We studied the technological history of ZK and found that the next hundred billion applications are hidden within it

Author: R3PO

The focus of the crypto world has shifted through Bitcoin, Ethereum, DeFi, NFTs, the Metaverse, and Web3, yet there has been a lack of attention on the cryptographic technology itself. Aside from the elliptic curve cryptography (ECC) used in Bitcoin, which has some public recognition, other cryptographic algorithms remain largely within the self-indulgence of researchers and developers.

R3PO believes this is not decentralized enough and will severely hinder the further expansion of Web3. Cryptography is the foundational component of blockchain and should not be controlled by a few individuals but should reach broader fields.

R3PO hopes to use a new writing paradigm to explain the meanings of terms, balancing professionalism and readability, and is committed to helping institutional investors and project parties discover hidden investment opportunities, entrepreneurial directions, and entry points in the ongoing development, seeking unexploited α returns.

The recently popular zero-knowledge proof technology is still a constantly evolving and innovating niche, but its technology itself has sufficiently broad application scenarios, making a comprehensive overview of it very important.

Zero-Knowledge Proof (ZKP) is not a new concept; a detailed review shows that it has undergone 40 years of development, giving rise to various models and applications.

Entering the Web3 era, as early as 2017, Vitalik Buterin had already noticed the potential use of ZK technology on Ethereum. Recently, Starkware secured $100 million in funding, bringing its total funding to $225 million, indicating that institutions view ZK technology with the valuation and potential of a public chain. This will be a long-term battleground that will expose more investment opportunities.

Looking back 20 years, R3PO believes that ZK development has at least a lifespan of a decade, so tracing the entire development history of ZK is necessary to clarify its development logic and find potential opportunities for the next steps.

The first article in this series will start from zero-knowledge proofs, transcending the inherent notion that ZK can only be applied in L2 fields, bringing everyone a new systematic understanding.

Starting from Zero: The Assembly Process of ZK

1982: Wealth Concealed, Divided High and Low The pursuit of wealth has existed since ancient times. Xiang Yu once said, "If the rich do not return home, it is like wearing brocade at night," but too much wealth can attract envy. Is there a way to compare wealth without revealing the amount?

In 1982, the later Turing Award winner Andrew Yao envisioned this problem, known as the famous millionaire problem. Omitting the mathematical process, its general operation mode is as follows:

• Alice and Bob choose numbers i and j to represent their wealth, with values ranging from 1 to 10;

• Alice performs one-way encryption on i and sends the encrypted result k to Bob, who receives a new value related to i;

• Bob performs calculations on k to obtain a new value m and sends it back to Alice, who can then determine the relationship between m and i.

• This process can continue, allowing both parties to ultimately complete the comparison without exposing information.

Of course, the above process is not exhaustive, but it sufficiently illustrates a point: we can indeed perform calculations between two parties without revealing information. If we extend this to multiple parties and a larger range, this becomes a typical secure multi-party computation (MPC) problem.

The millionaire problem is a starting point for ZK discussions:

1. It meets the definition of zero-knowledge without exposing wealth information;

2. It examines direct interactions between the two parties or participants without relying on a third party for evaluation.

1985: The Birth of Zero-Knowledge Proof In 1985, Goldwasser, Micali, and Rackoff first proposed the Zero-Knowledge Proof model, specifically the "interactive zero-knowledge proof" model, which simply allows verification of truth, size, etc., through ZK technology under multiple interactions.

Here, zero-knowledge is not entirely accurate. Taking Alice and Bob's interaction as an example, they can serve as both verifiers and provers, but the information exchanged between them cannot be related to the amount of wealth itself. The zero-knowledge here means zero correlation, not no information transfer.

The term "interactive" means that multiple interactions can occur, and this process can be repeated until a correct result is obtained.

Thus, the currently known ZK technology has taken its first step towards maturity, and all subsequent developments are modifications based on this foundation.

1991: Non-Interactive Zero-Knowledge Proof

By 1991, Manuel Blum, Alfredo Santis, Silvio Micali, and Giuseppe Persiano proposed non-interactive zero-knowledge proofs. As the name suggests, this upgrade focuses on the non-interactive proof process, verifying the truth of a theorem or hypothesis without interaction between the two parties. This may seem counterintuitive, but a brilliant example can illustrate it:

• After achieving financial freedom, Alice and Bob become mathematicians. Alice leaves Web2 to travel through Web3, continuing her ZK research.

• Suppose Alice can write a postcard to Bob when she discovers a proof of a new theorem, demonstrating her progress in research.

• This is a non-interactive process; more precisely, it is a one-way interaction: only from Alice to Bob. Even if Bob wants to respond, he cannot. Because Alice does not have a stable (or predictable) address, she will move before any mail can reach her.

• We agree that as long as Bob receives the mail, we do not need to check the content of the mail to confirm that the proposition "Alice has made new progress in her research" is true.

Non-interactive zero-knowledge proofs reduce the number of interactions to at most one, enabling offline verification and public verification. The former lays the foundation for the effectiveness of Rollups, while the latter couples with the blockchain's broadcasting mechanism to avoid resource waste from multiple computations.

At this point, the ZK we currently see has already become a mature theoretical model, but at this time, ZK is more of a research object in mathematics and cryptography, with little connection to blockchain. After the emergence of Bitcoin, the combination of cryptographic technology and blockchain became the research direction, with ZK undoubtedly being a standout.

