Table of Contents:
It is no secret that the crypto space has witnessed tremendous growth in the past few years. DeFi protocols, NFT collections, ZK-rollup projects and everything in between have made a debut since the ICO era.
Meanwhile, the widespread adoption of cryptocurrencies has yielded massive upwards price action and a greater pace of innovations. At the same time, higher transaction volumes on networks like Ethereum have unearthed several issues. Prevalent among these challenges is scalability, which impacts the blockchain's performance directly. Transactions in the most popular, decentralized, and secure smart contract network now cost more and take longer to complete.
Because of these, Layer-2 blockchains and rollups were appointed to solve Ethereum's scalability problems. Among them, zero-knowledge rollups are one of the two prominent Layer-2 scalability solutions, the other being optimistic rollups. Built on Ethereum, zero-knowledge rollups like zkSync and Loopring changed the crypto space by lowering the entry barrier to the network and helping decentralized applications scale faster and offer better privacy.
In this guide, we will explore the concept of zero-knowledge rollups and learn how they work. We’ll also point out the benefits and drawbacks they bring to the table, how they compare to optimistic rollups and discover some of the leading ZK-rollup projects in the blockchain space today.
What are ZK-rollups?
A rollup is a Layer-2 scaling solution built on top of a “classic” Layer-1 smart contract blockchain network like Ethereum. They solve the dilemma of high gas fees and low throughput, thereby empowering users to pay less gas fees and blockchains to execute transactions quicker. These Layer-2 solutions tackle scalability and transaction cost challenges in different ways, with the zero-knowledge approach being one of the most effective.
A zero knowledge rollup (ZK-rollup) is a Layer-2 scaling solution that processes transactions, performs computations, and stores data off-chain while holding assets in an on-chain smart contract. Naturally, traditional Layer-1 blockchain solutions like Ethereum validate blocks and transactions on-chain. ZK-rollups take these same activities off-chain and relay a summary of the validated activities to the blockchain. Doing this updates the state of the Layer-1 blockchain while storing only a fraction of the total data, increasing throughput on L1s such as the Ethereum mainnet.
Much like a rolled paper, zero-knowledge rollups combine several transactions into a single transaction to execute them off-chain. Then, instead of relaying the individual information of all transactions in the batch to the blockchain, a validity proof is submitted. Once this is done, the Rollup contract on the mainchain verifies it. This proof represents a receipt that confirms that the transactions are authentic and therefore can be accounted for both in the rollup and the main chain.
How does a ZK-rollup work?
Structure of ZK-Rollups
To understand how zero-knowledge rollups (ZK-rollups) work, at least when it comes to the most popular ZK-rollup projects, we must consider how they are structured, using Ethereum as a base settlement layer.
The typical ZK-rollup is built on top of Ethereum, held fast by two on-chain smart contracts: the “main” contract and a verifier contract. These contracts act like anchors and are responsible for several functions. The main contract stores rollup blocks, monitors the blockchain's state and tracks fund deposits/withdrawals. The verifier contract, on the other hand, authenticates the zero-knowledge proofs submitted to the Ethereum mainnet.
An off-chain virtual machine occupies the second layer of a typical ZK-rollup. As mentioned earlier, ZK-rollups complete transactions in an off-chain environment that does not depend on Ethereum. The off-chain environment is called an off-chain virtual machine, which serves as Layer-2 and is the primary factor that improves scalability and throughput. ZK-rollups process batches of transactions using this off-chain virtual machine and post a validity proof on-chain to validate their activities.
These types of rollups operate as hybrids, working off-chain but leaning on Ethereum for several things. Firstly, they derive their security from Ethereum since the network enforces the correctness of every update on the ZK-rollup's state and confirms that the data that explains these updates is available. Also, they publish compressed transaction data to Ethereum, while the network operates as a settlement layer for the ZK-rollup and helps resist censorship.
A typical ZK-rollup also has a Layer-2 operator contract, and a supernode, in charge of transaction execution, batching, and Layer-1 submissions. Some of them use a single operator, while others rotate their role among a set of proof-of-stake validators.
Internal mechanisms of ZK-rollups
ZK-rollups follow a three-pronged setup that involves transactions, state commitments, and zero-knowledge validity proofs:
- ZK-rollup users approve transactions and submit them to the Layer-2 operator. This operator is responsible for Layer-2 block production and every activity from transaction validation to publishing compressed data on-chain.
