Zero-Knowledge Coprocessors (zkCoProcessors) represent a significant breakthrough in blockchain technology, enabling efficient, trustless off-chain computations and historical data access. This in-depth technical analysis delves into the architecture, components, and innovations within zkCoProcessors.
ZK Program:
A ZK program specifies the computations necessary for an application. These programs can be written directly as zk circuits or in higher-level languages (like Rust, or Circom) that compile into ZK circuits. This flexibility enables developers to balance custom optimization and ease of use. Examples include zkVMs like those used by RISC Zero and ORA’s zkWASM.
ZKP generation:
The generation of ZKPs is crucial to ensure computations are performed correctly without exposing sensitive inputs. This process transforms traditional computational logic into arithmetic circuits, encoding variables modulo a large cryptographic prime. Deterministic execution is essential to maintain the correctness of the generated ZKPs.
ZKP verification:
ZKP verification confirms the accuracy of the ZKPs in representing the off-chain computations. Typically performed on-chain, this verification reintegrates the results into the smart contract environment, preserving data integrity and trust.
Data access
Accessing historical on-chain data is fundamental to zkCoProcessors. The primary methods include:
On-chain storage: This involves storing additional data within the blockchain state for verification purposes. While secure, this method can be very expensive due to high storage costs.
Trusted oracles: Trusted oracles or signer networks can verify input data for zkCoProcessors. However, this method introduces trust dependencies that can compromise security.
ZKP for data validity: Utilizing ZKPs to ensure the correctness of historical on-chain data, providing cryptographic guarantees without additional trust assumptions. For example, AxiomV2 uses ZK proofs of Merkle-Patricia trie inclusion and block header hash chains to verify data integrity.
Computation
To handle off-chain computations, zkCoProcessors use several methods, each offering different levels of optimization and developer effort:
Custom circuits: These offer the highest performance potential, allowing developers to optimize ZK circuits specifically for their applications. However, this requires significant expertise in circuit design.
Domain-Specific Languages (DSLs): DSLs simplify some ZK-specific concerns, allowing developers to write circuits in a more intuitive programming language. This provides a better developer experience at the cost of some performance optimization. For instance, DSLs like ZoKrates abstract the complexity of circuit writing.
zkVMs: zkVMs compile high-level programming languages into ZK circuits, making the development process simpler by abstracting constraint generation. However, this can introduce performance overhead due to differences between traditional computation models and ZK circuit execution. ORA's zkWASM, for instance, compiles AssemblyScript into WASM and then into ZK circuits, enabling developers to write verifiable computations in familiar languages.
Integration with AI/FHE and big data:
zkCoProcessors will be increasingly used for verifiable AI/FHE and large-scale data analysis, enabling secure computations in advanced decentralized applications. This integration will allow for complex computations involving large datasets to be done off-chain, with results verified on-chain.
Developer tools and ecosystem:
The expansion of libraries and DSLs will make ZK circuit development more accessible. Comprehensive documentation and community support will encourage adoption and ease the learning curve for new developers. Tools that simplify the development process will be critical for wider adoption, as they reduce the technical barriers to entry.
New use cases:
zkCoProcessors will find broader applications in areas requiring intensive data verification and privacy-preserving computations, such as predictive analytics, DeFi, and user profile management in Web3. These use cases will benefit from the ability to perform complex computations off-chain while ensuring the integrity and privacy of the data involved.
Brevis is an advanced zkCoProcessor that uses a hybrid model combining pure-ZK proof systems with an innovative 'propose-challenge' mechanism to optimize cost, performance, and functionality for data-driven dApps.
Brevis App Workflow
Technical features
Data access:
Computation:
Result utilization:
Propose-challenge model: This model involves proposing results optimistically without immediate ZK proofs, subject to a predefined challenge period.
Proposing results: Coprocessing requests are handled by generating results optimistically without immediate ZK proofs.
Challenge period: Results are subject to a predefined challenge period during which any network participant can challenge them by submitting a ZK proof.
Final acceptance: If no challenge is initiated, results are accepted and can be used by dApps without incurring the costs of ZK proof generation.
Details:
Data access module:
Developers specify the required historical blockchain data using Brevis SDK.
Example: For a DEX trading volume application, the data might include all related swap events.
App circuit:
Developers build the logic to process the specified data.
Example: Summing up all trade transactions to compute trading volumes.