It is worth noting that Satoshi Nakamoto himself did not reject the use of ZK technology in the Bitcoin network; rather, it was the immaturity of ZK technology at the time that led to the choice of the relatively safe ECC algorithm. ZK can be directly applied to Layer 1 blockchains, with Zcash, Mina, and Ethereum's Istanbul upgrade all involving areas related to zero-knowledge proofs.

A Meeting of Dragons: STARK Will Eventually Replace SNARK

2010-2014 Zcash: Practical Scenarios for SNARKs (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge)

After the emergence of the Bitcoin network, security and privacy became the initial perceptions of blockchain. A series of privacy-based public chains and applications emerged in the market, such as SNARKs used in Zerocash/Zcash and Bulletproofs (BP) used in Monero.

In 2010, Groth achieved the first O(1) constant-level ZK based on the ECC algorithm, namely ZK-SNARKs or ZK-SNARGs.

• SNARGs: Succinct Non-Interactive Arguments

• SNARKs: Succinct Non-Interactive Arguments of Knowledge

From an application perspective, this improvement focuses on the "succinct" functionality, specifically, SNARK aims to compress the size of the information itself. In ZCash, the program circuit is fixed, so the polynomial verification is also fixed, allowing the setup to be executed only once, with subsequent transactions only needing to change the input for reuse.

In 2013, the Pinocchio protocol improved efficiency to minute-level proof and millisecond-level verification time, with overhead controlled to within 300 bytes. This was also the first time ZK-SNARKs technology truly landed in the blockchain field.

This demonstrated that ZK technology can play a role in privacy scenarios. R3PO judges that the subsequent privacy route will have the potential to exist independently of L2. Aztec has proven the feasibility of privacy DeFi routes, and after Tornado was sanctioned, on-chain financial privacy remains a strong demand. The investment opportunities in this direction have yet to be widely explored and are worth looking forward to.

Additionally, the privacy coin project Zerocash further improved the relevant algorithms, using the SCIPR Lab optimized zk-SNARKs algorithm, which can theoretically hide the payment source, recipient, and amount while keeping transactions under 1KB and verification time under 6ms.

Mina: Recursive ZK Data Compression

Mina differs from Ethereum L2; it is a high-performance public chain at the L1 level, with its running nodes only 22KB. The reason it can be so small is that it extensively utilizes recursion to prove the validity of ZK confirmations, meaning each piece of information carries the previous confirmation results.

• Step 1: zk-SNARKs prove node validity, only needing to save its proof results;

• Step 2: Through recursive calls, ensure the correct transmission and retrieval of node validity without needing to retain all historical data, achieving extreme data compression;

The effectiveness of the transmitted results, rather than saving full node data, is Mina's effective proof method. In Ethereum L2, ZK-Rollup can achieve validity proof by packaging multiple transaction data and settling once. Further extrapolating, L2 can be layered with L3 or Dapp applications. These are all niche areas where ZK can develop, such as dYdX currently running on Starkex and L2 ImmutableX built on Starkware, both proving the potential use of ZK. The value of this niche has not yet been fully tapped and still holds long-term investment value.

At this point, all the technical requirements for ZK-Rollup are basically in place. We have equipped ourselves with sufficient foundational knowledge of ZK and can summarize the following characteristics of ZK:

1. Non-interactive: No need for multiple verifications; a single verification can be broadcasted to the entire network;

2. Zero-knowledge: No need to disclose the characteristics of the information itself, allowing for public dissemination across the network;

3. Knowledge: Knowledge is not publicly available or easily obtainable information; it must possess unique value, such as economic value or privacy value;

4. Proof: Proof is confirmed by mathematical means, with security validated through years of research and practice;

Combining these technical characteristics, we can find that ZK is inherently suitable for L2 scaling and is not limited to L2. Other applications of ZK technology will continue to be published in subsequent texts, and we welcome everyone to keep following.

Conclusion

Starting from the millionaire problem, we transitioned from the MPC problem to the field of zero-knowledge proofs. For economic reasons, interactive zero-knowledge proofs are not entirely suitable for on-chain activities, while non-interactive zero-knowledge proofs are gradually becoming mainstream.

With the development of Zcash, SNARKs technology is increasingly applied, transforming ZK technology from a purely cryptographic research object into an engineering tool used in the blockchain field, playing its role in privacy, security, and efficiency.

The Ethereum scaling scenario has enabled ZK to achieve L2, with Rollup technology routes outperforming other competitors. zk-STARKs are also gradually developing, promising to activate more common use cases such as mining, GameFi, and NFTs.

Beyond Ethereum, more and more new models have gradually emerged, such as customizable modular Rollup routes, and Eclipse, which has just completed $15 million in funding, whose roadmap will support the Move language and Solana network, as well as Scroll, which completed $30 million in funding, aiming to establish EVM-equivalent ZK-Rollups.

The driving force behind the new story is the recognition of ZK technology. Broadly speaking, ZK is a "large and comprehensive, long and far-reaching" field. The continuous news of large financing indicates that the market's acceptance is gradually increasing. However, overall, this is still a new field. Even in terms of its technical routes, there are "involution" factions, and the investment opportunities within them exist long-term, whether embedded in underlying infrastructure or landing in specific application scenarios, requiring us to continuously explore.