- Two Merkle trees represent the ZK-rollup's accounts and balances. After every batch of transactions, the rollup's accounts and balances transition to a new state. This new state is represented by Merkle roots, which are then submitted to the Layer-1 blockchain.
- When the operator submits a new state root to Ethereum, the blockchain's state can only change when the operator proves that the root represents valid updates to the rollup's state. Through a zero-knowledge validity proof, the operator proves that the batched transactions are correct. Most ZK-rollups and ZK-rollup projects use ZK-SNARKs or ZK-STARKs. Also, one validity proof can prove other validity proofs, saving more storage space.
Optimistic rollups vs. ZK-rollups: the differences
Although both types work with the goals of moving computation off-chain while keeping data on-chain in mind, ZK-rollups and optimistic rollups differ in a range of aspects in their modes of operation. The key difference between them is that optimistic rollups rely on fraud proofs, while zk-rollups rely on zero-knowledge proofs to verify changes to the main chain (a state transition).
Optimistic rollups can be described as an “honor system” in which the smart contract on the Layer-1 chain doesn’t check state transitions until a fraud proof’ is posted. In optimistic rollups, when a validator posts a new state root, the smart contract on Layer-1 simply takes the validator’s word at face value and accepts the state transition. Hence, the term “optmistic”. Other operators or users must watch everything that occurs in the L1 rollup contract, and perform every single transaction. If an inaccurate state root is posted, other operators or users will be able to refer to the invalid transaction and reverse the incorrect block, cutting malicious operators.
Optimistic rollups provide significantly higher scalability than their zero-knowledge counterparts. Since they do not require computation work to execute transactions on-chain, optimistic rollups can improve scalability far more than ZK-rollups, which do computation work before updating state changes.
However, when it comes to withdrawing funds from rollups to the Layer-1 chain, optimistic rollups seriously lag behind their zero-knowledge counterparts. This is because the withdrawal of funds is subject to a delay to allow anyone to challenge an exit transaction with a fraud-proof.
While ZK-rollups provide cryptographic proofs to validate transactions on-chain, optimistic rollups do not do any computation work and submit transactions on the assumption that they are true. However, optimistic rollups insert a timeframe that allows anyone to challenge the correctness of the data updated by the sequencer.
On the other hand, for ZK-rollups there are no delays or need for a challenge period when withdrawing funds to Ethereum. This is because every state transition is immediately verified with validity proofs.
Smart contract capabilities
Before 2021, optimistic rollups were the only ones capable of executing smart contracts among all rollup solutions. ZK-rollups could only process simple token transfers and atomic swaps. Since 2021, developers have found a way to implement smart contracts for them.
Optimistic rollups do not perform any extra computation work off-chain. Thus, they require lesser transaction costs than their ZK counterparts, which cost more due to the creation of validity proofs.
Optimistic rollups can only provide privacy solutions available on base layer blockchain networks since optimistic transactions post all transaction data on-chain.
On the flip side, zero-knowledge rollups have some measure of privacy in their makeup. This happens primarily because transaction data is not posted on the base layer individually but only as validity proof.
Benefits & drawbacks of ZK-rollup projects
Although ZK-rollups have brought much-needed scalability and transaction cost improvements to Layer-1 blockchain networks like Ethereum, there are certain aspects in which they fall short. Here are a few benefits and shortcomings of zero-knowledge rollups:
Benefits of ZK-rollup projects
- ZK-rollups employ trustless cryptographic setups to ensure their security. Compared to the reliance of optimistic rollups on honest validators and sequencers, trustless crypto mechanisms are a safer bet.
- The use of validity proofs to authenticate off-chain transactions and prevent operators from making incorrect changes to Ethereum's state.
- They update the state of their host Layer-1 blockchains by storing compressed transaction data on-chain, thus ensuring security, decentralization, and resistance to censorship.
- Transaction finality periods elapse faster with ZK-rollups, as they only need the blockchain to verify validity proofs submitted by the sequencers.
- Withdrawal delays are minimal, and there is greater capital efficiency for users.
- Due to excellent data compression techniques, the cost of publishing data on-chain is reduced, which results in lower fees for users.
