The next battleground for military strategists: the ZK proof market #208

Author: Yiping, IOSG Ventures

TL,DR;

• ZK technology is mainly applied to improve the scalability, privacy, and credibility of various projects (such as Starkware, zkSync, Scroll, Mina, Risc0, Giza, and EZKL).
• ZK technology requires a significant amount of computational power, leading to computational overheads ranging from 10^4 to 10^6, posing challenges for infrastructure teams.
• The primary methods for generating ZK proofs are Proof Markets and Proof Networks. Proof Markets operate as open markets for trading ZK proofs, while Proof Networks have internal servers that provide a cloud-like experience for generating proofs.
• The Proof Market approach allows for flexibility and cost-effectiveness, as it facilitates ZK proof transactions in an open market without the need for high-end server management.
• The Proof Network approach offers a smooth and developer-friendly experience, providing a solution to quickly and reliably generate proofs without much focus on market mechanisms. Theoretically, it can produce proofs quickly, as matching orders in the proof market also takes time.
• Challenges include difficulties in testing and debugging, emerging security issues, potential vendor lock-in, higher costs in certain usage patterns, and loss of token utility.
• Leading players may be those companies with the highest internal demand for ZK proofs, as they can leverage existing infrastructure and specialized teams to maximize hardware utilization.
• Emerging applications include ZK Coprocessors, ZK Attestation, ZKML, and ZK Bridges, all of which have increased the demand for generating ZK proofs.
• In the ZK space, decentralized proof networks are driven by the blockchain industry's preference for security, censorship resistance, and privacy, although the inherent security of ZK means these advantages do not require decentralization as a prerequisite. For ZK, performance is the primary concern.

Introduction

Growing Demand for ZK After years of research in the zk field and significant improvements in performance, zk is finally being applied to real-world applications. Talented engineers are applying ZK to:

• Scalability
• Privacy
• Data Credibility

Many interesting projects rely on zk, such as Starkware, zkSync, Scroll, Mina, Risc0, =nil;Foundation, EZKL, Giza, Polygon, and Manta. These projects generate zk proofs steadily and continuously every day. The most popular zk use case currently is zkRU, which addresses Ethereum's scalability issues. In the past month, zk verification has cost millions of dollars on Ethereum/Ethereum L2s. Source: https://dune.com/nebra/zkp-verify-spending A strong increase in ZK verification cost over last year. This chart created by the Near team shows the fuel consumption of zkSN(T)ARK on Ethereum and L2s. It includes popular ZK projects like zkSync, Polygon, Aztec, Tornado Cash, Loopring, Worldcoin, Tailgun, Sismo, StarkNet, ImmutableX, and dydx. Compared to zkStark, zkSnark accounts for 80% of the total cost in verification. Among all these projects, Worldcoin has the highest verification cost, followed by zkSync. The verification cost for each Worldcoin is about $2, while for each zkSync, it is about $30. Burden of Proof Infrastructure ZK can solve scalability issues, but it comes at a cost. It requires a significant amount of computational power. ZK brings substantial computational overhead, which Rollup teams need to address. @_weidai estimates that using today's ZK technology incurs computational overheads ranging from 10^4 to 10^6. Theoretically, we can achieve a 10-fold reduction in computational overhead through dedicated circuits. Adding a virtual machine abstraction layer would result in a 100-fold increase in computational overhead. The following chart depicts the growth of computational power based on the Moore's Law, showing that chip efficiency has improved tenfold every decade since 2000. If we compare computational power based on the year 2000, it will reach 784 times by 2025. This also indicates that current ZK computations are still not on the same order of magnitude as in 2000. Source: https://visualize.graphy.app/view/04f82b27-3654-47eb-83e8-3981f6e258be Think about it carefully. We are trying to bring a 10 to 100 times increase in transaction volume to ZKRU. With the increase in transaction volume, we will also face computational overheads of 10^4 to 10^6. These numbers put immense pressure on the ZKRU infrastructure teams. Leading ZKRU teams are using high-end machines equipped with at least 200 GB of memory and have talented operations personnel to handle these infrastructure complexities. So what does this mean for a small team that wants to launch a ZKRU or build a third-layer solution using the ZK tech stack? How can an independent developer purchase these high-end servers and operate them correctly? Currently, launching a ZKRU is not difficult. You can use the ZK Stack and follow the documentation to deploy a new ZKRU. The hardest part is getting the high-end infrastructure to work. Managing a cluster of servers is much more challenging than maintaining our personal laptops on a daily basis. Additionally, hardware acceleration is not plug-and-play; different teams need to set up different configurations for their servers based on the zero-knowledge proof systems they use. Ensuring high availability is also a tricky topic. What if a pile of users starts minting Ordinals on your ZKRU, and you suddenly face a 1000-fold throughput? Even experienced teams like Arbitrum have faced downtime for several hours due to a surge in Ordinals transactions. Generating a large number of zero-knowledge proofs requires high-end server support. For small and medium-sized teams, setting up and maintaining a series of high-end servers will be a heavy burden. To better assist various teams in quickly adopting zero-knowledge technology, emerging projects are attempting to help these groups handle all the complexities of computational infrastructure.

