zkEVMs – Everything you need to know.
Table of Contents:
We’ve come a long way from smart contracts to sidechains and rollups before reaching zkEVM technology as the potential solution to the blockchain scalability problem.
This problem has been at the core of most of the blockchain innovation we’ve seen in the past couple of years. Without sacrificing decentralization (a trade-off most L1 blockchains make to scale faster), the current state of blockchain technology simply cannot support applications that reach mass adoption. Because of this, scaling solutions remain at the center of most current blockchain discussions.
Blockchain scalability nightmares
As you can likely recall, Ethereum’s developers and users had crushing experiences on-chain during the DeFi Summer and crypto boom between 2020 and 2021. Gas fees soared to previously unimaginable heights, with network congestion becoming a frequent occurrence. Most importantly, these cycles of network congestion and soaring gas fees repeat with every hype cycle, from Crypto Kitties to ICOs, NFTs, DeFi yield farming.
Of course, with the risk of fees sky-rocketting after the release of every successful project (which in turn hurts its potential continued success), the incentive to develop and launch a product for a mass market suffers. From rollups to sidechains, various solutions have been built atop the Ethereum network to solve this issue.
Each of the solutions above promises to result in lower gas fees and higher network throughput. However, out of all them, rollups can be said to be one of the most promising solutions to scale Ethereum. Optimistic rollups like Arbitrum and Optimism are popular today because they successfully became scalable blockchain layers built atop Ethereum. Zero-knowledge (ZK) rollups, on the other hand, are fractionally less popular, but many see them as the holy grail of Ethereum scalability.
Let’s take a quick dive into ZK-rollups, as understanding them is vital to comprehending zero-knowledge EVMs.
What’s unique about ZK-rollups?
ZK-rollups are unique in that they execute transactions faster than their optimistic neighbors because they do not have to use the delay period mechanism that optimistic rollups adopted. Instead, ZK-rollups use Ethereum smart contracts to generate cryptographic proofs that verify that their transactions, usually in a batch, were genuine, valid, and completed in accordance with the base layer’s protocol
ZK-rollups also cost far less in terms of gas fees because they do not have to post all transaction data back to Ethereum, only their proof. Sometimes, a proof can prove other proofs, saving additional block space, which is advantageous to both developers and users. Yet, few ZK-rollups could do more than simple transactions (token transfers, atomic swaps, etc.). In the past, those that can support smart contract deployment usually required their developers to depart from the Ethereum framework, as existing ZK-rollups were not EVM (Ethereum Virtual Machine)-compatible, this meant they could not execute smart contracts.
All of this is changing now. In a short while, developers in the ZK-rollup ecosystem have made giant strides towards building ZK-rollups that are equally compatible with the EVM.
The EVM is a virtual component that is contained in every Ethereum node which takes in smart contracts (usually written in high-level languages like Solidity) and converts them into EVM bytecode. ZK-rollups with EVM-compatibility require a code execution environment that supports EVM bytecode, therefore enabling Ethereum developers to migrate their smart contracts from Ethereum to rollups without having to write code from scratch.
These specific types of rollups are called zkEVMs...
So, what is a zkEVM?
In full, zkEVM means “zero-knowledge Ethereum Virtual Machine”. They aim to replicate the Ethereum environment as a rollup, allowing developers to build on them like they would on Ethereum. They can also execute smart contracts in a manner that supports zero-knowledge technology.
A zkEVM is a zero-knowledge rollup with the goal of bringing the Ethereum experience fully to Layer-2 blockchains without losing the advantages of rollups. Thanks to this, developers would not need to change their code or abandon their EVM tools (and smart contracts) when writing or porting smart contracts to more scalable solutions that preserve the decentralization and security of L1s.
How does a zkEVM work?
Zero-knowledge EVMs are no different from ZK-rollups; they're only an upgrade to them.
They follow the general workings of zero-knowledge rollups. However, it is essential to note that several ideas surround the ideal structure of a zkEVM and its operations. The truest form of a zero-knowledge EVM would be fully Ethereum-equivalent, allowing no changes even if they could make proof generation any easier.
Zero-knowledge rollups take and complete transactions off-chain, in batches, and submit a cryptographic report that proves the correctness of these interactions to Ethereum. The zero-knowledge proof does not reveal the details of all the transactions in the batch, but only confirms that they are accurate enough to trigger a transition to the Ethereum state. After that, it provides validity proofs to a smart contract set up on the L1 chain. Once received and confirmed, it verifies the inputs.
