Zero Knowledge technology, or zk in short, is an enabler technology that will transform not only Web 3 but other industries as well. It is a general enough technology to have a multitude of use cases. We are in the early innings of figuring out all the use cases the technology can enable. Some of the obvious zk use cases have found real applications such as enabling transaction privacy and data compression, i.e., rollups. However, there are still many potential use cases and technology advancements that are needed to get zk to mainstream adoption.
In this article, we first review the different applications of ZKPs. Then we discuss what can enable the next phase of this technology and some startup ideas that can benefit from this technology. Builders working on any of these ideas are encouraged to reach out or apply to join the Alliance founders’ community. Alliance is looking to support and fund founders building in this direction.
Map of ZKP applications
Zero Knowledge Proofs (ZKPs) have found a strong foothold in the crypto industry since their invention. ZKPs indeed allow some magic that makes the technology really exciting. At a high level, ZKPs allow an entity to prove to the rest of the world that they know a piece of information or that they have correctly completed a task without revealing the information or showing the details of the task execution. The magical math of zk allows us to trust that knowledge or execution completion by just inspecting the generated ZKP. For this reason, the first and most aligned use case for ZKPs was privacy-focused crypto networks. ZKPs were also used to provide validity proofs of the Ethereum L2 transactions on Ethereum’s L1 to introduce the concept of zk rollups. In addition, ZKPs have found other niche applications within different projects.
Privacy-focused payments and protocols
ZKPs naturally enable privacy, especially in decentralized networks that lack a central authority that can act as the source of truth. ZKPs allows a Web 3 user, the prover, to prove to the network validators, the verifiers, that their transaction is valid, i.e., that they have enough balance to spend, without revealing the transaction details such as the transaction amount, or the sender or receiver addresses.
ZKPs were initially developed to support shielded, i.e., private, payments in the Zcash network and then expanded to other networks. The implementation of private payment networks include
- Privacy-focused L1s: Zcash, Horizon, Aleo, and Iron Fish
- Privacy smart contracts on general chains: Tornado Cash
- Privacy-focused L2s: Aztec
Validation of zk rollups
The other major use case of ZKPs is generating rollup validity proofs on the underlying L1. General-purpose rollups optimize for throughput, i.e., proving more TXs, by not utilizing the privacy features of the ZKPs. In this tradeoff, ZKP act only as proof of correctness of the L2 transaction execution.
As some general functions cannot be proven efficiently, generating ZKPs to prove correct execution of arbitrary smart contracts is difficult. Solving this problem requires the implementation of specialized VMs that can be efficiently proven using the underlying zk circuit. Because of this complexity, zk rollups first started by only supporting payments or a single application, e.g., a DEX, where ZKPs can be easily generated. Examples here include zkSync 1.0 and Loopring. Afterward, general-purpose zkEVM implementation started to appear in the market including Starknet, zkSync 2.0, Polygon zkEVM, and Scroll. Currently, all zk rollups are on Ethereum but it is possible to implement zk rollups on other chains including Bitcoin. However, the implementation of Bitcoin rollups will require changes to Bitcoin opcodes and hard-forking the chain which is often not welcomed by the Bitcoin community.
Other ZKP applications
Outside of privacy-focused applications and rollups, ZKPs have found other applications within other blockchain protocols. This section covers these use cases.
Mina uses ZKPs to compress the blockchain state into a tiny size (~22 KB). To achieve this, Mina uses recursive ZKPs, i.e., ZKPs of other ZKPs. When a block is generated in the Mina network, zk-SNARKs are used to generate a proof of this block ensuring its validity. As the new block references the previous blocks, the new block’s ZKP validates all the previous blocks while keeping a constant size.
Filecoin uses ZKPs to ensure that the storage providers correctly store the data they claim to store. This process is called a proof of replication (PoReb). In this process, the storage provider generates ZKPs to prove they are storing a unique copy of the data, i.e., not referencing a copy maintained by another provider. The ZKPs provide guarantees for Filecoin users who want to achieve certain levels of redundancy and availability. Moreover, as the proofs are much smaller in size than the stored data, using ZKPs reduces the bandwidth requirements for the storage providers.
