API/RSS

Social

ArkStream Capital: Details on zk's investment opportunities in the Expansion and privacy circuit (Part 2)

ArkStream Capital

22-08-26 13:26

Read this article in 57 Minutes

AI summary

View the summary

Original article by Ray

ArkStream Capital public account

Zero knowledge proof and expansion

So far,The starting point of all blockchain design is essentially around blocks. Transactions constitute block data, and consensus mechanisms determine block generation, validation, and sequencing. Think of it in terms of transactions, transactions go throughuserPrivate key signature, through the network broadcast, into the whole network transaction memory pool,Block constructor /MEV searcher/sequencerPick trades, submit a list of trades to the block builder, block builder/block producer submit blocks to the network,Block verifierVerify the validity of the block to confirm the chain. In terms of blocks, blocks need to complete three steps: construction, submission of the chain, and confirmation of the chain.Decentralized design mechanisms that add network-wide costs and security to every part of a transaction or block achieve machine trust. The longest legal blockchain, we call it main chain /Layer1 network/base chain /Layer1.

In the field of software design and development, design pattern has single responsibility, design architecture has hierarchical architecture, design principles have high cohesion and low coupling,The theory and guidance of all this is to restructure software with the idea of modularity. The modularity of blockchain can be achieved fromData availability (data layer), logical execution (execution layer), and consensus mechanism (consensus layer)It is divided into three main levels. If the capacity expansion corresponds to these three layers, there will be data layer expansion, implementation layer expansion, and consensus layer expansion. In order to simplify, we divide it into on-chain expansion and off-chain expansion according to whether the main chain changes or not. The on-chain expansion scheme has the mechanism of increasing block size, fragmentation and adjusting consensus. Off-chain expansion schemes include isolation witness, status channel, side chain, Plasma, Rollup. The explosion of DeFi and the popularity of NFT increased the demand for expansion of Ethereum network. In December 2021, Vitalik released Endgame,The future of Ethereum is one of centralized block production, decentralized verification, and multiple rollups. With Vitalik's support, Rollup became the mainstream solution for scaling down the Ethereum chain. Among the many Rollup subdivisions,按照技术类型，可分为 Optimisitc Rollup（ORU）和 ZK Rollup（ZKR），他们之间主要的区别是交易有效性保证方案不一样, Optimistic uses game fraud proof, and ZK Rollup uses mathematical zero-knowledge proof.

不管是 Optimistic Rollup、还是 ZK Rollup，它们都要在继承以太坊的安全性和数据可用性前提下，处理大量的交易和支持智能合约的通用计算。Optimistic Rollup is an optimistic rollup that compresses large amounts of trade data and then submits the compressed trade data and state root to Ethereum. In addition, Optimistic Rollup's network has challengers who can prove fraud on data submitted to Ethereum and then roll back invalid transactions via Optimistic Rollup's network consensus.As for ZK Rollup, when batch processing transaction data, it uses zero-knowledge proof technology. On the basis of ensuring the validity of transaction data, the proof is directly submitted to Ethereum to achieve the final consistency of the state immediately. Optimistic Rollup is Optimistic Rollup uses Ethereum EVM directly, while ZK Rollup's team is either developing zkVM or taking the zkEVM path. So, Optimistic Rollup is Optimistic Rollup uses Ethereum EVM directly. dApp's projects can be moved seamlessly within Optimistic Rollup, while most of the ZK Rollup network requires both small and large changes.

Different kinds of Rollup, with special network participants, ORU has presented fraud proofchallenger, ZKR has to perform calculations and aggregate zero knowledge proofComputational prover and aggregator. Layer2 achieves the security and data availability of Layer 1 network by rolling up the transactions of Layer2 network and submitting them to Layer 1 network-specific smart contracts. At this point, a layer of networkDegree of decentralization, block verification mechanismWill be an endorsement of the validity of Layer 2 network transactions.

The Layer2 network technology scheme and architecture are compared with the game model ORU and ZKR, which adopt zero-knowledge proof and can perform mathematical verification, will have more technical advantages. However, the latter develops relatively slowly and needs more time, so there are a large number of projects in this field for forward-looking exploration. Next, we'll explore a number of ZKR-related projects.

