Zero-Knowledge Landscape

Overview of companies tackling the Zero-knowledge space and the various ZK projects under them. Also a summary on the difference in the technological stack.

Current ZK companies (and their products)

• Starkware ( L2 )

  • StarkNet

    • General purpose network

    • StarkNet(Alpha2) is now composable between deployed smart contracts.

  • StarkEx 

    • Standalone, customizable (Starkware Saas Solution)

• Matterlabs ( L2 )

  • zkSync 2.0

    • zkEVM - EVM compatible ZK rollup on ethereum’s testnet

      • zkRollup with on-chain availability

      • zkPorter (validium) with off-chain data availability

      • zkEVM Composable between both, but zkPorter 100x cheaper.

• Polygon ( L2 )

  • Polygon Zero

    • zkEVM power by Plonky2 (fastest recursive proof of 170ms)

    • Offer both rollup and validium modes.

  • Hermez 2.0

    • fast finality of off-chain transaction computations.

    • Starks for proof generation, and Snarks prove the correctness of the stark proof

    • zkEVM - Smart contract on top of zk-rollup

  • Miden 

    • a STARK-based, zk-Rollup with support for arbitrary smart contracts

  • Nightfall

    • Not a ZkRollup ( An Optimistic rollup (fraud proof) that use ZK to enable private transaction)

• Mina ( L1 )

  • Mina Protocol - lightweight L1 blockchain, Private data

    • zk-SNARK

    • Not EVM compatible

    • hide senders, receivers, or amounts using ZKPs (Opt-in)

    • use ZKPs to compress the blockchain data

• Aleo (L1)

  • hide senders, receivers, or amounts using ZKPs(By Default)

• Aztec (L2)

  • Aztec(zk-ZKR)

    • Using ZK not just for proof, but also privacy transactions/payments

    • Working on fully private smart contract

• Scroll (L2)

  • Scroll Tech

    •  a fully EVM-compatible zk-Rollup

The different types of ZK technology stack.

To better understand the differentiation point between all the different ZK projects, a short breakdown on the different stacks of technology under ZK.

1) SNARK vs STARK

Differences:

• SNARKs require a trusted setup phase vs STARKs use publicly verifiable randomness to create trustlessly verifiable computation systems.

• ZK-SNARKs is based on elliptic curves and are vulnerable to attacks from quantum computers. ZK-STARKs utilize collision-resistant hash functions and random oracle models and are currently quantum-resistant.

Note: That said, while there is a difference between Snarks/Starks, the advancement of technology have also pushed the boundary where the difference are getting blurred. An example would be Polygon Zero recent development of “Plonky2”, which uses recursive SNARK 100x faster than existing alternatives. It combines PLONK(SNARKS) and FRI(STARKS) such that it can do fast proofs, with no trusted setup.

2) ZK Rollups vs Validiums vs Volition vs Adamantium

The difference between Rollups / Validium is categorized based on the Data Availability (DA) Layer

• In ZK-Rollup mode, data is published on-chain (settle on the same settlement & DA layer). 

• In Validium mode, data is stored off-chain, and maintained by the DA Committee (DAC). Data is stored off-chain and only the validity proofs are published on-chain.
  (zkSync equivalent is called zkPorter)

• Volition is a hybrid data availability mode(ZK-rollup + Validium), where the user can choose whether to place data on-chain or off-chain. For some transactions, both the data and the validity proofs remain on-chain while for the remaining ones, only proofs go on-chain.

• Adamantium is the “upgraded” version of Validium, in which it retains the scaling benefits of off-chain availability, yet without needing to trust DAC. Even when users are not online, funds cannot be stolen nor frozen, and automatically withdrawn back from L2 back to L1 (onchain).

Characteristic & Tradeoffs

1. Rollups:

   1. Data on-chain and decentralized, easy to tracking/transparency. However the cost is higher than doing it offchain(Validium).

2. Validium:

   1. Data Offchain reduces cost, and with higher privacy (data not exposed). However, not as decentralized, and users will have to trust the validators/commitee members

   2. Users are required to trust DAC members

3. Volition:

   1. Hybrid between Rollups & Validium, user decides to pay more gas for decentralisation, or saving cost.

4. Adamantium:

   1. No longer restricted to trusting DAC member, and can opt to trust any Power User (PU) to serve as watchtower).

   2. During offline, protective withdrawal activated, Operator have to pay for call data, however gas expense does not scale with number of transaction. (Operator may charge PU for this event)

An Example of how zkSync difference between their Rollups and their zkPorter:

ZKsync’s Activity: Dune Dashboard

Note: While zkSync’s zkPorter is rather similar to Starkware’s Validium, zkSync community seems more decentralized as it is made up of “Guardian” incentivized by ZkSync’s Token, rather than an appointed centralized group of DAC by Starkware.

3) Different types of zkEVM 

While many different companies such as StarkWare, MatterLabs, Polygon, and Scroll are tackling zkEVM. There is also a difference in the different kinds of zkEVM.

@luozhuzhang did a good thread of it here. And some learning points are as follows:

There are different kinds of zkEVM, and they can be categorized according to the interpretation of EVM at which level.

1. The first level being “Language level”, where EVM-friendly language (e.g Solidity) is transpiled into a ZK-friendly language such as “Cairo” (from Starkware) and “Zinc” (From Matterlabs), which then run on their own Virtual Machine(VM).
   
   The advantage of this method would be that the new VM would not have to work under the constraints of EVM. However, the disadvantage is that developers will have to learn zkVM’s own languages and not directly inherit the L1’s ecology.
   
   Another nuance which was pointed out by @dcfpascal_ is that there is also a small difference in how zksync and Starknet approach in creating the dev envrioment. zksync tries its best to mimic L1 dev environment and abstract away zinc whereas starknet views solidity transpiling via warp as a supplement to its existing cairo dev environment.
   

   

2. The second level is Bytecode-level, currently tackled by Polygon’s Hermez and Scroll, and is able to achieve full compatibility at EVM opcode level. L1 apps and dev tools can be easily migrated into L2 without additional modifications
   

3. Lastly consensus-level, where it does not only achieve compatibility in language and bytecode, but also at the consensus level, where synchronization node doesn’t need to verify each proofs, and only needs to verify the last proof to access the network.

Rough valuations

1. Starkware: Latest: Raised 100 million at $8 Billion valuation,
   
   Previous rounds:

1. Matterlabs: Series B, Raised 50M at $2 Billion Valuation.
   

   

2. Polygon: Currently trading at $0.46 , Max Supply of 10 Billion, therefore Fully Diluted Valuation (FDV) at $4.6 Billion
   

3. MINA: Mina Initial total supply was 1 Billion, however, there is inflation. Taking into consideration after 5 years of inflation, it would be 1.5B, and with a current price of $0.61 that would be a FDV of $915 Million ( If based on 1Billion token, $610 Million)
   

4. Aleo: Raised 200M in series B at a valuation of $1.45 Billion , with investors such as A16z, Softbank Vision Fund 2, Kora Management and Tiger Global, Sea Capital, Samsung Next.

1. Aztec Network: Raised 17.2M in series A at Unknown Valuation. Lead by Paradigm, and investors included A.Capital Ventures, Ethereal Ventures, Libertus Capital, Variant Fund, Scalar Capital, IOSG and others

1. Scroll: Raised 30M in a Series A at Unknown Valuation. Lead by Polychain Capital with Bain Capital Crypto, Robot Ventures, Geometry DAO and others