zk-SNARKs: The Development Journey from Theory to Application

1. The Historical Context of zk-SNARKs

The modern theoretical foundation of the zero-knowledge proof system originates from an important paper proposed in 1985 and published in 1989. This paper explores the amount of knowledge that needs to be exchanged to prove the correctness of a statement through multiple rounds of interaction in an interactive proof system. If the proof can be completed without revealing any additional information, it is called a zero-knowledge proof.

Early zk-SNARKs systems had shortcomings in efficiency and practicality, mainly remaining at the theoretical level. In the past decade, with the rise of cryptography in the cryptocurrency field, zk-SNARKs has gradually become an important research direction. Among them, developing a general, non-interactive zk-SNARKs protocol with limited proof size is a key goal.

A major breakthrough in zero-knowledge proofs came from Groth's paper published in 2010, laying the theoretical foundation for zk-SNARKs. In 2015, Zcash applied zero-knowledge proofs to transaction privacy protection, opening up broader application scenarios.

Since then, a series of important academic achievements have emerged continuously:

• The Pinocchio protocol from 2013 compressed proof and verification time.
• The Groth16 scheme from 2016 streamlined the proof size and improved verification efficiency.
• The Bulletproofs algorithm proposed in 2017 implemented short non-interactive zk-SNARKs.
• The zk-STARKs protocol proposed in 2018 does not require a trusted setup.

Other important advancements include PLONK, Halo2, among others, which have made further improvements to zk-SNARKs.

2. Typical Applications of zk-SNARKs

The two most widely used application areas of zk-SNARKs are privacy protection and scalability.

In terms of privacy protection, early representative projects such as Zcash and Monero emerged. However, due to the demand for privacy transactions not meeting expectations, these projects gradually fell into the background.

In terms of scalability, as Ethereum shifts towards a rollup-centric approach, zk-SNARKs-based scalability solutions have re-emerged as a focal point.

privacy transactions

Representative projects of privacy transactions include:

• Zcash: uses zk-SNARKs
• Monero: Uses Bulletproofs
• Tornado Cash: A mixing pool based on Ethereum, using zk-SNARKs

The transaction process of Zcash includes steps such as system setup, key generation, minting, transaction, verification, and receiving. However, Zcash still has some limitations, such as being based on the UTXO model and difficulties in scaling applications.

Tornado Cash adopts a single large mixing pool design, based on the Ethereum network, which offers better generality.

scaling

zk-SNARKs can be used for Layer 1 network scaling ( like Mina ), and can also be used for Layer 2 scaling (, namely zk-rollup ). The core idea of zk-rollup is to aggregate a large number of transactions and generate zk-SNARKs, and then verify and update the state on the main chain.

The advantages of zk-rollup include low fees, fast finality, and privacy protection, but it also faces challenges such as high computational load and security.

The main zk-rollup projects currently include:

• StarkNet(Starkware)
• zkSync(Matter Labs)
• Aztec Connect
• Polygon Hermez and Miden
• Loopring
• Scroll

These projects are mainly divided into two camps on the technical roadmap: SNARK and STARK, as well as whether they support EVM compatibility. EVM compatibility is an important technical challenge and competitive focus.

3. Basic Principles of zk-SNARKs

zk-SNARKs is one of the most widely used zero-knowledge proof schemes today. Its full name is "Zero-Knowledge Succinct Non-Interactive Argument of Knowledge."

The proof process of zk-SNARKs mainly includes the following steps:

1. Transform the problem into a circuit
2. Convert the circuit into R1CS form
3. Convert R1CS to QAP form
4. Generate random parameters for trusted setup
5. Generate and verify zk-SNARKs

This process ensures the integrity, reliability, and zk-SNARKs of the proof.