Starkware: Technical provider of Cairo circuit programming language and zkVM based on self-developed STARK protocol. The product line includes the dedicated StarkEx and the universal StarkNet. StarkEx is positioning itself as a layer 2 network expansion engine serving specific application needs, and has served many customers such as Sorare, Immutable, dYdX (V3), DeversiFi (Rhinoc.fi), Celer, etc. Now there are more than 600 million dollars of TVL, more than 200 million transactions and other business data.

StarkNet positioning is universal, composible, decentralized ZKR.整个 StarkNet 的核心参与者：StarkNet OS、STARK Prover 和 Blockchain Dispatcher。StarkNet OS 类似于 EVM 在以太坊的角色，承担交易排序和交易零知识证明计算任务分派。STARK Prover 是交易零知识证明的证明方，负责计算证明。Blockchain Dispatcher 是 L1/L2 网络之间通信的桥梁。

Figure1: StarkNet Intro

Figure2: StarkNet Messaging Mechanism L2-> L1

StarkGate, the official gateway of StarkNet, has been launched and will allow unlimited deposit and withdrawal experience from time to time. Currently, the total number of assets bridged is approximately 775 ETH. Cairo's language style is between Golang and Python. The Field Element (felt), a native type of circuit programming language, has been added. No support for zkEVM, i.e. no support for direct compilation and deployment of Solidity code. You need to convert into Cairo code through Warp translator before deploying. Some features of Solidity are explicitly not supported.SHA256. StarkNet's eco-projects cover several tracks, such as wallet, DEX, DAO, etc. Most of them are native projects, but have a low compatibility with Ethereum dApp projects. For details, please refer to the official eco-website. As you can see from the Block browser, there is currently no frequent number of transactions, and the average number of transactions per block is around 115.

StarkNet has had Alpha releases, is currently under Constellations, and is researching and implementing decentralized StarkNet OS and StarkNet Prover.

Figure3: StarkNet Decentralization Roadmap

zkSync: Based on the PLONK protocol (version 1.0) and self-developed transparent RedShift protocol without trusted Settings (version 2.0 / future), support for Solidity/Vyper programming for zkEVM's ZKR。zkSync 1.0 之前推出 Zinc 电路编程语言和对应的 SyncVM（zkVM），现在基本停滞，改为支持 Solidity/Vyper 编程的 zkEVM，也即 zkSync 2.0。现在处于 zkSync 2.0 测试网迭代阶段，未来 100 天将会发布主网和实现 zkEVM 开源。除了数据上链的 zkRollup 方案，zkSync 也推出数据不上链的 zkPorter 方案。zkSync 2.0 用 Operator 操作者和 System Contracts 系统合约的设计完成 L2 到 L1 合约部署功能、L2/L1 通信功能等。当前的 Operator 操作者由 zkSync 团队运行，未来将进行去中心化改造。由于 zkSync 宣称 EVM 字节码的兼容性，且作为社区驱动型项目，zkSync 获得不少以太坊知名 dApp 项目方支持，例如 1inch、Yearn Finance、Aave、Chainlink 和 The Graph 等。zkSync 的生态项目可以通过官方生态网站查询，Live 状态的有钱包、衍生品交易平台和桥等。从区块浏览器可以看到，提交确认的区块有接近 10 万，总交易数超过 1 千万，平均每个区块交易数为 100 笔。zkSync 2.0 测试网运行约有半年，一直在进行 zkEVM 的实现和以太坊 JSON-RPC 的兼容.zkSync version 2.0 May be the fastest Zkevm-compatible ZK Rollup to go online, which will significantly lower the user threshold and further attract users to the L2 network.

