Web3, meet ZK: Recap from Google ZK Summit

By Rishin Sharma
September 17, 2024

We have come a long way from when Goldwasser, Micali, and Rackoff first introduced the concept of interactive proof systems. Simultaneously, we are still very early in the development and adoption of computations secured by zero knowledge proofs reaching widespread adoption. Earlier this month, the CoinFund team was proud to serve as Google Cloud’s VC and Content partner to host the first ZK Summit in Mountain View, California, where leading founders and researchers from across the space came together to discuss the present and future of zero knowledge. As you can guess, this wasn’t your typical ZK event. Google’s orchestration of the event brought together research and industry leaders around this emerging technology as they often have done in AI — but this was one of the first events of its kind dedicated to the ZK and web3 space.

The event served as a reminder that some of the most cutting edge researchers in web3 are using cryptography to solve some of the biggest problems in bringing scalability, verifiability, and privacy to computations. Presentations were made by a number of teams working across ZK rollups, zkVMs, prover networks, aggregation and verification layers, application layers and more. The open source nature and hivemind approach to the space were on full display with research areas being actively discussed, as teams continue to push the space forward building on top of each other’s innovations. CoinFund has made a few early investments in this category, and we’re closely tracking how the space is evolving.

Here are some of my takeaways from the summit and what the evergreen research areas look to be.

A recap on SNARKs

The summit kicked off with cryptographer and researcher Dan Boneh delivering a talk on SNARKs — one of the most popular cryptographic protocols today. Simply put, a SNARK allows anyone to prove to an untrusting verifier that it knows some information satisfying a property. We like them because they are small and easy to verify. zk-SNARKs are a type of SNARK that doesn’t reveal any information about the underlying statement that it is proving, creating compelling use cases for sensitive information.

As Dan discussed, SNARKs have been around for decades, but simply in theory. To truly apply a system that leveraged SNARKs, one would need a single, reliable PC that can monitor the operation of a herd of supercomputers that were doing verifiable computations. Enter the blockchain, an elegant solution that operates as a reliable global machine. SNARKs today are generated by two primary methods 1) custom circuits and more recently 2) abstracted zkVMs.

zk-SNARKs are primarily used in blockchain infrastructure, particularly for scalability to batch rollup transaction signatures from L2s to be posted as proofs on Ethereum L1. Beyond scalability infra, there is growing interest in generating proofs of real world digital signatures that are being implemented in web2 contexts to enrich onchain applications. For example, take DKIM signatures, which are signed by email servers like Gmail to authenticate valid messages for anti-spam. Proofs of these signatures can be generated and verified onchain to use email data in onchain applications, like being able to purchase tokens using a Venmo account. zkLogin protocols can use OAuth tokens from web2 social accounts for easy user authentication, as teams like Sui and Aptos have already introduced. zkTLS is another primitive with a wide use of applications to verify the integrity of client-server interaction on chain including enhancing identity solutions, authenticating information from financial institutions (like bank account info), and creating opportunities in crypto lending. Finally, something like VeriTAS can be used to differentiate real content from AI-generated content with C2PA signatures that are embedded within camera hardware.

Abstracting ZK development complexity

Circuits were the first methods used to generate proofs. To put simply, a circuit is a mathematical function made up of gates (i.e. addition, multiplication operators) and wires (connections between gates) that represent whatever statement or computation you want to prove. ZK circuits are efficient as they are often tailored to a specific task, however, this specificity trades off ease of use as there is significant effort required to create new circuits for different tasks. Further, ZK circuits operate at a relatively low level of abstraction dealing with finite fields and binary logic directly and require rather deep expertise in cryptography and mathematics from developers and familiarity with specialized libraries like Circom to define circuits and generate proofs.

zkVMs were a natural evolution to abstract away some of the complexity of circuit development and bring ZK to more general purpose computations. Like any other virtual machine, zkVMs are capable of executing general-purpose code and running programs written in well supported, high-level languages like Rust. The virtual machine is implemented as a circuit for a zero-knowledge proof system, and can generate proofs of correct execution. At a high level, a zkVM loads a program written in a high-level DSL which is executed, the VM keeps track of intermediate states and operations and the witness is generated. A proof is constructed using the witness data and instruction set, and a resultant proof can assert to a verifier that the program was executed correctly without the need to rerun the program. The primary tradeoffs are the processor circuits used in zkVMs are much larger than per program circuits, meaning there is a significant overhead compared to tailored circuits.

