Ethereum co-founder Vitalik Buterin recently extolled the virtues of a technology that could help scale Ethereum “by a huge amount.”
What has Ethereum gurus and cryptography wizards buzzing?
It’s called zkSnarks (pronounced zee-kay Snarks), and it’s essentially a technology that can verify a computation without having to execute the computation or knowing what was executed. This might be a bit confusing or even appear mystical, technically-infeasible. For some clarity, here’s a mini-story that illustrates the basic principle of zkSnarks.
Our story begins with a parrot and a viper, who have an affectionate yet mischievous relationship. The two friends are prowling the jungle in search of a tropical treat.
Shortly after setting off, they come upon a tree bearing two mangoes. Upon inspection, the viper remarks excitedly that the mangoes are (miraculously) identical! The parrot disagrees and insists that there is indeed a difference.
There’s good reason for this dispute: while snakes are color-blind, parrots have superb vision. And so, the parrot, unlike the viper, recognizes a subtle difference in color between the two mangoes. The parrot proposes a game to prove she is right but desires to do so without revealing how the two mangoes are different. The viper reluctantly agrees and the game begins.
Each round, the viper hides both mangoes from the parrot and chooses one mango to reveal. The parrot then decides if the revealed mango is the same as in the previous round. After many rounds have passed, the parrot boasts a perfect score; she’s guessed correctly every round.
Illustrations by Lea Filipo.
With each successive round, it becomes increasingly likely that the two fruit are different. How else could the parrot guess correctly every time? Faced with the parrot’s success, the viper has no choice but to concede that the two mangoes are indeed different. You can think of the parrot as the prover and the viper as the verifier.
This — admittedly strange — tale illustrates the ‘zero-knowledge’ or zk property of _zk_Snarks. During the above interaction, the parrot convinces the viper that a certain statement is true (that the two mangoes are different) without revealing why it’s true (because they are different colors). This framing should look familiar to the definition that we laid out at the beginning of the article.
Take the core concept of this story, add a dash of cryptography, toss it in the world of blockchain, and you’ll end up with a rough but palatable approximation of zkSnarks.
Now that we have a sense of how zkSnarks work, let’s have a look at what they can do.
Before we talk about how zkSnarks could help scale Ethereum by a “huge amount,” there’s another use case that’s worth mentioning: privacy. Crypto projects like Zcash use them as a way to maintain a publicly-verified ledger while shielding participant identification and keeping transaction data anonymous.
How does it work? Think back to the parrot’s game. But instead of mischief and mangoes, think in terms of tokens and transfers. Simply put, someone can prove ownership of a token and send it to someone else without revealing the value of the token or the identity of the recipient. Again this framing should look familiar to the definition that we laid out at the beginning of the article.
Privacy is undoubtedly cool. But developers soon realized that zkSnarks could also alleviate Ethereum’s scalability issues. ZkSnarks could be leveraged to generate small and tidy computational proofs — even if the computation in question was executed off-chain, that is, untethered to the Ethereum network.
The process of simply verifying one of these proofs is cheaper and faster than having to execute the computation on the Ethereum network. So, zkSnark proofs can be generated off-chain and then verified on-chain. This process basically offloads the computational heavy lifting to off-chain computational resources and thereby frees up far more limited on-chain resources.
In other words, this process essentially shrinks the amount of on-chain resources needed for each computation. And if each computation consumes fewer resources, the Ethereum network can process more of them. The end result? More scalability.
Crucially, zkSnarks maintains the security guarantees of on-chain computations. That is, you can still prove that you ran your program or executed a certain smart contract in a trustless manner.
Vitalik Buterin preaching the gospel of zkSnarks.
As Buterin mentions in this Tweet, a zkSnark is considered a ‘layer 2’ solution, which means that it could be implemented without altering the blockchain itself. But, unlike other ‘layer 2’ solutions, such as Plasma or Raiden, zkSnarks doesn’t require data to be held off-chain. (For the curious, a ‘layer 1’ solution, like sharding, directly alters the functionality of the base-layer blockchain.)
zkSnarks isn’t a silver bullet. It won’t vanquish Ethereum’s scalability limitations overnight. And it still faces a number of technical hurdles. While clever solutions are already in the works (e.g. this one), the true promise of zkSnarks is patiently awaiting real-world deployment and implementation.
Despite its nascent form, the technology represents a promising route toward a more functional Ethereum network. Vitalik Buterin estimated that zkSnarks could bring the Ethereum network throughput from 15 to 500 transactions per second — an increase of over 30x. While this is surely a tall claim, Buterin isn’t known to be the hyperbolic type. And if he’s right, headlines decrying Ethereum’s inability to process CryptoKitty transactions could be(god-willing) a thing of the past.
Check out what Gnosis developers are doing with zkSnarks.
Here’s a tutorial about deploying zkSnarks from Felix, a developer at Gnosis.
Follow Gnosis on Twitter.
Follow me on Twitter.
Much thanks to Lauren Dunmore, Lea Filipowicz, Nadja Bene_š, and Kei Kreutler._