The 5th Cryptoecon Meetup has finished, and it’s time to make a short summary of everything that was discussed there. So far, it was the most interesting meetup among all that we have conducted. Zk-cryptography was discussed and it featured three guests, each of them with his own topic of progressing complexity. We wish to thank RAHIB and CryptoAcademy for the aid in organization!
Here you can watch the Meetup by yourself, but if you can’t, don’t worry, we have the most of it covered in this article.
The first guest was Sergei Prilutsky, who introduced the basics of Zero-Knowledge to the audience. First of all, he said that the last year brought a lot of positive changes to cryptography. That’s very important for the blockchain technology as it now allows to develop things once considered impossible. One of these things is the development of usable Zero-Knowledge proofs.
All cryptography can be divided into three methods:
Public and governmental services are sending our personal data between their computers every time in their operations. The use of Zero-Knowledge proofs is an appropriate method to handle this data. Zero-Knowledge isn’t only about anonymous cryptocurrencies, such as Monero, Zcash or DASH, it’s also a way to solve the crisis of personal data and make GDPR-compliant public services.
How does it work? Zero-Knowledge system doesn’t transmit data between two parties. The proof is like an electronic signature. The data is held by one party, a prover, and when he wants to claim that it has this data, it must demonstrate the proof to another party, a verifier. The data gets translated into an arithmetic equation, it’s called "arithmetization", and the proof is created in the process. The verifier can’t read the encrypted information, for him it’s no different from a sequence of random bytes.
The features of Zero-Knowledge protocols:
Sergey also explained the difference between:
Interactive proofs, which require a three-step interaction between the prover and the verifier. When the prover sends a request to the verifier, he receives a random number in response and generates "a challenge"; a string based on this random number and the transmitted information.
Non-interactive proofs, where the second step can be skipped and the prover generates a random number by himself, hashing the parameters into the challenge string, without exchanging any information with the verifier. The non-interactive proofs are the best way to verify information on the blockchain.
The two biggest problems blockchains face are scalability and convincing large companies to use blockchains in a way that their records can be transparent. Companies want to be able to convince everyone they’re doing the right thing and, obviously, the information needs to be private in parts because no-one wants to divulge the details of their contracts (or even the fact that B2B contracts even exist in the first place).
Zero-Knowledge Proofs are likely the most effective way of scaling a blockchain, storing data on a public ledger without compromising its confidentiality, dealing with front-running on decentralized exchanges, and creating fully anonymous transactions in a new generation of mixers (thus greatly helping with privacy).
The second presentation was made by Petr Korolev. He told the audience about zk-snarks. Zk-snarks (and starks, a new tech already used by JP Morgan Chase’s blockchain payment system), is the next step in the evolution of blockchain
symmetric ==> asymmetric ==> 0-knowledge proofs
According to Petr, scalability and privacy are the two most fundamental problems in the blockchain industry right now. It's important to solve them first because in 5-10 years we might find ourselves in a world where all assets are tokenized and our tech must be ready for that.
What solutions can improve scalability?
Layer 2 solutions are cheaper, layer 1 solutions are more secure. It's very hard to build a fast and cheap Layer 1 blockchain, that's why all scaling solutions are built on Layer 2. Currently, there are five variants of Plasma in development, and almost all of them are using snarks.
How can we verify transactions and make sure they are valid? Use a centralized watchtower, as Lightning Network does, or use snarks. Zero-Knowledge proofs allow us to store any data publicly, but nobody would be able to read that data. Being able to check the integrity of the data without seeing it means huge improvements in terms of:
Also, Petr explained the difference between snarks and starks. For snarks, a procedure of trusted setup must be performed. Starks doesn’t require a trusted setup and it’s quantum-proof. The algorithm of snarks has proved itself, nobody has been able to break it since 1970. Starks is fairly new. Anyway, both are very fast in calculations and the transactions are pretty lightweight: snarks transaction weights 200 bytes, starks 45 kilobytes. Currently, there's a new concept of recursive snarks that is even lighter, with which it would be possible to update snarks transactions instead of generating a new one for every instance.
Being able to provide proof of integrity will change the face of the financial arena today. You’ll be able to trust everyone. And this technology makes it very fast. For example, 10,000 transactions with 10,000 signatures can be replaced with one single proof.
Alexander Vlasov had a futuristic presentation. He started by defining what is snarks. Snarks is what any compact, non-interactive proof can be called. It's supposed that the size of snarks is constant and the time for its verification doesn't change. This advantage has its tradeoffs - the requirement of a trusted setup which needs coordination between many nodes.
Luckily, in January 2019, a new proof system was released that allows us to make a universal continuous trusted setup; a trusted setup that can be made once and be used for any number of applications. This proof system is called SONIC. It also has a feature of updatable trusted setup: any node can join an already existing setup and update its state, instead of making a new one. SONIC can allow us to introduce a third person who could verify hundreds of proofs at once without any access to the actual information. Thus, it can be used to share personal data privately via public channels.
Alexander mentioned that some of the most prominent blockchains are using z-snarks as Roll-up, who unifies transactions into one. Lightning Network is one example, with its watchtowers on Bitcoin. Another is the near-instant, low-fee, and scalable payments system of Raiden Network on the Ethereum blockchain that is attempting to solve the scalability problems with off-chain calculations. More than 5 types of Plasma who are intently looking at snarks. All these examples can be a sign of a breakthrough coming from this direction.
In terms of the most notable blockchains today, Bitcoin and Ethereum are quite slow, completely transparent, and hard to scale. While there are blockchains like Polkadot, constructors that allow you to use your own rules and scale better, or the ones like Zcash that have a lot more privacy but have a hard time scaling, there is also Franklin, a protocol that has a lot of privacy and scales very well. For most blockchain protocols today, Zero-Knowledge Proofs would be a beautiful solution if we’re talking about off-chain scalability.
After that Alexander mentioned transparent proof systems, starks and Aurora Light. You already know what is starks. Aurora Light has a universal trusted setup, it's faster than SONIC, but it doesn't have a constant size of proofs or a constant time of proof verification. But it allows having a third-party verifier that can aggregate proofs and verify them.
You can learn more about universal trusted setups and compact Stark and not Stark-based advanced transparent proof systems like Aurora Light, projects like Ignis (Plasma + zk-Snarks), Sonic (maybe the most cost-effective Snark around with a universal and continually updateable structured reference string that scales linearly in size), and others that aim at small proof size and fast check time here.
Also in the future, as Alexander said, it's possible that some blockchains will be using hybrid proof systems, that have features of both starks and snarks. Currently, smart contract blockchains, for example, Ethereum, integrate snarks algorithm, and we'll be seeing more and more examples of zero proof applications over time.
We hope you've enjoyed this article and it helped you to understand the concepts of zero proof, snarks, and starks. You can find the whole presentation here and if you’d like to support our initiative you can check our sponsors in the list below:
We would like to take this opportunity to thank all of you for encouragement and support. See you next time!