Figure4: zkSync 2.0 100 Days to Mainnet

Scroll:Native zkEVM solution, integration of ZK pre-research technologies (polynomial commitment, Lookup Table, recursive proof) and GPU/ASIC hardware accelerated ZKR.The L2 network of Scroll consists of Node (Replayer, Sequencer, Coordinator) and Roller, as well as the Bridge and Rollup smart contracts on L1. It is recommended that you read the official architecture explanation article, which is very easy to understand. Here's a quick summary:The Sequencer receives L2 transactions, processes L2 trade lists, constructs blocks and state roots, and the Coordinator monitors the execution stack of blocks and dispenses blocks to the RollerRoller calculates zkEVM's circuit and generates the aggregation circuit proof, and then returns it to the Coordinator, who submits the Rollup contract to L1 through Replayer. Replayer also functions as the L1/L2 communication bridge。由于 Scroll 和以太坊基金会 PSE（Privacy & Scaling Explorations）共同在隐私和扩容问题研究一年多时间，Scroll 的 zkEVM 方案非常原生。从 Scroll 公开的代码仓可以看出，zkEVM 方案是与 PSE 一致联动的，而 L2 的 Node 会基于以太坊 Go-Ethereum（Geth）实现。近期 Scroll 有 Pre-alpha 测试网的注册。

Figure5: Scroll Architecture

Figure6: Scroll Workflow

Polygon(MATIC): It was originally proposed as the side chain of Ethereum. After the change of strategy, Polygon acquired several L2 solutions and began to explore a wide range of capacity expansion. Here we will give a brief introduction to some of the L2 solutions involving zk.

Figure7: Polygon Scaling Solutions

Polygon zkEVM (Hermez)：Hermez 1.0 采用去中心化竞价模型的 PoD（Proof of Donation）共识机制以及 ZKR 做的主打支付功能 L2，主网在 21 年 3 月上线，区块浏览器，断断续续有批量产生的交易。Hermez 2.0 调整为 zkEVM 方案的 L2，共识机制升级为 PoE（Proof of Efficiency）。Hermez 2.0 的 L2 架构图如下，可以看出和 Scroll 的架构很类似，我们就不再复述 L2 各方角色交互的基本流程和作用。在 zkEVM 发挥核心作用的是 zkProver（同比 Scroll 的 Roller），我们一块看看 zkProver 的内部组成。zkEVM expresses state flow in polynomial form(Refer to the Virtual Machine section of the previous article where polynomial form/constraint is directly understood as a zero-knowledge proof circuit).

Figure8: Skeletal Overview of zkEVM

zkProver 内部包含 Main State Machine Executor（Executor），Secondary State Machines（STARK Recursion Component), STARK Builder (CIRCOM Library) and SNARK Builder (zk-SNARK Prover), parentheses for another way of understanding, see Figure.

1. Main State Machine Executor：是将交易的 EVM 字节码用 zkASM（zero-knowledge Assembly language）进行解释和设置多项式约束，与此同时，Polynomial Identity Language（PIL）用于编码多项式约束。

2. Secondary State Machines: State flows corresponding to zkEVM transactions are split, and corresponding multiple state machines are used to calculate and verify the correctness of transactions.

3. STARK Proof Buidler: Computation-generated proof that conforms to STARK polynomial constraints (Fast computing speed).

4. SNARK Proof Builder: Calculate SNARK Proof for STARK (Reduce the size of the proof), PLONK/Groth 16 tentative.

Figure9: A Simplified zkProver Diagram

Figure10: Simplified Data Flow in the zkProver

至于 Hermez zkASM/PIL 等介绍，都可以在官方资料文档看到，很齐全，并且各个功能模块的代码仓已经开源且有持续维护。

Figure11: Polygon zkEVM Open Source

概括而言，Hermez 2.0 是结合 Plonkup Lookup、Starkware 的 STARK 协议，采用新汇编方案实现的 zkEVM 型、PoE 共识去中心化的 L2。计划 2022 年 Q3 发布测试网，2023 年发布主网。

Polygon Zero: Self-developed Plonky2 and zkEVM compatible L2 based on Plonk protocol and FRI technology. The Mir project, which Polygon bought for $400 million, was renamed. The materials for Zero are mainly available on Mir's website and Polygon's blog. Zero claims recursion support, fast efficiency, and small proof size. The project codebase is constantly updated and contains evm modules.Due to the lack of information and long time, it is not clear for the time being the future route of Zero. At present, the architecture of Plonky2 may be more of a technical service framework. Recently, Plonky2 was announced as an open source.

Figure12: Polygon Zero Processing A Block

Polygon Miden：基于 STARK 协议，支持多语言开发（含 Solidity）、兼容 EVM，推出电路编程语言 Miden Assembly 汇编及其 Miden VM 的 L2。Miden VM 是 Distaff VM 的进化版，集成了 Facebook 开源的证明系统库 Winterfell。从官网的架构图，Miden 有 Operator 的设计，但这部分内容、EVM 兼容和 L2 路线和进展都没找到任何官方资料文档。Miden's current code repository is dominated by VM, and the compatibility with EVM section does not see the description and implementation plan.

Figure13: Polygon Miden Intro

Polygon Nightfall: Enterprise L2, a privacy-focused Rollup mix of Optimistic and ZK. It's still essentially L2 of ORU, but combines ZKP's technology to enhance privacy. Nightfall was founded by Ernst & Young and partnered with Polygon to explore more of the enterprise blockchain.Mainnet is scheduled for release in 2022.

Figure14: Polygon Nightfall Intro

Mina:In addition to L2, there are several projects exploring the expansion of L1 based on ZKP, such as Mina, a lightweight blockchain based on recursive SNARK (L1). The whole blockchain network maintains the SNARK proof of the latest block to ensure the correctness of the entire blockchain, and the size is maintained at 22KB. The network has the ability to maintain complete data.Archive Node, implement the consensus mechanism of the block producer of the production block and handle the zero knowledge proof calculation SNARK producer。Mina 提出用 TypeScript 编写的 zkApp，如果要实现对应 zkApp 业务逻辑，需要开发者实现内部的 Prover 和 Verifier 函数。Mina 主网在 2021 年 3 月发布上线，网络架构和 L2 的批量交易类似，Archive Node 相当于数据可用层的维护者，出块者相当于定序器，SNARK 生产者类似于 Scroll 的 Roller、Hermez 2.0 的 zkProver 角色，但是 zkApp 的应用定位比较局限，既没有 zkVM 的通用性，也不支持 zkEVM。The progress of Mina's zkApp iteration can be followed up in the future.

To sum up,ZK's technology development in the area of capacity expansion is still in full swing, especially the implementation of zkEVM, L2 network architecture implementation and decentralization。从 ETHGasstation 近 30 天前二十燃烧 Gas 合约大户来看，主要是 Opensea、DeversiFi、Uniswap、USDT、USDC、Metamask Swap、Axie Infinity、NFT Worlds 等项目。L2 要想得到广泛应用，必须获得这些 DEX、NFT 的 MarketPlace、GameFi，以及金融衍生品等具有高频交易场景的项目支持。Although the ecology of some of the L2 programs is ahead, zkEVM's landing, which is likely to result in corner overtaking, will result in a reshuffle of the L2 circuit. The arrival of zkEVM will help attract the migration of existing projects in L1, and many Web3 developers are gearing up to build disruptive products on the Ethereum network with larger scale and more high-frequency interactions.

Zero knowledge proof and privacy

If Web3 represents the awakening of individual sovereignty, then privacy will be an indispensable part of Web3. With the development of the industry, the composability of DeFi and the changes brought by NFT to social interaction make us more aware of the security and convenience of asset ownership versus centralized custody, and the complete transparency of information on the chain further stimulates our demand for privacy protection. However, in the face of escalating regulatory policies in various countries, how to protect privacy and to what extent is a question worth discussing.

Recently, the U.S. Treasury Department issued a policy to directly sanction the Ethereum Ecosystem's private payment platform Tornado Cash, resulting in addresses that interact with Tornado Cash being blacklisted by USDC publisher Circle. And the Tornado website page, code vault Github, official cables, Official Discord, etc.We believe that everyone has the right and demand to protect their privacy, and the abuse of privacy products does not mean that they have original sin. Privacy products are designed to protect users' privacy of routine transfer and payment. Admittedly, their use by criminals/hackers does bring many problems, but the key is not to ban privacy products, but to find ways to balance privacy and legal compliance, such as ZCash's attempts to comply with global AML/CFT anti-money laundering standards and Proof of Asset Compliance tool from Tornado Cash.

The privacy implementations involved in the crypto industry are different because of the different usage scenarios (Privacy payments, privacy transactions, and privacy general computing), there are also many differences in the selection of schemes, mainly involved in the following 6 categories:

1. CoinJoin/ Mixer: Mainly used for hidden payment, based on the UTXO model, the essence is to create multiple Token transfers with the same input and output to achieve hidden payment. Hidden payments can be realized to some extent. However, if you really want address analysis and control, the most important thing is to control all the output of the withdrawal address. In order to overcome the problem of mixed currency scheme, the concept of private payment layer is proposed in Dashibi, which allows the private payment layer to participate in the mixing of deposit addresses and reduces the correlation between access addresses. Tornado uses ZKP to disassociate access addresses.

2. Ring signature: Multiple addresses form a ring. The signature of an address in the ring can trigger the ring signature without relying on other addresses, and realize the privacy of the address signature in the ring. One of the earliest schemes for Monroe money.

3，同态加密：直接对密文进行计算和输出结果。我们认为该项技术属于前沿型技术，和零知识证明类似，但是对于密文操作的开销非常大。现在在这个技术方向探索的有 Polychain Capital 和 Coinbase Ventures 投资的 Sunscreen。

4. Secure Multi-party Computing (MPC) : Without the participation of a trusted third party, multiple parties can calculate safely and without disclosure. PlatON initiated by Dr. Xiao Feng, chairman of Wanxiang Blockchain, has been used in this field for a long time.

5, TEE (Trusted Execution Environment) : Trusted execution environment, similar to the concept of black box, input into the TEE, and then the TEE execution results, encrypted output. At present, Oasis and Secret Network mainly use this technology.

6，ZKP：利用零知识证明技术实现隐私支付和隐私通用计算。隐私支付的新项目有 Iron Fish，PoW 网络+UTXO 模型+Groth16 的 zk-SNARK，和 ZCash 的设计很相似，没有提到是否支持隐私编程。隐私通用计算项目最出名的是 Aleo、Aztec 和 Espresso。

After talking about the basic implementation scheme, we will select some projects involving zero-knowledge proof to study and analyze.

Tornado Cash:We often see presentations of private payment transactions where customers deposit with Tornado, obtain certificates of deposit, and then, at the time of withdrawal, funds can be withdrawn by any customer (address) using certificates of deposit. This statement is from an experiential perspective, but does not go into Tornado's core. Tornado's privacy technologies include two elements: obfuscation of pooled funds in and out, severing access address correlation;ZKP.

Mixed coin pools are relatively easy to understand, so we will focus our analysis on ZKP. Tornado's front-end website and code store are down, making it difficult to find official data. Therefore, we analyze data directly from on-chain transactions and contract codes. There are only two types of operations that users can actually do with Tornado:Deposits and withdrawals. This is done through Tornado Cash's routing contract, which invokes contracts for specific access amounts (1ETH/10ETH, etc.). Deposit operation Tornado returns to customer NoteTo commit Commitment to the chain. The withdrawal operation is submitted to the chain.Proof, Root, NullifierHash. These few parameters, they are supported by TornadoCentralized code construct generation, is key to understanding the use of ZKP.

Using the analogy of Tornado as a deposit and withdrawal bank, and Ethereum as a public vault, it is easier to understand what users do with Tornado:

1. Deposit: Users fill in deposit documents, the bank uses a single dedicated safe deposit box (Commitment) to keep deposit documents, andGenerate two passwords based on the random number, one for locking the safe and one for recording the access status of fundsThen, put the locked safe with the money access status into a secret random location in the public vault. The bank returns safe deposit box, random number and safe deposit location information to the user (Note)

2. Withdrawal: The user tells the bank the random number and deposit location of the safe, and the bank can know the secret random location of the safe through calculation(Root), the access status of funds(NullifierHash)And the code to unlock the safe(Proof). Complete withdrawal and update the status of funds access if all checks and validations are correct;

通过 Mixer 混币器和零知识证明，Tornado 在以太坊主网上实现了隐私支付的功能，且在发行 Token 后，TVL 达到了 10 亿美金的体量，可见其巨大的影响力和用户需求。

