Gas Optimization In Solidity: Strategies For Cost-Effective Smart Contracts
Gas is the “fuel” that powers smart contract execution. This article offers practical strategies for Solidity gas optimization.
🇺🇦 Hacken stands with Ukraine!Learn more
A typical blockchain transaction shows the wallet addresses of the parties and the amount involved. If someone knows one of the parties behind the addresses in real life, they can know how much they are worth or what they are up to.
This is why privacy is of utmost priority in the blockchain industry. Zero-knowledge proofs add a layer of privacy to make on-chain activities more discreet. Blockchain companies are adopting zero-knowledge proofs at a fast rate. This is evidenced in the recent launching spree of ZKEVMs and ZK-rollups.
Amidst all the hype, the whole idea of ZK needs to be clarified to many people. This article thoroughly explains every important thing you should know about it.
Zero-knowledge proof is a technique used in cryptography that enables one party to prove to another that they know a certain piece of information without actually revealing the information itself. For instance, a blockchain protocol can prove with ZK that they are solvent without stating their exact amount in the reserves.
Although zero knowledge might be a popular concept now, it has existed since 1985. The term surfaced in an academic paper entitled “The Knowledge Complexity of Interactive Proof Systems” by Goldwasser, Micali, and Rackoff (1985). The main motivation was to prove the validity of a thing without providing additional information about it. This led them to discover the zero-knowledge concept through polynomials and modern algebra.
In addition, it’s worth mentioning that zero-knowledge proofs are more probabilistic than deterministic. What does that mean? An element of trickery and cheating tends to exist in zero-knowledge communication. The prover might want both the protocol and verifier to believe that a false statement is true. The 100% absolute truthfulness of zero-knowledge proofs is not guaranteed. All the same, the generated proofs indicate beyond a reasonable doubt whether a witness is true or not.
Zero-knowledge proofs work based on the level of interaction.
In zero-knowledge proof, there are typically two parties involved: a prover who wants to show they have the knowledge and a verifier who checks the prover’s claim. In cryptography, the secret that the prover knows is called the “witness.” The verifier must have a challenge-response interaction to ascertain the prover’s knowledge.
The verifier starts the challenge by picking random questions and requesting immediate answers. The prover, in turn, sends the answers back to the verifier. The prover may fake one or two answers. So the verifier asks tons of questions and gets correct answers for each. This is important to be sure there are no elements of guesswork.
If the prover can answer all the bundles of questions correctly, then the other party can be sure that they know the secret they claim to know. For example, John claims to know Jane’s Twitter password but won’t reveal it. To prove his knowledge, Jane asks him questions about the password:
From the conversations above, it is clear that John knows the password even though he does not say it plainly or disclose how he got to know.
The interactive proving method can be quite unsuitable in real-life applications for two main reasons:
Three cryptographers—Silvio Micali, Manuel Blum, and Paul Feldman—picked this as a research topic in 1988. They came up with the idea of non-interactive ZK, which they explained in their paper “Non-interactive zero-knowledge and its applications.”
How does it work? Both the prover and verifier have a shared private key. The former commits secret knowledge into an algorithm to generate a zero-knowledge proof. On the other side, the latter also cross-check the validity of the proof through another algorithm.
Unlike its counterpart, non-interactive proofs are only generated once for convenience. So once the prover proves the validity of a statement, there is no need for subsequent rounds of confirmation. The single-generated proof suffices every time. In addition, anyone with access to the shared private key and algorithms can also cross-check the proof independently. Most protocols use the non-interactive method.
A typical zero-knowledge protocol must have three important qualities — completeness, soundness, and zero-knowledge. These qualities are the basic principles of any zero-knowledge protocol.
Zero-knowledge protocols should be able to revert in the affirmative if and only if the witness is indeed true. That is if the prover makes a truthful statement, the facilitating protocol should be able to return the “true value” to the verifier.
The protocol must be intelligent and uncompromisable. The prover should not be able to trick it into returning true when the statement is false. This unwavering degree of soundness is needed to maintain zero-knowledge integrity.
This is the game-changer. The verifier must not know beyond what the prover wants them to know. The verifier will discover the information attached to the statement if there is no zero-knowledge privacy.
There has been a huge development in the zero-knowledge space. As a result, there are now different prominent zero-knowledge schemes.
In 2018, Eli-Ben Sasson of Starkware and three other researchers masterminded STARK –a Scalable Transparent Argument of Knowledge. It proves the validity of witnesses off-chain and returns the verified responses on-chain.
