How can ZKP in the Web3 era move towards the mainstream?

Original Title: “ZKPs in Web3: Now and the Future”

Written by: Mohamed Fouda, Qiao Wang

Compiled by: Frank, Foresight News

Zero-knowledge technology (ZK) is a driving force that will not only change Web3 but also other industries.

As a sufficiently general technology, ZK can have multiple use cases, and we are in the early stages of figuring out all the use cases that this technology can achieve. Some obvious ZK use cases have already found real applications, such as enabling transaction privacy and data compression (i.e., Rollup). However, to achieve mainstream adoption of ZK, further potential use cases and technological advancements still need to be explored.

In this article, we will first review the different applications of ZKP, then discuss what can achieve the next phase of this technology, and some entrepreneurial ideas that can benefit from this technology.

ZKP Application Map

Since its invention, zero-knowledge proofs (ZKP) have established a foothold in the crypto industry.

There is indeed some magic in ZKP that makes this technology very exciting—it allows entities to prove to the rest of the world that they know a piece of information or have correctly completed a task without revealing that information or showing the detailed execution of that task.

The mathematical magic of ZK allows us to trust that the knowledge or task has been executed by checking the generated ZKP. For this reason, the first and most consistent use case of ZKP is privacy-centric cryptographic networks. ZKP is also used to provide validity proofs for L2 transactions on Ethereum L1, introducing the concept of ZK Rollup. Additionally, ZKP is widely applied in various projects for other niche applications.

Privacy-focused Payments and Protocols

ZKP naturally implements privacy features, especially in decentralized networks where there is a lack of centralized authority to act as a source of truth—ZKP allows Web3 users (provers) to prove to network validators that their transactions are valid, i.e., they have sufficient balance to spend, without revealing transaction details such as transaction amount, sender, or receiver address.

ZKP was initially developed to support concealed payments (i.e., private payments) in the Zcash network and has since expanded to other networks, including:

• Privacy-focused L1: Zcash, Horizon, Aleo, and Iron Fish;
• General on-chain privacy smart contracts: Tornado Cash;
• Privacy-focused L2: Aztec;

Verification of ZK Rollups

Another major use case of ZKP is generating Rollup validity proofs on the underlying L1. General Rollups optimize throughput by not utilizing the privacy features of ZKP, i.e., proving more transactions (TX). In this trade-off, ZKP is only used to prove the correctness of L2 transaction execution.

Since some general functions cannot be effectively proven, generating ZKP to prove the correct execution of arbitrary smart contracts is challenging. Solving this problem requires implementing specialized virtual machines (VMs) that can effectively verify using underlying ZK circuits. Due to this complexity, ZK Rollup initially only supported payments or single applications, such as DEXs, where ZKP can be easily generated.

Examples here include zkSync 1.0 and Loopring, after which general zkEVM implementations began to appear in the market, including Starknet, zkSync 2.0, Polygon zkEVM, and Scroll. Currently, all ZK Rollups are on Ethereum, but ZK Rollups can also be implemented on other chains, including Bitcoin.

However, implementing Bitcoin Rollup would require changes to Bitcoin opcodes and a hard fork of the chain, which is generally not welcomed by the Bitcoin community.

Other ZKP Applications

In addition to privacy-focused applications and Rollups, ZKP is also applied more broadly in other blockchain protocols.

Mina

Mina uses ZKP to compress the blockchain state into a very small size (about 22 KB). To achieve this, Mina uses recursive ZKP, which is ZKP of other ZKPs.

When a block is generated in the Mina network, zk-SNARKs are used to generate a proof for that block to ensure its validity; when a new block references previous blocks, the ZKP of the new block verifies all previous blocks while maintaining a constant size.

Filecoin

Filecoin uses ZKP to ensure that storage providers correctly store the data they claim to store, a process known as Proof of Replication (PoRep).