App contract:
Handles the ZK-verified computation results and integrates them into the application logic.
Operational workflow:
Request submission: dApps submit coprocessing requests specifying the required data and computation logic.
Result proposal: Validators in Brevis coChain generate coprocessing results and propose them on-chain.
Challenge mechanism:
If the results are challenged, a ZK proof is required to verify the correctness. Successful challenges result in penalties for validators and rewards for challengers.
If unchallenged, the results are accepted and used by the application.
Benefits:
Cost efficiency: The propose-challenge model significantly reduces the costs associated with ZK proof generation.
Flexibility: Developers can customize the challenge period and security level, adapting to various use cases.
Scalability: Brevis can handle large-scale data-driven applications with low latency and high performance.
Applications:
It allows any V4 hook to read and compute liquidity providers’ (LPs) and traders’ transaction histories trustlessly, helping the development of loyalty programs and other complex data-driven functionalities.
Enhances its MEDIA Score, a machine learning-powered metric for user profiling, enabling personalized user experiences without compromising trust and privacy. By analyzing user behavior, Trusta can offer more relevant content and services.
Leveraging its restaking infrastructure to enhance security. This combination allows Brevis to benefit from EigenLayer’s security model while maintaining cost efficiency and scalability.
Axiom zkCoProcessor offering enhanced capabilities for smart contract developers to perform ZK-verified computations over the entire history of Ethereum. Axiom V2 introduces a new JavaScript interface and supports more extensive on-chain data access.
Technical features:
Enhanced data access:
Supports access to transactions, receipts, and Solidity mappings in addition to block headers, accounts, and contract storage.
Allows developers to read any piece of on-chain data that has appeared in the history of Ethereum.
JavaScript interface:
Developers can specify arbitrary ZK-verified computations over historic data using a JavaScript interface.
Simplifies integration by allowing the use of Solidity and JavaScript alone, without requiring ZK-specific verifier contracts.
Universal verifier:
A universal verifier contract enables developers to verify results on-chain without deploying new ZK-specific contracts.
Results are received through a callback function in the smart contract.
Details
Data access:
Developers can request authenticated on-chain data using the Axiom Client SDK.
Supported data types include block headers, accounts, contract storage, transactions, receipts, and nested Solidity mappings.
ZK Primitives and Computation:
Axiom SDK provides ZK circuit primitives for computations over the data.
Developers can write custom queries and computations in JavaScript, which are then verified by Axiom.
Integration:
Developers implement a smart contract callback to receive ZK-verified results.
The callback interface allows seamless integration with existing smart contracts.
Operational workflow
Query composition: Developers compose queries using the Axiom Client SDK and specify computations in JavaScript.
Proof generation: Axiom generates ZK proofs for the specified queries and computations.
Result verification:
ZK-verified results are forwarded to the smart contract callback.
The universal verifier contract checks the proof and ensures the integrity of the results.
Benefits
Ease of use: The JavaScript interface and simplified integration process make it accessible for developers without extensive ZK knowledge.
Comprehensive data access: Full access to Ethereum’s historical data allows for more complex and data-rich applications.
Cost efficiency: The use of a universal verifier reduces the need for multiple ZK-specific contracts, lowering integration costs.
zCloak Network has developed a chain abstraction-based zkCoProcessor designed to work across multiple blockchain platforms. This zkCoProcessor leverages the Internet Computer (ICP) for efficient off-chain ZK computation and verification.
Technical features:
Chain abstraction:
Enables ZKPs to be executed and recognized across various blockchain systems.
Facilitates cross-chain interoperability of ZKP verification outcomes.
zkCoProcessor:
Details:
ZK program:
Supports the creation of general-purpose computing programs without manual zk circuit construction.
Uses zk-STARK-based zkVM (Polygon Miden) integrated with zCloak’s zkID SDK.
ZKP generation:
Executes the logic for ZKP generation in WASM format locally via the Miden zkVM.
Facilitates ZKP generation within web development workflows.
ZKP verification:
Uses ICP’s decentralized cloud infrastructure for ZKP verification.
Leverages ICP’s threshold ECDSA signature scheme for secure and efficient verification.
Operational workflow:
Local ZKP generation:
Users generate ZKPs locally using the zkID SDK, which runs the zkVM and associated zero-knowledge programs.
Example: Generating a ZKP for a game’s escape path without revealing the exact path.
