ZK-Rollups represent the future of Layer-2 #Blockchain scaling
@orbisproject is building the first ZK-Rollup on #Cardano
& Orbis plays an indispensable role in scaling #Cardano
Here’s a breakdown of the ZK-Proof Orbis is using to build its scaling solution on #Cardano: 🧵👇
So what is a zero-knowledge proof?
It is a cryptographic technique,
where one party (The Prover) can prove that a specific statement is true to the other party (The Verifier)
without disclosing any additional information
apart from the fact that the statement is indeed true
When it comes to computational zero-knowledge, there are 2 types of ZK-Proofs
- Interactive ZK-Proofs
- non-interactive ZK-Proofs
So let's try and understand the major differences between the two
and why non-interactive ZK-Proofs are superior to the former?
Interactive ZK-Proof is the original ZK-Model proposed by Goldwasser, Micali, and Rackoff
This kind of ZKP involves
• multiple rounds of interaction between the prover and the verifier
• allowing the verifier to "cross-examine"/challenge the prover before accepting the proof
In an Internet-like setting where it involves multiparty computation interactive zero-knowledge proofs come with a lot of disadvantages
1. no concurrency:
building ZKPs is more challenging when multiple protocols should be executed concurrently
2. Limited transferability:
To prove the same proof again to another verifier
"the entire process needs to be repeated"
3. limited scalability:
Interactive ZKP’s require both verifier and prover to be online at the same time
which makes the entire process ''unscalable''
These shortcomings of interactive ZKPs lead to the development of non-interactive ZKPs, as the name suggests
Non-interactive zero-knowledge proofs are ZKPs
which require no interaction between the prover and verifier
so how does it work?👇
In a non-interactive ZKP
the verifier is replaced by a hash function or digital signature
the hash function result is the challenge
This way the proof can be represented as a single message
as opposed to a multi-step interaction between the prover & the proof-checking entity
Non-interactive ZKPs are superior to interactive ZKPs due to
concurrency: it allows for the execution of multiple protocols
transferability: allows for reusability of the same proof
scalability: does not require both verifier and prover to be online at the same time
zk-SNARK is a noninteractive ZKP
the acronym stands for
Zero-Knowledge: Provers do not disclose the private information they wish to prove
Succinct: small easy to verify proofs
Non-interactive: proof can be represented as a single message
Arguments of Knowledge
In the context of a zk-Rollup like Orbis
The most relevant characteristics of zkSNARKs are their
• non-interactivity
• succinctness
which helps to create cryptographic proofs
• which can be represented as a single message
• and verified quickly
"Succinct" ZKP can be verified within a "few milliseconds"
with a proof length of only a "few hundred bytes"
even for statements about programs that are very large
these qualities of zk-SNARKS bring incredible amount of efficiency
to the real world use-cases that require ZKPs
The #Blockchain space saw the first practical application of zk-SNARKs with #Zcash
#Zcash a private payments cryptocurrency developed in 2014
Developed by @ElectricCoinCo
#Zcash is a proof-of-work mining network based off of Bitcoin’s UTXO model
#Zcash uses the zk-SNARKS to create fully shielded transactions
in which the sender, recipient, and amount are encrypted
zk-SNARKs ensure that
the parties involved in a transaction are verified
without revealing any information to each other or the network
lets take a look at how Zcash construct zk-SNARK
It's divided into 4 basic steps
1-The code to be proved is transformed into arithmetic circuits
2-The arithmetic circuits is converted to R1CS
3-R1CS is converted to QAP
4-The implementation of zkSNARK algorithm based on QAP
The first step is a “flattening” procedure
where we convert the original code
which may contain arbitrarily complex statements and expressions
into a sequence of statements
You can think of each of these statements as being kind of like logic gates in a circuit
The flattened code is converted into a "rank-1 constraint system" (R1CS)
R1CS is a set of constraints
that can be specified by 3 linear combinations, commonly called A,B,C
It's a powerful way to translate
arbitrary computational tasks into a common mathematical description👇
Next is converting R1CS into “quadratic arithmetic program” (QAP)
to check all the constraints simultaneously
QAP is a process of transforming the code of a function into a mathematical representation
which upon providing input to the code, delivers a corresponding solution
Now the computational problem has been converted into the right “form”
for the problem to operate on called QAPs
QAPs are sets of polynomials
After this, there is comes the process for creating the actual “zero knowledge proof”
This is done with the process of Encryption
The encryption function has some homomorphic properties
Homomorphic encryption is a form of encryption
that permits users to perform computations on its encrypted data
without first decrypting it
With these techniques cryptographic proofs (zk-SNARKs) are generated
Zcash uses zk-SNARKs to prove that the conditions for a valid transaction have been satisfied
without revealing any crucial information about the addresses or values involved
TL;DR:
• zk-SNARK is a novel form of zero-knowledge cryptography
• That can be represented as a single message & verified quickly
• Zcash is the first widespread application of zk-SNARKs
• #Cardano will see the first application of this technology through @orbisproject
If you are looking to learn more about zero knowledge proofs and zk-Rollups
Here’s a similar thread you might find useful 🧵👇
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.