Celo Plumo uses ZKPs to allow the creation of ultra-light network clients that can be used on phones and other resource-limited devices. Despite the lightweight nature of the client, it has guarantees of the correctness of the state it accesses.
Dark Forest is the most popular application of ZKPs in the gaming sector. Although the use of ZKPs fits the privacy use case, its application to create an Incomplete Information Game is a unique use case that goes beyond the financial application of ZKPs in payment networks.
Development trajectory for ZKPs and their applications
Until 2016, ZKPs were merely a research topic that is only discussed within small academic circles. This all changed when the Zcash founding team created the first production-ready implementation of the ZKP variant zk-SNARK to support shielded/private transactions in the Zcash network. With a real use case in place, ZKPs have seen increased interest that resulted in better ZKP variants that became the foundation of many of the projects discussed in the first section. However, further ZKP developments are needed for the tech to achieve mainstream adoption.
To understand how the technology can be improved further, we can learn from similar technologies such as AI. In many aspects, the ZKP technology resembles AI technology and is expected to follow a similar trajectory. Like ZKPs, AI started as a promising technology that can solve many problems. However, the initial AI algorithms were limited in capabilities and had computational complexity that far exceeded the capabilities of the available hardware. That made AI applications slow and impractical which kept AI mostly confined to research labs. Gradual improvements continued via inventing new architectures such as Deep Neural Networks (DNNs) and utilizing GPUs to improve execution speeds. This eventually led to breakthroughs such as AlexNet in 2012 which won with a huge margin in the most well-known computer vision competition ImageNet. AlexNet was the beginning of an era in AI that led to the current mind-blowing AI applications such as GPT-3, Dall.E 2 and Stable Diffusion.
The state of ZKPs today resembles the state of AI in its early days, a promising technology that is still being actively developed and that is computationally intensive leading to long proving times. Learning from the progress of AI, we can identify the bottlenecks that need to be solved for the ZKP technology to take off.
1. Algorithm/Circuit Improvement
The same way AI has moved from LeNet-5 to AlexNet to Resnet-50 to Transformer, ZKP algorithms will go through phases of development leading to significant improvement in performance. We are already seeing progress in this regard. Since the introduction of zk-SNARKs in 2011, more advanced algorithms have been developed. In 2018, the founders of Starkware developed STARK, a ZKP approach that doesn’t require a trusted setup and that has a shorter proof generation time. This technology is the base of several products from Starkware including StarkNet.
The ZKP progress continued with the introduction of PLONK in 2019 which is a SNARK implementation that allows a single trusted setup to be used by many applications without repeating the setup. PLONKs have spurred the development of multiple implementations that are used by multiple Web 3 protocols such as Aztec, Mina, and Celo.
2. Optimized execution engines
A major limitation of ZKPs is the computational complexity that leads to long proving times. For instance, the recently announced zkEVM implementation from Polygon requires about 5 minutes on a 64-core server to generate a proof for 500k gas of computations. Improving the ZKP proving time is a critical part of bringing ZKP technology mainstream. Similar to AI, optimizing software execution engines and using dedicated hardware are both necessary to achieve this goal.
Many of the ZKP generation operations are massively parallel which means that parallel processing, e.g., GPUs, can accelerate the ZKP computations. Dedicated GPU libraries such as CUDA can be utilized to accelerate the computations of ZKPs on Nvidia GPUs. Several projects are trying to develop this internally as each uses a different ZKP algorithm. A notable example here is Filecoin’s implementation of the Groth16 algorithm that uses GPUs to accelerate the proving process. Another example is Edgeswap’s use of GPUs to reduce the proving time of PLONK by 75%.
