Trade it Like it is HOT: A Review of Popular ZK Projects and the Zero-Knowledge Proof Technology

has always been regarded as one of the most valuable features in the cryptocurrency community as most crypto-asset holders do not want their assets and transaction records to be fully disclosed. Privacy Among various encryption technologies that provide privacy, the Zero-Knowledge Proof is one of the most important technologies. Rather than talking about professional knowledge of cryptography, we will explain the theory of the Zero-Knowledge Proof, which can help readers roughly review the Zero-Knowledge Proof system and its current development status. 1 Development of the Zero-Knowledge Proof Technology 1.1 Concept of the Zero-Knowledge Proof Zero-Knowledge Proof (ZKP) is an important part of modern cryptography. It refers to the ability of the prover to convince the verifier that an assumption is correct without providing any useful information to the latter. The Zero-Knowledge Proof is essentially a protocol involving two or more parties, which is a series of steps that two or more parties need to take to complete a task. The prover proves to the verifier and makes the verifier believe that he/she knows or owns a certain message, but any information about the proved message cannot be revealed to the verifier in the proof process. In layman’s terms, he not only proves what he wants to prove but also discloses “zero” information to the verifier at the same time. The Zero-Knowledge Proof itself involves a relatively complex cryptographic algorithm. Therefore, to make the Zero-Knowledge Proof theory clear and friendly to everyone, we cite an example of [Finding Pandas]: A group of people is looking for the panda in this picture, and Person A is the first to discover where the panda is, but the answer cannot be available to the public immediately because this will bring bad game experiences to others. Is there any way to prove that A knows where the panda is without letting anyone else know the answer? Then, A finds a large piece of white paper and randomly puts the paper on the panda picture. Then, A cuts a small hole in the white paper to expose the panda only. In this way, the panda’s location is protected as key information, but A can still prove that he has found the panda without letting others know the key information. This is the Zero-Knowledge Proof. The verification method of the Zero-Knowledge Proof emphasizes completeness and reliability. The completeness principle means that the prover can persuade the prover to accept a correct statement; the reliability principle means that the prover cannot persuade the verifier to accept a wrong statement. But in fact, the reliability is still probabilistic. We can just say that the probability of the prover going to cheat is extremely low. Because the credibility of the Zero-Knowledge Proof depends on two factors: one is the proof difficulty, and the other is interaction degree. The proof difficulty is to make the proof more difficult mathematically directly; the interaction degree means that the verifier needs to constantly ask the prover questions, and then the prover proves that it is more difficult for the prover to deceive the verifier as the number of their interactions increase because the probability of the prover providing the correct proof without knowing the correct information decreases statistically. 1.2 Evolution of the Zero-Knowledge Proof Theory The concept of the Zero-Knowledge Proof was originally proposed by S. Goldwasser, S. Micali, and C. Rackoff in 1985. He introduced “interaction” and “randomness” in his paper and thus constructed an early interactive proof system. The interactive proof requires the verifier to continuously ask a series of questions about the “knowledge” he/she owns. By answering a series of questions, the prover convinces the verifier that he/she does know the “knowledge”. The more questions are created, the more interactions there are. However, such a method cannot convince people that both the prover and the verifier are sincere because the two can collide in advance so that the prover can still be verified without knowing the answer. In the following ten years, many legendary cryptographers have made important contributions to the development of the Zero-Knowledge Proof systems. For example, M. Blum, P. Feldman, and S. Micali have pointed out that “interaction” and “hidden randomness” are not necessary, and then they proposed a [Non-Interactive Zero-Knowledge Proof System] based on common reference CRS (Common Reference String) model. Non-interactive proof means that the prover does not need to interact with the verifier, a set of common references needs to be set in advance in the system, and the transaction is constructed and verified with the common references of the Zero-Knowledge Proof. This is to say the prover can generate the proof independently, avoiding