In this process, storage providers generate ZKP to prove that they are storing a unique copy of the data, i.e., a copy not maintained by other storage providers. ZKP provides assurance to Filecoin users who wish to achieve a certain level of redundancy and availability. Additionally, since the proof size is much smaller than the stored data, using ZKP can reduce the bandwidth requirements for storage providers.

Celo Plumo

Celo Plumo uses ZKP to create ultra-lightweight network clients that can be used on mobile phones and other resource-constrained devices. Despite the lightweight nature of the client, it can ensure the correctness of its access state.

Dark Forest

Dark Forest is one of the most popular applications of ZKP in the gaming field. Although the use of ZKP aligns with privacy use cases, Dark Forest uses it to create an application of incomplete information games beyond financial applications in payment networks, making it a unique use case.

The Development Trajectory of ZKP and Its Applications

Before 2016, ZKP was a research topic discussed only in a few academic circles. Everything began to change when the founding team of Zcash created the first variant of ZKP (zk-SNARK) to support shielded/private transactions in the Zcash network.

With real use cases, interest in ZKP grew, leading to better ZKP variants that became the foundation for many projects discussed in the first chapter. However, the technology requires further ZKP development to achieve mainstream adoption.

To understand how to further improve the technology, we can learn from similar technologies like artificial intelligence (AI), as ZKP technology is similar to AI technology in many ways, and it is expected to follow a similar trajectory.

Like ZKP, AI was initially a promising technology that could solve many problems. However, the initial AI algorithms were limited in functionality, and the computational complexity far exceeded the capabilities of available hardware, causing slow and impractical progress in AI applications, which were mainly confined to research laboratories.

Subsequent inventions of new architectures, such as deep neural networks (DNN), and the use of GPUs to increase execution speed led to continuous incremental improvements in AI, ultimately resulting in breakthroughs, such as AlexNet's significant victory in the well-known computer vision competition ImageNet in 2012. AlexNet marked the beginning of the AI era, leading to exciting current AI applications like GPT-3, Dall.E 2, and Stable Diffusion.

Today's state of ZKP is similar to the early state of AI; it is a promising technology that is still actively being developed and has long proof times due to its computationally intensive nature. By learning from the trajectory of AI advancements, we can identify the bottlenecks that need to be addressed for ZKP technology to take off.

1. Algorithm / Circuit Improvements

Just as AI has evolved from LeNet-5 to AlexNet and from Resnet-50 to Transformer, ZKP algorithms will also undergo development phases to significantly improve performance. We have already seen progress in this area; since the introduction of zk-SNARKs in 2011, the industry has developed more advanced algorithms.

For example, the STARK developed by Starkware's founders in 2018 is a ZKP method that does not require a trusted setup and has shorter proof generation times. This technology is the basis for several products under Starkware, including StarkNet.

With the introduction of PLONK in 2019, ZKP continued to make progress—PLONK is a SNARK implementation that allows many applications to use a single trusted setup without needing to repeat the setup. PLONK has stimulated the development of various ZKP implementations and is used by multiple Web3 protocols, such as Aztec, Mina, and Celo.

2. Execution Engine Optimization

A major limitation of ZKP is that computational complexity leads to long proof times. For example, the recently announced Polygon zkEVM requires about 5 minutes to generate a proof for 500,000 Gas computations on a 64-core server.

Shortening ZKP verification times is a key part of bringing ZKP technology into the mainstream. Similar to AI, optimizing software execution engines and using dedicated hardware are both necessary conditions to achieve this goal.

Optimized Software

Many ZKP generation operations are massively parallel, meaning that parallel processing (e.g., GPUs) can accelerate ZKP computations. Dedicated GPU libraries (like CUDA) can be used to speed up ZKP computations on Nvidia GPUs. Since each project uses different ZKP algorithms, several projects are attempting to develop internally.

One notable example is Filecoin's implementation of the Groth16 algorithm, which uses GPUs to accelerate the proof process; another example is Edgeswap, which reduced PLONK's verification time by 75% using GPUs.

