What is zkEVM?
Progress made in cryptography has always been integral to blockchain tech. Zero-knowledge proofs emerged into cryptocurrencies almost ten years ago, improving the anonymity and scalability of distributed ledger technology.
Now, zero-knowledge technology has taken on the World Computer — the mighty EVM.
Ethereum scaling problems
Right now, Ethereum stands at around 30 TPS. To compare, blockchains like EOS can process up to 4000 transactions per second. Traditional payment processing systems like Visa have a throughput of 40,000 TPS. With transaction fees increasing on the Ethereum network, scaling solutions come to the rescue.
There are two types of scaling solutions for the Ethereum blockchain: on-chain and off-chain. On-chain scaling solutions like sharding are yet to be enrolled in the network, and given its complexity, most of the attention has been shifted to off-chain scaling.
Existing solutions
One of the reasons why layer-2 solutions have been successful is the absence of the necessity to apply changes to the existing Ethereum infrastructure. L2 solutions include optimistic rollups, zero-knowledge rollups, and state channels.
Optimistic rollups
Optimistic rollups abide by the L1 Ethereum rules and are controlled by smart contracts from the mainnet. All the computation is done on an off-chain Ethereum virtual machine, and the results, including all transaction parameters, are published to the mainnet.
Optimistic rollups assume that the data is valid by default. If a fraudulent transaction is published to the mainnet, a dispute process is started to verify fraud proofs from other network participants.
This solution has two obvious problems: a dispute process can take up a lot of time, affecting transaction finality, and since all of the data must be submitted to the mainnet, high gas costs are at play.
Zk-rollups
Zero-knowledge rollup (zk-rollup) is a layer-2 solution that takes computations and states from the blockchain into an off-chain network and publishes the results to the mainnet.
Compared to optimistic rollups, with ZK, only the last state change is published to the blockchain. The proof of zero-knowledge guarantees the validity of each transaction and removes the necessity to verify them on-chain, resolving delayed transaction finality and high gas costs.
Zk-rollups are widely used in various Ethereum scaling implementations, zkSync, Immutable X, and Aztec Network, to name a few.
zkEVM
Thanks to the research done in the past years towards zero-knowledge cryptography, it is now possible to implement a zkEVM. This Ethereum virtual machine executes smart contracts compatible with zero-knowledge-proof computation.
The architecture of zkEVM
Ethereum virtual machine wasn't designed with zero-knowledge-proof computation in mind. Here are the pillars that make it possible.
Execution environment
In order to support the use of innovative contracts in zkEVMs, the execution environment plays an important role. Therefore, the zkEVM implementation environment is similar to that of EVM, as it must have an established state and existing transactions to create a new one.
Proving circuit
This circuit produces zero-knowledge proofs in the zkEVM, which is essential to determine whether a transaction has validity within an execution environment. To create ZKPs, pre, and post-state information and transactions are used in the proof generation process. In conclusion, verifiable proof that the state transition in question is valid could be obtained from the prover.
Verifier contract
The verifier contract is an additional key feature of the zkEVM architecture. It is responsible for verifying the validity of the evidence provided by the zk-rollups. A verifier contract also requires input and output of the zk-rollup for transaction verification. Therefore, in addition to verifying the correctness of the computation of the outputs from the relevant inputs, the verifier shall perform the calculation of the proof.
What types of zkEVMs exist?
Currently, there are four types of zkEVM in existence.
Type 1: Fully Ethereum equivalent
ZkEVM type 1s are expected to be fully equivalent to Ethereum without changing their state or transaction tree, the hash code, and all other logic that is part of its consensus. As a result, type 1 zkEVMs are fully compatible with all Ethereum-native applications but require more prover time, as no unique reworking is done to make proof generation faster.
Type 2: Fully EVM equivalent
Type 2 zkEVMs have slight modifications that make developing and speeding up proof generation easier. Some applications may not be compatible with this type of deployment. However, slower proving times will still be experienced by type 2 zkEVMs.
Type 3: Not entirely EVM equivalent
Some EVM features, like precompiles, VM memory, stack, and how smart contract code is treated, are modified by type 3 zkEVMs for easier application development and proof generation. Most Ethereum applications can be used in this environment, but some may need to be changed.
Type 4: High-level language equivalent
Type 4 systems take code written in a high-level language such as Solidity or Vyper and compile that to a language that is designed to be friendly with zero-knowledge proofs, allowing much faster proof generation and lower costs.
Let's take a look at existing implementations of the described virtual machines.
Polygon zkEVM
Polygon's zkEVM is a zero-knowledge virtual machine that supports EVM compatibility. To verify correct program execution, "micro opcodes" compiled from EVM bytecode are executed on uVM, a virtual machine that uses SNARK and STARK proofs.
STARK (Scalable Transparent ARgument of Knowledge) proofs are faster to generate, but SNARK (Succinct Non-Interactive Argument of Knowledge) proofs are smaller and cheaper to verify on Ethereum.
Check out our in-depth guide to zero-knowledge systems to know more about STARK and SNARK proofs.
Scroll
The Scroll team has designed circuits with zero-knowledge for each opcode of the EVM, which makes it possible for developers to deploy Ethereum native smart contracts on Scroll without having to modify the underlying EVM bytecode. In addition, the "cryptographic accumulator" is used by Scroll zkEVM for checking storage accuracy.
zkSYNC 2.0 zkEVM
zkSync's zkEVM is a type 4 solution. It's an EVM-compatible zk-rollup developed by Matter Labs and powered by its own zkEVM. To achieve compatibility with Ethereum, smart contracts written on Solidity are compiled to Yul, an intermediate language capable of generating byte codes for multiple virtual machines. Then it is recompiled to a custom, circuit-compatible bytecode set specially designed for zkSync's zkEVM.
Conclusion
zkEVM is undoubtedly one of the most significant achievements that will lead Ethereum and crypto to an even wider audience. Although the race for the best zkEVM solution is just starting, it will be interesting to see how L2 solutions intertwine with fully native, L1 applications to scale the Ethereum mainnet.