the possibility of collusion between the prover and the verifier. In 2010, Jens Groth proposed the Knowledge of Exponent Assumption, which was controversial at that time. It has shortened the proof length to a constant level by hiding some secret random values in CRS. This process can be understood as it has created a secret that only the system “Know”, and anyone who knows how to generate this common reference can forge the proof. This process is [Initialize Trusted Settings]. This solution, while drastically reducing the proof length, also introduces some security risks since anyone who knows how to generate this common reference can forge the proof. However, this solution has established the most important branch of the Zero-Knowledge Proof technology in the next decade. With the continuous development of the Zero-Knowledge Proof theory, cryptographers have begun to conduct in-depth research in the engineering direction. In 2013, Rosario Gennaro, Craig Gentry, and others made a more optimized improvement solution based on the work of Jens Groth in 2010, which has greatly shortened the proof time and reduced the proof length to a smaller constant. Subsequently, Parno and others have implemented a verifiable computing protocol called Pinocchio on this basis and continued to optimize and improve it. In 2014, the crypto privacy coin ZeroCash came out. Eli Ben-Sasson, Alessandro Chiesa, and others have improved the Pinocchio protocol slightly, which was the first successful implementation of the Zero-Knowledge Proof technology in the blockchain field. ZeroCash is the predecessor of Zcash, and the Zcash team has also made great contributions to the Zero-Knowledge Proof engineering. 1.3 Development Status of the Zero-Knowledge Proof The combination of the Zero-Knowledge Proof technology and Zcash has drawn attention to its important role in the blockchain field, and it is also an important practice for the Zero-Knowledge Proof technology to step from theory to application. At present, there are mainly the following solutions for Zero-Knowledge Proof. Each solution represents different Zero-Knowledge Proof practices, which will also produce different effects, mainly in terms of security, proof size, computing speed, and verification speed. The horizontal axis is proof size, while the vertical is security assumptions. Among them, which does not rely on mathematical difficulties assumptions and has a postquantum character. the most secure one is the STARK algorithm, **The smallest proof size is the Groth16 algorithm in the SNARK solution. PLONK, also one of the SNARK solutions, has moderate security and proof size. Nowadays, zk-STARK and zk-SNARK are the most widely used. 1.3.1 zk-SNARK SNARK is short for Succinct Non-Interactive Argument of Knowledge. **The features of this solution are simple. That is, the verification process does not involve a large amount of data transmission and the verification algorithm is simple, which means that the verification time does not increase exponentially with the operation throughput. Secondly, non-interactive knowledge demonstration is a piece of single linear information from the prover to the verifier, which makes the whole verification process more efficient. **Currently, Groth16 is the zk-SNARK with the fastest verification speed and smallest data size, and Zcash is its first widely spread implementation. Groth16 is a further refinement of the Pinocchio protocol, compressing the proof size by nearly half with slightly stronger security assumptions. However, one of the most controversial aspects of the Groth16 solution is the [Initialize Trusted Settings], because the hidden random values in CRS are usually determined by a small group, so there can be trust issues. Moreover, theoretically, if the prover has enough computing capability, it can submit false proofs, thus affecting the security of the whole system. That is why quantum computers are considered a threat to such algorithms. Therefore, [Initialize Trusted Settings] is also the very core problem that other Zero-Knowledge Proof technologies try to overcome. PLONK algorithm is as well a refinement targeting a trusted setting, and we will discuss the difference between Groth16 and PLONK in more detail later. To solve this problem, Stanford cryptographers Benedikt Bünz and others proposed Bulletproof technology. Compared with prior zk-SNARK, there is no need to initialize trusted settings for Bulletproof, but it takes longer to compute and verify than STARK with a much smaller proof size. Once proposed, this solution was adopted by the Monero Project. 