Proof Markets

Source: IOSG Ventures Proof Markets and Proof Networks are the two main approaches. Proof Markets function like an open market. To generate a proof, users need to find a party willing to sell the proof at a certain price. Proof Networks operate like traditional cloud services, where developers submit their circuits and inputs, and centralized load balancing allocates internal servers within the proof network to generate proofs for users. Proof Markets are a popular method in ZK proof infrastructure. Proof Markets are open markets where buyers and sellers trade ZK proofs. ZK proof market teams do not need to worry about ZK proof hardware or owning high-end servers; they focus on ZK proof transactions and verification mechanisms to attract third-party hardware providers. Proof Markets are a more open approach. They welcome third-party hardware providers. As long as there are sellers of such proofs, buyers can purchase ZK proofs at a dollar price. When verifying proofs, everyone in the market does not need to reach a consensus; only the market operators bear the responsibility for verification. In the proof market, zkDapp developers submit a ZK proof order, including price, generation time, timeout, and public input. Then third-party hardware providers will accept the order and generate the proof. The economic structure of the proof market is straightforward. Proof generators need to stake. If they generate incorrect proofs or fail to provide proofs before the deadline, they will be penalized. Proof generators with more stakes will be able to generate multiple proofs simultaneously. The main players in the proof market industry are =nil and Marlin. =nil Foundation The proof market has sellers and buyers. Buyers are dApp developers. They pay sellers fees to generate proofs. Many factors influence the price of proofs. The main factors include circuit size, proof system, generation time, and input size. Below is the workflow of the =nil proof market:

1. The proof requester sends a request to the market with an expected price of c_r.
2. The proof market locks c_r tokens in the buyer's account.
3. The proof producer sends a proposal to the market at a price of cp <= cr.
4. The proof market matches the request with the proof producer's proposal.
5. The proof producer generates the proof and sends it to the market.
6. The proof market verifies the proof and pays c_r - fee tokens to the producer.
7. The proof requester obtains their proof and uses it.

The market design provides a trading-like experience. The price of proof generation fluctuates in real-time. Below are product screenshots of the =nil proof market. Source: https://nil.foundation/ Currently, the Proof Market supports a limited number of claims, with Mina claims being the most active. Specifically, the Proof Market accepts circuits based on their zkLLVM compiler and Placeholder proof system. Gevulot Gevulot is dedicated to bringing decentralization to the proof market. Gevulot serves as an open and programmable first-layer blockchain designed for the proof market. The first-layer blockchain is responsible for handling the distribution of proof requests, verification, and reward allocation. The proofers network utilizes lightweight unikernels for high performance. Gevulot uses verifiable random functions (VRF) to assign proof work to a small group of proofers, ensuring the reliability of the system. Source: https://www.gevulot.com/ Users can seamlessly deploy programs, with predictable costs, and can set a maximum fee based on the number of cycles required for program execution. Proofers are rewarded through the Gevulot network and user fees, incentivizing them to generate efficient and competitive proofs. The fastest proofers will receive the most network rewards. User fees will be shared equally among all nodes that complete the proof. Gevulot supports multiple programming languages for program deployment, including C, C++, Go, Java, Node.js, Python, Rust, Ruby, PHP, etc., as Gevulot's underlying VM Nanos supports x86_64 Linux ELF binaries. Gevulot is a general-purpose computing platform that supports different languages and proof systems. Gevulot relies on the Nanos single kernel to ensure that proofers can easily run on different machines. All proofers need to be compiled into a single single-kernel image. Proof Networks Proof Networks provide a more developer-friendly experience. Its operation is similar to Web2 cloud service providers. Developers send load data via REST API, and the proof network subsequently returns proofs to the developers. Developers do not need to worry about price fluctuations or which party will generate the proofs.