As GPUs often lead to limited improvement in the ZKP proving time, the other option is to use dedicated hardware such as FPGAs or ASICs. FPGAs are often considered as a hardware prototyping platform before the costly endeavor of fabricating dedicated chips, i.e., ASICs. FPGAs or hybrid solutions that combine GPUs and FPGA can play an important role in the short to medium term in accelerating ZKPs for rollups and privacy-focused networks. However, if ZKP tech grows to the level we expect it to reach, ASICs will eventually emerge to win this market. Currently, hardware acceleration for ZKPs is not sufficiently addressed, likely because of the variety and fragmentation of ZKP algorithms. However, we believe that with the right business model some startups can focus on developing and monetizing this part of the tech stack.
3. Software Abstraction Layers
To unlock the potential of ZKPs, several abstraction layers and tooling need to be built. These abstractions are necessary to simplify the development process of ZKP applications and allow each group of developers to focus on what they are best at. For instance, application developers should not worry about the low-level details of zk circuits and how they work. Using the AI analogy again, great progress in AI was possible by creating several layers of abstractions. Using these abstractions, AI application developers do not need to worry about the NN architecture or the hardware resource allocation. Frameworks such as TensorFlow and PyTorch abstract away all these low-level details.
The zk development stack is not yet as well developed as the AI stack. However, there are some efforts to build these abstractions. At the bottom of the stack exists the low-level ZKP libraries such as PLONK and STARK. Above that layer, high-level languages such as Noir try to abstract away the underlying zk cryptography and help application developers focus on the application logic. Circom is another popular ZKP language that sits between these two layers as it can be used to both create complex zk backends and also develop ZKP-based applications.
Another example of ZKP abstractions in Web 3 is StarkWare’s Cairo language which allows developers to implement general smart contracts that use STARK proving under the hood. To provide further abstraction, Nethermind’s Warp tool allows Solidity developers to convert their Solidity code directly to Cairo. Using Warp, it was possible to transpile Uniswap V3 code to Cairo with minimal changes to the original Solidity code.
ZKP Start-up Opportunities
Based on the discussion of the likely path of progress of ZKPs we have identified a number of ZKP-related startup ideas that we’d like to work with founders to explore. The startup ideas are categorized into two groups: tooling and applications
- High-level development frameworks
Similar to Tensorflow and PyTorch in AI, high-level ZKP development frameworks are critical to unlocking innovation at the application level. These frameworks need to
- Abstract the complexity of the underlying ZKP backends
- Support a variety of ZKP backends and hardware environments, e.g., CPUs and GPUs.
- Allow efficient debugging and testing
- Offer a rich development environment with examples and tutorials
The closest examples in the Ethereum ecosystem are Hardhat and Foundry but they are not likely to support zkEVMs or ZKPs soon. Instead, existing abstraction efforts such as Cairo may eventually evolve to fill this space.
2. zk rollup SDKs
zk rollups are growing in popularity and can enable application-specific L2s for games or high-throughput DeFi protocols. In this scenario, the zk rollup mainly performs the execution and settlement while the consensus and data availability will be handled by the L1. However, launching an application-specific zk rollup is still very complex. We believe that startups that offer developer-friendly SDKs to launch custom zk rollups will solve a real business need and can become valuable businesses by offering the developing toolbox, developer services, sequencer services and supporting infrastructure.
3. ZKP hardware accelerators
Specialized hardware companies that target specific use cases and build an early market lead turn out to be massively valuable companies. This was true for AI when Nvidia became the most-valued North American semiconductor company by specializing in AI hardware. This was also true in the Bitcoin mining space when Bitmain, Canaan, and Whatsminer became unicorns by specializing in ASIC miners. Companies that design and build efficient ZKP hardware accelerators will follow the same trajectory.
ZKP Web 3 Applications
- zk bridges and interoperability
ZKPs can be used to create validity proofs for cross-chain messaging protocols where cross-chain messages can be quickly verified on the destination chain. This is similar to how zk rollups are validated on the underlying L1. However, for cross-chain messaging, the complexity is higher because the signature schemes and the cryptographic functions to be validated can be different between source and destination chains.