1.3.2 zk-STARK STARK is short for Scalable Transparent Argument of Knowledge. It was established as a substitute version of SNARK. Differing from SNARK’s “Succinct”, STARK’s is “Scalable” here, mainly suggesting that the Proof generation time complexity of STARK is close to computing complexity, while Verify Proof time complexity is much smaller than that. That is, with the enhancement of STARK scalability, the Proof complexity of STARK maintains. More important is because it relies on more streamlined symmetric encryption via Hash Function collisions, which can be regarded as the [Transparent] part of STARK. STARK does not need to initialize trusted settings The third refinement of STARK compared to SANRK is postquantum computing, meaning it cannot be cracked by quantum computing. Of course, refinements always come with sacrifices. STARK is more complex than SNARK, increasing the proof size from 288 bytes to several hundred KB, and consuming higher verification fees on the Ethereum. 1.3.3 Zero-Knowledge Proof Solution of Trusted Setting Although the Zero-Knowledge Proof system based on trusted settings needs to generate common references, it has proved its advantages in computing cost and proof size, which can explain it is still the first option for many privacy-oriented blockchain applications. The security of a trusted setting Zero-Knowledge Proof system can be largely attributed to the security of common references generation. It is possible to realize centralization generation in a trusted manner while incompatible with the goal of decentralization. By far, the priority used in trusted settings is secure Multi-Party Computing (MPC). The MPC solution attempts to ensure that no party could generate or acquire knowledge of the underlying mathematical structure of these parameters. It realizes this by requiring that the generation process be shared among as many independent participants as possible, with only a few (or even one) required to act honestly to ensure the setting is secure. . When using MPC, the more participants, the more secure Zk-SNARK is a Zero-Knowledge Proof solution for trusted settings, but different algorithms have evolved in it. Groth16 and PLONK are the most widely used trusted settings Zero-Knowledge Proof solutions. The difference between them lies in: , but because Groth16’s secret computations are associated with specific issues, it is necessary to reset the MPC trusted settings according to a different problem each time. Groth16 is with the fastest verification speed and smallest data size Computing protocols requiring multiple-party participants are often cumbersome, which can affect Groth16’s performance. “Updatable” here means that the trusted settings can be updated at any time as long as a secret is suspected of having been compromised. PLONK is a refined version of Sonic with five times faster proof time. Sonic is an updatable global CRS solution. And “Global” here means that the computing process is no longer bound with CRS, and an application only needs to complete the trusted pre-setting to realize different Zero-Knowledge Proof circuit computing. That is, the trusted setting only needs to be set once, instead of having to hold a new MPC each time for different issues, except for updates. Below is a comparison of Groth16 and PLONK’s performance: PLONK algorithm is a collaboration between Gabizon, a researcher from Protocol Labs, and two researchers from Aztec Protocol, a private transaction Protocol for Ethereum. Proposed later than Groth16, PLONK falls behind in proof size and verification speed. However, the PLONK algorithm occupies a place in the field of Zero-Knowledge Proof based on the feature of an updatable trusted setting. 2 Zero-Knowledge Proof Technology Application Two important features of Zero-Knowledge Proof technology are the main factors for its application in the blockchain field: Zero-Knowledge Proof can protect the privacy of data and prove it without leaking data information. Zero-Knowledge Proof can prove a large amount of data only by generating a small amount of proof, which can play a great role in compressing data amount and improving performance. Therefore, the two directions of the Zero-Knowledge Proof are: 2.1 Privacy Protection Privacy protection has always been an extremely important concept in blockchain, representing the ability to protect transactions and participants in a distributed network. Although blockchain has always advocated anonymity, participants do not need to use their real names in most transactions, while they can still repeatedly use public key hash values as transaction identifiers to identify the traders. Therefore, such transactions only have pseudonyms instead of realizing true anonymity. By default, every transaction of a user is public, and once a user’s address is locked, it can be used to examine the source of the fund, compute the holding positions, and even analyze the on-chain activities of the user. The Zero-Knowledge Proof technology can confirm the validity of the transaction by submitting the proof without disclosing any information and realizing full anonymity of the transaction information. During the development period emphasizing privacy