STARK creates bigger proof sizes but is faster, more scalable, and more transparent than other ZK schemes due to off-chain calculations and public randomness methods.
Another popular zero-knowledge scheme, SNARK is an acronym for Succinct Non-Interactive Argument of Knowledge. It handles relatively smaller proof sizes, unlike STARK. Non-interaction is an impact attribute of ZK-SNARK proofs. Both the prover and verifier only need to interact once. This is where the trusted setup ceremony also comes in
“A trusted setup ceremony is a procedure that is done once to generate a piece of data that must then be used every time some cryptographic protocol is run.”
Vitalik Buterin on trusted setups
Each party must contribute random values or public parameters to initiate the trusted setup ceremony. But there is a danger — the random values must not leak to a dishonest prover so they don’t generate false proofs. Therefore, one of the parties must delete their random values to ensure soundness in the transaction.
To dive deeper into specific zero-knowledge proof systems, explore our detailed comparison of ZK-SNARKs vs ZK-STARKs and understand their distinct characteristics.
SNORK stands for Succinct Non-Interactive Oecumenical (Universal) Arguments of Knowledge. SNORKs are adaptations of SNARK with a few differences. First, they are universal so that a single setup can work for several applications, and parameters are stored in a library. Secondly, their trusted setups are updateable.
SNORKs currently have 3 variations — Sonic, PLONK, and Marlin.
Sonic. Maller et al. (2019) came up with Sonic. Its setup does not terminate after the first contribution. Instead, it can keep adding loops of as many contributions as possible. Sonic utilizes a more sizable form of global parameters. So a user can store and verify parameters even on a laptop.
PLONK. Ariel Gabizon, Zachary J. Williamson, and Oana Ciobotaru (2022) developed Permutations over Lagrange-bases for Oecumenical Non-Interactive arguments of Knowledge (PLONK) to fix a major problem of Sonic: high-proof construction overheads. PLONK has a faster proving time and fully succinct verification.
Marlin. Marlin is a new variant of SNORKs. It was designed for systems that require individual rather than batched verification. In short, Marlin seeks to fix the inadequacies of Sonic.
Bunz et al. (2017) introduced Bulletproofs as a trustless scheme with short proofs. Unlike other SNARK schemes, it is not about the validity of a particular statement. Instead, it proves that a piece of hidden information is within a particular range. For instance, Bulletproofs can verify whether Jane is a Gen Z, but it will conceal the exact age.
|Prove||Actual data||Actual data||Actual data||Range|
|Prover-verifier Interaction||Multiple times||Once||Once||Depends|
Zero-knowledge proofs brought a lot of innovations into the blockchain space, including
Although not glaring on the surface, Zero-knowledge proof has some limitations and shortcomings.
Some companies are already incorporated ZK into their tech stack.
ZKP introduced many tangible innovations, including:
Trade secrets are sensitive pieces of industrial information that a company’s product unique. ZK is a ground-breaking technology that can help preserve trade secrets without actually spilling them.
Wallet addresses blockchain is traceable; thereby threatening the extent of their privacy. ZKP conveniently conceals the identity of the transacting party.
Personal data privacy is important. ZKP helps individuals to avoid disclosing sensitive pieces of information. For instance, someone can prove with ZK that they have a Driver’s License without showing their actual license, which contains their age, occupation, and other personal information.
ZKP technology is set to make authentication easier than ever before. No need to cram long passwords or input personal details all the time. A ZK-proof will fast-track the authentication process.
Zero-knowledge has brought in so many solutions to fix the inadequacies of some blockchains like Ethereum. Projects like Starknet, Aztech, and Polygon ZKEVM are leveraging the ZK technology to enhance the efficiency of blockchains.
Blockchains are getting more creative with what they can achieve with ZKP. For instance, Binance recently launched its ZK-Proof-of-Reserve, where it can prove its solvency without disclosing further critical details. At the same time, companies using ZK tech should be security conscious. ZK protocols or programs are not immune to hacks. We recently discovered and alerted the Binance team about a bug in their ZK-Proof-of-Reserve. On this note, we recommend a thorough ZK audit for any Web3 company using ZKP technology.
Zero-knowledge proof exists. It is a cryptographic method where the parties in an on-chain interaction do not need to reveal hidden information.
Zcash is one of the best examples of crypto with zero-knowledge proof.
You can use ZKP in any industry, such as supply chain, blockchain, data security, etc.