Post

Zero Knowledge Computation... Wait, What?

This article (I don’t think it is a good article yet, cause it is the mix of a lot of notes) is born out of a little research I’ve done on Zero Knowledge Computation during last months. I hope you find it as interesting as I did! It may contain mistakes, so if you find something, feel free to do a PR on the GitHub repository. Just note that this is a work in progress, and I’ll be updating it as I learn more about the topic. Enjoy! 🚀

Overview

The privacy aspect is a recent hot topic in the web3 ecosystem. It’s evident that for a blockchain to be genuinely effective, it needs not just security, speed, adoption, and interoperability, but also privacy. Currently, most blockchains provide a pseudonymous identity, but this approach falls short.

Unencrypted public blockchains cannot provide the level of data security and confidentiality needed for use-cases in these fields because anyone can see all information on them with no restrictions whatsoever. (Zero-Knowledge Computation: Explain It Like I’m Seven, MPC.Vaan)

So, you’ve heard of Zero Knowledge Proofs, but what about Zero Knowledge Computation? What is it, and how does it work exactly?

Before we dive in… Key Concepts!

Zero-Knowledge-Proof - **Basic** Have you ever played find Waldo? We have a problem: **find Waldo.** ![Find Waldo](https://i.sstatic.net/reNlF.jpg) Let’s suppose that I want to prove (I'm a **prover)** to a person (the verifier) that I know where is Waldo… but I don’t want that person to know the place Waldo is. I go off and find a black piece of card that is at least twice the height and twice the width of the Where’s Waldo puzzle. Then, I cut a Waldo-shaped hole right in the middle of the card. Next, I take the puzzle (which is on a piece of paper) and tape it to the back of the black card so that Waldo is occupying the Waldo-shaped hole in the center. Importantly, the person, from where they are standing in front of the black card, should not be able to see any of Waldo’s surroundings in the puzzle while I am taping it up. However, once I have fixed the puzzle in place, they can be sure that they are not being deceived because there is no way that I could have displayed Wally through the hole if I didn’t know exactly where Wally was. And so, this protocol satisfies my wishes: I have been able to convince the person that I know the solution (called completeness in the literature) whilst revealing no further information about Waldo’s location beyond what the person already knew (called zero knowledge-ness in the literature). - **Complex** In a more complex setting, consider the problem of proving the correctness of a computation performed by a powerful cloud server to a client with limited resources. zk-SNARKs are employed here. The server generates a succinct proof that a certain computation was performed correctly, and the client can verify this proof in a fraction of the time it would take to perform the computation itself.
Multi-Party Computation - **Basic** Imagine you and your friends have a recipe to cook something, but you don't want anyone else to know it. Instead of telling each other the entire recipe, each of you only knows a small part of it. When you want to make the meal, each of you adds your part without revealing it to the others. - **Intermediate** In an intermediate scenario, consider a group of banks that need to determine the total amount of fraudulent transactions without revealing their individual transaction data to each other. Using MPC, each bank encrypts its transaction data and shares it with the other banks. They collectively compute the total amount of fraudulent transactions. - **Complex** At a complex level, think about a decentralized voting system where the integrity and privacy of each vote are paramount. In such a system, MPC can ensure that each vote is counted accurately without revealing the identity or the vote of any individual.
Differences between Multi-Party Computation and ZK Rollups 1. **Purpose and Application**: - **MPC** is focused on secure computation among multiple parties without revealing private data to each other. - **ZK-Rollups** aims at scaling blockchain transaction throughput and efficiency, using zero-knowledge proofs to validate transactions collectively without disclosing their contents. 2. **Data Privacy and Computation**: - **MPC** involves complex computations distributed among participants, ensuring input data remains private throughout the computation process. - **ZK-Rollups** involves aggregating transactions and proving their validity in aggregate form without the need for participants to be aware of or involved in the computations of others' transactions. 3. **Blockchain Integration**: - **MPC** is a general cryptographic technique not inherently tied to blockchain technology but can be applied within blockchain contexts for privacy-preserving smart contracts or consensus mechanisms. - **ZK-Rollups** is specifically designed as a scalability solution for blockchains, enhancing performance and reducing costs by offloading transaction processing from the main chain.

