Foreword

In "Preview of the Decentralized Computing Power Market (Part 1)", we have learned about the importance of computing power in the context of AI and discussed the two main challenges in building a decentralized AGI computing power market. This article will start from the basic concept of zero-knowledge proof and explore the multiple possibilities of the booming decentralized computing power market from a multidimensional perspective. (Note: Part 1 also mentioned the Bitcoin computing power market, but due to the recent explosive growth of the Bitcoin ecosystem, this part will be described in our future articles related to the Bitcoin ecosystem.)

Overview of Zero-Knowledge Proofs

In the mid-1980s, three cryptographers from the Massachusetts Institute of Technology (MIT), Shafi Goldwasser, Silvio Micali, and Charles Rackoff, jointly published a paper titled "The Knowledge Complexity of Interactive Proof Systems". The paper describes an innovative cryptographic technology that can verify the authenticity of information without revealing any information, which the authors call "zero-knowledge proof". They provide a specific definition and framework for this concept.

And in the following decades, zero-knowledge proof technology based on this paper gradually developed and improved in multiple fields. Nowadays, zero-knowledge proof has become an all-encompassing term, representing many "modern" or "advanced" cryptography - especially cryptography related to the future of blockchain.

Definition

Zero-Knowledge Proof (ZKP for short) refers to a method where the Prover can prove the correctness of a statement to the Verifier without providing any specific information about the statement itself. The three basic properties of this method include completeness, reliability, and zero-knowledge. Completeness ensures the provability of true statements, reliability ensures that false statements cannot be proven, and zero-knowledge means that the Verifier cannot obtain any information other than the truthfulness of the statement.

Types of Zero-Knowledge Proofs

According to the communication method between the prover and verifier, there are two different types of zero-knowledge proofs: interactive and non-interactive. In interactive proofs, the prover and verifier engage in a series of interactions. These interactions are part of the proof process, and the prover proves the truthfulness of their statement by responding to a series of queries or challenges from the verifier. This process typically involves multiple rounds of communication, with the verifier posing a question or challenge in each round and the prover responding to prove the correctness of their statement. Non-interactive proofs, on the other hand, do not require multiple rounds of interaction. In this case, the prover creates a single, independently verifiable proof and sends it to the verifier. The verifier can independently verify the truthfulness of this proof without further communication with the prover.

Interactive and Non-Interactive: A Layman's Explanation

1. Interactive: The story of Alibaba and the Forty Thieves is a classic example often used to explain interactive zero-knowledge proofs. There are many versions of the story, and the following is a simplified adaptation by me.

Alibaba knew the spell to open the cave where the treasure was hidden, but he was caught by the forty thieves who forced him to reveal the spell. If Alibaba revealed the spell, he would be killed because he would no longer be useful. If Alibaba refused to speak, the thieves would not believe that he really knew the spell and would also kill him. However, Alibaba came up with a good solution. There are two entrances, A and B, to the cave, both leading to the center of the cave, where there is a password-protected door that only someone who knows the spell can pass through from one side to the other. To prove that he knows the secret of opening the cave without revealing it, Alibaba enters the cave and chooses one of the entrances, A or B, while the forty thieves stand outside and cannot see his choice. Then the thieves randomly shout out A or B, and ask Alibaba to come out from the entrance they specify. If Alibaba really knows the spell, he can use the password to pass through the door in the center and come out from the specified entrance. This process is repeated many times, and each time Alibaba successfully comes out from the entrance specified by the thieves, proving that he really knows the password without revealing the secret.

2. Non-interactive: This is a simple example of a non-interactive zero-knowledge proof in everyday life. Imagine you and a friend both have a book called "Where's Waldo?" You claim to know where Waldo is on a certain page, but your friend is skeptical. If you want to prove to your friend that you do know where Waldo is in the picture, without revealing the exact location, you can use a large opaque paper to cover the entire picture and reveal Waldo through a small hole in the paper (a single, independently verifiable proof). This way, you can prove that you do know where Waldo is, but your friend still cannot determine the exact coordinates of Waldo in the entire picture.

Implementation of Technology in Blockchain

Currently, there are various implementations of zero-knowledge proofs in the blockchain industry. The most well-known ones are zk-STARK (Zero-Knowledge Scalable Transparent Argument of Knowledge) and zk-SNARK (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge). As their names suggest, both belong to the category of non-interactive zero-knowledge proofs, with "Non-Interactive" being a key feature.

zk-SNARK belongs to a widely used class of general zero-knowledge proof schemes (note that zk-SNARK belongs to a genre, not a single technology), which transforms any computation process into a series of gate circuits and uses a series of mathematical properties of polynomials to transform gate circuits into polynomials, thereby compressing and generating very small non-interactive proofs, enabling the application of various complex business scenarios. The launch of zk-SNARK requires trusted setup, which refers to each party generating a partial key in a trusted setting to start the network, and then destroying the key. If the confidential information used to create the trusted setup key is not destroyed, this confidential information may be used to forge transactions through false verification.