- Some sidechains and scaling solutions usually require users to validate the blockchain to protect their assets. ZK-rollups do not require such efforts as they do not depend on liveness assumptions.
Drawbacks of ZK-rollup projects
- ZK-rollups use zero-knowledge-proof systems as an essential part of their frameworks. Some ZK-proof systems usually require trusted setups. If a trusted setup is mishandled, it could compromise security significantly.
- Some ZK-rollups use a single operator, a supernode, as its sequencer. This centralized structure can directly influence transaction order and sometimes trigger censorship.
- Zero-knowledge validity proofs are products of computational work, which requires specialized hardware to complete. The resulting high entry barrier limits the position of sequencers to a select few, which puts the chain at risk of centralization.
- As expensive hardware requirements reduce the number of participants that can lucratively participate in the chain, the rollup is at risk of attacks from malicious operators and censorship.
- Computation and validity proof verification costs are high and can increase fees for users.
- Smart contracts were not supported until recently because the cost of building zero-knowledge rollups compatible with the Ethereum Virtual Machine is high. Also, zero-knowledge technology is complex, making it more challenging to build zkEVM solutions.
Most popular ZK-rollup projects
Since the DeFi rush of 2020, ZK-rollup projects have sprung up in response to the scalability challenges Ethereum has faced. Several of these projects have become popular in the crypto space for their unique solutions and side offerings.
Here are some of the top examples in the crypto ecosystem today.
zkSync is a leading ZK Layer-2 blockchain solution built on Ethereum. The protocol utilizes ZK-rollups technology to scale Ethereum while ensuring security and privacy. zkSync has an upgraded version in the works, which promises to achieve speeds of up to 100,000 transactions per second by combining zero-knowledge rollups with Ethereum sharding.
Several dApps are already active on zkSync, such as Curve, ZigZag, and Taker Protocol. zkSync 2.0 is a ZK rollup with EVM compatibility, powered by a zkEVM, and it supports smart contract capabilities through Solidity and its (zkSync) native programming language, Zinc.
Polygon zkEVM (previously Polygon Hermez), is a decentralized ZK-rollup with EVM compatibility that scales payments and token transfers on Ethereum. The solution aims to decrease transaction costs and support community projects. To achieve the latter, Polygon zkEVM adopts a Proof-of-Donation mechanism.
Aztec is a privacy-by-default smart ZK-rollup solution on Ethereum. The network prides itself as the first of its kind and is built on PLONK, a ZK-SNARK technology used by popular names like Dusk, Zcash, and Mina.
Aztec reduces Ethereum transaction costs by 100x and has a widely-used private transfer protocol, known as zk.money, and a bridge with Ethereum, known as Ethereum Connect.
StarkNET is a permissionless Ethereum Layer-2 blockchain protocol that stands out as a zero-knowledge rollup solution claiming to have 100x cheaper transaction fees on Ethereum. StarkNET, as its name implies, relies on ZK-STARKs – regarded as the most scalable and safest zero-knowledge-proof system.
StarkNET will support smart contracts and have a native token, which users will use to participate in the network's consensus mechanism, governance, and settle transaction fees.
Closing thoughts on ZK-rollup projects and the future of these solutions
ZK-rollups are here to stay. Even after Ethereum's upgrade, they will continue to help drive scalability and reduce transaction costs on the network while adding additional perks, such as privacy by default in some cases. This is by design, as the Ethereum network highly depends on these alternatives to continue growing towards its goals.
Although they have their fair share of drawbacks, such as the possibility for censorship and centralization, they also offer better security than other rollup solutions, as they leverage Ethereum's security model. It’s also worth pointing out that these challenges are by no means permanent and that several ZK-rollup projects are already working to address them.
As the crypto space continues to grow, ZK-rollups will play a vital role in securing the continuity of several decentralized applications and use cases. As such, it’s not too unlikely that they will quickly move from relatively niche knowledge to a centerpiece of everyday crypto lingo.
Panther is a decentralized protocol that enables interoperable privacy in DeFi using zero-knowledge proofs.
Users can mint fully-collateralized, composable tokens called zAssets, which can be used to execute private, trusted DeFi transactions across multiple blockchains.
Panther helps investors protect their personal financial data and trading strategies, and provides financial institutions with a clear path to compliantly participate in DeFi.