Zero-Knowledge Mining
ZKP (Zero-Knowledge)
The definition of ZKP is very broad. According to “Why and How zk-SNARK Works”, there is a verifier who wants to convince a verifier that some statement is true, and the ZKP protocol must meet three specifications:
- Completeness – if the statement is true, then a proof can convince a validator
- Robustness – a cheating proofer cannot persuade a validator of a false statement
- Zero knowledge – interaction only reveals whether a statement is true and nothing else
A ZKP protocol
For example, Alice wants to convince Bob that she knows Carol’s phone number. She called Carol. Then Carol’s phone rings, showing that Alice is calling. In this way, Alice proves her knowledge of the phone number to Bob without revealing what the number is. It is also a ZKP protocol. When we talk about ZKP in the context of blockchain, it usually refers to a specific branch of algorithm within the definition. These algorithms are in most cases called zkSNARKs (Non-Knowledge Concise Non-Interactive Information Argument) and have the following features.
1. Non-interactive proof process: The proof process only needs the prover to send a proof to the verifier.
2: Conclusive proof: Evidence has a small size and verifiers can verify it quickly.
3. Programmable expression: The algorithm can convert any expression into a QAP (Quadratic Arithmetic Program) for proof.
For detailed ZKP algorithms used in blockchains, you can refer to “awesome zero-knowledge proofs”. Their developments follow such a trend: computational speed increases, confidence in the “trusted setup” decreases, and the size of evidence decreases. Some algorithms and their related projects are listed below.
- Pinocchio (ZCash Sprout version): The earliest entry of ZKP into the blockchain.
- Groth16 (ZCash Sapling version, Filecoin): Faster than Pinocchio.
- ZK–STARK’s (StarkWare): no reliable installation.
- PLONK (zkSync), Marlin (Aleo): universal trusted install
- Halo 2 (ZCash NU5 version): no trusted install, recursive
ZKP, block chain has properties. First, compared to other proof systems such as Merkle proof and signatures, ZKP can prove any statement by introducing variety to on-chain logic. Second, its proof is concise and costs less gas when verified on-chain. The earliest use of ZKP emphasizes the zero-knowledge feature, for example, ZCash proves transaction validity without revealing any transaction information. Later, ZKP experienced a bottleneck period. People think that blockchain privacy is sorely not needed and ZKP is not user friendly as it takes a long time to calculate.
Recently, ZKP has regained people’s attention for its use in blockchain scalability. ZKP scales the computing and storage capacities of the blockchain by proving the validity of a large piece of data. Some proven data and related projects:
- L2 transactions: zk-Rollup projects like zkSync, StarkWare
- L1 transactions: Mina
- Off-chain data: Filecoin
Discussions about ZKP are very active these days. Paradigm analyzes hardware acceleration of ZKP and considers FPGA to be better than GPU and ASIC. a16z summarizes an overview of ZKP. The presentations at the “Zero Knowledge Summit Amsterdam” provide many thoughts and new ideas about ZKP.
Mining
This year, Ethereum will switch from PoW to PoS, thus shrinking the blockchain mining market significantly. Although storage mining has emerged in recent years, including Filecoin, Chia, and Arweave, it still cannot fill the market gap caused by the exit of Ethereum.
On the other hand, ZKP has some early applications in blockchain mining. There is a marketplace in Mina where ZKP employees can submit their proofs to earn tokens. In Filecoin, miners need to generate ZKP for each data sector stored off-chain, thereby gaining storage power.
We can see that traditional hash mining is surrounded by discussions about energy waste, pointless computation. This is why the blockchain space is trying to find a meaningful mining method. The features of ZKP (arbitrary proof proof, complex proof but simple validation) provide more possibilities to the blockchain mining market.
Opportunities
This year we are focusing on some ZKP mining projects.
Filecoin
Filecoin leverages ZKP to prove off-chain data through algorithms called Proof of Replication and Proof of Spacetime. We think Filecoin mining will continue to be popular this year for three reasons:
- Due to its economic model, industry pledge has dropped from 0.25 to 0.16 FIL last year.
- FIL’s price has dropped significantly, further reducing the cost of mining.
- FVM smart contracts roadmap brings a positive signal to the project.
Aleo
Aleo is the first in which the miner’s computational power is determined by how many proofs it can compute per unit of time. ZKP Proof” starts the mining mode. The mining algorithm is called PoSW (Proof of Succinct Work) and can be briefly explained as follows:
pseudo_random(zk_prove(nonce)) < target_difficulty
zk_prove() is the current block containing the “operations” whose input is nonce. “To create a proof. target_difficulty is set based on the computing power of the entire network. You can see that PoSW and PoW are mostly the same, the only difference is that PoW calculates hashes while PoSW calculates ZKPs.
Aleo also developed the first “custom smart contracts” Leo. While there are other ZKP-based smart contracts such as zkSync’s zkEVM, StarkWare’s Cairo, and Mina’s zkApps, none of them support privacy.
Decentralized ZK-Rollups
Existing designs of ZK-Rollups are centralized: only certain operators can send transaction groups and proofs of validity to L1. Vitalik offers several proposals to decentralize the operator, such as sequencer auction, random selection from PoS set and DPoS voting. Both zkSync and StarkNet have clear roadmaps for decentralized ZK-Aggregations. There’s also some cutting-edge research like Polygon Hermes, StarkNet, PoVP, and taikocha.in.
Decentralized ZK-Rollups introduces a new mining mode: miners can submit generated proofs and thus earn rewards. It looks like the ZKP market in Mina. But the marketplace isn’t the best solution, because some evidence will go to waste just because no one buys it. We need a parallel computing architecture for ZKP to gather power from all miners.
Challenges
The first challenge of ZKP mining is acceleration, which is detailed in Paradigm’s article. Paradigm assumes FPGA is better than GPU and ASIC for hardware acceleration, but we have some different opinions. We believe that GPU will continue to be the main hardware for ZKP computation in the near future due to:
- ZKP algorithms will change frequently in the future, and GPU is the most programmer friendly hardware.
- Miners have a large number of GPUs specifically for Ethereum mining. When Ethereum finally moves to PoS, these GPUs will be available for ZKP mining.
The second challenge is the parallel computation of ZKP on distributed hardware. Currently, there are three types of solutions:
- If each proof requires only a bit of computation, such as Aleo, the traditional mining pool is suitable for assigning computing tasks to distributed hardware.
- Sometimes we can separate a single proof into multiple proofs such as zkSync and Filecoin. In this case, the separated evidence can be calculated in parallel and then aggregated into a single piece of evidence.
- DIZK is an architecture that can distribute a single proof.
About Us
6block focuses on “Unicorn” projects in the blockchain space, providing mining solutions including software, hardware, explorers and wallets.
- Filecoin: We are one of the best miners in Filecoin. We offer mining services to large investors and tools such as FilFox and FoxWallet to the public.
- Aleo: 2nd place in Incentive Testnet 2. We offer the mining pool zk.work and explorer aleo.info to the public.
- Decentralized ZK-Rollups: We propose a solution PoVP to the Ethereum community and plan to support zkSync and StarkNet in FoxWallet.