ZK-Proofs & Rollups

HC

Calum Moore

Dec 28, 2022

zk-proofs-and-rollups

What are zero-knowledge proofs?

zk-proofs are a new type of cryptography that was theoretically discovered in the 80s in scientific papers, but with some new breakthroughs for the first time become usable in real-world applications. This tech is groundbreaking and allows us to do things never before possible.

You will hear a lot of different names for zk-proofs: zk (zero knowledge), zk-snarks, and zk-starks. Unless you are digging into the detail, it’s fine to use any of these terms. They are different implementations of the same thing. At a high level, a zk-proof is where one party (the prover) can prove to another party (the verifier) that a given statement is true, without revealing any underlying information.

It means you can prove the color of a ball, without showing anyone the ball, and you would know 100% it is the truth. In reality, what we are usually trying to prove is some code or computation. Any code that can be written in JavaScript or Python can be written as a zk-proof.

How does it actually work? How can you prove something without showing it to anyone?

Yeah, it can be hard to wrap your head around, so let’s look at a quick example, to try and get an intuitive understanding. Hopefully, everyone is aware of Where’s Wally, but if you haven’t it’s an illustration-based game where the character Wally is hidden on a map amongst a chaotic scene. The challenge is to find Wally (it's harder than it sounds).

Let’s say you wanted to prove you know where Wally is, of course, you could simply reveal where Wally is by pointing to him, but let’s say there is a prize for finding him, so you want to reveal that you know where he is, without revealing the location to anyone.

One way you could prove that you know where Wally is without revealing his location would be by covering the Where’s Wally map with a huge piece of paper that is much larger (4x) than the original map, cutting a small square out, and position that square over Wally. Anyone can see that you know where Wally is, without revealing the location, because the position of the map under the paper is unknown.

So what does zk-Proofs enable us to do?

It enables us to do 3 very cool things:

1. Privacy

If you don’t have to reveal all the information, you can reveal the minimum amount of information needed. Perhaps you could prove that you earn enough for a mortgage, without revealing your earnings. Or that you have a degree, without revealing from where. Or that you are over 21, without revealing my age. If you were a trader, you could trade without other people copying your trades. There are so many places where this is useful.

2. Scale

We mentioned before about provable computation/code, which means that you can run some code, and prove to you we ran it correctly and therefore the output is correct. Well, it turns out to be incredibly useful for decentralized blockchains and databases. Traditional blockchains like Ethereum work by every computer re-computing every transaction to confirm it’s valid, but with provable computation, that work only needs to be done once, and we can use the zk-proof to prove to everyone else the value is valid.

That means we can scale the network and massively reduce the costs.

3. Provable state

If we can prove computation as we’ve mentioned, and transitions between states, we can prove that the end state is valid and correct. This is very useful for things like banks or exchanges because it ensures that people can’t do the wrong thing and that the balances that people say they have are true. Basically, you can’t steal people's money.

How do rollups fit into all this?

Well, this is another big topic, but a zk-rollup is essentially a way to get the three benefits mentioned before, for a decentralized database: privacy, scalability, and provable state.

In a zk-rollup, every record in the database is represented by a hash.

So what are hashes?

A hash is another cryptographic tool, which takes an input of any length and creates a unique much shorter 256-bit ID. You could take Harry Potter, the Bible, or a short text string, and they would all result in a different 256-bit hash. If you change even one character, the hash will be completely different.

Hashes are consistent so if you have the same input, the hash will always be the same. Hashes are one way, so if you have the hash, you have no idea what it represents, but if you have the original data, you can confirm the hash is correct.

So back to the rollup…

In a zk-rollup, every record in the database is represented by a hash, which is publicly visible. But because you can’t know anything about the original data from the hash, the data remains private.

To make changes to the database, we can then use zk-proofs to take the hash, perform some computation on the data (represented by the hash) according to the database validation rules, and output the new hash (which we can prove is the correct new hash).

This new hash is combined with the hashes of all other records in the database (that’s the rollup part). We combine all the hashes by just appending them and then creating the hash of all the appended items. It’s a hash of hashes.

The cool thing about rollups is that because we can prove the entire state of the database with the single root hash, we can prove any individual piece of data in the database, without it having to be revealed.