Image Source: Przemysław Thomann
Ethereum 2.0 will trigger a seismic shift in the crypto space. Some of the changes that this upgrade is going to trigger are:
Raiden and Plasma are layer-2 protocols that allow Ethereum to conduct thousands of transactions off-chain in the form of state channels and side chains. Plasma, in particular, can theoretically allow a side chain to process thousands of transactions and commit just one single hash to the main Ethereum blockchain. While this sounds pretty amazing on paper, there is a significant problem here. If there is some dispute in one of these side plasma chains, there isn’t a proper mechanism that the users can use to exit the protocol efficiently.
This is where a technique called “ZK-Rollups” comes in. With the smart integration of zk-SNARKS, a privacy protocol, it will be possible for ETH 2.0 to create an immensely scalable layer-2, which still has the security and data availability that’s expected of Ethereum.
However, before we get into that, let’s first understand what is zk-SNARKS and zero-knowledge proofs..
NOTE: We highly recommend that you read our article on Raiden and Plasma before continuing on here.
zk-SNARKS is the privacy cryptography protocol made famous by Zcash - a privacy coin. At its core lies the concept of zero-knowledge proofs or ZKPs. To understand how it works, let’s at the two parties involved in a proof – Prover and Verifier.
The core idea behind ZKP is this - Prove that you own a specific piece of knowledge without actually revealing what it is. Eg. Proving that you are above a certain age limit by just showing the last two digits of your birth year. In its essence, the ZKP asks the two following questions:
A ZKP has the following properties:
Let’s look at some examples.
Look at the following diagram to understand how normal vision works and how color blind vision.
In our hypothetical scenario, the prover has normal vision and the verifier has color blindness. The former has two apples - red and green. The verifier thinks that both the apples are of the same color and the prover wants to disprove this without explicitly telling them what the colors are.
This is how it works:
The verifier can repeat the test multiple times to make sure that the result wasn’t a fluke. Let’s look at how this verifies the ZKP properties.
Up next, we have one of the most famous ZKP examples in theoretical cryptography.
In this case, we have a prover (P), a verifier (V), and a cave with a magical door at the back. P says that he knows the secret password that opens up this magical door. So, how does P prove to V that they know the password without disclosing what it is?
How are the three properties of zero-knowledge satisfied?
One of the main problems with the traditional ZKP is that it's a highly interactive system. In both the examples that we have shown you above (Alibaba’s Cave and Apples), you require both the prover and verifier to be present simultaneously. As you can imagine, this isn’t a scalable technique. In 1986, the Fiat-Shamir heuristic showed how this could work with discrete logarithms. We will see both the interactive and the non-interactive version.
The above exchange satisfies the ZKP properties, but it still requires both Alice and Bob to be present simultaneously.
So, how do we make ZKPs non-interactive? With cryptographic hash functions!
This interaction is also completely zero-knowledge, but it didn’t require both the Prover and the Verifier to be present at the same time. This innovation was fundamental in the creation of zk-SNARKS.
Speaking of which….
Zk-SNARKS stands for “Zero-Knowledge Succinct Non-Interactive Argument of Knowledge.” Now that we know how the theory works with ZKPs let’s get it all into an algorithmic formation.
In our typical zk-SNARK, we have three unique algorithms:
The program C takes in the prover’s secret statement “w” and the value x and does the following function:
So, let’s see how we can bring in all this together along with the algorithms and values we have declared in the section above.
Alright, so now with zk-SNARKS explained, let’s get started with zk-Rollups.
Before we proceed, let’s understand what a rollup actually means. Quite similar to Plasma, a Rollup is a layer-2 scaling solution where every single contract holds a succinct cryptographic commitment of a larger sidechain state. Users maintain these states without putting additional stress to the layer-1, aka, the base blockchain layer. Ethereum co-founder believes that rollups will be the best way to bring in layer-2 functionality to Ethereum 2.0 since it mitigates Plasma’s most significant problem - data availability.
To give you a brief overview, plasma restructures the Ethereum blockchain like this:
The idea is to use Ethereum as the primary root chain, while several plasma chains are sprouting out of it. The root chain remains devoid of activity, while it delegates complex calculations and functions to these plasma chains.
While it's a good idea on paper, it has one huge flaw – data availability.
Imagine this situation.
Alice has 1 ETH in Plasma block 3, but she doesn’t see it anymore in block 4. This obviously means that plasma block 4’s validator is working maliciously. She immediately raises a dispute and sends a fraud-proof to the root chain, which checks if there is any validity to her claim or not. If yes, it rolls back the data in plasma block 4 and makes it invalid.
Do you see the problem here?
There is a considerable availability problem here. The system is held hostage for a brief period by the malicious owner of plasma block 4. In a zk-Rollup system, the plasma block will only contain the ZK proofs of the data and not the actual data itself.
Apart from this, zk-Rollups increases scalability by bundling hundreds of transfers into one single transaction. Its smart contract can disintegrate these transfers and verify all of them in one transaction.
A zk-Rollup scheme has two users - Transactors and Relayers.
They create and broadcast transfers to the whole network. This transferred data includes – an indexed “to” and “from” address, a transaction value, the network fees, and nonce.
While the transactors are in charge of transacting and broadcasting, the relayers have two major roles:
Anyone can become a relayer as long as they have a stake locked up in the Rollup contract. This makes sure that they have enough incentive to work in the interest of the network.
Matter Labs have been working on and documenting various zk-Rollups implementations. As per their tests, this is what they discovered.
NOTE: Matter Labs noted that the resources required to build smart contracts on ZKPs had reduced considerably. Rollups contracts follow the same principles and models as EVM (Ethereum Virtual Machine).
Optimistic Rollup (OR) is an alternative to the standard ZK-Rollup that removes the need for zero-knowledge proofs altogether. Instead of verifying and checking each transaction, the network assumes that they are all correct and allows user-intervention only if someone reports an incorrect transaction by submitting a fraud-proof. While the initial overhead for OR maybe lesser than zk-Rollups, it requires the users to publish the complete transaction input set every single time. On the other hand, zk-Rollups is a lot more flexible.
Ethereum co-founder, Vitalik Buterin, is extremely intrigued with both of the solutions, calling them “amazing.” He noted that both the Rollups could allow Ethereum 2.0 to scale up payments while providing the security and availability that’s expected of Ethereum.
The best thing about zk-Rollups is that it's not just a theoretical concept. Loopring recently launched a zk-Rollup exchange has already managed to do 2,500 transactions per second. The Ethereum developers are pretty confident that they can reach a throughput of up to 2,500-10,000 if they combine rollups with sharding.
However, this still requires a lot of work before complete implementation. As of now, the team is making steady progress.
We hope that you now have a better idea of what is zk-SNARKS and zk-Rollups. Do you want to know more about Ethereum and smart contract coding? Want to prepare yourself before Ethereum 2.0 launches? Check out our blockchain courses to find a repository of highly valuable educational blockchain material that will give you a significant edge in the job market.
Get to work in a fast growing industry. Start learning blockchain together with our 20,000+ students today.