issues encryption, many developers devoted themselves to the exploration of privacy public chain. The privacy protection and data compression capability of the Zero-Knowledge Proof are the main reasons for becoming a public chain component technology. During this time, projects such as Zcash and Monero yielded unusually brilliant results. Taking Zcash as an example, Zcash first adopted the Pinocchio protocol and switched to the Groth16 proof system in 2019. Zcash wallet address is divided into hidden address and transparent address. Transactions between transparent addresses are no different from Bitcoin (BTC) transactions: the sender, receiver, and transaction amount are publicly visible; Transactions between hidden addresses will also appear on the public blockchain, but the address, amount of funds, and remark fields of the transaction are encrypted, and zk-SNARK will prove the effectiveness of the transaction under the network consensus rules; In addition, transactions can also be conducted between hidden addresses and transparent addresses. Zcash is friendly to audit and supervision while protecting transaction privacy. The sender and receiver of hidden address transactions can disclose transaction details to third parties to meet witnesses, compliance, or audit needs. 2.2 Scalability “Impossible Triangle” is an eternal problem faced by L1 blockchains such as the Ethereum. Different chains always find a balance between decentralization, security, and scalability. Ethereum focuses more on decentralization and security, so it has to face the limitation of scalability. The high gas fees and long transaction confirmation time on Ethereum have greatly affected users’ experience. Therefore, its core development team and community have been exploring various scalability solutions. There are two ways to scale blockchain: To scale the L1 blockchain itself, the methods include increasing the block size or sharding. That is, the nodes in the blockchain network are divided into several relatively independent shards. The processing scale of a single shard is small, and even only part of the network state is stored. But, in theory, the throughput of the whole network will be improved under the condition of multiple shards processing transactions in parallel. However, such an approach will lead to the sacrifice of decentralization; Transfer the transactions on the L1 network to the L2, which collects the transactions and then sends them to the L1 network for settlement. In this way, each batch of transactions pays a gas fee instead of paying a gas fee for each transaction. Therefore, all transactions share the gas fee costs equally, effectively reducing the cost of each transaction. In this way, L1 becomes the settlement layer for all executed transactions on L2. The L2 scaling solution can solve the scalability problem of L1 without sacrificing decentralization and security. Of course, the L2 scaling solution has also experienced the evolution from state channel to Plasma and then to Rollup. At present, **Rollup is the most mainstream and potential L2. Rollup refers to performing complex off-chain computing and state maintenance first, then conducting on-chain saving for the data related to a state change in the way of calling it through contract by using the cheaper CALLDATA, by which summarizing and packaging a large number of transactions into one transaction, and finally improving TPS on the premise of ensuring [data availability]. The common point of Rollup solutions is to emphasize the data availability on the chain. That is, anyone can restore the global state according to the data saved on the chain, so as to eliminate the security risk caused by the problem of data availability. Besides compressing the amount of computing on the chain, one of the aspects that Zero-Knowledge Proof plays a role lies in ensuring the correctness of the data. ZK Rollup solution originated in the second half of 2018. The key to this solution is ZK. The Zero-Knowledge Proof needs to be provided and verified by the contract on the main chain for every state change of ZK Rollup solution. Only after passing the verification can the state be changed. That is, the state change of ZK Rollup depends strictly on the cryptographic proof. (Note: For a detailed explanation of ZK Rollup principle, refer to by Li Hua) A Clear View on Layer and Cross-chain Methods Of course, there are other Rollup solutions, such as Optimistic Rollup, which was formed in the second half of 2019. It does not need strict verification for each state change. It first assumes optimistically that every time of change is correct, and then challenges a change within a certain time limit. If the change is challenged successfully, it will be proved that there is a problem with the previous submission, and the submitter is going to be punished and the state is going to be rolled back. That is, the state change