And zk-STARK is a technical evolution of zk-SNARK, which solves the weakness of SNARK relying on trusted setups and can complete blockchain verification without relying on any trusted setup, thereby reducing the complexity of launching the network and eliminating any collusion risks. However, zk-STARK also has the problem of generating large proofs, and is at a disadvantage in terms of storage, on-chain verification, and generation time. If you have experienced early versions of StarkNet (Layer2 using zk-STARK), you should be able to feel the speed and gas fees, which are much worse than other Layer2 experiences. So currently, the zk-SNARK scheme is still more widely adopted. In addition, there are also slightly more niche solutions such as PLONK and Bulletproofs, each with its own advantages and disadvantages in proof size, prover time, and verification time. It is very difficult to achieve completely ideal zero-knowledge proof, and several mainstream algorithms usually balance between different dimensions.

When developing with ZK, two key components are typically required.

ZK-friendly expression calculation method: This is a domain-specific language (DSL) or underlying library. Underlying libraries such as Arkworks provide the necessary tools and primitives, allowing developers to manually rewrite code in a lower-level language. DSLs such as Cairo or Circom are programming languages tailored for ZK applications. The latter can be compiled into primitives required for proof generation. More complex operations result in longer proof generation times, and certain operations (such as bitwise operations used in SHA or Keccak) may not be suitable for ZK, resulting in long proof generation times.

Proof System: The proof system is the core of ZK applications, which implements two basic functions: Prove and Verify. The Prove function allows for the generation of a proof (which requires a large amount of mathematical calculations to generate, and the more complex the proof, the slower it is generated), which demonstrates that a certain statement is correct without revealing the proof details. The Verify function is used to verify the correctness of this proof (the more complex and larger the proof, the higher the performance and the shorter the verification time required). Different proof systems, such as Groth16, GM17, PLONK, Spartan, and STARK, also differ in efficiency, security, and ease of use.

ZKP Application Map

1. ZKP Cross-Chain Bridges and Interoperability: ZKP can be used to create validity proofs for cross-chain message passing protocols, which can be quickly verified on the target chain. This is similar to how zkRollups are verified on the underlying L1. However, for cross-chain message passing, the complexity is higher because the signature schemes and cryptographic functions to be verified may be different between the source and target chains.

2. ZKP On-Chain Gaming Engine: Dark Forest demonstrates how ZKP can achieve incomplete information on-chain gaming. This is crucial for designing more interactive games where players' actions remain private until they decide to reveal them. As on-chain gaming matures, ZKP will become a part of the game execution engine. For startups that successfully integrate privacy features into high-throughput on-chain gaming engines, the impact will be enormous.

3. Identity Solution: ZKP opens up multiple opportunities in the identity field. They can be used for reputation proof or linking Web2 and Web3 identities. Currently, our Web2 and Web3 identities are separate. Projects like Clique connect these identities using oracles. ZKP can take this approach further by anonymously linking Web2 and Web3 identities. This can enable use cases like anonymous DAO membership provided they can prove domain-specific expertise using Web2 or Web3 data proofs. Another use case is unsecured Web3 loans based on the borrower's Web2 social status (e.g. Twitter followers).

4. ZKP for regulatory compliance: Web3 enables anonymous online accounts to actively participate in the financial system. In this sense, Web3 has achieved great financial freedom and inclusiveness. With the increase of Web3 regulation, ZKP can be used to achieve compliance without compromising anonymity. ZKP can be used to prove that users are not citizens or residents of sanctioned countries. ZKP can also be used to prove accredited investor status or any other KYC/AML requirements.

5. Local Web3 Private Debt Financing: TradeFi debt financing is often used to support growing startups to accelerate their growth or open up new business lines without the need for additional venture capital. The rise of Web3 DAOs and anonymous companies has created opportunities for local Web3 debt financing. For example, using ZKP, DAOs, or anonymous companies can obtain unsecured loans and competitive interest rates based on proof of their growth metrics without disclosing the borrower's information to the lender.