Risc0

Risc Zero has launched Bonsai using their zkVM. With the power of zkVM, users can have Bonsai generate various claims. For example, based on Bonsai and Risc0 VM, Zeth generates proofs for Ethereum blocks. Source: https://www.risczero.com/

Succinct

Recently, Succinct has also launched their new product. Instead of providing REST API circuits, Succinct offers a method more akin to cloud functions. Below is the user workflow:

1. Connect to GitHub account and deploy circuits
2. Call the API via REST or smart contract and pass in circuit inputs
3. Query results via REST API or smart contract

Source: https://succinct.xyz/ Compared to BONSAI, Succinct has the following advantages in developer experience:

• Easier management of circuit codebases
• No need to send circuits multiple times
• One-click deployment of smart contracts for on-chain proof generation and verification
• Explore popular ZK proofs
• Dashboard to view proof generation status
• Supports rustx, gnark, circom, plonky2

Source: https://succinct.xyz/ Proof Network vs. Proof Market Proof Markets provide greater pricing flexibility for buyers and sellers of proofs. It invites all hardware providers to participate, helping to reduce costs for buyers. However, it is worth noting that the amount saved may vary between individuals and enterprises. Generally, centralized services like proof networks may offer free services to individuals while charging high fees to enterprises, but providing access to VIP customer support. For example, if an enterprise plans to launch a new event or feature, they can reserve some computational capacity in advance on the proof network. A decentralized market may present a more balanced and competitive pricing structure. In today's market, products based on proof networks seem to offer developers a smoother experience. It handles all proof generation work and supports major proof systems without introducing any new complex concepts. It provides a consistent user experience. Theoretically, since order matching in proof markets also takes time, it offers fast proof generation. If you are familiar with cloud computing, proof networks are more like stateless cloud functions. We have =nil Foundation and Gevulot working in the proof market. Succinct and Risc0 are working in the proof network. Hardware companies like Ulvetanna and Cystic are also making significant contributions to improving ZK proof performance on GPUs and developing the next generation of dedicated ZK chips. Proof markets are relatively easy to launch. For ZK infrastructure projects, proof market designs can allow more hardware providers to come online. With their decentralized design, they can easily scale the network to meet future computational demands. In the future, we foresee a combination of proof network and proof market designs. The goal is to provide developers with a seamless experience while integrating proof markets as a backend to facilitate additional computational resources. This is the direction Succinct plans to pursue in the near future. We are also seeing similar shifts in other markets, such as Infura. Infura has its own servers, but it also plans to guide licensed participants to provide infrastructure.

Source: IOSG Ventures Who Really Needs Cloud ZK Infrastructure We believe that developers who wish to shorten time-to-market and build lightweight, flexible applications that can scale or update quickly will greatly benefit from these cloud ZK infrastructures. For applications with significant peaks and troughs in usage, cloud ZK infrastructure will reduce costs. For such applications, purchasing a set of servers that are always running and guaranteed to be available during peak times can be quite expensive, leading to significant waste during low usage periods. Cloud infrastructure can scale on demand to enhance performance and automatically release excess computational power when not needed.

Who Will Become the Leaders?

From our understanding of the Web2 cloud industry, we find that companies with the highest computational demands often have leading cloud infrastructure businesses. They can leverage scalability, cost, teams, and innovative products. This also applies to cloud ZK infrastructure. We believe that projects with the highest demand for generating verifications have the potential to have one of the most successful ZK cloud infrastructure businesses. For projects that internally generate a large number of ZK proofs, they already have substantial infrastructure, optimizers, and specialized teams. By sharing proof resources across applications, they can also maximize hardware utilization; when one application does not need to generate proofs immediately, the proofers can be repurposed for other uses. These large projects all have their own proof systems to some extent. Third-party proof infrastructure often struggles to optimize the various proof systems used by different large projects. By providing fast and easy-to-use cloud proofers, large projects can effectively scale their proof system ecosystems. For ZKRU, cloud ZK infrastructure can enhance the usage of its forks. Launching a new second or third layer on these ZKRU is not difficult, but maintaining ZK infrastructure will be costly. Providing out-of-the-box and flexible cloud proofers can help attract more developers. Currently, most developers use OPRU SDK to build new second or third layers due to the ease of managing the corresponding infrastructure. If they do not build their own ZK infrastructure, these large ZK projects will need to pay high fees to third-party computing providers. They will also be limited in their development speed, as they cannot always customize their infrastructure to further improve performance and reduce proof costs.