Figure15: Tornado Cash TVL and MarketCap

Aztec:主打隐私保护和隐私资产互操作性的 zk-Rollup Layer2 网络，采用自主研发的 Plonk 协议，推出了 zk.money 隐私支付产品，近期推出连接桥 Aztec Connect，未来将会推出 Plonk Rollup 的扩容二层网络。在 Plonk Rollup 二层网络里，将会推出电路编程语言 Noir 支持隐私智能合约。Plonk 协议需要进行可信设置，不过，Aztec 采用了 MPC（多方安全计算）解决可信设置。MPC 的可信设置是让多个值得信赖的公众知名人士共同去背书。Aztec 在 2020 年 1 月用点火仪式完成了 MPC 的可信设置。产品的迭代路线是逐层推进的，从早期的 zk.money，到近期的 Aztec Connect，以及未来的 Plonk Rollup，Aztec 团队在一步一步地完善自己的产品定位，以及对应 Plonk 协议的调整和优化（TurboPlonk、UltraPlonk）。在 Aztec 1.0 时期对于 Aztec 协议做了大幅的介绍，现在是 Aztec 2.0 时期，官网找不到太多网络整体的设计，所以，我们沿用 Aztec 1.0 的文档进行学习。

zkAsset: Privacy assets, proposed in EIP1724, are used to convert open and transparent Ethereum assets into private assets, and the corresponding zkAsset will be cast after the assets are transferred to the Note registry through zero-knowledge proof. Shield assets similar to Secret (similar to the deposit process for Tornado Cash, though Aztec adds the concept of a private asset to the on-chain process).

Aztec Cryptography Engine（ACE）：将证明分发给验证和根据证明验证结果更新 Note 注册表的状态。

Various validators (Join Split, Bilateral Swap Validator......) A validator tool (similar to the SDK) that allows developers to integrate interoperability with privacy assets. For example, Join Split Indicates that Note can be split and merged.

Figure16: Aztec 1.0 Architecture

在 2021 年 6 月上线后，Aztec 的 TVL 峰值一度到达 1400 万美金，而现在稳定在 400 万美金左右。相比于 Tornado 的体量，Layer2 的隐私网络受众似乎要小很多，一定程度上可能受制于其更高的门槛。且受 Tornado 事件的影响，与以太坊主网产生交互的其他隐私产品也受到了一些牵连，这可能是日后需要开发者们探讨的问题。

Aleo:Aleo 是为用户和交易增加隐私功能，同时兼顾可编程性的新型 Layer1 区块链网络，内置的 SnarkOS（去中心化的操作系统），类似于 EVM 的角色。提出 ZEXE（Zero Knowledge EXEcution）的概念，和 TEE 的定义很相似，只是用零知识证明去实现。具有可选的隐私模型，对开发者提供一整套的开发工具链。Leo 语言，Aleo Studio（IDE）、Aleo Package Manager。最新激励测试网从单纯的 PoW 共识调整为 PoSW（Proof of Succinct Work），将零知识证明的计算转移成为出块的条件。现在在 Aleo 的区块链浏览器可以查看验证状态的转变、以及对交易记录进行零知识证明计算的 Proof。

Figure17: The Future of Zero Knowledge with Aleo

Espresso:The characteristics of Aleo and Aztec have been studied and improved, including L2 based on ZK Rollup and L1 two-layer network with configurable asset privacy. Configurable privacy assets Allows asset creators to set privacy viewing rules and asset freezing rules for the sending and receiving addresses, sending and receiving quantity, and owning quantity of assets. Propose your own VERI-ZEXE for the ZEXE concept, your own optimized version of PLONK for Aztec's TurboPlonk and UltraPlonk, and name the Rust implementation version code Jellyfish and Open source. Espresso's L1 network is currently under development. Configurable asset privacy is available for private testing on the Ethereum test network, or for local experience through the installation package on the official website.