A number of teams that are at the forefront of zkVM development were present to share some of the progress they have been making. Succinct Labs released SP1, their first-generation zkVM, back in February. SP1 uses STARK recursion and a system of precompiles that accelerate hash functions and signature verification. SP1 is one of the furthest along in production implementation of their zkVM, securing $1B in TVL with users working on rollups, interoperability, bridges, proof aggregation, and more. Jolt presented work around their zkVM framework built on top of a new lookup argument primitive, Lasso. Lookup arguments help efficiently deal with operations that are not naturally computed by conventional gate operations (f.ex bitwise operations). Jolt is built taking advantage of Lasso’s competency in computing efficiently over large lookup tables, and has been able to deliver speedups of around 10x versus existing toolchains like Halo2. Next for Jolt is more work on memory optimizations and implementing a folding-based prover. Notably, a lot of this frontier research work has been contributed by open source. Nexus has set out with the goal to prove a trillion Hz computation in less than one minute using their network. Their team is shipping continual product upgrades with Nexus 3.0 expected in a few weeks. Key research areas have been focused around making multiple vertical improvements beyond just the prover (in Nexus 2.0, memory checking accounts for 90% of prover time) including memory, precompiles, and compression. The team also looks to implement frontier folding methods like HyperNova to increase efficiency of recursive proof composition.

How Google Cloud is Contributing to ZK

Finally, we will cover what Google has been up to in the space. More broadly, Google Cloud has been working in the web3 space since 2017, from gathering blockchain data into BigQuery to running validators as a service for networks like Solana, Ethereum and Polygon to providing tooling for developers. Today, they’re working with a variety of zero knowledge builders on issues such as the containerization of zkEVM, ensuring their stack is shielded from web2 attacks, and lowering costs to run provers. As Google Cloud continues to make strides in zero knowledge, it will be interesting to witness their iterations of these use cases and how they’ll bring more developers into this space, incrementally improve the infrastructure, and bring down costs to make widespread use of proofs more accessible.

* * *

Disclaimer: The views expressed here are those of the individual CoinFund Management LLC (“CoinFund”) personnel quoted and are not the views of CoinFund or its affiliates. Certain information contained herein has been obtained from third-party sources, which may include portfolio companies of funds managed by CoinFund. While taken from sources believed to be reliable, CoinFund has not independently verified such information and makes no representations about the enduring accuracy of the information or its appropriateness for a given situation.

This content is provided for informational purposes only, and should not be relied upon as legal, business, investment, or tax advice. You should consult your own advisers as to those matters. References to any securities or digital assets are for illustrative purposes only, and do not constitute an investment recommendation or offer to provide investment advisory services. Furthermore, this content is not directed at nor intended for use by any investors or prospective investors, and may not under any circumstances be relied upon when making a decision to invest in any fund managed by CoinFund. An offer to invest in a CoinFund fund will be made only by the private placement memorandum, subscription agreement, and other relevant documentation of any such fund and should be read in their entirety. Any investments or portfolio companies mentioned, referred to, or described are not representative of all investments in vehicles managed by CoinFund, and there can be no assurance that the investments will be profitable or that other investments made in the future will have similar characteristics or results. A list of investments made by funds managed by CoinFund (excluding investments for which the issuer has not provided permission for CoinFund to disclose publicly as well as unannounced investments in publicly traded digital assets) is available at https://www.coinfund.io/portfolio.

Charts and graphs provided within are for informational purposes solely and should not be relied upon when making any investment decision. Past performance is not indicative of future results. The content speaks only as of the date indicated. Any projections, estimates, forecasts, targets, prospects, and/or opinions expressed in these materials are subject to change without notice and may differ or be contrary to opinions expressed by others. This presentation contains “forward-looking statements,” which can be identified by the use of forward-looking terminology such as “may”, “will”, “should”, “expect”, “anticipate”, “project”, “estimate”, “intend”, “continue” or “believe” or the negatives thereof or other variations thereon or comparable terminology. Due to various risks and uncertainties, actual events or results may differ materially and adversely from those reflected or contemplated in the forward-looking statements.