of the Optimistic Rollup depends on economic incentives and games. The prominent problem of ZK Rollup is that it is difficult to realize programmability, but the virtual machine of ZkSync and its related design can make programmability implemented; the most concerning problem of Optimistic Rollup seems to be that when the funds return from Layer 2, the delay caused by the challenge period, but intermediaries are available to provide advance payment services. Therefore, the implementation of the Optimistic Rollup solution is faster. The performance comparison between the two is shown in the following figure: Compared with Optimistic Rollup, the ZK Rollup solution features very high technical complexity and requires a lot of computing. Besides, its transaction delay will become longer and the computing cost will be higher. However, the cost of each transaction is lower, and the verification cost is much lower than the computing cost. Such simplicity provides conditions for scaling. According to the latest data from I2beat.com, the asset scale locked by the Layer 2 solution is about US$6.7 billion. Among them, the Layer 2 scaling solution of Optimistic Rollup was proposed by Arbitrum and Optimism and was first introduced to the market. At present, it accounts for half of the Layer 2 solution. The asset scale locked by the Zero-Knowledge Proof solution is only about US$1.7 billion because it features higher difficulty in technical implementation and the construction of ecological applications of it has not been implemented. 3 Star Projects of Zero-Knowledge Proof solution In the early Zero-Knowledge Proof projects, although Zcash and Monero did a good job in privacy protection, they can only be used as a means of value storage and are difficult to cooperate with other applications. With the efforts of many developers, they are trying to combine Zero-Knowledge Proof with smart contracts to explore the greater potential of Zero-Knowledge Proof technology. Current applications can be roughly divided into the following three categories. In this section, we will introduce some very promising Zero-Knowledge Proof projects, most of which have not yet issued tokens. 3.1 Mina Once with a name called Coda Protocol, the Mina was founded in 2017. Its development team is O (1) Labs, which is composed of world-class cryptographers, engineers, PhDs, and entrepreneurs now. Mina focuses on building a lightweight blockchain. Compared with Ethereum and Bitcoin (BTC), which often contain hundreds of GB of block space, Mina’s block size will be maintained at 22 KB, which can enable most people to participate and can be available for itself to become nodes. Low threshold node deployment makes it easier to reach all kinds of users. Users are easy to reach nodes and deployment nodes, which will also make the network more distributed and improve the security accordingly. The core of Mina’s capability to achieve constant block size is the use of [Recursive Zero-Knowledge Proof], that is, in each block generation, the block is compressed into a single proof by using zk-SNARK technology, and each new SNARK proof contains the past SNARK proof. The node only needs to verify the proof, so it does not need to detect the whole transaction history. But this is only the first step. A feature of blockchain is that each block needs to refer to the previous block because if only a SNARK proof is generated for each block, its overall capacity will increase linearly. Therefore, Mina will create SNARK (i.e., recursion) for SNARK, and then iterate and nest them continuously. These SNARK proofs are linked together in a recursive structure to maintain a constant size of about 22 KB. In addition, Mina has set up an ecosystem to protect data privacy based on Zero-Knowledge Proof. Its ecological application Snapps (renamed zkApps at present), can implement specific business logic for some scenarios. It can also cooperate with other public chains through a transfer bridge, enhancing the interoperability and making the entire blockchain ecosystem mutually beneficial and win-win. As well, it is featured lightweight nodes, which are only developed in this field by Mina currently. Financing Background: In March 2022, Mina announced that they had completed a US$92 million strategic financing round led by FTX Venture (LD Venture Capital) and Three Arrows Capital. The capital will be used to accelerate Mina application as the leading Zero-Knowledge Proof platform within Web3 by attracting world-class developers. Previously, Mina had conducted financing for four rounds, with an amount of approximately US$48.15 million, and in these financings, the investors included top institutions such as Coinbase Ventures, Polychain Capital, Three Arrows Capital, Paradigm, and Multicoin. First-class investment institutions concern more about the long-term value, and most of them possess their users and fans, that is, their IP traffic, which is very beneficial to Mina’s active extension of the future market. 