Recap
Last week we introduced Roll-ups as the next layer 2 solution after we explored the State channel.
We defined roll-ups in real life as when something is accumulated & becomes larger, like strings. Then, after a cut-off size, the strings are used for stitching.
Similarly, transactions are bundled together to form a "batch". They are aggregated off-chain & then rolled up into a single proof. This single proof is then posted back to the main Blockchain.
The proof we referred to is nothing but the Merkle Root of all the transactions in the roll-up.
A Batch is published containing the old state root & the new state root
The smart contract checks the old state root in the batch matches the current state root of those transactions in the main Blockchain
If yes, the batch is processed & the state root is updated to the new state root.
We ended last week with the below question:
"What if someone introduces a fraudulent transaction in a batch?".
Roll-up Types
There are two types of roll-ups with different control mechanisms to ensure the genuineness of transactions within those roll-ups. They are :
Zero Knowledge Roll-ups &
Optimistic Roll-ups
Let's explore each of the above
Zero Knowledge Roll-ups
Zero Knowledge Proof
Before we explore Zero Knowledge Roll-ups, let us understand what zero-knowledge means with an example below :
Imagine a group of friends trying to get into a bar where only people 18 years or above are allowed.
To prove their age, the friends should show ID proof which means the person at the bar entrance can see other information about the customer than his or her age.
Now, let us imagine a national ID app released by the government that should mandatorily be downloaded by all citizens & residents of that country. The app contains all information regarding that citizen or resident.
Image by Jean van der Meulen from Pixabay
Instead of showing the national ID proof at the entrance, the bar security scans the app with a scanner that glows green when a person is over 18 & red when not. In this case, the bar security will know that the friends are over 18 without knowing their actual ages or other personal details. This in essence is zero knowledge proof.
A zero-knowledge proof is a way of proving the validity of a statement without revealing the statement itself. The 'prover' is the party trying to prove a claim, while the 'verifier' is responsible for validating the claim. (Source: here)
Another definition from the same source - A zero-knowledge protocol is a method by which one party (the prover) can prove to another party (the verifier) that something is true, without revealing any information apart from the fact that this specific statement is true.
In our example, the friends are the "provers" trying to prove that they are 18 or above while the bar security verifying their age through the scanner is the "verifier".
Zero-Knowledge Encryption
Before we explore zero-knowledge proofs in a Blockchain, are there any non-Blockchain applications or services currently using zero-knowledge proof?
Yes. It is more of zero-knowledge encryption which means the password for an application is saved only with the user & not with the application.
Normally, any application or website stores the user password in their servers. This password is hashed (Please refer to week 12 for more on Hashing) & stored in their servers. When someone tries to access the application & input their password, the application server checks the password with the hash & then if verified, gives the user access to the application.
In the case of zero-knowledge encryption, the application server does not store the password & hence cannot access the user data within their servers. Hence the name zero-knowledge which means the application does not know the user password. The zero-knowledge proof part of the entire process is handled in the background by complex mathematical algorithms.
To ensure the service is truly zero-knowledge, the user data must be encrypted before it leaves the user's device, while in transit & when it is stored in the application server.
Such applications or services specify that "We will not be able to reset your password as we don't have access to it & is not saved in our servers". In case you lose your password, there is no option to reset it. As an alternative, such applications provide a recovery key which must be used to access the application one time & then you can reset the password. For example, password managers, some cloud services etc.
Now that we have understood at a high level what zero-knowledge encryption is, let us explore zero-knowledge proof in Blockchains.
ZK-SNARK
We know that ZK or Zero Knowledge Roll-ups move computation & storage away from the main Blockchain by accumulating transactions into a single batch & executing them off-chain.
Once executed, they produce a "validity proof" to confirm the correctness of the transactions. Finally, they submit this validity proof which is the minimal data related to that roll-up to the main Blockchain.
This validity proof proves that the post-state root is correct post-execution of the transactions in that batch. This validity proof is called a ZK-SNARK, the full form of which is :
ZK - Zero Knowledge
S - Succinct
N - Non-Interactive
ARK - Argument of Knowledge
The above sounds like a mouthful. Let's break it down:
Zero Knowledge, as we described above, means that we only need to ensure the validity of the transactions & nothing more.
Succinct means short. It implies that the proof size required to ensure the validity of transactions is small. This results in faster processing of transactions.
Non - Interactive means no interaction is required with the people who verify the transactions.
The Argument of Knowledge - This means the validity proof provided by the checker (of the validity of transactions) is true.
In ZK-SNARKS, verifiers & provers go through all the transactions in a roll-up & verify the transactions off-chain. Verifiers repeatedly challenge provers to confirm the validity of the transactions & after all the transactions are found to be legitimate, the validity proof is submitted to the main Blockchain.
Let us explore Optimistic Roll-ups next.