6. Privacy DeFi: Financial institutions often maintain the privacy of their transaction history and risk exposure. However, when using decentralized finance (DeFi) protocols on the chain, meeting this requirement becomes challenging due to the continuous advancement of on-chain analysis technology. One possible solution is to develop privacy-focused DeFi products to protect the privacy of protocol participants. One of the protocols that attempts to achieve this goal is Penumbra's zkSwap. In addition, Aztec's zk.money provides some private DeFi earning opportunities by blurring users' participation in transparent DeFi protocols. Generally, protocols that can successfully implement efficient and privacy-focused DeFi products can obtain a large amount of transaction volume and revenue from institutional participants.

7. ZKP for Web3 Advertising: Web3 promotes users' rights to own their data, such as browsing history and private wallet activities. Web3 also benefits users by monetizing this data. As data monetization may conflict with privacy, ZKP can play an important role in controlling which personal data can be disclosed to advertisers and data aggregators.

8. Sharing and monetization of personal data: Many of our personal data can have significant impact if shared with the right entities. Personal health data can be crowdsourced to help researchers develop new drugs. Private financial records can be shared with regulatory and supervisory agencies to identify and punish corrupt behavior. ZKP can enable private sharing and monetization of such data;

·ZK "Element" Changes: As we mentioned earlier, the business logic on ASIC is a one-time write. If any ZKP logic changes, it needs to start from scratch. FPGA can be refreshed any number of times within 1 second, which means they can reuse the same hardware across multiple chains with incompatible proof systems (e.g., cross-chain extraction of MEV) and adapt to changes in ZK "elements" flexibly. Although GPUs are not as fast and reconfigurable at the hardware level as FPGAs, they provide great flexibility at the software level. GPUs can adapt to different ZKP algorithms and logic changes through software updates. Even though these updates may not be as fast as FPGAs, they can still be completed in a relatively short period of time.

·Supply: ASIC design, manufacturing, and deployment typically require 12 to 18 months or longer. In contrast, the FPGA supply chain is relatively healthy, with leading suppliers such as Xilinx allowing for large retail orders to arrive within 16 weeks from their website (i.e., without any contact points). Let's take a look at GPUs. In terms of supply, GPUs naturally have a huge advantage, as there are a large number of idle GPU mining machines on the entire network after the Ethereum Shanghai merger. And the subsequent graphics card series developed by Nvidia and AMD can also be supplied in large quantities.

So from the above two points, unless the ZK track forms a consensus and standardizes the adoption of a solution, ASIC has no advantage. Considering that the current ZKP scheme is still in a diversified development situation, GPU and FPGA will be the two main computing hardware that we need to discuss next.

·Power Consumption: FPGA is usually more energy-efficient than GPU in terms of energy efficiency. This is mainly because FPGA can be optimized for specific tasks, thereby reducing unnecessary energy consumption. While GPU is powerful in processing highly parallel tasks, it also comes with higher power consumption.

·Customizability: FPGA can be programmed to optimize specific ZKP algorithms, improving efficiency. For specific ZKP algorithms, the general architecture of GPUs may not be as efficient as dedicated hardware.

·Generation Speed: According to Trapdoor-Tech's comparison of GPU (using Nvidia 3090 as an example) and FPGA (using Xilinx VU9P as an example), under BLS12-381 (a specific type of elliptic curve), using the same modular multiplication/addition algorithm, the generation speed of GPU is 5 times faster than FPGA.

Overall, in the short term, considering development cycles, parallelism, generation speed, cost, and the large number of idle devices available online, GPU is undoubtedly the most advantageous choice. The current hardware optimization direction is also mainly focused on GPU, and the time for FPGA to completely take over the competition has not yet arrived. Therefore, is it possible to build a ZKP computing power market similar to PoW mining (a term I personally came up with)?

Reflections on Building a ZKP Computing Power Market

When it comes to building a ZKP computing power market, we have already drawn conclusions regarding the hardware aspect. The remaining questions are the following three: Does ZKP need to be decentralized? Is there enough market demand? If all ZK-based public chains choose to build their own proof generation markets, what is the significance of the ZKP computing power market?

Decentralization significance: Firstly, most of the current zkRollup projects (such as Starkware and zKsync) rely on centralized servers because only Ethereum scalability has been considered. Centralization means that user information is still at risk of being censored, sacrificing the most important permissionless property of blockchain to some extent. The use of ZK privacy protocols is even more necessary for decentralized generation of ZKP. The second reason for decentralization is cost, which is similar to some AGI subcategories in the previous article. The cost of cloud services and hardware procurement is very expensive, and proof generation is usually only suitable for large projects. For small projects in the startup stage, a decentralized proof market can greatly alleviate their funding difficulties, and on the other hand, it also reduces the problem of unfair competition caused by financial problems.

