Attack of the zkEVMs! Crypto’s 10x moment – Cointelegraph Magazine12 min read
Crypto is currently languishing like the internet did in 1996 with slow speeds and few practical use cases, says Steve Newcomb, chief product officer of Matter Labs.
But a major increase in bandwidth and security soon after saw the internet become a crucial part of daily life across the globe — and we’re right on the cusp of that happening for crypto in the next few months.
“Nobody trusted their credit card on it and everybody thought it was a fad and there weren’t any use cases for it,” Newcomb explains.
“And then we had 10x moments in bandwidth and then SSL came, and HTPS where you got that lock — that was a 10x moment in trust. Suddenly in 2005 ecommerce just went through the roof.”
Crypto’s ‘10x’ moment could finally be here, with zkSync’s Ethereum Virtual Machine compatible mainnet launching on October 28. EVM is essentially the operating system for Ethereum and enabling it to work using zero knowledge rollups means everything running on Ethereum can seamlessly port over to experience a huge jump in speed and lower costs.
They’re not the only ones attacking the problem: Polygon launched its testnet for its own zkEVM this week with Aave, Uniswap and Lens all committing to deploy on it. Scroll launched its “Pre Alpha testnet” in July while StarkWare’s zk solution has been ploughing through millions of transactions a month.
These solutions are all well funded, with Scroll raising $30M, Starkware raising $150M and Polygon raising $450M. Newcomb hints that zkSync’s own funding round is in the same ballpark as Polygon’s, but it’s yet to be officially announced.
StarkWare is way out ahead of the pack, having launched its own zk rollup solution nine months ago and it turned on recursive scaling in August. But it also made the risky decision to use a custom programming language called Cairo in order to scale more efficiently. This could see adoption by the big protocols move to the path of least resistance on the EVM compatible solutions.
All of the solutions are also working on recursive scaling and/or ‘Layer 3’ implementations which will see Ethereum transactions potentially become thousands of times faster, remove the need for interchain bridges, and allow crypto to finally realize its true potential.
What is a zero knowledge thingamy?
ZK rollups are among the biggest buzzwords in blockchain today. The technology allows for thousands of transactions to be computed away from the achingly slow Ethereum blockchain, with a tiny “validity proof” verifying that all the transactions were carried out correctly. So you can “roll up” 10,000 transactions carried out elsewhere into a single ETH transaction. This is a big deal because even after the Merge Ethereum limps along at 15 transactions per second.
ZK rollups have been used for NFTs and financial transactions for some time now on platforms like Loopring, dyDx and others. But as co-founder Vitalik Buterin pointed out during ETH Seoul in August:
“In general, I think we’ve learned that people don’t just want like a scalable money thing, they want a scalable EVM.”
It’s one of what Newcomb calls “five magic elements” for ZK rollups. In his view a ZK rollup solution should be general purpose, EVM Compatible and support Ethereum’s programming language Solidity. It should also be open source to fit with crypto’s founding ethos, and it should have a token distribution that decentralizes the protocol rather than concentrates wealth among the team.
By curious coincidence, zkSync has achieved all five of these self imposed metrics. (Newcomb says he can’t detail the exact token distribution, but says around 30% for insiders seems to be the “consensus.”)
The checklist is something of a veiled criticism of competitor StarkWare which is set to give 49.9% of its StarkNet token supply to investors and core contributors. It’s also not open source, although it plans to give control of the IP to its community.
Co-founder Eli Ben-Sasson explains that the only way to take full advantage of the scaling afforded by ZK rollups is to use a custom language like Cairo.
“I’m very confident people will realise once they turn on proofs that the goal is not to simulate EVM. The goal is to reach scalability. To put 10,000, 100,000, one million transactions and have their proof fitted inside a single block of Ethereum,” he says.
“I’m willing to bet that you won’t see a full blown ZK EVM that can put a million transactions inside a single proof on Ethereum. As we can easily do today and have been doing for months and years.”
Scaling versus compatibility
StarkWare’s Odin-Free explained on Twitter there are complicated mathematical reasons behind the need for a custom language because “proof systems like Stark are based on polynomials over finite fields, giving a much more effective polynomial equation.” OK, let’s take his word for it.
For Ben-Sasson, trying to soup up the EVM is just dumb:
“If you wanted to solve transportation, you could take a big truck and put it inside a plane and have the plane deliver it,” he says.
“There are planes that can fit a truck inside, but that’s a very inefficient way of doing it. Far better way is just taking things and putting them directly in the plane.”
