinating technology.
Author Bio
sianjon is a Product @pqcee_com building @web3_quantum | Contributor @BanklessDAO | Founder @brokenbrainsco
Editor Bios
Hiro Kennelly is a writer, editor, and coordinator at BanklessDAO, an Associate at Bankless Consulting, and is now and forever a DAOpunk.
Kornekt is a writer, staff editor, and content manager at Bankless Publishing. Deeply fascinated about crypto, web3, and blockchain technology.
Designer Bio
Tonytad is a graphic designer who has worked locally and internationally with organisations and firms on over 200 projects, which includes branding, logos, flyers, cards, and covers.
BanklessDAO is an education and media engine dedicated to helping individuals achieve financial independence.
This post does not contain financial advice, only educational information. By reading this article, you agree and affirm the above, as well as that you are not being solicited to make a financial decision, and that you in no way are receiving any fiduciary projection, promise, or tacit inference of your ability to achieve financial gains.
Bankless Publishing is always accepting submissions for publication. We’d love to read your work, so please submit your article here!
