You are reading an excerpt from our free but shortened abridged report! While still packed with incredible research and data, for just $20/month you can upgrade to our FULL library of 50+ reports (including this one) and complete industry-leading analysis on the top crypto assets.
Becoming a Premium member means enjoying all the perks of a Basic membership PLUS:
- Full-length CORE Reports: More technical, in-depth research, actionable insights, and potential market alpha for serious crypto users
- Early access to future CORE ratings: Being early is sometimes just as important as being right!
- Premium Member CORE+ Reports: Coverage on the top issues pertaining to crypto users like bridge security, layer two solutions, DeFi plays, and more
- CORE report Audio playback: Don’t want to read? No problem! Listen on the go.
Polygon Overview
Polygon's use case serves as a hub for scaling Ethereum network transactions. Polygon Technology, referred to as Polygon, focuses on building various platforms for blockchain infrastructure to support Ethereum, specifically as the overall crypto industry grows. Polygon houses seven different teams building out crypto scalability products.
At a high level, Polygon competes in the scalable blockchain-as-a-service industry. Alongside competitors such as Starkware, Arbitrum, Loopring, and Matter Labs, these projects develop methods to improve the scalability of blockchains by increasing network throughput and decreasing transaction fees.
Polygon consists of a flagship proof-of-stake (PoS) sidechain called Matic POS. However, Polygon also consists of a framework known as the Polygon SDK that allows developers to build and connect L2 scaling solutions such as Optimistic Rollups, zk-rollups, and the latest announcement, its zkEVM Hermez rollup.
Polygon was founded in 2018 by Mihailo Bjelic, experimenting with Plasma rollups, and Jaynti Kanani, Sandeep Nailwal, and Anurag Arjun, who were working on plasma rollups and the Matic Network sidechain.
In February 2021, Matic was rebranded to Polygon to scale Ethereum via an L2 aggregation framework using ZK (zero-knowledge) technologies. The team continues to host Matic Network's proof-of-stake Ethereum sidechain that uses the Plasma framework, but in general, they consider this existing sidechain an "out-of-favor L2 solution." They shipped the sidechain as an early solution for the pressing need to scale Ethereum, which made the network unusable for most.
Polygon's development team, Polygon Labs, is actively developing other ZK (zero-knowledge) scaling technologies such as zk-rollups, sidechains, and other blockchain architectures, as well as acquiring and incubating such technologies using its treasury. In 2021, Polygon made several aggressive growth acquisitions in the rollup/scalability industry, including Polygon Hermez, Miden, Zero, Nightfall, Avail, and Edge. As long as Polygon can draw more projects to its platform and expand its corporate development with more partnerships, Polygon will remain a formidable industry participant.
Modular blockchain stack. Source: 100y_eth/Twitter
PoS Sidechain
Polygon Technology built its Polygon PoS blockchain (and its native token: MATIC) to become Ethereum's internet of blockchains. Since Polygon is a separate sidechain, it must be secured by a separate PoS consensus mechanism whereby validators stake MATIC tokens to secure the network. However, users stake MATIC in smart contracts on the Ethereum Mainnet.
Polygon connects to Ethereum through a bridge using a lock-and-mint mechanism. Users deposit funds into the bridge, which locks them into a smart contract on the Ethereum chain and mints the equivalent amount of tokens on the Polygon chain.
Polygon also maintains a secure relationship with the Ethereum Mainnet. It does this with periodic checkpoints by posting state changes to Ethereum, leading the Polygon team to characterize it as a "commit chain." This functionality differs from a sidechain, which only involves a two-way bridge enabling users to use their bridged tokens on the sidechain ecosystem. In a sidechain, however, the tokens depend on the sidechain's consensus mechanism.
L2 vs. Rollup
Sidechains and rollups are designed to increase transactional throughput for the L1 by offloading some of the transaction burdens. However, the primary difference between these two is that sidechains must create their own security, while rollups inherit security from the L1. This distinction is huge as security is far harder/more costly to achieve than simple TPS scalability.
Rollups are relatively new L2 solutions on Ethereum that enable exponential scalability gains while providing nearly identical security guarantees as the Ethereum Mainnet. Their primary innovation is moving computation off-chain while storing only the bare minimum of transaction data on-chain with no added trust assumptions. Rollups execute transactions in a new off-chain environment, bundle and deliver them with the changed state and transaction data to Ethereum. The executed changed state is then uploaded to layer 1 and confirmed in a verification contract using either validity or fraud-proof techniques.
Scaling solutions ecosystem. Source: Coin98 Analytics
However, to do so, the Ethereum Mainnet needs a way to verify that the transactions that happen off-chain are valid. So, how does Ethereum determine that submitted data from a rollup is valid and not submitted by a bad actor?
