Technical analysis｜A review of zero-knowledge proof research

Disclaimer: This article only shares personal opinions and does not constitute investment advice.

This article is reprinted from the public account [GenesiSee], original publication time: January 18, 2023

Original link: ZK｜A review of zero-knowledge proof research

In the past 10 years, blockchain technology has developed rapidly, and privacy and expansion have become two directions of great concern in the blockchain field. Zero-knowledge proof technology has gradually entered the public eye due to its advantages in privacy protection and scalability in the blockchain field. Zero-knowledge technology allows developers to take advantage of the security of underlying blockchains such as Ethereum and improve dApp transaction throughput and speed while protecting user privacy. This article will start from the aspects of basic concepts, theoretical development, mainstream algorithms, open source libraries, typical applications, etc., and conduct a related review of zero-knowledge proof technology.

01｜Basic concepts

Zero-Knowledge Proof is essentially an agreement involving two or more parties, that is, a series of steps that two or more parties need to take to complete a task. Zero-knowledge proofs allow one party (the prover) to prove to another party (the verifier) that a statement is true without revealing any information beyond the validity of the statement itself. For example, given a hash of a random number, the prover can convince the verifier that a number with that hash actually exists without revealing what it is.

02｜Theoretical development

The modern zero-knowledge proof system first originated from the paper "The Knowledge Complexity of Interactive Proof Systems" (GMR85) jointly proposed and published by Goldwasser, Micali and Rackoff in 1985. This paper explained that in an interactive system, after K rounds Interaction, how much knowledge needs to be exchanged to prove that a testimony is correct, if the knowledge that needs to be exchanged is zero, it is called a zero-knowledge proof.

However, the early zero-knowledge proof systems were lacking in efficiency and usability, so they have always remained at the theoretical level. It was not until the last 10 years that they began to develop rapidly. An important breakthrough is that Groth proposed the key theory of current zero-knowledge proof in his 2010 paper "Short Pairing-based Non-interactive Zero-Knowledge Arguments" and implemented an O(1) constant-level ZK based on the ECC algorithm. He is also the theoretical pioneer of zk-SNARK.

An important development in the application of zero-knowledge proof was the zero-knowledge proof system used by Zcash in 2015, which protected the privacy of transactions and amounts. Later, it developed into the combination of zk-SNARKs and smart contracts, and ZK technology entered a wider range of applications. Application scenarios.

Some important research results also emerged during this period, including:

In 2013, the Pinocchio protocol "Pinocchio: Nearly Practical Verifiable Computation" realized minute-level proof, millisecond-level verification, and the proof size was less than 300 bytes, bringing zero-knowledge proof from theory to application. The SNARKs used by Zcash are based on Pinocchio. Improved version;
In 2016, the "Groth16: On the Size of Pairing-based Non-interactive Arguments" algorithm streamlined the size of the proof and is one of the basic algorithms in the current mainstream ZK algorithm;
In 2017, the "Bulletproofs: Short Proofs for Confidential Transactions and More" algorithm was proposed, designing a very short non-interactive zero-knowledge proof that does not require a trusted setup, so that the proof provider and the verifier do not have to be online at the same time , was applied to the blockchain project Monero 6 months later;
In 2018, the paper "zk-STARKs (BBHR18) Scalable, transparent, and post-quantum secure computational integrity" proposed an algorithm that does not require trusted settings, which gave the development of zk-STARK a new breakthrough. Later, it was used In the heavyweight L2 project Starkware project;

In addition, the introduction of algorithms such as Sonic, Halo, Marlin, and Plonk have made some improvements to zk-SNARK:

2019, Sonic, an early universal zk-SNARK protocol, supports universal and scalable reference strings. Sonic’s proof size is fixed, but the verification cost is high. In theory, multiple proofs can be verified in batches to obtain better results. performance;
2019. Fractal, a recursion-enabled zk-SNARK that enables transparent setup through preprocessing of circuits. The maximum proof size is 250KB, which is much larger than the proofs generated by other builds;
In 2019, Halo supports recursive evidence organization without the need for trusted settings. Unlike other new zk-SNARK builds, Halo’s verification time is linear;
In 2019, SuperSonic, an improved version of Sonic, is the first practical transparent zk-SNARK in terms of verification time and proof data volume;
2019, Marlin, an improved version of Sonic, shortens the proof time by 10 times and the verification time by 4 times;
In 2019, Plonk, an improved version of Sonic, reduced the proving time by 5 times;

