In August 2021, Polygon – the most prominent layer two scaling network on Ethereum, announced it had committed $1 billion into a treasury to invest in zero knowledge (zK) technology. It then acquired the Hermez Network (now Polygon Hermez) that same month for $250 million and Mir Protocol for $400 million in December. Both of these projects are zK technology innovating to improve the scalability of stateful blockchains. In November, Polygon also acquired Miden, a STARK-based, Ethereum-compatible roll-up, and the Nightfall project, a privacy-focused roll-up.

These technologies supposedly came together to build Polygon Zero, Polygon’s zK EVM scaling solution, by introducing efficient recursive proofs for the Ethereum blockchain. The zK-EVM mainnet will launch in Q1 of this year. That begs the question, “What is so exciting about zK roll-ups, and why is Polygon – already a dominant player in scaling Ethereum – investing this much into developing the technology?”

**The Need for Scaling and the Introduction of zK Technology**

In 2020, before the Merge and at the height of DeFi network activity on Ethereum, gas fees were incredibly high due to the blockchain being constantly congested. Several conversations arose around ways to increase throughput and scale the Ethereum blockchain. Multiple initiatives were discussed and incubated, including zero-knowledge (zK) roll-ups, optimistic roll-ups, validium, sharding, danksharding, and state channels. Roll-ups generally work by moving computation and state storage off-chain within sequential processes that intend to –

- collect transactions in a single batch (roll them up),
- generate proofs of validity for every batch and then
- send these batches to the layer one network.

Its tech is similar to data compression, where an input data set is encoded using fewer bits than the original file would have taken up on its own. Remember when you had to show your math teacher the correct answer to a problem to get permission to move on to the next issue? You only needed to show some calculations to show you got the right result. That is a rough metaphor of how a zK proof works.

**How Do zK Roll-ups Work?**

The zK roll-up’s architectural framework has two parts;

On-chain contracts: the zK roll-up protocol functions through smart contracts running on Ethereum. That includes the main contract, which stores roll-up blocks, tracks deposits, and monitors state updates. Another on-chain contract (the verifier contract) verifies zero-knowledge proofs submitted by block producers. Thus, Ethereum is the base layer or “layer 1” for the zK roll-up.

Off-chain virtual machine (VM): While the zK roll-up protocol lives on Ethereum, transaction execution and state storage happen on a separate virtual machine independent of the EVM. This off-chain VM is the execution environment for transactions on the zK roll-up and serves as the secondary layer or “layer 2” for the zK roll-up protocol. Validity proofs verified on Ethereum Mainnet guarantee the correctness of state transitions in the off-chain VM.

Zero-knowledge (zK) roll-ups bundle transactions into batches that get executed off-chain. This off-chain computation reduces the amount of data to be posted to the (Ethereum) blockchain, thereby reducing the gas fees required to process these transactions. zK roll-up operators submit a summary of the changes necessary to represent all the transactions in a batch rather than sending each transaction individually. They also produce valid proofs to prove the correctness of their differences. The validity proof demonstrates with verifiable cryptographic certainty that the proposed changes to Ethereum’s state are the result of executing all the transactions in the batch. zK roll-ups differ from other roll-ups in the second computational step – the method of finality or verification. Unlike optimistic roll-ups that post all transaction data on-chain, zK roll-ups only need to provide validity proofs to finalize transactions on Ethereum.

A validity proof, also known as a zero-knowledge (zK) proof, is a transaction verification method between a prover, someone creating a proof for some information, and a verifier, who verifies the proof with no information shared between the two. The information shared between a prover, and a verifier is called a witness and is typically the solution to a complex mathematical equation. In essence, the prover must show they know the witness accurately, and the verifier must ascertain whether the prover knows the witness reliably. The first part of this transaction computation, where the prover prepares (packages) the information and generates a witness on it, is done off-chain and then supplied to the main chain with proof of their authenticity. The verifier consequently exists within a smart contract on the blockchain and can affirm or reject the information depending on if it correctly approves the witness provided by the prover. If correct, the smart contract (verifier) updates the blockchain with this new information.