The answer is cryptographic proofs, like validity proofs for zk-rollups (ZKR) and fraud proofs for Optimistic rollups (OR). Each rollup deploys a set of smart contracts on L1 Ethereum that are responsible for processing deposits/withdrawals and verifying the submitted proofs. The main value proposition of rollups is that they minimize the data footprint on L1 while still preserving the ability to check for fraud.
In the case of Optimistic rollups, no computation occurs. ORs "optimistically" assume all state changes are valid and post the off-chain transactions to Ethereum's layer 1 as calldata. Potentially fraudulent transactions are subject to a challenge/dispute period for ~one week after posting to L1. During this time, any third party can publish a fraud proof to verify the validity of the transactions across L1 and L2. If challenged transactions are deemed invalid, the invalid transactions and all affected transactions will be reverted. Arbitrum, Optimism, Boba and Fuel are examples of Optimistic rollups.
Zero-knowledge rollups (ZKRs) batch together thousands of off-chain transactions, perform the computation and then post the batch to the Mainnet as a "validity proof." The validity proof is a cryptographic proof (called a SNARK, STARK, or Plonky2 in the case of Polygon) that has already computed the state of the L2 and is sent to the Mainnet for storage, containing much less data than the calldata used in Optimistic rollups. The "batch" that's rolled up is periodically posted to the Ethereum Mainnet and contains the net outcomes of many different transactions as they occurred on the rollup layer. The rollup operator verifies and updates this data every time the L2 advances its state. Therefore, L2 execution and L1 data update in lockstep. Starkware, zkSync and Polygon Hermez are a few examples of ZKRs.
Layer-2 scalability solution. Source: Polygon Hermez
ZK-Rollups
Remember, rollups as a whole batch together large amounts of off-chain transactions, compress them into a single block, and submit the data and a proof to the Ethereum L1. Because ZKRs don't assume all transactions are valid, validity proofs must be sent with every batch to prove the validity of transactions cryptographically. While more technically cumbersome, this means transactions are final once the settlement layer validates them.
ZK-rollups can also scale much greater than ORs. In general, a zk-proof is a cryptographic proof that allows someone to publicly verify that they possess specific, correct information without revealing the inputs or the information. As a result, zero-knowledge cryptographic proofs reduce the computing and storage resources for validating the block by reducing the amount of data held in a transaction since zero knowledge of the entire data is needed).
ZKRs separate the transaction execution from the consensus and data availability layer. To submit the transactions onto the consensus layer, ZKRs cryptographically prove every batch of executions on the rollup and only send the proof to the L1. Optimistic rollups require a witness for each transaction, whereas zk-rollups bundle transactions into a fixed-size proof. Therefore, optimistic rollups scale linearly with the number of transactions, whereas zk-rollups scale poly-logarithmically.
To describe the process in detail:
- A highly-compressed batch of transactions is combined with the current state root
- The combination is sent to an off-chain prover
- The prover computes the transactions, generating a validity proof of the results
- The prover sends this validity proof to an on-chain verifier (Ethereum nodes)
- The verifier confirms the validity proof
- The smart contract on Ethereum's L1 that maintains the state of the rollup is updated to the new state
ZK-rollups vs. plasma. Source: EatTheBlocks
Validity proofs are mathematically complex and data-heavy, making them longer to compute than their Optimistic equivalents. Due to the intensive computations required to generate cryptographic proofs, sequencers require high-end hardware, making participation impossible for average users. However, while validity proofs are complex and expensive (relative to Optimistic fraud proofs), verification by the L1 is simple, making them—even still—cheaper than a regular L1 transaction.
Moreover, most zk-rollups are often incompatible with EVM due to their inherent complexity, making them a challenge to work with and designing general-purpose apps to be built atop them. This complexity has led many teams, including Polygon, to work towards a zkEVM.
zkEVM in General
A zkEVM enables every smart contract, or piece of code, to be easily deployed and executed on Ethereum's base layer with minimal code changes. Polygon's zkEVM is a zero-knowledge implementation that is fully compatible with the Ethereum Virtual Machine. A zkEVM enables crypto developers to leverage the scalability of ZK technology while accessing Ethereum's complete security and capabilities.
"Developers are able to do a copy-paste from the original Ethereum smart contract in layer 1 and move it to the L2 Polygon zkEVM rollup," says Antoni Martin, Polygon's Enterprise Lead. "It's as easy as that."
This is because Polygon's zkEVM implements bytecode-level zkEVM.
zkEVM levels
Creating a zk-enabled EVM that is entirely compatible with Ethereum's EVM offers the best of both worlds: orders of magnitude more scalability with all of the network effects and users that come with Ethereum's EVM dapp ecosystem. However, there are degrees to which a zkVM can be compatible with the EVM. This equivalency is similar to EVM-compatible and EVM-equivalence in the Optimistic rollup space.
