Web3 developers can pick from a wide variety of Ethereum scalability solutions. Ethereum 2.0 is an example of a Layer 1 enhancement; Arbitrum and Optimism are examples of Layer 2 chains; Polygon and xDai are examples of side chains.
Even among Layer 2 Ethereum scalability solutions, web3 developers can pick between optimistic rollups, state channels and zero-knowledge (ZK) rollups.
ZK-rollups are gaining traction as a scaling option for Ethereum because of their potential to minimize transaction costs, confirmation times and especially security. With the goal of guiding you toward the ideal dApp scaling option possible, let’s have a deep dive into the security of ZK-rollups. If you’re looking to diversify your portfolio, take a look at this article on CoinWire about some of the most potential Zk Rollup projects.
What is ZK-Rollup?
A ZK-Rollup requires a succinct Zero-Knowledge Proof (SNARK) to be generated by the operator(s) for each state transition, which is then validated by the mainchain’s Rollup contract. This SNARK demonstrates that there is a chain of owner-signed transactions that can be followed to convert an older Merkle root into a newer one while maintaining the right account balances during the transition. Because of this, it is improbable that the operators will knowingly create a stale or manipulated state.
Compared to Optimistic Rollup, ZK Rollup is a more advanced technology. It is already in widespread use for token exchanges and specialized software. General-purpose smart contracts will require more time to implement, and further research is required to efficiently encase EVM in zero-knowledge (ZK) proofs. After ZK Rollup has been completed, however, all current Ethereum services and dapps will be capable of migrating to it without any disruption or additional development time.
ZK Rollup is an improvement of Optimistic Rollup that addresses a number of key weaknesses:
- Reduce a potentially disastrous event, the theft of OR money through complex yet effective attack methods;
- Minimize the one-two-week withdrawal period to just a few minutes;
- Use a “privacy by design” approach.
To ensure the integrity of a ZK Rollup, the Rollup smart contract checks the validity of each state change before it takes effect. There is no way for technicians to steal money or tamper with the Rollup state. L1 censorship resistance is used by ZKR purely for its own liveliness and not for security purposes. No one needs to keep an eye on the ZKR since once a block has been verified, users’ cash will always be recoverable, even if technicians refuse to help.
Since ZKR relies on cryptography and game theory to ensure that everyone’s incentives are aligned, it completely exemplifies one of the primary goals of crypto: attaining resilience without relying on trusted third parties.
If all of the ZKPs utilized together in ZK Rollup need to be in a completely trustworthy environment, then we have to assume that only 1 in N people are being completely truthful. The amount and caliber of participants will determine whether or not this is a manageable danger. And yet, safety first!
Several cryptographic primitives newer than Groth16 are used by the next SNARKs generation. Two kind of mitigation, however, are necessary for complete serenity:
– In order to win a high bounty, you have to use a version of the software that has far less security than the one used in production, much like the RSA challenge. The problem will be solved by researchers long before it is possible to hack the compiled code, assuming an effective attack ever is discovered.
– The ZKR’s operators must be the only ones able to send state transitions because they are acting as nothing more than a 2-Factor security layer.
For true privacy to be possible, it must be a built-in feature of all systems. Technically speaking, ZKR will eventually be able to easily distinguish between private and public smart contracts and provide secret transactions for token/asset transfers at the level of network or protocol by default.
However, implementing fully unnamed transactions in the vein of zcash (i.e. concealing not just to amounts, but additionally the people involved in such transactions) would necessitate switching the storage prototype of ZK Rollup to UTXO-based from account-based would cause too many issues and is therefore unlikely to occur.