That said, the ecosystem does have a transpiler called Warp that turns Solidity code into Cairo code and which has just been used to port over a fork of Uniswap to StarkNet.
So essentially with zk rollups there is a choice to be made between total compatibility with the EVM and scaling. Total compatibility enables DApps and protocols to seamlessly port over and everything just works exactly like on Ethereum for devs and users, but in scaling terms, faster is obviously better.
Newcomb admits StarkWare’s solution will produce scale better, but says sacrificing accessibility means it is more suited to bespoke enterprise applications than being a fundamental part of Ethereum due to “adoption friction.”
“They’re not EVM compatible, so it’s really hard to port to them. We’ve seen projects that take seven months to port to them.”
Compatible but less elegant
There’s no agreed upon definition, but ‘EVM equivalent’ usually means “exactly the same as EVM” so you can just deploy the existing smart contract on the solution without any changes.
Scroll is widely agreed to be equivalent, but it’s also not on a proper testnet yet and is many months behind the others with a comparatively small budget. Polygon’s zkEVM solution claims to be equivalent (however this is contested.) zkSync meanwhile, will be EVM compatible – which means it’s almost identical but a few things may not work due to some design choices to make the solution work better.
Polygon launched its zkEVM Public Testnet on Monday claiming “Polygon is the first project ever to deliver a full-featured, open source implementation of zkEVM; a groundbreaking milestone, not just for Polygon, but for the whole industry.” Polygon says the testnet “includes a completely open-sourced zk-Prover — the first of its kind to be released publicly.”
Co-founder Mihailo Bjelic tells Magazine early tests show that “Polygon’s zkEVM can reduce Ethereum’s network fees by approximately 90% and increase the network’s throughput by several orders of magnitude.”
He says that open sourcing the technology “proves our alignment with the ethos of the industry and increases security of the solution since anyone can review it and point out potential bugs. This is not the case with StarkNet or zkSync, which keep critical parts of their implementations closed source, at least for now.”
According to Scroll’s Luozhu Zhang there are three potential types of zkEVMs: bytecode level, language level and consensus level. zkSync and StarkWare are at the language level and require a compiler or transpiler step, while Scroll and Polygon are bytecode level approaches. The human readable form of bytecode is called an opcode.
Bjelic says that Polygon’s solution is designed to be EVM equivalent whereas:
“Projects like StarkNet and zkSync are taking a different route — they have their own custom virtual machines, and then they try to transpile Solidity, the most popular language built on top of EVM to the languages these virtual machines can interpret,” he says.
“There are two major challenges with this approach: (i) it is hard to build a transpiler that will support 100% of Solidity smart contracts and (ii) even if you have the transpiler you still can not leverage all the developer and end user tools like Polygon zkEVM can.”
Newcomb says there is bad information circulating. “We do not transpile, we compile,” he says. And he takes a shot back at Polygon saying that from looking at the project’s Github that they are yet to develop a working general purpose prover integrated with a working sequencer.
“If this is the case then it means they have an undefinable amount of work to be done. The last 10% of any complex system is always the most difficult. This looks similar to where we were or even behind where we were when we launched testnet. And then after that it took us nine months.”
zkSync meanwhile is compatible with all but three of Ethereum’s 141 Opcodes — one of which has been deprecated, another is being deprecated and the third one is used by less than 1/10th of 1% of projects according to Newcomb.
“So what did we get for not being fully equivalent? We got two things, our cost for performance is way better than any solution going after equivalence. We’re way faster, way cheaper. And the second thing we got is we were able to stick an LLVM compiler inside of our chain which you can’t do if you’re doing equivalent. And what an LLVM compiler does is we’re already looking at layer three.”
The LLVM would let a Python, Rust or C++ developer code on their solution, which then compiles down to work the same way with Solidity.
“That is huge for adoption. So where this project that took seven months over here in Cairo that same ecosystem project ported to us in seven days. That’s compatibility.”
He concedes it would take just one day to port over if zkSync had total equivalence but would miss the LLVM and the increased scaling. So he says it’s a trade off worth making.
Layer 3 and recursive scaling
The coolest thing about being able to compress a large number of transactions into a single validity proof, is that the technology allows you to compress numerous other proofs into a single proof as well.
It’s called recursive scaling and Declan Fox, product manager for rollups at Consensys, believes it’s so powerful that in theory the entire global financial system could run on Ethereum. “We have the technology to achieve that kind of throughput necessary,” he says. “With recursive rollups and proofs, we theoretically can infinitely scale.”
