The Zero-knowledge proof method is widely used in roll-up solutions. ZK-Rollups are a collection of such technologies.

Rollups allow you to ensure high transaction privacy while also scaling the main Ethereum network: many transactions are combined into a single package that is confirmed in the first-level blockchain.

In the Ethereum ecosystem, popular second-level protocols based on ZK include Starnet, zkSync, Loopring, Polygon Miden, and others. Optimistic Rollups is a separate technology used in the L2 platforms Arbitrum One and Optimism.

How does the Zero-knowledge proof work?

The Zero-knowledge proof (ZKP) method was formulated by scientists Shafi Goldwasser and Silvio Micali in 1985 in the article “The knowledge complexity of interactive proof systems”.

They proposed a method for proving the message’s authenticity without revealing its contents.

To accomplish this, you must create a special “confirmation” with which the verifier can verify the accuracy of the source data. The sender must perform a series of calculations, all of which will be correct if he has the necessary knowledge. The verifier knows the value of the correct answer, allowing you to confirm the authenticity of the information’s possession. As a result, both parties have limited information about the message’s content.

Consider the following scenario: A colorblind person who cannot distinguish between colors is shown two balls. One is red and the other is green, but the person cannot tell the difference.

You must demonstrate the opposite without naming the colors of the balls. You do this by passing the objects to the interlocutor, who hides them behind his back. He then takes out the ball and shows it to you. The individual then hides it and repeats the action. You must respond to the question of whether he changed the ball behind his back. Because you know the correct answer, you will be able to prove your case through a series of experiments. However, you will not have to disclose additional information.

How is the Zero-knowledge proof used in ZK-Rollups?

The ZKP method enabled the development of a group of technologies known collectively as ZK-Rollups, on the basis of which many key second-level protocols in the Ethereum ecosystem operate today. Vitalik Buterin referred to ZKP as the most important technology for scaling the main blockchain platform.

“Rollup” packets are created from a series of transactions in which the data from each transfer is compressed. Such “convolutions” provide proof to the main network of the first level (in this case, Ethereum), allowing you to confirm the authenticity of all transactions in the package without considering each one individually. Following verification, the package is included in one of the blocks. A single rollup package can contain thousands of transactions, but only the bare minimum of data is stored in the first-level blockchain.

Three elements ensure the operation of ZK-Rollups:

The second-level network node performs basic transaction verification. It generates a ZK proof after receiving a certain number of transfers and combining them into a package. The package validates a smart contract that has been deployed in a first-level network. It also allows for fund input and withdrawal to the L2 blockchain.

“Rollups” also include user balances in the L2 network, presented in the form of the Merkle tree. Its root is stored in the contract, allowing you to track changes in the network’s state. Each transaction’s confirmation values are also sent to the first-level blockchain. The data contains the Merkle root, which is calculated in stages. Each transfer in the package is confirmed by recording intermediate values in the blockchain.

Which advantages does ZK-Rollups technology have?

The Zero-knowledge proof was initially used in anonymous cryptocurrency projects, but in recent years it has found widespread application as a solution for scaling Ethereum.

ZK-Rollups enables you to process user data without revealing any personal information about them. The algorithm, in particular, can check the availability of funds without displaying the user’s balance. These characteristics are critical for businesses that need to protect their customers’ personal information.

The use of solutions based on ZK-Rollups reduces transaction fees significantly. Many translations are combined into a single package in which all data is compressed, such as using an index instead of an address. This enables you to save less information in the first-level blockchain. The costs are distributed among all senders, so each of the users pays less.

ZK-Roll ups provide low delays when withdrawing funds to the main network, since the smart contract verifies the validity of the data before including the package in the blockchain.

What kinds of ZK proofs are there?

There are numerous implementations of ZK roll-ups, the most common of which are: ZK-SNARKs (and its variant Plonky2), ZK-STARKs, zkSync, and others. The size of the “proof” and the computational costs required for verification differ between technologies.

ZK-SNARK

ZK-SNARK generates a small and easy-to-verify confirmation. Calculating the values of elliptic curves to obtain a proof requires less cost than hashing, so the algorithm has a lower cost. The method requires that the proof be destroyed immediately after it is sent. To make the algorithm work, the node generates a public and private key, then destroys the latter. Another key pair is created using the public key. The private key is then used to generate confirmation, which is then verified using the public key.

ZK-STARK

ZK-STARKs generates a proof without requiring interaction between the verifier and the verifier. Data validation takes less time, making the technology more scalable. The algorithm employs hashing, making it resistant to quantum computer attacks.

zkSync

zkSync is an L2 protocol that is based on the same-named roll-up algorithm. The platform supports smart contracts and allows you to transfer assets. The algorithm has a low gas limit per transaction that does not exceed 500 Gwei. The main advantage of zkSync 2.0 is compatible with Ethereum Virtual Machine.

Which projects do ZK-Rollups и Optimistic Rollups use?

There are several popular solutions using ZKP in the Ethereum ecosystem today:

On the basis of its private version called StarkEx, large DeFi protocols Rhino, Immutable X, dYdX and Sorare work.

It is a lightweight blockchain that uses ZK-SNARK technology to generate 22 KB blocks. You can use the platform to execute smart contracts and run decentralized applications.

It is a decentralized trading protocol that uses an order book. Implemented in the Ethereum network, ZK-proofs are used for its operation.

In addition to ZKP-based roll-ups, a group of solutions known as Optimistic Rollups can be distinguished. The difference is in how transactions are verified: in Optimistic, transaction packets are considered valid, and transactions are only checked if someone challenges them.

Following the validation of each transfer, zero-disclosure proofs store data in the main network. As a result, the technology ensures that the current state of the network is preserved. Similarly, unlike ZK-Rollups, withdrawing funds from the protocol based on Optimistic Rollups requires a fraud check, which can take up to two weeks. The time when funds are withdrawn to the first-level blockchain is determined by the specified period. The requirement to validate data in ZK-Rollups, on the other hand, increases resource consumption and financial costs.

Two popular Ethereum L2 protocols — Arbitrum and Optimism — work on the basis of Optimistic Rollups.

What is Validium?

There are complex solutions — validiums. This is a compromise technology that combines evidence stored at different levels. Confirmations are sent to the main blockchain, but data is stored elsewhere. The solution reduces commissions but assumes reliance on external storage. Users will not lose funds if the latter fails, but they will be unable to conduct transactions.