03｜Technical Overview

3.1 Zero-knowledge proof algorithm

Currently, the most mainstream algorithms for zero-knowledge proofs are zk-SNARKS, zk-STARKS and Bulletproofs. The following will briefly introduce the three algorithms.

zk-SNARKs

zk-SNARK (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge), which stands for Zero-Knowledge Succinct Non-Interactive Argument of Knowledge, was proposed by Alessandro Chiesa, a professor at the University of California, Berkeley, and others in 2012 in the paper "From extractable collision resistance to succinct non- Proposed in "interactive arguments of knowledge, and back again", it is one of the earliest and most popular zero-knowledge proof implementations. Non-interactive zero-knowledge proof (Non-interactive proof) means that the prover only needs to give the proof information and the verifier can verify it. There is no need for interaction between the verifier and the prover in this process.

zk-SNARK uses elliptic curve cryptography (ECDSA) for encryption. Although the ECDSA algorithm is currently secure, the development of quantum computers in the future may break its security model. In addition, the launch of zk-SNARKs requires a trusted setup. A trusted setup means that multiple parties each generate a partial key to launch the network and then destroy the key. If the secrets of the keys used to create the trust setup are not destroyed, these secrets could be exploited to forge transactions through false verifications.

As the most widely used zero-knowledge proof in the blockchain, zk-SNARKs has developed many protocol algorithms with different characteristics. The research route is divided into two directions. One is based on Groth 16 and GKM+18. , Sonic 19, PLONK 19 and other algorithms, focusing on getting rid of trusted settings while maintaining an effective proof system; the other type, represented by algorithms such as Ligero 17, Aurora 18, Fractal 19 and other algorithms, focuses on post-quantum security. Among them, Groth 16 and PLONK 19 are currently the most widely used zero-knowledge proof solutions in the blockchain field because they provide constant-level verification time.

zk-STARKs

zk-STARK (Zero-Knowledge Succinct Transparent Arguments of Knowledge), which represents zero-knowledge concise and transparent knowledge argumentation, was proposed by Eli-Ben Sasson in the paper "Scalable, transparent, and post-quantum secure computationalintegrity". zk-STARK is a technical evolution of the zk-SNARK algorithm, which solves the weakness of SNARK's reliance on trusted settings and can complete blockchain verification without relying on any trust settings, thereby reducing the complexity of launching the network and eliminating any collusion risk. zk-STARK uses a leaner encryption method that avoids the need for knowledge of elliptic curves, pairings, and exponential assumptions, instead relying on hashing and information theory and is therefore resistant to quantum attacks. The resulting cost is that zk-STARK proofs are thousands of times larger than zk-SNARKs, but in scenarios with trust minimization requirements or quantum computers, this cost is worth it.

Bulletfroofs

Bulletproofs (Short Non-interactive Zero-knowledge Proofs) is a short non-interactive zero-knowledge proof protocol proposed by the Stanford Applied Cryptography Group in the 2017 paper "Bulletproofs: Short Proofs for Confidential Transactions and More". Bulletproofs take into account the advantages of SNARKs and STARKs, can run without a trusted setup, and can reduce the size of cryptographic proofs from more than 10kB to less than 1kB, with a compression ratio of more than 80%, while reducing transaction fees by 80%. However, the proof and verification time of Bulletproofs is longer than that of SNARKs and STARKs. In 2018, Bulletproofs were applied to the privacy coin Monero and attracted great attention in the field due to its relatively low transaction fees, proof size and lack of trust.

summary

The following is a performance comparison chart of the three mainstream algorithms provided by Matter Labs. Overall, the advantages of zk-SNARKs are more obvious.