Dedicated Hardware

Since the improvements in ZKP verification times with GPUs are often limited, another option is to use dedicated hardware, such as FPGAs or ASICs.

Before the expensive effort of manufacturing dedicated chips (i.e., ASICs), FPGAs are often considered hardware prototyping platforms. FPGAs or hybrid solutions combining GPUs and FPGAs can accelerate ZKP applications in Rollups and privacy-focused networks in the medium to short term.

However, if ZKP technology develops to the level we expect, ASICs will ultimately win this market. Currently, hardware acceleration for ZKP has not been fully addressed, possibly due to the diversity and fragmentation of ZKP algorithms. However, we believe that with the right business model, some startups can focus on developing and monetizing this part of the technology stack.

3. Software Abstraction Layer

To unlock the potential of ZKP, multiple abstraction layers and tools need to be built, which are necessary to simplify the development process of ZKP applications—allowing each group of developers to focus on what they do best, such as application developers not having to worry about the underlying details of ZK circuits and how they work.

Again using AI as an analogy, AI has made significant progress by creating multiple abstraction layers. With these abstractions, AI application developers do not need to worry about NN architectures or hardware resource allocation, as frameworks like TensorFlow and PyTorch abstract away all these underlying details.

The ZK development stack is not yet as mature as the AI stack, but there are still some efforts to build these abstraction layers: at the bottom of the stack are low-level ZKP libraries like PLONK and STARK; above that layer, high-level languages like Noir attempt to abstract the underlying ZK cryptography and help application developers focus on application logic; Circom is another popular ZKP language that sits between these two layers, as it can be used to create complex ZK backends and develop ZKP-based applications.

Another example of ZKP abstraction in Web3 is StarkWare's Cairo language, which allows developers to implement general smart contracts using STARK proofs at the underlying level. To provide further abstraction, Nethermind's Warp tool allows Solidity developers to directly convert their Solidity code into Cairo.

For example, using Warp, the Uniswap V3 code can be translated into Cairo with minimal changes to the original Solidity code.

ZKP Entrepreneurial Opportunities

Based on the discussion of the potential development paths for ZKP, we have identified several entrepreneurial ideas related to ZKP, primarily divided into two categories: tools and applications.

ZKP Tools

1. High-level Development Frameworks

Similar to TensorFlow and PyTorch in AI, high-level ZKP development frameworks are crucial for implementing innovations at the application level. These frameworks need to:

• Abstract the complexity of the underlying ZKP backend;
• Support various ZKP backends and hardware environments, such as CPUs and GPUs;
• Allow efficient debugging and testing;
• Provide a rich development environment with examples and tutorials;

The closest examples in the Ethereum ecosystem are Hardhat and Foundry, but they are unlikely to quickly support zkEVM or ZKP. Instead, existing abstractions like Cairo may eventually evolve to fill this space.

2. ZK Rollup SDK

ZK Rollups are becoming increasingly popular and can enable application-specific L2 for games or high-throughput DeFi protocols. In this case, ZK Rollups are primarily responsible for execution and settlement, while consensus and data availability will be handled by L1.

However, launching application-specific ZK Rollups is still very complex, and we believe that providing a developer-friendly SDK to launch custom ZK Rollups will address a real business need and can become a valuable business by offering development toolkits, developer services, sequencer services, and supporting infrastructure.

3. ZKP Hardware Accelerators

Specialized hardware companies targeting specific use cases and establishing early market leadership can ultimately become highly valuable companies, as seen in artificial intelligence—Nvidia became the most valuable semiconductor company in North America by focusing on AI hardware.

The same applies to Bitcoin mining, where Bitmain, Canaan, and Whatsminer became unicorns by focusing on ASIC miners, and companies designing and manufacturing efficient ZKP hardware accelerators will follow a similar trajectory.