3.2 ZkSync The project zkSync, established by the Matter Labs team founded in December 2019, aims to scale Ethereum. zkSync 1.0 is a ZK Rollup (Zero-Knowledge Proof) L2 scaling solution on Ethereum, mainly focusing on payments, and launched on the Ethereum main net in June 2020. The SNARK algorithm used by zkSync at the beginning is Groth 16, with which, not only a trusted setting is required (such as at the beginning of zkSync’s creation), but every new application upgrade on zkSync requires a trusted setting. This also creates obstacles for zkSync 1.0 to create an EVM-compatible environment, so zkSync 1.0 is limited to specific applications, such as payment applications. zkSync 2.0 is an EVM-compatible L2 solution established on the Ethereum, also known as zkEVM. It recompiles the EVM code and uses the Zero-Knowledge Proof to verify Rollup transactions, allowing the developers to establish and deploy decentralized applications in the L2 environment with low gas and high scalability. In May 2021, zkSync released the Alpha version of zkEVM, expecting the main net launch can be completed in August 2021. However, the launch was delayed due to technical difficulties. In February 2022, the zkSync 2.0 public test net was launched. zkEVM, the first EVM-compatible ZK Rollup on the Ethereum test net, has been released. Financing Background: In March 2021, Matter Labs completed a US$6 million A round financing led by Union Square Ventures, with other well-known participation from Placeholder and Dragonfly. What is even more remarkable about this round of financing is the introduction of a large number of ecological partners, including some of the most well-known companies and founders in the cryptocurrency field. In November 2021, Matter Labs completed another US$50 million B round of financing led by A16Z, with other strategic participation from many centralized exchanges (Blockchain.com, Crypto.com, ByBit, and OKEx). Shortly after the financing announcement, these exchanges announced their cooperation with zkSync, supporting the deposit/withdrawal between each exchange and L2. 3.3 StarkWare The StarkWare team was founded in May 2018, of which members are world-class cryptographers and scientists. The core team member is the former chief scientist of Zcash, who has pioneered and innovated in the Zero-Knowledge field over the years. It is this team that has presented the zk-STARK technology in an academic paper in 2018. And then, the author of the paper created StarkWare. There is a problem that the technology of STARK is not as mature as that of SNARK, and if it is completed Turing, it will be difficult to be compatible with EVM. StarkWare, like zkSync, has also used the Zero-Knowledge Proof scaling solution, while StarkWare is STARK-based. StarkWare has created a specific programming language, Cairo, to run autonomous programs supported by STARK, and the StarkWare team is creating a transcoder Warp now, together with the Nethermind team, which will seamlessly convert Solidity smart contracts to Cairo to make it compatible with EVM. Three main applications dydx, Immutable, and, Deversifi, are supported by StarkEx. Until now, through these applications, StarkEx has processed over 5 million transactions, with the worth over US$250 billion. StarkWare has launched StarEx, allowing the creation of application-specific ZK Rollups supported by Cairo and STARK. On November 29, 2021, they released the Alpha version of StarkNet main net. StarkNet is a ZK Rollup L2 application network that is developing its ecosystem. Financing Background: StarkWare has conducted four rounds of financing in total, and the amount is more than US$160 million, with participation from many top institutions, such as Paradigm, Polychain, Sequoia Capital, IOSG, etc. One of the angel participants is the Ethereum founder Vitalik Buterin, being favored by the cryptocurrency field. 3.4 Aztec The Aztec team was established in 2018, of which members are PhDs from world-class universities, and some are former Zcash researchers with strong technical capacity. The self-developed PLONK algorithm has been adopted by many projects in the field. About the Ethereum scalability issue, Aztec has also used ZK Rollup technology. From the establishment of the project to the launch of Aztec 2.0, the team has been conducting in-depth research on the PLONK algorithm. During the research period, they have released Zero-Knowledge Proof algorithms such as PLONKUP. Vitalik Buterin praises highly to their excellent research and development capabilities. There are two main functions of the Aztec network. One is to protect the interacting privacy of users, and the other is that users can establish total private applications with the programmable privacy contracts provided by Aztec. Aztec 2.0 has been launched, followed by