Source: Matter Labs’ github code base https://github.com/matter-labs/awesome-zero-knowledge-proofs#learn

After experiments, the specific performances of the three types of algorithms are as follows:

Source: https://docs.google.com/presentation/d/1gfB6WZMvM9mmDKofFibIgsyYShdf0RV_Y8TLz3k1Ls0/edit#slide=id.g443ebc39b4_0_110

The following will describe the ZK open source library and typical applications of ZK in the blockchain field.

3.2 Open source algorithm library

3.2.1 Summary of open source libraries

The following table lists more than ten open source algorithm libraries related to zero-knowledge proofs, including zk-SNARKs, zk-STARKs, Bulletproofs open source libraries supported in different languages, and Plonky2, which supports multiple algorithms at the same time. Most of the listed ZK libraries support the zk-SNARKs algorithm, among which Groth16 and PLONK are the majority. Some open source libraries are specific implementations of specific algorithm papers and are only for academic purposes and are not recommended for engineering use, such as Spartan, Dizk, Nova, libSTARK, etc.

3.2.2 Best Practices

Algorithm libraries such as zk-SNARKs cannot be directly applied to any computational problem. Before using it, you first need to convert the problem into the correct form. The first step is to convert it into an algebraic circuit. Circom is a compiler written in Rust that makes it easy to build algebraic circuits. Therefore, a best practice is to combine the circom library and the ZK algorithm library to solve computational problems. Taking snarkjs as an example, the practical steps are as follows:

Use a dedicated circuit language to write the logic/constraints to be proved. At the same time, the Circom project has provided a library of common secure tools (elliptic curve point operations, signature verification, hashing, etc.) that can be introduced directly;
Use Circom's compiler to compile circuit logic into a low-level representation (R1CS);
Use the snarkjs tool provided by Circom to set up trust and generate js proof code and solidity contract verification code;
Subsequently, the ZK proof can be generated off-chain through the generated proof code, and the ZK proof can be verified through smart contracts on the chain.

Source: https://docs.circom.io/

04｜Typical applications

Currently, zero-knowledge proof applications are constantly emerging in the blockchain industry, especially in terms of expansion and privacy protection. Many excellent projects have emerged. The following summarizes the application ecology of zero-knowledge proof in the blockchain field from the aspects of capacity expansion and privacy protection.

4.1 Expansion

Blockchain is unable to meet current needs due to its own performance issues. Zero-knowledge-based expansion solutions are expected to solve the performance bottleneck of blockchain. Scaling refers to increasing transaction speed and transaction throughput without sacrificing decentralization and security.

4.1.1 zk-Rollup

ZK-Rollups is a Layer 2 expansion solution based on zero-knowledge proof. It improves the throughput of the blockchain by transferring calculations to the chain, that is, packaging a large number of transactions into a Rollup block and generating a valid block for the block off-chain. The smart contract on Layer 1 only needs to verify the proof to directly apply the new state, which can achieve lower Gas and higher on-chain security. The following summarizes some blockchain L2 expansion solutions based on ZK technology.

zkSync

zkSync is a Layer 2 expansion solution launched by Matter Labs, which improves the scalability of the Ethereum network by using Rollup based on zero-knowledge proof. At present, the project has launched the 1.0 main network focusing on payment purposes and the general 2.0 main network that is fully compatible with EVM.

zkSync 2.0 is an EVM-compatible L2 solution built on Ethereum. It recompiles the EVM code to implement the functions of any smart contract (converting EVM's Solidity, Yul, Vvper and zkSync's own language Zinc into SNARK compatible code) and uses zero-knowledge proof to verify Rollup transactions, so it is also called zkEVM. The architecture of zkSync 2.0 includes zk-Rollup and validium (zkporter). The combination of the two is also called "volition", which gives users the freedom to choose between zk-Rollup and validium. zkSync 2.0 provides on-chain data availability through zk-Rollup and off-chain data availability through zkporter, thereby achieving exponential scalability.

Matter labs, the development team of zkSync, has completed a total of 4 rounds of financing. The latest round completed a US$200 million Series C financing in November 2022, with the total financing reaching US$458 million.