ZKP Web3 Applications

1. ZK Cross-chain Bridges and Interoperability

ZKP can be used to create validity proofs for cross-chain messaging protocols, where cross-chain messages can be quickly verified on the target chain, similar to how ZK Rollups are verified on the underlying L1. However, for cross-chain messaging, the complexity is higher because the signature schemes and cryptographic functions to be verified may differ between the source and target chains.

2. ZK On-chain Game Engines

Dark Forest has proven that ZKP can enable on-chain games with incomplete information, which is crucial for designing more interactive games where players' actions are kept secret until revealed. As on-chain games mature, we expect ZKP to become part of game execution engines, creating significant opportunities for startups that successfully integrate privacy features into high-throughput on-chain game engines.

3. Identity Solutions

ZKP can create new opportunities in the identity space, such as for creating reputation or connecting Web2 and Web3 identities. Currently, our Web2 and Web3 identities are separate, and projects like Clique connect these identities using oracles.

ZKP can further adopt this approach by enabling anonymous links between Web2 and Web3 identities: use cases can be provided for those who can leverage expertise in specific Web2 or Web3 domains, such as anonymous DAO membership; another use case could offer unsecured Web3 loans based on the borrower's Web2 social status (e.g., the number of Twitter followers).

4. Regulatory-compliant ZKP

Web3 enables anonymous online accounts to actively participate in the financial system, which means that Web3 has achieved significant financial freedom and inclusivity. With the increase in Web3 regulations, ZKP can be used to prove compliance without compromising anonymity, such as proving that a user is not a citizen or resident of a sanctioned country, or proving qualified investor status or any other KYC/AML requirements.

5. Native Web3 Private Debt Financing

TradeFi debt financing is often used to support growing startups to accelerate growth or launch new business lines without raising additional venture capital.

The rise of Web3 DAOs and anonymous companies creates opportunities for native Web3 debt financing. For example, using ZKP, a DAO or anonymous company can obtain unsecured loans at competitive rates based on proof of its growth metrics without disclosing borrower information to lenders.

6. Private DeFi

Financial institutions often keep their transaction histories and risk exposures confidential, but due to the ongoing development of blockchain analysis, meeting this requirement becomes challenging when using on-chain products (i.e., DeFi protocols). One possible solution is to develop privacy-centric DeFi products to protect the privacy of protocol participants.

For example, Penumbra's zkSwap, and Aztec's zk.money provide some private DeFi earning opportunities by obfuscating user participation in DeFi protocol operations.

In general, protocols that successfully implement efficient and privacy-focused DeFi products can attract a substantial user base and revenue from institutional participants.

7. ZKP-based Web3 Advertising

Web3 drives users' ownership of their data, such as browsing history, private wallet activities, etc. Web3 can also monetize this data for the benefit of users. Since data monetization may conflict with privacy, ZKP can play a crucial role in controlling which aspects of personal data can be disclosed to advertisers and data aggregators.

8. Sharing and Monetizing Private Data

Most of our private data can have a significant impact if shared with the right entities. For example, personal health data can be crowdsourced to help researchers develop new drugs; private financial records can be shared with regulators and oversight bodies to identify and punish corruption, etc.; ZKP can enable the private sharing and monetization of such data.

9. Decentralized Intelligence Organizations

ZKP can give rise to decentralized intelligence organizations. In these systems, intelligence agents, data detectives, and spies can become part of the network without interacting or knowing each other. Participants can use ZKP to prove their knowledge of certain intelligence data before receiving private payments in exchange for that data. Such systems can also facilitate collaborative and composable ways to enrich or interpret collected data while maintaining participant privacy.

10. Private Governance

With the surge of DAOs and on-chain governance, Web3 is moving towards direct participatory democracy. A major flaw in the current governance model is the lack of privacy in participation. ZKP could be the foundation for addressing this issue, allowing governance participants to vote without revealing how they voted. Additionally, ZKP can restrict the visibility of governance proposals to DAO members, enabling DAOs to establish a competitive advantage.

Conclusion

ZKP technology is one of the most innovative technologies in the Web3 space, providing numerous opportunities for groundbreaking protocols and companies.