ZKP submission:
Users submit the generated ZKP to the ZKP verification module on ICP.
The verification module processes and verifies the ZKP using ICP’s decentralized infrastructure.
Verification results:
Verified results are signed using ICP’s threshold ECDSA signature.
Results can be sent to any blockchain supporting ECDSA signature verification.
Benefits:
Ultra-low costs:
Verifying ZKPs within ICP is significantly cheaper than on Ethereum.
The overall cost of using the zkCloak solution is substantially lower.
High execution efficiency:
The zCloak ZK coprocessor approach allows for verification of large ZKPs within a single transaction.
This method is more efficient than the conventional multi-step proof verification process.
High execution speed:
The entire ZKP verification process is completed in a few hundred milliseconds.
This speed rivals off-chain computation times.
Applications
Players navigate a character through a maze, generating a ZKP for the escape path. The game verifies the ZKP using the zkCloak verification module and awards achievements based on the path.
Integration steps:
Generate ZKP: The game front-end uses the zkID SDK to generate the ZKP locally.
Submit ZKP: The ZKP is submitted to the ICP-based verification module.
Verify and use results: The verification results are checked on-chain using a smart contract. Achievements are awarded based on the verified ZKP.
zkCoProcessors like AxiomV2 and Brevis enable access to historical on-chain data with cryptographic guarantees of data integrity through ZKPs.
Offloading computations off-chain reduces the load on blockchain networks. Brevis’s propose-challenge model optimizes ZK proof generation, enhancing cost-efficiency.
zCloak Network’s chain abstraction facilitates ZKP execution and verification across different blockchains, promoting seamless interoperability.
Tools such as Axiom’s JavaScript interface and Brevis's SDK simplify ZKP integration, making it accessible for developers without deep cryptographic expertise.
Complexity: The intricate concepts of ZKPs and zkCoProcessors pose a steep learning curve for developers, potentially hindering adoption.
Performance overheads: Despite improvements, proof generation and verification can still introduce latency, especially in real-time applications.
Cost considerations: Initial setup and integration costs can be high, particularly for small projects. External dependencies, such as ICP in zCloak, add potential cost variability.
Security risks: The security of zkCoProcessors depends on the robustness of ZK algorithms. Vulnerabilities in ZK circuits or integration frameworks could compromise the system.
zkCoProcessors are an important development in technology, addressing key issues like blockchain scalability, security, and interoperability. Although they can be complex and may involve some overhead, their ability to deliver trustless and efficient computations makes them useful for creating advanced decentralized applications. To be successfully integrated and widely adopted in the blockchain world, they need ongoing improvements and strong security practices.
Brevis Team. (2023, November). Uniswap V4 Hook + Brevis ZK Coprocessor = Data-driven DEX Experiences. Brevis Network. https://blog.brevis.network/2023/11/01/uniswap-v4-hook-brevis-zk-coprocessor-data-driven-dex-experiences/
Brevis Team. (2024a, February 26). Launching Brevis V2: Generalized ZK Coprocessor for Data-driven dApps. Brevis Network. https://blog.brevis.network/2024/02/26/v2launch/
Brevis Team. (2024b, March 13). Revolutionizing the Web 3.0 UX with ZKML Powered by Trusta and Brevis. Brevis Network. https://blog.brevis.network/2024/03/13/revolutionizing-the-web-3-0-ux-with-zkml-powered-by-trusta-and-brevis/
Brevis Team. (2024c, April 11). Brevis coChain AVS Launches on EigenLayer: The Fusion of Crypto-Economics + ZK Proofs. Brevis Network. https://blog.brevis.network/2024/04/11/brevis-cochain-avs-launches-on-eigenlayer-the-fusion-of-crypto-economics-zk-proofs/
Sledd, L., Lehman, S., & Liu, C. (2024). A Two-Part Approach to Understanding zk Coprocessors. Symbolic.capital. https://www.symbolic.capital/writing/a-two-part-approach-to-understanding-zk-coprocessors
Sun, Y. (2024, January 22). Announcing Axiom V2 on Mainnet. Axiom; Axiom. https://blog.axiom.xyz/v2-mainnet/
zCloak Network. (2024, March 7). A Chain Abstraction Based ZK Coprocessor by zCloak Network. Medium; Medium. https://zcloaknetwork.medium.com/a-chain-abstraction-based-zk-coprocessor-by-zcloak-network-aa86c42a9dec