Original title: "IOSG Weekly Brief｜ZK Cross-chain Communication Protocol: Safe and Low-cost Construction of the Future of Full-Chain DApp"

first level title

TL;DR

ZK provides a secure and low-cost way for cross-chain communication

Cross-chain communication protocols are still in their early stages, but promise to allow DApps to access data on different chains

DeFi, full-chain DApp will benefit from the development of cross-chain DApp

The impact of cross-chain DApps is expected to be very large in the next few years, just like the impact of globalization.

Developers are working hard to explore the best model for building cross-chain DApps

Latency, security and cost are the main indicators of the ZK cross-chain information protocol

The four main components of the ZK cross-chain protocol are: generating proof of storage, combining proof of storage and ZKP, relaying ZKP, and launching commitments

foreword

foreword

Previously there was only Ethereum and Bitcoin. They have the most liquidity, the most users, the most applications and the most transactions. After 2020, many new blockchains appeared, such as Avalanche, Polygon and BSC.

After the mainnet launches of these chains, we saw a paradigm shift from Ethereum and Bitcoin to ALT Chains. Users migrate from Ethereum to ALT Chain in search of new opportunities. Developers move from Ethereum to ALT Chain to fork existing projects. These developers create new opportunities for users looking for high returns.

data

data

After dispersing assets and liquidity on different chains, users start to think about how to manage and move assets on different chains. Asset issuers also consider how to expand their users by expanding to different chains.

Cross-chain asset bridges will become popular in 2022. Users no longer use CEX as a cross-chain bridge, but try to turn to a decentralized cross-chain bridge. Asset cross-chain bridges sometimes get stuck and are vulnerable to attacks, but are much easier to use and use to move large amounts of money.

However, asset cross-chain bridges are still in their early stages and cannot meet the needs of DApp developers. Asset cross-chain bridges can only allow the same assets to flow between different networks. This is too limited of use for developers. Developers are looking for a more general cross-chain approach.

data

first level title

the moment

Most blockchain networks are isolated from each other and cannot exchange assets or tokens directly. The cross-chain asset bridge allows users to transfer assets or tokens between different blockchain networks.

data

data

The cross-chain message communication protocol is implemented based on its cross-chain asset protocol. With some modifications, these cross-chain asset protocols can now pass messages between chains. This makes it difficult for them to implement custom functions for cross-chain messaging protocols, since the overall design needs to be compatible with cross-chain asset transfers. They lack some key features for building cross-chain applications, such as broadcasting messages from one chain to all other deployed contracts on different chains. This makes it difficult for developers to build practical full-chain DApps.

first level title

Why do you need ZK?

data

In one year, the total loss of cross-chain bridges in hacking incidents is about 1.3 billion US dollars. The cost of using the cross-chain bridge is around 5. Multichain is the head project in the cross-chain bridge. Multichain’s 30-day transaction volume is $1.7 B and fee income is $635 K. Then the annual transaction volume is about 20.4 billion US dollars, and the fee income is 7.6 million US dollars. According to this estimate, the total revenue of the cross-chain bridge market is far less than the funds stolen by hackers.

first level title

design

In this part, we will discuss how ZKP can realize low-cost and secure cross-chain information communication.

The idea of ​​using a ZKP to relay messages is straightforward, but the detailed design can be complex. The entire workflow can be broken down into the following steps:

Decide what data to pass to the target chain

Obtain proof of storage (proof that data exists in EVM storage)

Generate ZK proofs based on storage proofs

Pass the ZK proof from the originating chain to the target chain

Expand the ZK proof on the target chain

first level title

Generate proof of storage

data

EVM-compatible chains use Merkle Tree to store accounts and data. This makes it relatively simple to create Merkle Proofs to verify this data.

A Merkle Tree is a data structure used in computer science. It is widely used in cryptography and blockchain. It is named after its inventor, Ralph Merkle, and is also known as a binary hash tree. The basic idea behind a Merkle Tree is to divide large amounts of data into smaller parts, hash each part, and then combine the hashes to form a single root hash. This root hash acts as a fingerprint for the entire dataset, allowing efficient and secure verification of the integrity of the data.

In a blockchain, a Merkle Tree is used to summarize and verify transactions in blocks. Each transaction is hashed and added to the tree, and the hashes are combined in a specific way to form a single root hash, which is then added to the block header. This allows an efficient and secure way to verify the validity of a large number of transactions in a block without having to verify each transaction individually. If any data in the transaction changes, the root hash will also change, indicating that the data has been tampered with.

A Merkle proof, also known as a Merkle path, is a cryptographic proof that certain data is contained in a Merkle Tree. Merkle Tree proofs provide a way to verify the authenticity of transactions or other data without downloading and verifying the entire Merkle Tree.

In a Merkle proof, the user provides a sequence of hashes from the bottom of the Merkle Tree to the root hash, and the specific data to be verified. By starting with specific data and going up the tree, the receiver can compute the root hash and compare it to the root hash stored in the block header. If the calculated root hash matches the stored root hash, the recipient can be confident that the particular data is contained in the block and has not been altered.

first level title

Combining Proof of Storage and ZKP

Posting the entire Proof of Storage onto the target chain is impractical as it is too large, around 4 kb. It is also expensive to verify proofs. Validating on Ethereum requires 600k gas. If the gas price is 30 gwei, the total fee is 0.018 ETH ($30).

In this case, ZKP can provide compression and composability. Developers can create ZKP based on Merkle Tree Proof. This can greatly reduce the size of proofs and make them easier to verify. Verifying Plonk requires approximately 290 k gas. If the gas price is 30 gwei, the total fee is 0.009 ETH ($15). A Groth 16 verification uses about 210 k gas. If the gas price is 30 gwei, the total fee is 0.006 ETH ($10).

first level title

Relay ZKP

In order to safely transfer related commitments, such as state roots or related ZKPs, to the target chain, we need to design a consensus mechanism.

There are 3 common ways to relay a ZKP:

Messaging: Use some messaging protocol to pass ZKP and get relevant promises through OP CODE

Consensus Validation: Validate relevant commitments by running the consensus algorithm

Optimistic MPC relayer: Part of the idea is similar to what we have seen in many cross-chain asset bridges and OPRU designs. There is a committee between the initial chain and the target chain. Participants in the committee decide on the validity of the succession promise. Anyone can challenge validity. But when a challenge occurs, the bridge cannot be rolled back like a Rollup. A separate set of challengers is required to actually prevent the delivery of malicious messages. In this scenario, the challenge is costly and has high latency as it involves constantly uploading the root hash and all CALL DATA to the initial chain. And it also only works peer-to-peer.

cost

Delay

cost

trust

data

The latency of message delivery is quite high because message delivery takes time to be acknowledged. After the block is generated, the user can confirm the success of the delivery. In terms of cost, message passing needs to interact with two chains, so it is relatively high. This way requires less trust as the security is equal to the security of the chain. This method does not perform any off-chain calculations.

Consensus verification is a viable approach. It has similar latency, trust assumptions, and costs as messaging. However, it must verify the signature off-chain. This introduces a lot of overhead for off-chain computation. But consensus verification can also be done today with ZKPs.

first level title

open promise

After getting the commitment, users on the target chain can unwrap the commitment to access the past state of the original chain.

Three common expansions are:

Accumulation on the chain

On-chain compression

Off-chain compression

On-chain accumulation is a method of spreading out commitments in a blockchain network. In this approach, the entire process of recreating block headers from commitments is performed directly on the blockchain. The correctly encoded block header is used as CALL DATA in the transaction, and the calculation is performed by the blockchain. The benefit of this approach is that there is no overhead in terms of proof time. And the latency is low because the proofs don't need to be verified outside the blockchain. However, the disadvantage is that the cost can be high, because the computation can be resource-intensive.

On-chain compression is a method of reducing the amount of data that needs to be stored on the blockchain. It is used to minimize the cost of storing large amounts of data on the blockchain. The idea behind on-chain compression is to use a compression algorithm to reduce the size of the data, thereby reducing the space it takes up on the blockchain. This can be done by removing redundant or unnecessary information from the data, or by using data structures optimized for space efficiency. The compressed data is then stored on the blockchain and can be decompressed when needed.

On-chain compression has the advantage of reducing storage costs and increasing blockchain scalability. However, it also has some disadvantages. For example, the process of compressing and decompressing data can be computationally expensive, adding latency to the blockchain. Furthermore, the compression algorithm used may have a negative impact on the security of the data, as it may be vulnerable to tampering or attacks.

Off-chain compression is similar to on-chain compression.

first level title

related items

Many ZK bridge projects hope to improve the interoperability of different chains and reduce the risk of potential hackers.

There are many projects in this area, such as:

Succinct Labs

Lagrange

zkBridge

Herodotous

=nil; Foundation

Succinct Labs uses a light client approach. It uses light clients to verify the consensus of the starting chain consensus layer on the target chain. ZKP is used to generate consensus proofs.

data

Herodotus uses ZKP proofs of storage to provide smart contracts with access to on-chain data from Ethereum. It has an MPC Optimistic Relayer to relay promises. It employs off-chain compression, which expands the relayed blockchain header and creates proofs off-chain.

zkBridge uses the MPC relay network to generate the ZKP of the block header and relay it to the target chain. It uses deVrigo and recursive proofs to achieve very fast proof times, but the MPC part has higher complexity.

data

=nil; Foundation is also working on the ZK cross-chain message protocol. It enables developers to access the state of Mina on Ethereum. They launched a demo at the end of 2021 that can verify Mina state on Ethereum. This infrastructure allows smart contracts on Ethereum to verify the validity of the Mina state. With this infrastructure in place, smart contracts have the ability to identify invalid cross-chain transactions.

Mina has its own proof of state, but verifying them on Ethereum is expensive. =nil; Foundation uses its own Placeholder proof system to generate secondary state proofs that are cheap to verify on Ethereum. This infrastructure enables Ethereum smart contracts to verify Mina Proof of State completely on-chain. In the future, cross-chain applications can directly verify the legitimacy of cross-chain transactions through this infrastructure.

An asset cross-chain bridge based on this will include the following steps:

Cross-chain bridge locks $Mina on Mina

This infrastructure generates Mina state proofs

This infrastructure submits Mina state proofs to Ethereum

The validity of the contract verification state proof on the Ethereum chain

The contract on the Ethereum chain receives and stores Mina status proof, if the proof is valid

The cross-chain bridge checks Mina and transaction status on the Ethereum chain and releases $WMINA

later=nil; Foundation is working hard to fix the one-wayness problem. In the previous demo, only one-way cross-chain communication was supported. Now they theoretically support bidirectional bridging. A proof of state on the initial chain will be generated in the Placeholder proof system, and a proof will be generated again with the Kimichi proof system. Proofs are then submitted to Mina validators. Validators will see Proof of Initial Chain State as proof generated by Mina's native zkApp.

=nil; The Foundation also publishes the Proof Market. Where users/projects buy/sell most of the SNARK proofs. There are currently two trading pairs, ARITHMETIC-EXAMPLE and MINA-STATE.

Application Scenario

Application Scenario

With the ZK-based cross-chain message relay protocol, developers can easily extend applications to different blockchains.

In the past, contract deployment was mainly concentrated on one chain. When scaling to another chain, the application must be redeployed. Using a ZK-based cross-chain message relay protocol will realize a paradigm shift from single-chain applications to cross-chain applications. Large projects can be easily extended to different chains. This will have an effect similar to globalization. We would like to see more international companies or large cross-chain DApps.

secondary title

DeFi

DeFi can benefit a lot from this. The cross-chain message relay protocol can help DeFi products integrate liquidity from different chains.

DEXs, cross-chain exchanges, and aggregators can provide better user experience, lower slippage, and higher liquidity for trading pairs. The same trading pair on different chains will have a unified liquidity pool. The price difference between different chain DEXs will be smaller. DEX can obviously gather more liquidity and provide a user experience comparable to CEX.

Farming can have a more flexible strategy. They can now look for more profit opportunities on different chains.

The lending protocol can cooperate with more DeFi protocols on different chains, and accept more deposits of different Tokens on different chains.

On-chain derivatives will benefit greatly in terms of liquidity. Through secure cross-chain communication, the derivatives market can reach more potential customers on different chains and gather more liquidity. This can provide a better trading experience.

secondary title

application chain

Appchain or custom Rollup provide more freedom for Dapps. Dapp developers can customize the application chain to meet their own needs, such as performance or some technical characteristics. Dapp developers can also customize fee structures to incentivize users. There are many application chains on Cosmos because Cosmos has better interoperability. The cross-chain protocol supported by ZK will be a better tool to connect non-Cosmos application chains with EVM or layer 2 ecosystems. Many Rollup SDKs under development could benefit from the cross-chain protocol supported by ZK.

secondary title

Take advantage of the characteristics of different chains

No blockchain is perfect. They are optimized for one purpose at the expense of other features. With a cross-chain messaging protocol, developers can leverage the strengths of each blockchain and avoid their weaknesses.

Summarize

Summarize

ZKP provides a brand new way for cross-chain communication. Although it cannot completely solve the security problems of traditional cross-chain bridges, with the help of ZKP, secure cross-chain message communication now greatly reduces costs. The proof size is much smaller than before. The cost of verification on the chain is also reduced a lot. Being able to verify the state of the source chain on the target chain can achieve shared security similar to IBC. In the past, it was impossible to realize it at low cost.

The ZK cross-chain communication protocol gives different on-chain protocols the ability to communicate with each other. Developers can develop full-chain DApps based on the ZK cross-chain protocol. DeFi, application chain will benefit from it.

Original link

Original link