To understand how zero-knowledge EVMs work, we must acknowledge that they are of different types, as shown by the projects currently in the works. Although they all share common goals, they differ in approach.
Vitalik Buterin, Ethereum's founder, attempted to group them into four types and a fifth. Here's his summary of the types of zkEVMs:
Type-1 zkEVMs: fully equivalent to Ethereum
zkEVM Type-1s are expected to be fully equivalent to Ethereum, with no changes made to their state or transaction trees, hash codes, or any other logic within their consensus. Type-1s will be fully compatible with all Ethereum-native applications but require more prover time, as no unique reworking is done to make proof generation faster.
Type-2 zkEVMs: EVM (not Ethereum) equivalence
Type-2 zkEVMs will lower the bar a little, aiming for EVM-equivalence instead of Ethereum-equivalence. Type-2s would look like Ethereum on the outside but with slight modifications on the inside to facilitate development and speed up proof generation.
In this kind of rollup, a few applications may be incompatible. However, type-2s will still suffer slower prover times. Type-2.5 zkEVMs could therefore improve prover time by increasing gas costs.
Type-3 zkEVMs: departing from EVM
Zero-knowledge EVM Type-3s would not be fully EVM-equivalent as this type prioritizes the ease of placing an EVM-like system within ZK-rollups. This involves specific changes to make building easier and improve proof generation. While this type could be compatible with most applications, some of them may require rewriting.
Type-4 zkEVMs: close cousins to the EVM
Type-4s would be equivalent to high-level languages only, not the EVM itself. Skipping the process of providing zero-knowledge proofs for each stage of EVM execution would therefore reduce costs and encourage decentralization, as well as improve proof-generation time.
However, this would make Type-4s less compatible with several applications. Contract addresses will most likely change when moving applications to the EVM, and it will be impossible to carry over several debugging infrastructures.
Notes on zkEVM categories
In the future, Ethereum will undergo changes that will make it more ZK-SNARK-friendly. These changes will likely upgrade any zkEVM that falls into either of these categories, which means that the categorization scheme here is not absolute. This, as Buterin points out, merely represents a system to reflect the practical difference of real-world products into an intuitive framework.
Top contenders for the zkEVM race
Mere months ago, many thought zkEVMs were years away from becoming functional, but several projects have begun to make considerable headway in their development. Recent social media announcements have added to the hype around the next big thing in crypto, and some of the top names in the space are in a symbolic race to be the first to launch this technology.
Here are some of the top contenders in the race:
Polygon zkEVM (Polygon Hermez)
In 2021, Polygon completed the $250 million purchase of the Hermez Network. The company launched its Ethereum Layer-2 ZK-rollup solution, Polygon Hermez, in mid-2022. Then, in July 2022, Polygon announced they were building a zkEVM, rebranding the Polygon Hermez project to Polygon zkEVM.
Polygon zkEVM is open-source, and adopted the Type-2 approach, aiming to be EVM-equivalent but falling short of Ethereum-equivalence. Polygon zkEVM's makeup will require developers to adapt code and EVM tools to the ZK-rollup. Polygon expects it to reach 2000 transactions per second and cut transaction costs by up to ninety percent, being far less expensive than the Ethereum Mainnet without compromising security or efficiency, making it a good choice for scaling decentralized applications (dApps) that demand large throughput. In Oct.10, Polygon launched its zkEVM Public Testnet.
zkSync
Created by Matter Labs, zkSync is a layer-2 scaling solution that adopts the Type-4 approach, supporting compatibility with Solidity and Vyper, Ethereum's coding languages. zkSync 1.0 is already live, having processed about four million transactions. zkSync’s new product, zkSync 2.0 is a EVM-compatible ZK rollup powered by a zkEVM, although it falls under EVM compatibility rather than EVM equivalence. In February 2023, zkSync 2.0 was renamed to zkSync Era while zkSync 1.0 was renamed to zkSync Lite.
Within the zkSync ecosystem, developers will be able to write Solidity smart contracts, which the protocol will transpile into Yul, and recompile the Yul bytecode to a custom bytecode set specially designed for zkSync’s EVM. As a Type-4, zkSync Era experienced quicker proving times but suffers from less application compatibility than its competitors. zkSync Era is currently live on the Ethereum Testnet.
