What exactly is zk-SNARK advocated by Vitalik? What problems does it solve?

Original source: Haotian (Twitter: @tmel0211), blockchain security practitioner

At the Montenegro EDCON conference, @VitalikButerin discussed the technical challenges faced by the Ethereum network in terms of scalability, privacy, and security, ultimately concluding that zk-SNARK will be as important as blockchain in the next 10 years. What exactly is zk-SNARK, which Vitalik has been tirelessly promoting? What current blockchain issues can zk-SNARK technology solve? In the following thread, I will throw out some ideas for discussion. 1/n

SNARK stands for (succinct non-interactive argument of knowledge), which is a concise non-interactive proof of knowledge. Its core is to construct a proof system through mathematical algorithms, allowing verifiers to validate the correctness of data without knowing the original data. The implementation involves complex technologies such as verifiable circuits, elliptic curve cryptography principles, hash functions, and encryption algorithms, which I will not elaborate on here. 2/n

Since SNARK can compress original data into a very small proof to verify the correctness of its input data, combined with the technical foundation of zk zero-knowledge, zk-SNARK can excel in blockchain scalability, privacy, and security. Especially after Ethereum enabled the Merkle Randomized Algorithm (MAST) in 2018, zk-SNARK can be directly integrated into the Ethereum system to address the current bottleneck issues of the Ethereum network. 3/n

This is why the zk-STARK technology, which originated from @Starknet and can handle more complex computational problems (such as avoiding quantum computing attacks), is still overshadowed by zk-SNARK. Particularly, some paradoxes in blockchain that confuse everyone can be effectively resolved when using zk-SNARK as the underlying technology, such as: the potential hacker money laundering problem that protects privacy, and the unavoidable interference of centralized institutions in social recovery, etc. 4/n

First, let's talk about scalability. zk-rollup technology is far ahead of op-rollup and is a final solution for Ethereum's second layer. Op-rollup assumes all transactions are optimistic by default, and after submitting to the chain, there is a 7-day fraud proof challenge period, while zk can quickly and securely ensure the legality of every on-chain transaction based on mathematical algorithms. (For specifics, please refer to a previous thread) 5/n

Here, zk-SNARK solves a paradoxical problem of Ethereum's scalability: the contradiction between scalability and centralization. Although op-rollup solutions have more mature practical scenarios, there are still potential risks of centralization in the processes of sequencer ordering and optimistic challenge verification. We can certainly be "optimistic," but to achieve a truly decentralized rollup, SNARK is indispensable. 6/n

Now let's look at privacy. Based on the existing blockchain technology context, developing privacy technology can lead us into a logical paradox: will privacy ultimately serve as a wedding dress for hackers? However, if based on zk-SNARK, we can create a Proof of Innocence (POI) solution that allows users to deposit and withdraw funds privately while avoiding misuse by criminals. Specifically, POI technology can be applied to protocols similar to Tornado; 7/n

The POI technology provides each user with a digital fingerprint based on the blockchain state history and private key generation. When a hacker attempts to launder money through Tornado's mixing pool, if the withdrawal request address and deposit address they provide contradict each other (different private keys), it will be intercepted and returned to the original mixing address. This means that the hacker's illicit assets cannot escape tracking through the mixing system; 8/n

Of course, as mentioned in Vitalik's speech, we can directly construct an exclusion list Merkle tree, essentially adding a blacklist mechanism to the Tornado protocol. Normal users whose deposits are not on the list can generate an innocence proof and use Tornado normally, while the opposite is true for those on the list. While adding a blacklist is effective, it carries centralization risks; I personally believe that preventing transactions with inconsistent private keys is more meaningful; 9/n

Finally, let's discuss the third-party anti-censorship paradox (security) issue. The Social Recovery feature is undoubtedly a path that blockchain mass adoption must take, but from the community protests against @Ledger when this feature was opened a couple of days ago, it is clear that recovery cannot be built on the premise of a centralized third party. zk-SNARK technology can precisely solve this problem. 10/n

In simple terms, when users generate multiple private key shards, they can encrypt the shards and use the zk-SNARK proof system to generate proofs, which can then be distributed to trusted institutions or friends. If a user loses their private key, they can request a third party to provide proof of the shard data and then use zk-SNARK to verify the accuracy of these proofs, thus achieving social recovery without revealing private key shards. 11/n

Once the above content is fully understood, it is not difficult to see the importance of zk-SNARK technology for blockchain systems. It can solve various paradoxical issues in the current development of the Ethereum network, such as scalability versus centralization, privacy versus wrongdoing, and security versus anti-censorship. Therefore, when Vitalik says that zk-SNARK will be as important as blockchain in 10 years, perhaps Ethereum will also become zk-SNARK-ified. Well, zk-SNARKS Rule Everything Around Me. 12/12

Thanks to @TommyDeng_DAO for summarizing the content of Vitalik's speech at the Montenegro conference in a timely manner, along with a wealth of wonderful illustrations. The above technical thoughts are merely a starting point for open discussion, and everyone is welcome to share their thoughts.