Figure18: Espresso Systems Configurable Asset Privacy for Ethereum

Zecrey: Supports L2 of the multi-chain ZKR and L1 of the cross-chain function and privacy protection, but does not support zkEVM or zkVM. The privacy of L1 is based on the obfuscated capital pool of the BulletProofs Agreement Improved Version (LNCS)/Sigma protocol, so as to provide users with the functions of private money transfer and private transaction directly at the public chain level. L2 ZKR uses the PLONK protocol. Referring to the architecture diagram of the official white paper, a large part of the design of ZKR is L1/L2, which we take out for analysis and learning.

Layer-2 Commiter: Collect transactions and construct block L2.

Block Monitor: indicates the status update of L2 block.

Prover Network: Compute network that performs ZKP proof after L2 transaction Rollup.

TSS-based Verifier Network：验证者网络，将收集 Prover Network 的证明，然后提交到 L1 的智能合约。

Tx Monitor / Layer-2 State Monitor / Executor：L1/L2 的桥。

The timing sequence design of ZKR from L2 to L1 is basically the same, and the naming and division of labor of some roles are slightly different:

Committer 收集交易，构造 L2 区块，Prover Network 监听区块，为 Committed 状态的区块计算证明，TSS-based Verifier Network 收集证明，将证明提交到 L1 的智能合约，Block Monitor 监听 L1 区块打包情况，确认后更新 L2 区块状态。

Zecrey is currently in beta network development and has integrated Ethereum, Polygon, NEAR, Avalanche, and BSC. According to the roadmap of the official website, Q3 will be released in 2022.

Figure19: Zecrey System Architecture

Manta Network: Boca Eco's DeFi Privacy stack (privacy parallel chain) containing multi-asset privacy payment protocol and AMM privacy transaction protocol. Refer to the official architecture diagram, which can be used as a private transit station for each parallel chain of Poca ecology. The specific privacy schemes are as follows: the UTXO privacy payment model based on Zcash, which adds the support of multiple assets and the technology of private payment channel. The Zexe-like scheme is used to realize the AMM private transaction, and the circuit of zero knowledge proof is built in.

Figure20: Manta Architecture (Implemented as a Parachain)

Anoma Network: a layer of privacy protection with composability centered on Intent, which can decentralize the discovery of counterparties and solve multi-chain atomic settlement transactions.Anoma 架构是参考 Cosmos 的，使用 Tendermint BFT 共识机制，首个主权独立链（Fractal Instance) is Namada. We understand Anoma using the order book trading platform analogy. Anoma's Intent is equivalent to a service note. Note can be Transparent, hidden, or Private, and is cleared by Anoma's Solver.Settle), matching successful orders to form Anoma's transaction. Anoma proposes its own AnomaVM, corresponding to high-level functional programming languages Juvix and VampIR circuit programming languages, with built-in support for ZKP circuit generation and FHE (full homomorphic encryption) in AnomaVM.

Figure21: The lifecycle of a transparent, shielded, and private intent in the Anoma architecture

Iron Fish:Based on the Sapling protocol of Zcash, PoW is taken as the consensus privacy payment public chain. Multiple rounds of excitation test network have been conducted, and the main network is expected to be launched in Q4 in 2022.

Based on the information of the above projects, we can see that in the field of privacy protection, zero-knowledge proof is mainly applied in the privacy payment and privacy network scenarios, and most of them are not used alone, but combined with other privacy protection technologies such as Mixer, TEE and MPC.

Figure22: Web3 Privacy Ecosystem

There are still a lot of projects in the privacy protection circuit, especially in the direction of user-oriented privacy applications. Combined with DeFi, NFT and other application scenarios, there is still a lot of room for extension. We will not list them all. Going back to the original topic, privacy products emerge based on user demand, and as we move toward Web3, whether it's a blockchain based decentralized financial system or a future Web3 social scene,We all want to put more off-chain behavior on the chain, and the greater the need for privacy protection. ZKP plays an important role in a wide range of privacy solutions, which is why we went in depth.