Market Size: Paradigm predicted last year that the ZK miner/validator market could grow to the size of the PoW mining market in the future. The fundamental reason is that the buyers and sellers of ZKP computing power are extremely abundant in the ZKP computing power market. For former Ethereum miners, the ZK ecosystem of public chain projects and Layer2 projects is far more attractive than ETH's forked public chains. However, we also need to consider a situation where most ZK public chains or Layer2 projects are fully capable of building their own proof generation market. If we want to conform to the narrative of decentralization, this step is also inevitable in the roadmap (Starkware and zkSync mentioned earlier also have their own decentralized solutions in the future). So, does the ZKP computing power market still have the meaning of construction?

Meaning of Construction: Firstly, the application of ZKP is extensive (as we have already given multiple examples in the previous text, and will use a project as reference in the following text). Secondly, even though each ZK chain has its own proof generation market, the computing power market still has three functions that can make the seller consider selling computing power.

1. Divide the computing power into two parts, one for mining and the other for selling computing power contracts. This method can help hedge against the volatility of the cryptocurrency market. When the market falls, the sold computing power contracts provide stable income; and when the market rises, the part that is mined can bring additional profits.

2. Selling all computing power for a fixed income is a more conservative approach. This can reduce the impact of market fluctuations on income and ensure income stability.

Proof Market

Proof Market is a decentralized ZKP computing power market built by nil, the Ethereum development company (as far as I know, it is currently the only computing power market built around ZKP generation). Essentially, it is an untrusted data accessibility protocol that enables seamless data sharing between layer 1 and layer 2 blockchains and protocols without relying on centralized intermediaries to generate zero-knowledge proofs. Although Proof Market is not the market I imagined built around personal GPUs (Proof Market is built around professional hardware vendors, and ZKP GPU mining can also refer to Roller Network or Aleo in the Scroll architecture), it is still very relevant to the question of how to build and widely apply ZKP computing power markets. The workflow of Proof Market is as follows:

Proof requester:

·The entity requesting proof can be an application such as zkBridge, zkRollup, zkOracle, or zkML.

·If the circuit does not exist, the Preparation phase is required, and a new circuit is generated by running zkLLVM.

zkLLVM：

Proof Market：

· is a central marketplace that matches proof requests from requesters with proof generators.

· Verify the validity of the proof and provide rewards after the proof is verified.

· Receive orders from Proof Market and return the generated proof.

Throughout the entire process, the requests, generation, verification, and reward distribution of proofs revolve around Proof Market. This process aims to create a decentralized market where the generation and verification of ZKPs are automated, and participants can receive corresponding rewards based on their contributions.

Application Scenarios

With the integration of Ethereum endpoints (referring to a gateway interface that allows other systems or services to connect and integrate), Proof Market will be applicable to more applications, especially those that require proof to be directly requested from EVM applications to provide a smoother user experience or applications that require on-chain storage of data to work together.

Here are some potential application scenarios:

1. Machine Learning (ML): Can initiate inference requests to zkML applications on the chain. Applications such as fraud detection, predictive analytics, and identity verification can be deployed on Ethereum.

4. Fraud Proof: Some fraud proofs can be easily verified on the chain, while others cannot. Fishermen (referring to network participants who focus on verifying the main protocol and looking for possible fraudulent behavior) can focus on verifying the main protocol and point to the required proofs provided by the Proof Market.

5. Data Update and Accumulation: The application can directly store the latest updates in the first layer and later accumulate them into a Merkle tree, with proof of the correct root update.

7. Proof Aggregation: If applications independently send their proofs (without verification), aggregating them into a single proof and verifying them all at once can reduce the cost of proof verification.

实战环节

translates to

Practical Exercise

in English.

·Proof Verifier: Verify proofs in EL contracts.

Trustless auditing of Oracle contracts: Verify binary proofs and validate computational integrity information.

·"Dark Launch" Phase: Reaching the required number of trusted parties, but also accepting reports that do not require trust and conducting necessary verification.

·Final state: Complete abolition of statutory personnel reports, only using trustless reports.

Conclusion

From a market perspective, the ZKP computing power market is currently in a very blue ocean stage, and the Proof Market mentioned above is not the most ideal design in my mind. Combining algorithm optimization, application scenario optimization, hardware optimization, and the selection of different computing power seller markets, there is still a lot of room for imagination in the design of the ZKP computing power market. From a development perspective, Vitalik has repeatedly emphasized that the impact of ZK on the blockchain field in the next decade will be as important as the blockchain itself. However, from the universality of ZK, as the design matures, the future importance of ZK in non-blockchain fields may not be inferior to the current AGI, and the prospects should not be underestimated.

This article is from a submission and does not represent the views of BlockBeats.

Welcome to join the official BlockBeats community: