secondary title

Many people like to use the "impossible triangle" model to discuss the design problems faced by a system. The blockchain is no exception. You must have heard the impossible triangle or trilemma about security, decentralization, and efficiency.

In this very popular saying, "efficient" is actually what we often call "performance", also called "scalability" or Scalability. It can be considered that Ethereum and Bitcoin are more focused on the two points of "security" and "decentralization" in design, so it is inevitable that they are not very "efficient".

Especially Ethereum, as the blockchain platform with the most developers and applications, more and more people are trying to develop fun and useful applications on it, but the performance support that the platform can provide is extremely limited, so everyone has long been at high Shout "Ethereum needs to expand"! ! !

secondary title

In fact, the method of surpassing is actually not difficult. It only needs to sacrifice the other two points in the impossible triangle.

But most people may still feel that "security" and "decentralization" cannot be given up, and they choose to stay in Ethereum. This has led to the "Ethereum Killers" being deserted and desolate and miserable, and no one cares about them. There are no cars on the roads that can fly airplanes, and there is no room for performance "advantages" to show.

secondary title

Ethereum is currently very limited in performance. For ordinary blockchain users, the handling fee and transaction confirmation time largely determine the user experience. However, the current experience of using Ethereum fluctuates greatly. For example, when the entire network is idle, it is like the high speed during the recent epidemic, and when it is congested, it is like a tourist attraction during the National Day Golden Week.

From the perspective of performance parameter TPS, the processing speed of international credit card Visa transactions is at least 2000 transactions per second, while that of Ethereum does not exceed 30 transactions per second. This value can only be said to be better than the 7 transactions per second of the big brother Bitcoin.

Also, the cost of causing congestion on the Ethereum network is very low.

secondary title

The embarrassing performance status of Ethereum has made its core development team and community have been exploring various expansion solutions. So everyone often hears a series of fancy terms: Sharding, payment channel, state channel, Plasma, Truebit, ZK-Rollup, Optimistic Rollup, etc., as well as a concept Layer-2.

secondary title

In the direction of expansion, we don’t need to pay too much attention to the “non-disclosure” feature of zero-knowledge proof technology, which is often related to privacy protection. We focus on its “proof” ability.

In short, on-chain resources or bandwidth are limited, and we need to migrate a large number of calculations to off-chain, so technology is needed to "prove" that these calculations actually happened off-chain.

More background knowledge and technical details about zero-knowledge proofs will not be introduced here. You are welcome to pay attention to the series of articles of our Ambi Lab, such as "First understanding of "zero knowledge" and "proof"". It may be a bit brain-burning to really understand zero-knowledge proofs, but it is really interesting. If you are interested, you may wish to try it.

secondary title

Let’s review the first question at the beginning. When we talk about the performance of the blockchain, we still hope that the two foundations of the blockchain — “security” and “decentralization” — will be affected as little as possible. If there is an expansion plan that can do this, it is really very commendable.

ZK-Rollup, a two-layer expansion solution based on zero-knowledge proof, can really solve the blockchain performance problem without sacrificing the two points of "security" and "decentralization"!

Students who are not familiar with it may ask: What exactly is ZK-Rollup, a representative solution for zero-knowledge proof expansion?

First of all, we'd better understand what Rollup is.

Rollup, as the name suggests, means "roll up" and "summarize", and can be considered as a general term for a large class of Layer-2 expansion solutions.

Rollup specifically refers to performing complex calculations and state maintenance off the chain, and then calling the data related to state changes through contracts, using cheaper CALLDATA to save data on the chain, and "rolling up/summarizing" a large number of transactions into packages. A transaction will eventually increase TPS on the premise of ensuring "data availability".

The common feature of the Rollup scheme is the emphasis on "data availability" on the chain, that is, anyone can restore the global state based on the data stored on the chain, thereby eliminating the security risks caused by data availability issues.

This feature makes the Rollup scheme (data onchain) more concise and easier to implement than data offchain schemes such as Plasma.

The concept of Layer-2 is actually very good, because the design idea of ​​this kind of scheme is that the bottom layer of Ethereum hardly needs any changes, and the bottom layer still processes transactions as usual, so it will not affect the security of the bottom layer, allowing various Massive transactions are processed on the second layer, thereby reducing the pressure on the underlying chain.

Plasma is the most popular second-layer expansion concept of Ethereum in the past two years. The entire community has spent a lot of energy discussing and implementing it. A series of solutions have evolved during the process, such as Plasma MVP, Plasma Cash, Plasma Debit, Plasma Prime.. ....

There are many intermediate solutions in the Plasma family, all of which are theoretically feasible, but they have not been able to be implemented for a long time. The core reason for this is that the various solutions of Plasma do not guarantee "data availability", which makes the protocol more complicated, difficult to implement, and very impractical.

The ZK-Rollup scheme originated in the second half of 2018, and was proposed by Barry Whitehat and Vitalik successively.