Who Has the Greatest Demand for Zero-Knowledge Proofs?

In addition to ZKRU and layer 1 networks, we have recently seen more emerging zero-knowledge proof applications. They all have a huge demand for proof generation. Zero-knowledge coprocessors enable smart contract developers to obtain past blockchain states without trust. Zero-knowledge coprocessors generate zero-knowledge proofs for these past blockchain states. This could be a more secure and trustless alternative than graphs. Zero-knowledge attestation helps users bring off-chain data or identity information onto the blockchain. Attesters verify this data off-chain and generate a zero-knowledge proof for it, placing it on the blockchain. Zero-knowledge machine learning enables on-chain inference. Computing providers perform ML computations off-chain, generate a zero-knowledge proof for it, and then publish that proof to the blockchain. Zero-knowledge bridges are a more secure version of cross-chain bridges. They generate storage proofs or even consensus proofs for the source chain and place them on the target chain. This could replace current cross-chain bridges.

What Makes Decentralized Proof Networks Special?

In the blockchain industry, decentralization is the most popular narrative. Decentralization brings many benefits:

• Security
• Censorship Resistance
• Privacy

Zero-knowledge proofs are different from other general computations. ZK has inherent security. Anyone can easily and quickly verify proofs to ensure the honesty of the prover. In the ZK space, decentralization is not a prerequisite for security. Zero-knowledge proofs focus on complex underlying details, built into circuits. While the content within these circuits is extremely difficult to censor, censorship can still be effectively implemented by targeting the requesters of ZK proof generation. For proof networks, privacy may become an issue as users send private inputs to the proof network. The ideal solution is to generate proofs locally to prevent any data leakage. This will pose challenges for local performance. Other solutions may involve a new zero-knowledge multiparty computation protocol or generating proofs in a trusted execution environment. A decentralized proof network cannot provide more privacy. Beyond the narrative, censorship resistance may be the primary reason for building decentralized proof networks. Zero-knowledge proof technology is still in its infancy, and so far, we have not observed any form of censorship in this field. However, the main challenge hindering the development of zero-knowledge proofs is performance. Introducing decentralized proof networks may increase the computational demands for generating proofs. Conclusion The application of zero-knowledge proofs is developing rapidly and has a wide range of applications. We expect to see zero-knowledge proofs integrated into different technology stacks. We have already seen ZK layer1, ZK layer 2 networks, ZKML, ZKVM, ZK-Email. Developers are also building ZK oracles, ZK data sources, and ZK databases. We are on the path of "ZK-ifying everything." The computational overhead brought by ZK forces developers to deploy their circuits on high-end servers. Therefore, we expect the demand for cloud ZK proof infrastructure to increase to help developers escape the complexities of operating this infrastructure. Our insights in this area include:

• Proof markets and proof networks are two main approaches that can help ZK dApp developers move away from the complexities of infrastructure.
• We anticipate a hybrid approach that combines proof networks and proof market mechanisms.
• Not all ZK dApp developers are suited to use cloud ZK infrastructure. Medium-sized projects with stable traffic can self-host servers to reduce costs.
• The leaders in cloud ZK infrastructure will be those projects with a demand for generating a large number of ZK proofs, such as leading ZKRU. They have economic incentives to pursue this business.
• Decentralization is a major narrative in the crypto space, as decentralization brings features like privacy, censorship resistance, and security. ZK proofs already possess some of these features. Currently, the selling point of decentralized proof markets is censorship resistance.
• The popularity of cloud ZK proof infrastructure is closely related to the number of ZK dApps currently on the market. While some projects initially emphasized their cloud ZK proof infrastructure as a key feature, many will ultimately shift their focus to other new narratives.