the zk.money private transfer application is also launched, with which sending and receiving tokens are anonymous and encrypted transactions are encrypted through recursive Zero-Knowledge Proof. And therefore, no transaction data will be publicly released to protect users’ privacy. However, currently, it can only be used for users to deposit and transfer. Aztec Connect, as the first private cross-chain bridge, is also launched on the test net currently. The Aztec project has been developed in three stages so far: The first stage is Aztec 1.0, a private transaction tool on the Ethereum; The second stage is Aztec 2.0, becoming the private L2 on the Ethereum through zk-Rollup, bringing scalable privacy to the Ethereum; Based on the current disclosure, the approaching third stage will be Aztec 3.0, to realize the private smart contract of L2 on the Ethereum through the Noir privacy programming language. However, the challenge faced by most zk-Rollup L2 projects is EVM compatibility issues. Aztec network is still not compatible with EVM now, which will increase the difficulty and cost of constructing private smart contracts for many projects. The project party has also disclosed that the problem will be improved through technical research. Financing Background: In November 2018, Aztec conducted a US$2.1 million seed round financing, led by ConsenSys Labs. In December 2021, Aztec completed a US$17 million A round financing, led by Paradigm, with participation from IOSG and others, including angel investor Stani KulecFhov, who is the founder of Aave, a leading lending project. This round of financing will be used to continue the ZK system development and the improvement of Aztec Connect. According to Aztec Connect, the bridge can save up to 100 times in gas fees when conducting private transactions. 3.5 Aleo The Aleo project was officially established in 2019, and its members are world-class cryptographers, engineers, designers, and operators from companies such as Google, Amazon, and Facebook, as well as research universities such as UC Berkeley, Johns Hopkins, NYU, and Cornell. Aleo has constructed zkCloud system to shield identities and transactions, and the shielded identities can interact with each other directly (such as the asset transfer) or programmatically (through smart contracts). In typical public blockchains, the program is executed on-chain in a global “virtual machine” (VM) run by each network node. Therefore, every node on the network must recompute (and collectively approve) each step of the given program, which is inefficient, reduces speed, and increases costs for the users. zkCloud has solved these limitations by decoupling the application running from the state maintenance of the blockchain (on-chain + off-chain), combined with the recursive Zero-Knowledge Proof, enabling Aleo to implement complete programmability and privacy, as well as higher transactions throughput. Aleo has built a programming language Leo, which is more friendly to Zero-Knowledge Proof application developers, giving them a better environment. Leo is a statically typed programming language inspired by Rust, specially built for writing private applications. In addition to a developer-friendly environment, Aleo has also launched a developer incentive plan and test net incentive measured to help Aleo’s initial ecosystem. Financing Background: In April 2021, Aleo completed a US$28 million A round financing led by a16z, with participation from Placeholder, Galaxy Digital, Variant Capital, and Coinbase Ventures. In February 2022, Aleo announced that they completed a US$200 million B round financing, the largest single financing amount in the current Zero-Knowledge Proof track, led by Kora Management LP and SoftBank Vision Fund 2, with participation from Tiger Global and Sea Capital. Summary Zero-Knowledge Proof technology is now at the forefront in the blockchain field, but it has not developed into a fully mature state up to now. Each solution has some shortcomings in terms of PostQuantum computing and performance optimization. As well, the compatibility with EVM is also a great challenge now. However, the current Zero-Knowledge Proof solution is experiencing its rapid-developing period, and projects like zkSync and Starknet also bring more possibilities to blockchain development. References “Development Report on Zero-Knowledge Proof Technology,” Gyro Research Institute, Ambi Lab “What is Zero-Knowledge Proof? ｜ZK Popularization Science Series I”, ZK enthusiast “[Public Due Diligence] In-depth Report: Mina,” First-class warehouse “The Development of Layer2 and the Rise of zk-Rollup | ZK Popularization Science Series II”, ZK enthusiast “A Clear View on Layer and Cross-chain Methods, “Li Hua “[Password Column] Super Advanced: PLONK VS Groth16 (Volume One)”, HYPERCHAIN Technology Note: Written by LD Research, this article was translated and co-published by Sin7Y Labs.