Zero Knowledge Proofs (ZKPs) are an exceptionally powerful method of cryptography that will have far reaching applications as infrastructure for the new internet. ZKPs enable an entity (the prover) to verifiably demonstrate to another entity (the verifier) that some computation took place without revealing certain underlying data or requiring the verifier to execute the computation. With this property in mind ZKPs are an incredibly promising class of technology for privacy preservation, verifiable computation, and data compression — all of which are core, unsolved problems in web3. ZKPs are highly practical because the proofs generated are very small and computationally fast to verify, and are quickly moving from theory to application as proving hardware rapidly accelerates.
We are extremely early in our exploration of the potential use cases of ZKPs, but today, there are three primary applications in web3: privacy, scalability, and interoperability.
Privacy. Blockchains as they were originally developed are public by default. All transaction history, account balances, and smart contract execution is available for anyone to inspect. But web3 cannot scale without unlocking privacy, for the simple reason that mainstream participants and institutions won’t use technologies where all of their data is available to the public. ZKPs are a great tool for shielding some, if not all of this data in a compliant way.
In 2016, the Zcash protocol launched using ZKPs to obfuscate the details of user transactions in a Bitcoin-like payment network. In the last few years, advances in zk circuit constructions, accelerations in prover efficiency, and more efficient software implementations have paved the way for ZKPs that support private general purpose smart contract execution.
A few of the teams building privacy focused infrastructure:
-
Aleo is building its own zkVM for developers to define private applications deployed and executed on the Aleo blockchain.
-
Anoma is building a private, intent-centric counterparty discovery protocol.
-
Aztec is building a privacy protocol for shielded assets on its L2 to interact with defi on Ethereum.
-
Espresso Systems is building an asset privacy protocol to define private ERC-20 assets with configurable viewing policies with compliance and other new use cases in mind.
-
Iron Fish is building a shielded payment protocol that greatly lowers the resource requirements to run a full-node.
-
Mina is building a recursive SNARK protocol for developers to write smart contracts in typescript, only requiring a small proof to be submitted on the blockchain.
These are just a few examples of the teams focused on privacy in web3. More privacy focused infrastructure will lead to more privacy focused applications. We’re particularly excited about the new protocols, primitives, and products that will surface at the intersection of ZKP-enabled privacy and existing and new use cases in defi, nfts, gaming, and more. While we are excited about the potential for more private applications, we also expect that they will introduce new challenges for the ecosystem. We are starting to see this play out with the U.S. Treasury Department’s sanctioning the Tornado Cash application, a piece of privacy preserving code running on Ethereum. Read more about our position on the matter here.
Scalability. ZKPs are extremely useful for blockchain scalability because they can summarize a complex set of computations into a succinct proof that can be quickly and cheaply verified. Given that scalability has been at the forefront of blockchain research, this has been the predominant area of focus and investment for ZKPs. Rollups (L2s) and new L1s are leveraging ZKPs to further scale.
Rollups are a scalability method by which the execution of most transactions and the calculation of intermediate state updates are moved off the L1. Zk rollups generate validity proofs that verify the execution of a batch of transactions leads to the accompanying state. Zk rollups rely on ZKPs for verifiable computation not for the obfuscation of data. As such, the transaction data, the proof, and the updated state are periodically committed to an L1 allowing the rollup to inherit the underlying L1’s security. Newer concepts in rollup designs such as recursive (or fractal) roll-ups are largely theoretical today, but incorporate ZKPs to present a path towards the arbitrary scaling of execution without trading off security. Furthermore, sovereign rollup designs leverage ZKPs to not only scale up execution relative to traditional L1s but also scale down the work and resources required to sync the chain. Such super-lite clients are made possible with the inclusion of DA layer consensus in the rollup proof. Super-lite clients have a similar trust model to full nodes, but are able to sync the chain in the time it takes to verify a single ZKP.
Some of the teams building zk rollups:
-
Matter Labs is building zksync, a zkEVM L2 on Ethereum.
-
Polygon is building a zkEVM L2 (Hermez), a STARK based zkVM L2 (Miden), and a Plonky2 based zkVM L2 ( Zero) all on Ethereum.
-
Scroll is building a native zkEVM L2 on Ethereum.
-
Starkware is building a suite of STARK based zkVM L2s on Ethereum.
-
Sovereign Labs is building a zkEVM sovereign rollup using the RISC Zero zkVM.
ZKPs are also being leveraged for new layer 1 designs that enshrine the use of ZKPs for native data compression, verifiable computation, and more efficient gossip protocols. It’s simpler to build a new layer 2 solution with a centralized sequencer / prover than it is to build a new layer 1 with decentralized block production and block proving so there are fewer teams working on this. That being said, Aleo, Espresso Systems, and RISC Zero are working on new, high throughput ZKP-based L1s.
The common thread among all of the techniques outlined here is that ZKPs have opened up the design space for how blockchains can scale. In the short term as some of these techniques make it to production, we expect to see ZKPs increase blockchain scalability by 10-100x and in the medium to long term as hardware acceleration converges to a theoretical asymptote we may see ZKPs accommodate arbitrary scale via fractal rollups and recursive proofs.
Interoperability. Existing blockchain interoperability protocols rely on trusted systems which have led to many billions of dollars worth of exploits. ZKPs replace crypto-economic trust assumptions with cryptographic guarantees. Most cross chain communication protocols are backed by a multisig or an incentivized validator set for relaying block headers from chain to chain, but a protocol that accepts block headers along with a ZKP to prove their inclusion and finality would have much stronger security guarantees. Moreover, the use of recursion in zk interoperability protocols may remove the need to maintain pairwise bridge contracts and further reduce the surface area for exploits.
Among the primary applications of ZKPs, interoperability is the most nascent. There are only a handful of researchers exploring this topic. As access to the technology accelerates and experts converge on best practices we expect to see more focus and innovation in interoperability.
Since the launch of Zcash, ZKPs have made great strides moving from theory to application. But it's extremely early. There are still vast discrepancies in performance benchmarks across proof systems, software implementations, and prover hardware. Over time we expect to see the industry converge on best practices and many of today’s most notable differentiators may be commoditized. This is a feature and not a bug. ZKPs are a revolution in computer science and unlike previous iterations of the internet, will be built in public. As the zk ecosystem accelerates we are excited to partner with and invest in the very best teams who are using the technology to build innovative solutions to core problems in web3 – from the earliest stages to those that are well on their way already.
If you are a zk researcher, engineer, or founder interested in collaborating please reach out to me at breck at haun dot co.
Thanks to Alex Pruden, Dan Boneh, Preston Evans, Scott Sunarto, and Ye Zhang for their review.
This post is for informational purposes only, and does not constitute a recommendation to buy or sell securities or to pursue any particular investment strategy. This post should not be relied upon in evaluating the merits of any investment or any particular investment strategy. You should consult your own advisers as to business, financial, tax, legal, and all other related matters concerning any investment. The views expressed in this post reflect the current opinions of the authors and do not necessarily represent the opinions of Haun Ventures Management LP or its affiliates. Certain information in this post may have been obtained from third-party sources, including portfolio companies of Haun Ventures. While taken from sources that the authors believe to be reliable, Haun Ventures has not independently verified the accuracy of such information. Content is as of the date posted and subject to change without notice. Haun Ventures makes no representations about the enduring accuracy of information or its appropriateness for any given situation. Please see https://www.haun.co/disclosures for additional important information.