The math and proof system behind ZKRs are not easily compatible with Ethereum's EVM code/construction. ZKRs require arithmetic circuits to demonstrate the correctness of a ZK computation, and circuits are complex. ZKR developers are required to write low-level code to create them. Moreover, proof creation time is not scalable and can be costly.
zkEVM difficulty and development scale. Source LuozhuZhang/Twitter
Polygon zkEVM
The Polygon team recently announced that three internal teams, Hermez, Zero and Miden, worked together to create the zkEVM and open-sourced the code. It leverages Plonky2 zk-tech for a fast user experience. Plonk is a zk-circuit innovation based on prior cryptography (Sonic) with an updateable trusted setup, meaning it only needs to be done once as opposed to previous technologies.
Plonky2 is another proving system, originally developed by the Mir team that was later bought by Polygon, that aims to combine the benefits of both SNARKS and STARKs. Plonky 2 is an implementation of recursive SNARK that uses the combination of PLONK and FRI for getting fast proofs with no trusted setup. It also supports the recursion approach, making the process less resource-intensive.
How does the recursion approach work in ZK proofs?
"Recursion" simply refers to the use of a single proof to prove a collection of different proofs. Recursion is a crucial aspect of utilizing ZKPs for blockchain scaling since it allows us to combine a large number of transaction proofs into a single proof, thus decreasing the cost of transaction validation.
Suppose there’s a batch of 1,000 valid transactions. To generate a single proof for 1,000 transactions would be resource-intensive and time-consuming. In a recursive approach, 1,000 machines can be used parallelly to generate 1,000 proofs, one machine for each transaction. These proofs can then be recursively aggregated, with each one verifying two transaction proofs. This process will be repeated again and again until there’s just a single proof.
Plonky 2 is so much more efficient that it takes just 170 milliseconds on a Macbook Pro to create a proof. It’s 100 times faster than other alternatives. It allows us to have fast proofs that are big (meaning it costs a lot to verify on Ethereum), or you can have slower proofs, and it will be inexpensive to verify on Ethereum. Both of these options provide flexibility, and any option can be used according to the application’s requirements.
The cost to verify a Plonky 2-size optimized proof on Ethereum is 1 million gas. If EIP-4488 is implemented, the cost to verify a Plonky 2-size optimized proof on Ethereum can drop to 170k - 200k Gwei.
It is important to note that there are four different types of zkEVMs as they relate to Ethereum compatibility. They vary depending on their implementations, compatibility, and performance metrics, as there are tradeoffs with different design choices.
The Different Levels Of zkEVMs, by Vitalik Buterin
Polygon’s zkEVM is similar to that of Scroll as both are considered, as of Q1 2023, to be EVM equivalent. This means that both Polygon zkEVM and Scroll are not fully compatible with Ethereum but the EVM. Strides have been made to improve this compatibility, hence the “upgrade” from Hermez v1 to zkEVM on the part of Polygon. Polygon zkEVM is a Type 3 zkeEVM as it makes some sacrifices in terms of compatibility to better optimize performance. Thus, Polygon zkEVM is far easier to build, has faster prover times, quick finality, but less compatibility to Ethereum main. Some applications wishing to move to Polygon zkEVM will require additional work in rewriting some code to make it compatible, though this is stated to be at least minimized in Polygon zkEVM compared to Hermez v1.
In many respects, Type 3 zkEVMs are considered to be more transitional than permanent with the expectation being that the zkEVM will eventually build out to be a Type 4 or fully compatible with Ethereum. For now, most Solidity code is compatible with Polygon zkEVM as is, therefore most of the additional overhead for developers remains limited.
Today, Polygon zkEVM allowing for a smooth migration of existing EVM-compatible mainnet applications to L2 gives far greater access to ZK technology than previously available for Ethereum ecosystem developers. Developers migrating to Polygon L2 via Polygon zkEVM are able to utilize the same programming language, smart contracts, and tools when building on Polygon. This has been a major challenge in terms of system improvements, migrations, integrations, and interoperability as previously developers had to re-launch existing applications utilizing entirely new languages and smart contracts. This made launching applications on different networks inefficient and costly. Polygon zkEVM solves these issues.
The zkEVM will also give thousands of Solidity developers EVM equivalence and uphold all the security guarantees of the Ethereum L1. The team hopes to launch a closed testnet in ~2 weeks and a public one in the following months.
Polygon Hermez layer-2 scaling security scale. Source: 0xDinoEggs/Twitter