StarkWare

StarkWare is zkSynk’s biggest competitor, founded in 2018 by Eli Ben-Sasson, co-inventor of zk-STARKs, and others. Its projects include starkEx and starkNet (compared to zksynk1.0 and 2.0 respectively). StarkEx focuses on providing customized SAAS services for zk-Rollup. StarkNet is a permissionless decentralized universal zk-Rollup.

StarkEx: Leveraging STARK technology to provide scalable self-hosted transactions (transactions and payments) and charge SAAS fees for applications such as DeFi and gaming. The main customers include dYdX, ImmutableX, DeversiFi and other enterprise customers. StarkWare will receive more than $50 million in revenue from its largest customer dYdX in 2021 alone, but there is news that dYdX will leave StarkWare in the future.
StarkNet: The Ethereum L2 platform based on zk-Rollups provides more flexible off-chain expansion capabilities than starkEx. Users can directly write contracts on L2. StarkNet supports the same computations and operations as the Ethereum network, with the same degree of security and greater scalability, and has released its own programming language, Cairo (a programming language for writing STARK provable programs), allowing Developers write their applications and deploy them on StarkNet, but they are incompatible with the existing Ethereum ecosystem.

StarkWar has received a total of US$273 million in 7 rounds of financing. The latest round completed a US$100 million Series D financing in May 22 at a valuation of US$8 billion.

Polygon

Polygon was founded in India in 2018 by Jaynti Kanani and others, and has developed its own set of Ethereum scaling tools. Polygon is actively laying out their ZK (Zero Knowledge) strategy, committing to invest more than US$1 billion in the research and exploration of ZK technology. They have many L2 solutions, most of which are acquired independent teams and projects, including Hermez, Zero, Miden, and Nightfall. The four products have different technical routes:

Hermez is based on SNARK technology and mainly focuses on payments and transfers;
Based on Plonky2 technology, Zero provides an Ethereum EVM-compatible virtual machine. Its main features are fast proof generation (170ms on an ordinary computer) and a proof size of only 45kb;
Miden is based on STARK technology and provides Ethereum EVM-compatible virtual machines. The main features are trustless settings and post-quantum security.
Nightfall achieves scalability and privacy by combining the technical advantages of OP-Rollup and ZK-Rollup, with higher execution efficiency and throughput. Each transaction only requires 12kGas, and uses ZK technology to protect the privacy of transaction data.

On February 7, 2022, Polygon raised approximately $450 million through a private sale of its native MATIC token. This round of financing, led by Sequoia Capital India, will help Polygon consolidate its leading position in the Ethereum expansion track.

Scroll

Scrol aims to build a native zkEVM Layer2 solution for Ethereum, use zk-Rollup to extend Ethereum, bundle Ethereum transactions off-chain, and support more transactions at a lower cost.

Compared with zkSync and Starkware, the architecture of the first two requires a specialized compiler to compile the smart contract code into a ZK-friendly IR. This approach is language-compatible rather than native EVM-compatible, while Scroll is building a zero-knowledge proof Ethereum Virtual Machine (EVM) means that developers in the Scroll ecosystem will enjoy an experience equivalent to the Ethereum Virtual Machine, that is, any dApp running on zero-knowledge proof L1 can be deployed on Scroll.

Scroll was founded in early 2021, completed a Series A financing of US$30 million in April 2022, and released a Pre-alpha version for public testing in July 2022. According to the roadmap, it is expected to be launched on the mainnet in 2023.

Source: Scroll official

zkSpace

zkSpace is a full-featured Layer 2 platform covering DEX, NFT and payment, including ZKSwap, ZKSea and zkSquare. Among them, zkSwap is a Layer-2 decentralized trading protocol based on ZK-Rollup technology and AMM model. It can realize real-time transactions while ensuring the core value of decentralized trading. The goal is to realize all Uniswap functions on Layer-2. However, compared to Uniswap, zkSwap's TPS has been improved by several orders of magnitude, and users hardly need to consume any gas fees during the transaction process. In terms of technical details, zkSwap is based on the Plonk zero-knowledge proof algorithm, which is more efficient and can update trusted settings.

