You are reading an excerpt from our free but shortened abridged report! While still packed with incredible research and data, for just $20/month you can upgrade to our FULL library of 50+ reports (including this one) and complete industry-leading analysis on the top crypto assets.
Becoming a Premium member means enjoying all the perks of a Basic membership PLUS:
- Full-length CORE Reports: More technical, in-depth research, actionable insights, and potential market alpha for serious crypto users
- Early access to future CORE ratings: Being early is sometimes just as important as being right!
- Premium Member CORE+ Reports: Coverage on the top issues pertaining to crypto users like bridge security, layer two solutions, DeFi plays, and more
CORE report Audio playback: Don’t want to read? No problem! Listen on the go.
What is zkEVM?
Well, let’s just take it from the beginning. The “zk” refers to zero knowledge and “EVM” refers to the Ethereum Virtual Machine. Breaking those down further:
Zero-knowledge (ZK) Cryptography
In cryptography (and cryptocurrencies), zero-knowledge is a cryptographic method of transaction verification in which a prover develops a proof for specific information, and a verifier validates the proof. A zero-knowledge proof (ZKP) allows someone to publicly verify that they possess specific information without revealing the specifics or details of that information. As a result, zero-knowledge cryptographic proofs provide phenomenal privacy features as well as reduce the computing and storage resources for validating a block by reducing the amount of data held in a transaction (since zero knowledge of the entire data is needed).
The "witness" is the knowledge shared (the data) between a prover and a verifier. The prover must prove that they know the witness accurately, and the verifier must be able to assess whether the proponent has knowledge of the witness.
Shafi Goldwasser, Silvio Micali, and Charles Rackoff invented ZKPs in 1985. Since then, ZKPs have been one of the most actively researched topics in cryptography, thanks to the privacy benefits they offer. Moreover, they have recently had a substantial impact on real-world applications, particularly concerning blockchain technology and cryptocurrencies. ZCash, a pioneering privacy-focused blockchain project, uses ZKPs to create financial transaction anonymity. Specifically, ZCash uses an optimized form of ZKPs known as zkSNARKs, along with shielded transactions that obfuscate transaction details across its public blockchain network, providing anonymity and fungibility.
There are different types/implementations of ZKPs, with some of the most popular being zkSNARK, zk STARK, and PLONK. They each have differences “under the hood” involving the math and polynomial commitment schemes used.
Looking specifically at zkSNARKs, we can break down the name/acronym further to get a better understanding of what is actually happening.
- Zk: “zero knowledge,” used for protecting user’s privacy
- S: “succinct” proofs, referring to data compression, which can be verified in only a few milliseconds. This means that, rather than the Ethereum mainnet validating nodes needing to verify every transaction individually, validators will just verify a small proof to ensure the validity of the transactions. Typically, proofs have a set number of group elements (consider transactions), although the actual proof size is significantly smaller.
- N: Non-Interactive signifies that the prover just needs to send a single message to the verifier instead of exchanging messages back and forth. Non-interactivity is necessary because the prover may generate a single proof that can be verified by anyone, anywhere, without ever requiring information sharing with the prover
- ARK: generate off-chain trusted proofs
ZKPs can be used for various purposes: a) anonymous payment service, b) allowing access to services without revealing personal data, c) proving statements on personal data, and d) enabling trustless computing services.
While ZKPs are used in zero-knowledge rollups like zkSync, Starknet, Loopring, and others, these rollups are predominantly using the technology for the succinct proofs (the S in SNARK) and the scalability gains that come with it. So, despite being called zero-knowledge rollups, these projects aren’t actually even utilizing the zk portion of the tech. Therefore, oftentimes, they are referred to as “validity” rollups. While not technically accurate, we use the term interchangeably in this piece.
The EVM
In the context of Ethereum, a virtual machine is a software-based computing environment (consisting of Ethereum clients) that replicates the capabilities of a single computer but can be globally accessed. Any entity participating in the Ethereum network must run the EVM to compute state transitions. If all nodes run the same EVM (same rules), all nodes are aware of global state changes.
The EVM keeps state using a data structure known as a "Merkle Patricia tree." Merkle Trees are generated through multiple rounds of hashing. The initial data begins at the bottom (of the image) and is combined with the other data and hashed together to create the parent hash on the rung above. These hashes are pooled (of the same size) and hashed again until a single (root) node remains. A Merkle tree's aim is to enable Merkle proofs, which prove a piece of data exists in the underlying dataset without requiring the broadcasting of the complete dataset.
Merkle trees can store all key-value pairs for all Ethereum addresses. The keys relate to both public and smart contract addresses, and their respective values describe their current state.
Why zkEVM?
The goal of creating a zkEVM is to onboard developers and users as quickly and as easily as possible while maintaining compatibility with existing Ethereum tooling, standards, contracts and dApps. zkEVMs are a significant advancement in the field of blockchain because they allow for ZK rollups to support a much broader range of applications than they currently can. The initial implementation of ZK rollups enabled basic operations on highly scalable and cost-efficient Layer 2s, such as sending ETH and transferring tokens. However, with the introduction of zkEVMs, developers can now write arbitrarily complex smart contract code and deploy it to ZK-powered Layer 2s.
Zk roll-ups are also cost-effective by efficiently combining transaction data on Ethereum by omitting transactions and publishing only the final states, reducing the data requirements and costs for posting data on-chain, making it a cost-efficient solution for decentralized applications such as decentralized exchanges and NFT marketplaces.
zkEVMs also offer fast finality and capital efficiency, providing instant finality in transactions after being written on Ethereum, making it an effective solution for NFT traders and DeFi investors who constantly move assets between Ethereum Layers 1 and 2.
However, creating a zkEVM requires converting EVM programs into a specific format called an "algebraic circuit" so that the computations can be proven with zero-knowledge (ZK) proofs.
There are three ways to achieve this:
- proving the EVM execution trace directly
- creating a custom virtual machine (VM) and mapping EVM opcodes into the custom VM's opcodes
- creating a custom VM and transpiling Solidity into the custom VM's bytecode.
Each approach has trade-offs between high compatibility (easy to redeploy from Layer 1) and high performance (quick to generate ZK proofs). Generally speaking, the higher the compatibility with Layer 1, the lower the performance, and vice versa. For example, with the first option, mirroring the EVM directly (high compatibility) introduces massive overhead, resulting in very slow ZKP generation (less performant).
It's important to note that zkEVM has its own advantages and disadvantages. Its advantage includes faster prover time. However, its disadvantage is more incompatibility with EVM compared to already-live Optimist rollup solutions like Arbitrum and Optimism.