Also read: Ethereum is eating the world: — ‘You only need one internet’
StarkWare turned on recursive scaling back in August and has processed more than 30 million transactions since using the tech.
“Recursion has already, at this early stage, increased the number of transactions in a single proof by approximately 8x,” explains Ben-Sasson. “What is more, it’s proving so efficient, soon after it went into production there’s a reduction of around 40% to our own cloud cost for proof generation.
“These aren’t predictions or numbers we hope to see, but rather numbers from what’s in production today. And I stress: this is just the start, and changes we’ll make will mean these numbers will get more and more impressive.
Polygon is about to implement its Plonky2 solution according to Bjelic. It’s an open source zk-SNARK solution. “This recursive SNARK can be used to verify transactions orders of magnitudes faster than existing alternatives. Plonky2 is also natively compatible with the Ethereum Virtual Machine, which allowed Polygon to develop the zkEVM.”
And the testnet for ZK Sync’s Layer 3 will be released soon, in time to take advantage of an Ethereum upgrade called Proto-Danksharding early next year designed specifically to give rollups the space on Ethereum to blossom. Newcomb expects Layer 3 to be in production within a year. They’re calling it Pathfinder, an ecosystem of ‘fractal hyperchains.’
‘We could probably go on for hours engineering wise, but functionally the further up the recursive chain you get away from Etherium the cheaper the data costs get and it’s a 10x, 10x, 10x, 10x, as you recurse off up with data costs, and that’s unique to zk.”
“That’s where we get to 100,000 TPS and a million TPS,” he says. Visa chugs along at around 4000 TPS on a normal day, spiking up to around 65,000 TPS at peak times like Chrismats.
“ZK is the only way to get to like 100,000 TPS so that you can get to the levels where something like Visa replaces its underlying protocol with a blockchain. And when you do that, that’s your mass adoption moment.”
Another astonishing development according to Newcomb is that Layer 3 can get rid of the requirement for interchain bridges, which is where all more than $2 billion of hacks have occurred this year alone.
“One of the other things that we’ve already achieved up in Layer 3, we get rid of all bridges. And when you can have one prover doing the circuit for all of the hyperchains up in L3, any communication from one blockchain to another now is native. That’s the other reason why Vitalik said this is the end game because there are no more bridges.”
‘If you make it faster, cheaper by orders of magnitude, if you make it easier to use and more welcoming to a broader audience of developers by having more languages available, and then you make people trust it because you get rid of bridges. That’s what I always say is a star cluster of 10x moments up in L3 and that’s where the game is going to be had.”
Not fixed yet
So that’s it? With the arrival of ZK rollups and EVM compatible scaling solutions everything has been solved?
Unfortunately not. ZK rollups are currently very good at taking computation off of Ethereum, but they still need to write enough data back to the main chain so that if the rollup stopped working or it taken over by bad guys, then some other outfit could step into the breach and work out who owes what to who.
It’s called the data availability problem and a considerable amount of Ethereum’s roadmap with proto danksharding and full danksharding aims to solve it and allow for more data to be included. There are a couple of ways around this at present including storing data on Validiums, which are cheaper but less secure.
The most engaging reads in blockchain. Delivered once a
“So the way we describe it is if you have a baseball card collection, and many of these cards don’t cost a lot and you’ve saved them in Valdium but then one rare card that is worth a lot of money you will probably save on Layer 1,” says Ben-Sasson.
Polygon is working on a number of solutions to this same problem including Avail “a blockchain where information is available to everyone at any time, was designed specifically for this purpose,” Bjelic says.
zkSync’s Pathfinder will enable devs to choose from three options for data availability, a Validium, zkPorter (mixing on chain and off chain) and ZKRollup (full security).
Don’t expect a big bang from zkSync’s mainnet launch on October 28. It will be kind of underwhelming at first, with a couple of months of just Matter Labs testing and offering users bounties to try to hack it or exploit it. Then DApps will be allowed to port over, and start building and testing security.
“And then when we feel like we got everything done, we do what’s called lift in the gate. And then all the users can come into the system simultaneously and it’s called a fair release program. So we don’t favor any project over another.” He says that 150 projects will launch at that point and there will no longer be any reason a project would wait around for Polygon’s solution to be finished..
“It’s like they’re going to a racetrack and they’re showing up with the chassis of a car that doesn’t have any wheels, no steering wheel and absolutely no engine,” he says.
“And we have the whole product done. You know we have the Ferrari and we’re ready to go.”