Author: Joseph Bonneau, DAOSquare
Editor’s Note: Field Notes is a series where we report firsthand from important industries, research, and other activities. In this issue, Joseph Bonneau, a research partner at a16z crypto and an assistant professor at New York University, attended the 11th zkSummit held in Athens on Wednesday, April 10th, and documented his notes. The event, hosted by the Zero Knowledge podcast, had approximately 500 attendees and featured four presentations throughout the day. The following is a summary of Bonneau’s report, covering the latest developments in zero-knowledge hardware, SNARK performance, and auction network design, including mentions of Jolt, a new approach to SNARK design by the a16z crypto research and engineering team that is twice as fast as the current state-of-the-art technology, with more improvements on the horizon.
ZK Hardware
Support for hardware acceleration of proof generation has long been a goal of the community. The first two talks on the main stage provided an overview of the current developments in this area.
Justin Drake, a researcher at the Ethereum Foundation, gave an overview of ZK hardware, including a taxonomy of companies in this field. The list includes companies that use general-purpose hardware (such as Ulvetanna), companies that manufacture custom hardware (including Accseal, Cysic, and Fabric), and companies that run decentralized proof networks (such as Aleo). He predicted that the “endgame” of zkVM, such as Jolt enhanced with Binius (a hardware-optimized SNARK verification system), and other upcoming optimizations and dedicated hardware, could achieve a 1000-fold improvement in computational costs and potentially impact the final, battle-tested version of Ethereum. He also mentioned that the Ethereum Foundation will announce a competition with a $20 million prize to formally verify provers and verifiers.
Jim Posen, co-founder of Ulvetanna, discussed Binius and the general concept of designing proof systems and hardware simultaneously. Binius uses binary tower fields and sumcheck protocols, and Jolt is also based on this protocol. One interesting conclusion drawn from early tests of Binius is that the performance of the Groestl hash function (runner-up to SHA-3) is significantly better than Keccak (the official SHA-3 standard), suggesting that using Groestl may be more advantageous in certain applications.
Decentralized Prover Networks
Many in the field envision a future where large-scale proof generation, such as the correctness of a batch of transactions in Rollup, is accomplished through a competitive and decentralized market of specialized provers.
Uma Roy, co-founder of Succinct, discussed the upcoming Prover Network by Succinct. She presented various potential mechanism designs for decentralized prover networks and predicted that designs based on competition (winner-takes-all) or mining (winner-takes-all with modulo randomness) would not yield desirable results. She stated that the design goals should prioritize minimal cost, maximum latency, and censorship resistance. She predicted that issuance/staking models might work, but auction models are most likely to succeed, eventually resembling today’s block construction. She mentioned that Succinct is building a general auction network to support multiple zkVM proofs, not just Succinct’s own SP1, such as Jolt/Lasso.
Wenhao Wang, a PhD student at Yale University, discussed a new paper on the economics of prover networks, which was published on the morning of the talk. The paper was co-authored by Wenhao, Ben Fisch (Espresso Systems), and Ben Livshits (Matter Labs). Wenhao mentioned that bilateral auctions are vulnerable to collusion between provers and bidders, and they introduced an alternative mechanism called Proo-phi, which introduces new matching and proof mechanisms. Proo-phi requires setting capacity parameters, which seems to be a key open design question.
Daniel Kales, co-founder and CTO of TACEO, discussed proof markets that support multiparty computation (MPC), particularly using MPC to maintain privacy between small clients with confidential witnesses and untrusted large provers. He talked about how we choose combinations of proof systems to perform linear operations (such as the Fast Fourier Transform algorithm) that are relatively cheap in MPC and can minimize costs.
ZK Credentials
Three separate sessions discussed efforts to build zero-knowledge credentials from existing identity systems, each relying on a different existing identity system.
Aayush Gupta and Sora Suegami, co-founders of ZK Email, discussed proof of email address ownership using Zero-Knowledge. These rely on proving knowledge of DKIM signatures for emails sent to a particular address, which are widely deployed by major email providers (though primarily as an anti-spam measure). Many applications can benefit from Zero-Knowledge proofs of users controlling email addresses, including sending money to email addresses and anonymous reporting.
Alin Tomescu, a research scientist at Aptos Labs, discussed Aptos Keyless, which interacts with traditional web2 identities using OpenID Connect. OpenID Connect is a technology that supports “log in with Facebook, Google, etc.” for third-party websites. Aptos Keyless interacts with existing OpenID providers and proves that users control a given address, enabling applications such as sending money to Google or Facebook accounts.
Michael Elliot and Derya Karli, of zkPassport, discussed building anonymous credentials from existing e-passports. For example, users can prove that they hold a US passport and are over 25 years old without revealing their passport number or exact age.