StarkNET
While most zkEVM projects use ZK-SNARKs, Starkware's StarkNET adopts ZK-STARKs, which are more secure than ZK-SNARKs in theory but require more gas, take longer to verify, and occupy more block space. StarkNET has already launched its Alpha version, although it remains limited.
StarkNET, like zkSync Era, follows the Type-4 approach, which categorizes it as compatible with Solidity or high-level languages. The rollup uses Nethermind's Warp, a transpiler that translates Solidity to Cairo, StarkNET's programming language, to support smart contract deployment. The drawbacks of Type-4s will limit StarkNET.
Scroll
In collaboration with the Privacy and Scaling Explorations group, which is part of the Ethereum Foundation, Scroll is building a zkEVM solution that angles towards the Type-2 class, like Polygon zkEVM. The project is in its pre-alpha stage and is inviting developers and testers to battle-test the network.
Scroll's architecture is similar to that of Polygon zkEVM, but it has a high composability capability, making it less performance-wise compared to zkSync Era Polygon zkEVM, and StarkNET. Scroll aims to build the first genuinely EVM-equivalent zkEVM and prioritize security and transparency.
The Privacy and Scaling Explorations group is also building and doing extensive research into the zero-knowledge EVM concept. Their solution leans towards that Type-1 class, although there are no concrete announcements yet.
Consensys zkEVM
Developed by ConsenSys R&D and run by ConsenSys, the ConsenSys zkEVM network is a new Type-2 zkEVM. The rollup is the culmination of many years of development and offers full Ethereum Virtual Machine (EVM) compatibility, allowing developers to deploy and maintain applications using well-known tools like MetaMask, Truffle, and Infura as if they were using Ethereum directly.
Consensys already begun testing their zkEVM private beta internally, and onboarding of external users has begun since January 2023.
The race to build the first zkEVM: Polygon vs. Scroll vs. zkSync
Polygon, Scroll, and zkSync recently separately declared that they were building the world's first truly EVM-equivalent zkEVM. The separate declarations have been interpreted as a race, a healthy competitive environment for true innovation to thrive.
An uproar greeted the announcements on Twitter. However, it is essential to note that these Ethereum Layer-2 solutions are different from one another, although none is exactly superior. Here's how they compare to one another, with respect to their core technology, benefits, and limitations:
The present state of the zkEVM ecosystem and timelines
While developers and stakeholders inclined toward privacy and scalability may buzz due to the latest zkEVM announcements, most projects are still far from launching finished products.
StarkNET is the only zkEVM that has launched its Alpha, while Polygon only has a Testnet open. Scroll's private Testnet is open, with a public Testnet in the works. zkSync Era is live on the Ethereum Testnet, but nothing concrete may happen till Q4 2022 and all through 2023.
Q3 and Q4 2022 should see some progress from Scroll and StarkNET. In 2023, we expect public alpha launches from most zkEVM projects. However, going live is not the only challenge.
True Ethereum-equivalence is still a long way off, as even genuine EVM-equivalence is yet to be achieved. Changes in Ethereum will help zkEVMs cover more ground, and gradual improvements will follow after most projects launch.
Conclusion
Zero-knowledge EVMs are a welcome development in the crypto space, solving the Ethereum scalability problem like regular ZK-rollups while supporting smart contract deployment and application compatibility.
As projects like Scroll, Polygon, and zkSync race towards launching their zkEVM products, we expect widespread adoption and increased relevance as they soothe a sore pain point in the blockchain world. It’s also worth noting that zkEVMs are still a work in progress and that the pace of innovation in Web3 makes it practically impossible to predict the future.
We might stumble upon more use-cases of zkEVMs and zk proofs in the coming years beyond scalability and privacy, but we should also not discard the solution to blockchain scalability originating from a completely unexpected place.
About Panther
Panther is a decentralized protocol that enables interoperable privacy in DeFi using zero-knowledge proofs.
Users can mint fully-collateralized, composable tokens called zAssets, which can be used to execute private, trusted DeFi transactions across multiple blockchains.
Panther helps investors protect their personal financial data and trading strategies, and provides financial institutions with a clear path to compliantly participate in DeFi.
Stay connected: Telegram | Twitter | LinkedIn | Website