Zero knowledge proof investment direction

In the previous chapter, we spent a lot of time sorting out and learning the projects of zero-knowledge proof in expansion and privacy direction, and the expansion and privacy projects related to zero-knowledge proof also gained the favor of capital in the primary market. We sorted out the public financing data of these two track projects, as shown in the following two figures:

Figure23: Zero Knowledge Investments In Scaling

Figure24: Zero Knowledge Investments in Privacy Protection

It can be seen that the highest valuation of ZK expansion project is Starkware, up to 8 billion yuan, and the highest valuation of ZK privacy project is Aleo, estimated at 1.45 billion yuan. Considering that projects in privacy and expansion narratives can proceed in parallel, and even some privacy projects are two-tier networks, it is difficult to compare the average funding amount of the two tracks. In terms of the highest valuation alone, the expansion track is more recognized in the primary market than the private track. In the expansion circuit, in the protocol, circuit language,Starkware, which has advantages in many aspects such as zkVM and service projects, is undoubtedly the darling of the capital market. In addition, other major zkEVM compatible capacity expansion projects have also won the love of the capital market. In the privacy circuit, Aleo, which has advantages in circuit language and developer tool chain, is more popular than Aztec, which develops PLONK and PLookup technologies, which also reflects the capital market's preference for commercial landing projects.

In the secondary market, the liquidity of ATH is basically insufficient due to the large fluctuation of currency price, so we simply refer to the interval of FDV. The Optimism of ZKR expansion project has not been issued yet. We borrow the optimism of ORU project. The FDV of OP is between 2 billion and 9.5 billion. On the privacy track, ZCash is in the $1.5 billion to $4.5 billion range, Oasis is in the $700 billion to $5.9 billion range, and Tornado's FDV has dropped from $3 billion at launch to just $90 million now.It can be seen that the recognition of the expansion track project in the secondary market is basically at the same level as that of the public chain, while the privacy track is relatively conservative.

Because of the continuous innovation and breakthrough of ZK technology in academic research, and the continuous implementation in engineering practice, investment institutions have always been very fond of and enthusiastic about it. Not only that, but in addition to the two main tracks mentioned in this article, ZK can also be used in other scenarios, such as lightweight blockchain (Mina), decentralized identity (Polygon ID), and privacy predictor network (Deco of Chainlink). From many well-known ZK projects, we can observe that these different project development routes and ecological development routes are more or less building a two-layer public chain. Similar to the R&D technology stack of the public chain, the technology stack involved in the ZK project still covers all aspects:Zero-knowledge proof protocol, circuit programming language, language application library/package, language development debugging tool chain (IDE), zkVM/zkEVM design and implementation, decentralized consensus mechanism, etc.

In the face of expansion and privacy projects using zero-knowledge proof, we have extracted some simple thinking lists and summarized them as follows for communication and learning with the projects.

1. Different zero-knowledge proof protocols have their own advantages and disadvantages. Why should they be selected?

2. Assuming a zkVM type project, how to efficiently and safely design a developer-friendly circuit programming language?

3. Assuming it is a zkVM type project, how to build a set of toolchain products for the developer ecosystem?

4. If it is a zkEVM project, is seamless migration of smart contracts in the EVM chain supported? Is there any restriction (composability) on calls between contracts?

5. When ZK calculates Proof, how can FPGA/GPU and other hardware be used for acceleration?

6. What role do Prover and Verifier play in the project? Is it centralized control? Will there be decentralized design changes in the future?

7,... Consensus mechanism, Token economy design, compliance design and other issues

Zero knowledge proves that as a high and new technology in urgent need of precipitation, it cannot be accomplished in a day. The rapid entry of capital cannot bring about the rapid development of basic technology. Therefore, in the selection of project targets, we tend to look for ecological projects with mature ZK projects or strong academic research organizations. Like Bitcoin, the peer-to-peer electronic cash payment system, and Ethereum, the world's computer for smart contracts, ZKP has its roots in payments and is moving toward general-purpose computing. As users and participants in the crypto industry, we look forward to seeing more excellent ZKP projects emerge. If you have any good ideas, please feel free to contact us.

Reference link

https://mirror.xyz/0x8C4d5E90196325FB22Fff37C97D7984a37e51D11/dhOEzNXqotPftpjf2gh7Hz7qZwu3lQRWYmlE_sSe7is panoramic Web3 Status quo and evolution logic and typical players | privacy track chain catcher