4.2 Privacy protection

Zero-knowledge proofs allow one party to prove to another party that they know a secret without revealing the true nature of that information. In the context of blockchain, zero-knowledge proofs can be used to verify the validity of transactions without revealing the sender, recipient, amount involved, and other sensitive data in the transaction. Therefore zero-knowledge proofs play a huge role in protecting on-chain data privacy. The following summarizes some applications of ZK technology in privacy protection, including privacy L2, privacy public chains and privacy coins.

4.2.1 Privacy L2

Aztec Network

Aztec is the first Layer 2 privacy blockchain project on Ethereum, aiming to provide privacy and scalability for centralized applications. It was founded by well-known cryptographer Zac Williamson, who is also the co-inventor of the PLONK and zk-SNARK protocols. . Aztec is the only project built from the ground up with zk-Rollup, using the PLONK zero-knowledge proof mechanism, allowing users to access their dApps with complete privacy at Layer 1. In October 22, Aztec launched Noir, a zero-knowledge universal language, to support developers in building ZK applications faster.

Aztec uses a UTXO model similar to the Bitcoin account principle. In this model, the note note is the basic unit of protocol operation. When an asset is traded, the value of the note is encrypted, the note ownership changes, and the note registry will record the status of each note. The user's AZTEC assets are all in the note registry. The sum of valid tickets owned by this user address. Different from the account model of Ethereum, asset transactions based on the UTXO model can be regarded as a change of ownership of the note, rather than an update of the balance status of the accounts of both parties to the transaction, and only the two parties involved in the transaction know that the ownership has changed.

In December 2022, Aztec completed a US$100 million Series B financing, led by a16z, with participation from A Capital, King River, Variant, SV Angel, Hash Key, Fenbushi and AVG.

4.2.2 Privacy L1

Come on

Aleo is the first platform to provide complete privacy protection applications and is a public chain based on zero-knowledge proof privacy protection. The core of Aleo is ZEXE (a distributed privacy computing ledger system), and the core of ZEXE relies on cryptographic primitives to perform calculations on the ledger, that is, decentralized private computation DPC (decentralized private computation), which separates calculation and consensus and provides zkCloud executes the transaction off-chain and submits the proof to the chain after the transaction is executed. Since only proofs are submitted to the chain, it is technically impossible for anyone to see or exploit knowledge of any transaction details, thus enabling transaction privacy. Aleo provides leo language for writing smart contracts executed in zkCloud (zero-knowledge friendly), using the marlin algorithm to achieve privacy protection, which is close to Groth16 in efficiency and supports a universal and updateable CRS. The current cumulative financing of the project reaches $228 million, with a valuation of nearly $1.45 billion.

Partisan

Partisia Blockchain is a semi-permissioned privacy public chain built for trust, transparency, privacy and high speed for universal coordination of public and private information. Partisia provides an additional layer of data protection on the blockchain, and users can control access to their data through zero-knowledge computations (ZK Computations). Zero-knowledge computing integrates zero-knowledge proof, secure multi-party computation, fully homomorphic encryption and other technologies to add privacy and confidentiality to the blockchain. By establishing a cluster of computing parties and running smart contracts on multiple computing nodes based on the MPC protocol, any calculation can be safely performed on distributed data. The data will not leave the server, so no secret information that should not be leaked will be leaked. In this process, ZK technology can ensure the correct execution of the protocol. As long as there are more than a security threshold number of honest nodes, the security of transaction input and output can be guaranteed.

Source: https://partisiablockchain.com/

Manta Network

Manta Network is Polkadot’s privacy parachain. The principle of its private transaction is based on the ZK and UTXO models. During asset transactions, the recipient's public key and temporary secret key are used to construct an encrypted transaction. The recipient then uses his own public key to decrypt. If the decryption is successful, it means that the transaction Assets are those of the recipient. In this process, ZK technology can ensure that the sender does have so many assets, specifically using the Groth16 zero-knowledge proof algorithm. Currently, Manta is already setting up trustworthy zero-knowledge proofs and is about to launch the privacy payment product MantaPay. More privacy products will be launched in the future.