2. zk on-chain game engines
Dark Forest demonstrated that ZKPs can enable information incomplete on-chain games. This is critical for the design of more interactive games where the players’ actions are kept private until they decide to reveal them. As on-chain games mature, we expect ZKPs to be part of the game execution engine. The opportunity is massive for startups that succeed to integrate privacy features in a high-throughput on-chain game engine.
3. Identity solutions
ZKPs can enable several opportunities in the identity space. They can be used for reputation or for connecting Web 2 and Web 3 identities. Currently, our Web 2 and Web 3 identities are separated. Projects such as Clique connect these identities by using oracles. ZKPs can take this approach a step further by enabling anonymous linking of Web 2 and Web 3 identities. This can enable use cases such as anonymous DAO membership for those who can prove domain-specific expertise using Web 2 or Web 3 data. Another use case is unsecured Web 3 lending based on the borrower’s Web 2 social status, e.g., the number of Twitter followers.
4. ZKPs for regulatory compliance
Web 3 has enabled pseudonymous online accounts to actively participate in financial systems. In this sense, web 3 enables massive financial freedom and inclusion. With increased Web 3 regulations, ZKPs can be used for compliance without breaking pseudonymity. ZKPs can be used to prove that a user is not a citizen or resident of a sanctioned state. ZKPs can also be used to prove accredited investor status or any other KYC/AML requirements.
5. Native Web 3 private debt financing
TradeFi debt financing is often used to support growing startups to accelerate their growth or start new business lines without the need to raise additional venture capital. The rise of Web 3 DAOs and pseudonymous companies creates an opportunity for Web 3 native debt financing. For instance, using ZKPs, DAOs or pseudonymous companies can secure non-collateralized loans with competitive rates based on proof of their growth metrics without revealing the borrower’s information to the lenders.
6. Private DeFi
Financial institutions often keep their trade history and exposure private. This is challenging to satisfy when on-chain, i.e., DeFi protocols, are used because of the continuous advancement in chain analytics. A possible solution would be to develop privacy-focused DeFi products, that protect the privacy of the protocol participants. One protocol that is trying to implement that is Penumbra’s zkSwap. In addition, Aztec’s zk.money offers a few private DeFi earning opportunities by obfuscating user participation in transparent DeFi protocols. Generally, protocols that succeed to implement efficient and privacy-focused DeFi products can secure significant volume and revenue from institutional participants.
7. ZKPs for Web 3 ads
Web 3 pushes for users’ ownership of their data, e.g., browsing history, private wallet activity, etc. Web 3 also enables the monetization of this data for the user’s benefit. As data monetization can contradict with privacy, ZKPs can play a significant role in controlling what aspects of personal data can be revealed to advertisers and data aggregators.
8. Sharing and monetization of private data
Much of our private data can have a high impact if they are shared with the right entities. Personal health data can be crowd-sourced to help researchers develop new drugs. Private financial records can be shared with regulators and watchdogs to identify and penalize corruption. ZKPs can enable the private sharing and monetization of such data.
9. Decentralized intelligence organizations
ZKPs can give birth to decentralized intelligence organizations. In these, intelligence operators, data sleuths, and spies can be part of a network without interacting or knowing each other. Participants can use ZKPs to prove knowledge of certain intelligence data before receiving private payment in exchange for that data. Such systems can also facilitate collaborative and composable ways to enrich or interpret collected data while maintaining the privacy of participants.
10. Private governance
With the proliferation of DAOs and on-chain governance, Web 3 is moving closer to a direct-participation democracy. A major flaw in the current model of governance is the non-privacy of participation. ZKPs can be fundamental to solving this problem. Governance participants can vote without revealing how they voted. Moreover, ZKPs can enable restricting the visibility of the governance proposals to DAO members allowing DAOs to build a competitive advantage.
ZKP technology is one of the most innovative technologies in the Web 3 domain. It enables several opportunities for ground-breaking protocols and companies. At Alliance, we want to be a central part of this movement and we are looking to support and fund founders building in this direction.