The key lies in ZK (Zero Knowledge). Every state change needs to provide a zero-knowledge proof, which is verified by the contract on the main chain. Only when the verification is passed can the state be changed. That is, each state transition is strictly dependent on cryptographic proofs.

The ZK-Rollup scheme utilizes zkSNARK, the most popular zero-knowledge proof technology at present, to ensure the correctness of data while compressing the amount of computation on the chain.

A Merkle Tree is used to store the account state, and the contract only saves the Merkle Root. Operator (operator) collects user transactions, packs these transactions in batches, and generates zkSNARK certificates, which will specifically prove the legitimacy of transactions (such as verifying signatures) and the Merkle Root in the preceding and following states.

The Operator submits the Merkle Root together with each transaction data and zkSNARK proof to the contract, and the new state is written only after the contract is verified.

Since the calculation process of all transactions does not need to be executed in the contract, there is no need to write a large amount of state to the contract storage, and the zkSNARK proof size (small) and verification time (very fast) are constant and do not follow the increase in the number of transactions, so ZK-Rollup can Greatly improve transaction TPS.

The on-chain performance limit of ZK-Rollup depends only on the cost of CALLDATA to store data. With the upgrade of Ethereum Istanbul, the cost of CALLDATA is reduced to 1/4 of the original, and the performance of ZK-Rollup is improved by 4 times, and the TPS can reach nearly 2000!

TLDR, the principle of ZK-Rollup can actually be explained in one sentence: complex calculations and proof generation are performed off-chain, and proof verification and key state maintenance are performed on-chain.

Rollup is mentioned above, and some students may ask: What is the core difference between ZK-Rollup and other Rollup solutions?

Indeed, there are many other Rollup schemes. For example, Optimistic Rollup is one of the more popular ones. The core difference between it and ZK-Rollup lies in how to ensure the correctness of state changes.

The Optimistic Rollup scheme was formed in the second half of 2019 and was first proposed by John Adler. Later, the Plasma Group mainly borrowed from Plasma, ZK-Rollup, shadow chain and other schemes to further improve and expand.

The biggest difference from ZK-Rollup is that each state transition does not need to be strictly verified, and it is optimistic to assume that each transition is correct, which is the origin of the word Optimistic. Then you can challenge a certain transformation within a certain time limit. If the challenge is successful, it proves that there is a problem with the previous submission, and the submitter will be punished and the state will be rolled back. It can be considered that Optimistic Rollup ultimately relies on economic incentives and games to constrain the correct transition of the state.

The difference between the two schemes can also be compared from the perspective of the proof model: ZK-Rollup is a Validity Proof (correctness proof), and only the state that provides the "correctness proof" will be written into the main chain contract; and Optimistic Rollup is Fraud Proof (fraud proof), users need to provide "fraud proof" for exceptions during the challenge period, and are responsible for reporting incorrect status.

Students who follow Ethereum must be familiar with Plasma.

secondary title

At present, several teams have developed a new generation of products based on the ZK-Rollup solution. There is no doubt that ZK-Rollup is currently the fastest and most promising second-tier expansion solution, and it is the best among many expansion solutions.

For example, the Loopring team has taken the lead in launching a decentralized exchange (DEX) based on ZK-Rollup. It does not require users to mortgage assets, but its performance is comparable to that of a centralized exchange (CEX). It is no longer restricted by the performance of the underlying chain. Order transactions TPS has reached an amazing 2025!

In addition, Matter Labs released ZK Sync, a trustless expansion and privacy solution.

The bottom layer of ZK Sync also relies on ZK-Rollup, aiming to improve transaction performance while ensuring security. The product route is to first focus on improving the performance and ease of use of simple transfers, then realize the expansion of general smart contracts, and finally add privacy protection. The current goal of capacity expansion is also close to being achieved. As for privacy protection, it still relies on zero-knowledge proof technology.

ZK Sync also includes a new SNARK scheme Redshift and a zero-knowledge proof contract programming framework Zinc, both of which may be the key to its future realization of general privacy smart contracts.

secondary title

All this stems from the rapid development of zero-knowledge proof technology in recent years, and the Ethereum team made technical preparations for all this at the underlying chain level about four or five years ago, providing the necessary cryptographic computing support.

Zero-knowledge proof technology has really brought Ethereum expansion from theory to practice. I believe there will be more new breakthroughs in this direction in the future.

The Ethereum community is likely to further explore expansion from the aspects of solving the universality of smart contracts, reducing the difficulty of zero-knowledge proof application development, and trying more types of applications.

Under the concept of layer-2 expansion, all kinds of ordinary or performance-seeking transactions can run efficiently on the second layer, enjoying faster response speed and low cost of use, while the first layer, the main chain, is responsible for carrying higher value transactions and pay higher costs for this.

In addition, zero-knowledge proof is the only solution to solve the blockchain privacy problem. The Ethereum community is also making great progress on this front.

I think ZK-Rollup has more advantages in terms of security.

So I think Ethereum can fight for several years even if it does not upgrade to 2.0.