Penumbra

Penumbra is a private cross-chain network on Cosmos. It uses the Snark algorithm to implement private transactions and can disclose details in a targeted manner. Similar to Aztec, Penumbra uses a UTXO-like account model. Note details are not stored on the chain. Only the commitment of the note is stored to prove the ownership of the note. However, it can only be derived from one note to another through homomorphic commitment. Ensure that the total value before and after the transfer remains unchanged. Supports IBC protocol to transfer tokens to other chains.

Mina Protocal

Mina designed a lightweight blockchain based on advanced cryptography and recursive zero-knowledge proofs. Implemented based on the snark-Pickles zero-knowledge proof system, Pickles is the only trustless setting zk-SNARK that supports arbitrary branch recursion, making the proof smaller and the recursive proof more efficient. Mina does not store block data on the chain. Instead, it stores status proofs on the chain, stores data in off-chain services, and submits the generated proofs to the chain to update the proofs after executing transactions. Whenever a new block is generated, Mina does not need to re-verify the entire block sequence, but only needs to extend the new proof on the original validity proof to support the new block, that is, capture the entire blockchain state as a snapshot and publish it, and use it as a background Take a snapshot of the new block and so on. Therefore, an unlimited amount of proof information can be included on the chain, but the snapshot size is always maintained at about 22kb, and the verification time is about 200 milliseconds, allowing lightweight clients and mobile devices to fully verify the system history. Mina is also a privacy public chain, which can protect transaction privacy to a certain extent, provided that it needs to run its own service to generate proof.

4.2.3 Privacy Coin

Zcash

Zcash is nicknamed the originator of privacy coins. Its peak price reached as high as $4,293, which is about 30,000 yuan. Zcash is the first privacy project to introduce zero-knowledge proof technology and can conduct real-time transactions and anonymous transactions. Its project token is ZEC. The privacy of Zcash confidential transactions relies on hash functions and stream ciphers in standard cryptography. The sender, recipient, and transaction volume in the transaction record are encrypted on the chain. Users can choose at their own discretion whether to provide viewing keys to others. (Only those with this key can see the contents of the transaction). The validity of the transaction is verified off-chain using zk-SNARKs. In May 2022, Zcash began to upgrade its underlying cryptography and adopt the Halo 2 zero-knowledge proof system. Halo2 is a new zk-SNARK that removes trusted settings while meeting performance goals and enabling a scalable architecture for private digital payments.

Tornado Cash

Tornado Cash is a fully decentralized, non-custodial protocol that can be used to anonymize Ethereum transactions. In terms of implementation principles, Tornado Cash essentially uses a zk-SNARK mixing pool, which can solve privacy issues by using ZKP to break the on-chain link between the source address and the target address. The trusted setting is based on the Groth algorithm.

In August 2022, Alexey Pertsev, the developer of Tornado Cash, was arrested and imprisoned in the Netherlands on suspicion of money laundering. This was the first time in history that an on-chain smart contract was directly sanctioned by OFAC (Office of Foreign Assets Control).

Monero

Monero (XMR) is one of the earliest well-known privacy coin projects and the first privacy coin project to deploy Bulletproof technology. By integrating technologies such as invisible addresses, ring signatures, and ring confidential transactions, Monero is able to hide the addresses and transaction quantities of both parties to the transaction, opening a new chapter in encrypted digital currency. Among them, Bulletproof hides the amount in the transaction for ring confidential transactions. Monero (XMR) once became one of the top ten or even top five cryptocurrencies by market capitalization driven by darknet transactions in the United States.

Dash

Dash uses a coin mixing system to achieve a certain level of privacy. In order to implement the currency mixing system, Dash transformed the Bitcoin network and established a two-layer network composed of master nodes and miners. In the first-layer network, miners use POW mining to account and protect network security; the second-layer network implements currency mixing-related functions, including performing private transactions, instant transactions, and network management. In Dash's currency mixing system service, the master node mixes the transactions of multiple users, merges the funds from multiple parties and sends them out together, making it impossible to track the transaction history. However, Dash’s currency mixing technology can only hide the transaction address, but cannot hide the transaction amount.