Zero Knowledge Computation

So, what exactly is Zero Knowledge Computation? Basically, we are talking of a virtual machine that uses zero-knowledge proofs to ensure privacy and security. This virtual machine is called a zkVM. I already wrote an article about zkVMs and how they work, so if you want to learn more about them, you can check it out: What on Earth is ZK Computation?

Differences between Multi-Party Computation and zkVM

zkVMs can involve multiple parties. However, only one party (the prover) generates the proof, which can then be verified by other parties. This is in contrast to MPC, where multiple parties jointly compute a function. Here are some key differences between them:

 zkVMMPC
DefVirtual machine using zero-knowledge proofsProtocol for multiple parties to compute jointly
PrivacyEnsures privacy of input dataEnsures privacy of each party’s input
VerificationVerifiable by any partyNo external verifiability
Trust ModelRequires trust in the proverRequires trust that not all parties are malicious
ScalabilityHigh scalability with efficient proof verificationMore complex, higher communication overhead
Communication OverheadLowHigh
ApplicationsBlockchain scalability, confidential transactionsSecure voting, privacy-preserving data analysis
Key TechnologiesZk proofsSecure multiparty computation protocols

I like to clarify this cause I’ve had some confusion around it. zkVMs are not MPC protocols.

The Protocols

Once I got my mind around the foundational concepts of ZK comp, I explored some protocols, each bringing their strengths to the table. All of them address key aspects of performance, security, and scalability. From the high-level language support and state-of-the-art performance of Jolt to the space efficiency of NovaNet and the developer-friendly environment of Risc Zero, each protocol is designed to meet specific needs in the field :)

ProtocolKey FeaturesPerformanceStageUsesShort Report
Risc ZerozkVM for RISC-V, Focus on developer accessibilityEfficient proof generation, High compatibility with existing toolsActive, open-sourceGeneral-purpose verifiable computing, Privacy-preserving applicationsRisc Zero
JoltHigh-level language support (Rust, Go), State-of-the-art performance, Modular codebase2x faster than current SNARKs, 5x faster than RISC ZeroActive, open-sourceBlockchain scaling, Verifiable cloud computingJolt
SuccintVerifies Rust and LLVM-compiled programs, Customizable zkVM developmentUp to 30x faster for certain programsActive, open-sourceBlockchain scalability, Cross-chain bridges, Data availabilitySuccint
snarkVMVerifiable computing environment, Integrates well with blockchain frameworksAdvanced zk-SNARKs, Modular design with multiple componentsActive, open-sourcePrivate smart contracts, Decentralized applications, Cross-chain interoperabilitysnarkVM
NovaNetIntegrates Lasso for speed and Nova for space efficiency, WASM support, NIVC for optimizationEfficient parallel proving, Memory efficient with folding schemesIn developmentInfrastructure, DePIN, zkMLNovaNet
NexusHigh performance, Advanced lookup arguments, Sum-check protocol, Research focusedOptimized for speed and efficiencyActive, open-source / V1 liveGeneral-purpose zero-knowledge proof, High-performance computing, Privacy and security applicationsNexus
GevolutFocuses on privacy and security, Layer-1High performance through unikernels, Efficient proof distributionActive, open-sourceValidity rollups, Privacy rollups, zkVMs, ZK bridges, ZK miningGevolut

Conclusion

So, zkComputation is where things get interesting. It’s not just about privacy anymore—it’s about making sure computations are verifiable without anyone needing to see the details. With zkVMs and the protocols we’ve covered, we’re getting closer to scalable, private, and decentralized systems that don’t sacrifice security or speed.

Whether you’re working with blockchain, decentralized apps, or general verifiable computing, these technologies might change how we build stuff. The cool part? We’re just scratching the surface of what’s possible.

This post is licensed under CC BY 4.0 by the author.