Validity proofs are very handy for scaling solutions because they enable an off-chain process to compute multiple transactions and prove that it did so correctly. They are also designed to be difficult to break by an outsider and rely on a cryptographic technique known as polynomial commitments. In polynomial commitments, information from each verification computation step is encoded into a variable’s expression. And this expression is hashed (transformed from a given key or a string of characters to another value). That is done by the prover and confirmed by the verifier. By examining the polynomial equations’ authenticity, the verifier implicitly decodes the hashed information (polynomials) and assesses the numerical calculations. However, the process of hashing these polynomials is complicated. The three major polynomial hashing schemes used for polynomial commitments are:

- KZG (Kate) Polynomial Commitments
- Bulletproofs
- Fast Reed-Solomon Interactive Oracle Proofs of Proximity

All of these hashing schemes look to achieve “completeness” and “extractability” on their (hashed) polynomial expression while reducing the amount of work done in the encryption and decryption processes.

zK roll-ups have been online for a while now. dYdX, a decentralized derivatives exchange, runs on a zK roll-up, as does Argent, an Ethereum wallet for DeFi and NFTs. However, development on zK EVM Tech only started to yield results lately. In July 2022, Polygon, Matter Labs, and Scroll announced significant progress in building and shipping zK EVM tech.

**Upsides of zK Technology in Scaling Blockchains**

- Validity proofs ensure the correctness of off-chain transactions and prevent operators from executing invalid state transitions.
- Offers faster transaction finality as state updates are approved once validity proofs are verified on L1.
- Relies on trustless cryptographic mechanisms for security, not the honesty of incentivized actors as with optimistic roll-ups. That also eliminates the need for dispute resolution.
- Stores data needed to recover the off-chain state on L1, which guarantees security, censorship resistance, and decentralization.
- Users benefit from greater capital efficiency and can withdraw funds from L2 without delays.
- It doesn’t depend on liveness assumptions; users don’t have to validate the chain to protect their funds.
- Better data compression can reduce the costs of publishing call data on Ethereum and minimize user roll-up fees.

**Downsides of zK Tech**

- Validity proofs, which form the building blocks of zK tech, are ineffective for bridging blockchains. A secure bridging protocol between two blockchains, for example, between blockchains A and B, guarantees that if a transaction is processed and added to the ledger in blockchain A, it will be processed and added to the ledger of blockchain B within some pre-specified time interval. But since we cannot determine that the set of candidate ledgers that blockchain B receives accurately reflects the candidate ledgers that were propagated across the p2p network of blockchain A, the scaling concept of validity proofs falls short.
- The cost associated with computing and verifying validity proofs is substantial and can increase fees for roll-up users.
- Building EVM-compatible ZK-rollups is difficult due to the complexity of zero-knowledge technology.
- Producing validity proofs requires specialized hardware, which may encourage centralized control of the chain by a few parties.
- Centralized operators (sequencers) can influence the ordering of transactions.
- Hardware requirements may reduce the number of participants that can force the chain to make progress, increasing the risk of malicious operators freezing the roll-up’s state and censoring users.
- Some proving systems (e.g., ZK-SNARK) require a trusted setup that could compromise a ZK-rollup’s security model if mishandled.

**Projects Currently Utilizing Zk Tech**

Mina Protocol (MINA) – Mina prides itself on the world’s lightest blockchain, powered by the network’s participants. It utilizes zero-knowledge proofs to create the infrastructure for a secure, democratic blockchain.

Dusk Network (DUSK) – Dusk is similar to Mina and is a privacy blockchain built for decentralized finance.

Immutable X (IMX) – Immutable X is a zK-based blockchain for gaming and NFTs.

Loopring (LRC) – a zK-based layer 2 for payments and scaling.

Ardent – An Ethereum-based wallet for DeFi and NFTs.

**Projects working on zK Ethereum Virtual Machines**

Polygon Zero (MATIC) – This results from Polygon’s foray into zK scaling solutions. It is a zK-EVM layer two being built on Ethereum.

ZKSync – ZkSync 2.0 is an EVM-compatible zK roll-up being built by Matter Labs, powered by its own zk-EVM.

Applied ZKP – Applied ZKP is a project funded by the Ethereum Foundation to develop an EVM-compatible ZK-rollup and a mechanism for generating validity proofs for Ethereum blocks.

Scroll – Scroll is a tech-driven company working on building a native zk-EVM Layer 2 Solution for Ethereum.

**Sector Expectations**

It is widely believed that zK roll-ups will take precedence in developing layer two scaling solutions for Ethereum, given the orders of magnitude to which they can theoretically scale the network. With several roll-ups rolling out this year, we are in for a treat and can only expect exciting times ahead.

Interested in marketing your blockchain/Web3 project? Please contact Off-Chain Communications for a free consultation and quote.

If you enjoyed this article, you may also enjoy…

The Metaverse: Groundbreaking Projects

Acquire.Fi: Where Investment Meets Web3

Tips for Creating Great Web3 Content

Check out the home page of Exploring Digital Assets for additional insights, reports and news!

## 3 thoughts on “Zero Knowledge (zK) Roll-Ups Scaling Ethereum”