Exploring the Potential of Zero-Knowledge Rollups (ZKR) for Improved Cross-chain Efficiency on the IC

apotheosis · January 20, 2023, 12:21am

ZKP are used because they are succinct. They are also commonly used because they demonstrate a summary record was created following the ‘correct’ method.

We would be batching calls into a summary and a ZKP which would be submitted to an L1 (ETH) using tECDSA. 1000 transactions being signed separately would be less efficient than batching them into one (plus cheaper because 1000 different instances of gas fees)

Moreover, a ZKR would be generally useful for many apps types as anyone could join the batch.
Plus we could have a two-way gate into and out of the ZKR.

apotheosis · January 20, 2023, 12:29am

I understand what this is now!

You are allowing people to use their hardware to create proofs and sell that compute power in your marketplace.

This can be used to connect a chain like Mina to ETH. You would keep the root state of Mina in an ETH contract making a MinaETH bridge.

On the IC we can sign directly to L1 chains using tECDSA and the setup would be a bit different.

Maxfinity · January 20, 2023, 1:37am

Sure, but you don’t necessarily need a ZK proof to do this, you could just use tECDSA to sign a single hash commit that summarises the 1000 updates, which has the same effect as a ZK proof when read by a solidity smart contract. But I’m all for all types of code being implemented, the tECDSA would probably be easier to implement for a first attempt and probably cheaper to verify on Ethereum main-net.

apotheosis · January 20, 2023, 2:55am

There is some nuance here and various pros and cons.

hokosugi · July 30, 2023, 9:13pm

Is there any update?
If phase 2 of Ethereum integration as well as sequencing for Optimism and zkRU comes next year, we should be able to deploy our own Layer2 on top of ICP, retaining the distributed sequencing and DA layer. If that happens, the degree of decentralization will be higher than other Layer2s.

apotheosis · July 31, 2023, 1:30am

This could work right now. The ETH integration would just make it a bit more seamless.

The ZK-L2 on IC would have a contract with a merkle tree.
This contract could sign to ETH using t-ecdsa. But rather than doing one signature for each transaction, it would sign for an aggregated SNARK proof.

The SNARK proofs could be bundled for many transactions into one proof. (sequencer).
Balances would be represented in ETH as a merkle tree. Only valid and verified proofs would trigger the ETH smart contract balance changes.

The sequencer would run on the IC and arguably be the first fully decentralized sequencer.

I am deep in the weeds building the world’s most portable and efficient zkVM (for zkML, zkWasm). Probably need to hire a few Rust devs… to help out

If anyone has the bandwidth for ZKR experimentation on the IC, please reach out! I can provide info on proving schemes, etc to speed up the process a bit.