SERO

SERO (Super Zero Protocol) is also an emerging privacy protection currency based on zero-knowledge proof technology. In the field of anonymous transactions, SERO has the same characteristics as Monero and Zcash. SERO provides relatively complete support for smart contracts by supporting the Solidity virtual machine. In terms of zero-knowledge proof, the SERO team has established the Super-ZK zero-knowledge proof encryption system based on zk-SNARKs, which can achieve 100% anonymous transactions, and the current Super-ZK system is faster than Zcash’s existing system in terms of encryption speed. An order of magnitude improvement. Blockchain developers can issue their own privacy tokens on the SERO chain to build their own privacy ecosystem. These newly issued tokens can have private transaction characteristics based on zero-knowledge proofs like SERO coins.

4.2.4 Privacy KYC

zkPass

zkPass is a decentralized KYC solution based on secure multi-party computation and zero-knowledge proofs, allowing users to anonymously prove their identity claims to third parties (other project parties/verifiers) through the credentials they hold with a Web2 identity issuer. The entire process of converting Web2 identity credentials into anonymous credentials does not require a centralized server (traditional KYC platform) or trusted hardware (TEE). The zkPass protocol is a perfect alternative to traditional KYC service providers and can provide businesses and users with a higher level of KYC solutions.

4.3 Upper-layer application

Based on the above infrastructure, zero-knowledge proof technology has also demonstrated its capacity for expansion and privacy protection in upper-layer applications in games, Defi, NFT, digital identity and other tracks. Some applications are shown in the following table:

Content source: https://github.com/ventali/awesome-zk

4.4 Summary

Combined with the algorithms and applications mentioned above, the algorithms used in various typical zero-knowledge projects are counted. Judging from the results, zk-Snarks is currently the most widely used algorithm, among which Groth16 and PLONK are the most commonly used basic algorithms; zk-Stark is mainly used by StarkWare and Polygon teams; the representative application of BulletProofs is Monero, which is also the first A mainstream digital currency that applies Bulletproofs technology.

05｜Summary

According to the analysis of this article, zero-knowledge technology has achieved good development both in theoretical research and engineering implementation. Projects integrating zero-knowledge technology are emerging one after another. Zero-knowledge proof technology has become an important underlying technology in the blockchain field, especially providing solutions to the problems related to expansion and privacy protection that underlying chains such as Ethereum are facing. 2022 is the year when zero-knowledge proof achieves a breakthrough. I believe that with the increase in commercial investment, zero-knowledge will move from theoretical research to more fields.

references

1.https://github.com/matter-labs/awesome-zero-knowledge-proofs

2.https://github.com/ventali/awesome-zk

3.https://ethereum.org/en/community/research/#scaling-and-performance

4.https://ethereum.org/en/developers/docs/scaling/

5.https://ethereum.org/en/developers/docs/scaling/zk-rollups/

6.https://zkpass.org/home

7.https://offshift.io/public/blog/2021-11-24-bulletproofs-zksnarks-zkstarks/

8.https://medium.com/minaprotocol/meet-pickles-snark-enabling-smart-contract-on-coda-protocol-7ede3b54c250

9.https://kb.delendum.xyz/zk-knowledge#foundations-of-zksnarks

10.https://docs.circom.io/

11.https://consensys.net/blog/blockchain-explained/zero-knowledge-proofs-starks-vs-snarks/

12.https://eprint.iacr.org/2018/046.pdf

13.https://crypto.stanford.edu/bulletproofs/

Review of past issues

Polygon: The first out-of-circle Ethereum expansion solution

Azuki: Create an NFT metaverse brand

Uniswap: The indomitable DEX unicorn (Part 1)

Cosmos: From distributed tribe to economic community

Mirror: user-created, user-owned

Statement: The content and data involved in this article come from official public materials of each project and the sources have been indicated. Some pictures and texts are from the Internet. If there is any infringement, please contact us to delete them.