Have you heard of zkSync and its new zkEVM? The new zkSync EVM enables Zero-knowledge proofs for any smart contract executions.

What does that mean? Well read on later. But what it enables is having a side chain with similar (not not exact) guarantees of the Ethereum mainnet chain. How cool is that? Especially with the increasing gas prices again, it's time to learn what it is, how it works, how to use it and why it's better than a regular sidechain.

The launch of zkEVM represents an essential turning point for crypto. Up until recently it was still considered merely a theoretical possibility that will take years to get real. But over the last year, the pace of the entire zero knowledge proof ecosystem has exceeded even experts’ expectations. And because of the many research breakthroughs by zkSync, Solidity programmers now have access to unmatched scaling, security, and UX benefits of zero knowledge proofs.

But let's start at the beginning...

Zero-knowledge Proofs are complicated, but an easy way to conceptualize them is the following example:

Imagine you are blind and I give you two balls that feel exactly the same way and are the same weight. Now I tell you those two balls have different colors. There's no one else nearby. How can you find out if I'm telling the truth?

You can put one ball in each hand, show them to me. Now you put them behind your back and you either swap the balls between both hands, or you don't. Then you show them to me and ask me: 'Did I swap the balls, yes or no?'. Now if both balls are the same color, I could try to guess it. I'll have a 50% chance of guessing correctly. That's why you do this 15 times in a row. If I answered correctly every time, you can almost certainly (with 99.997% certainty) say that both balls are indeed of different color. If not, I must have randomly guessed correctly 15 times, pretty unlikely. The more often you ask, the more sure you can be.

I have now proven to you that the balls are of different color without ever revealing the actual colors, hence the name 'zero knowledge' proof. You have no idea if the balls are green, black, orange or something else.

There's one problem with the normal Zero-knowledge proofs in the world of blockchains: asking many times in a row and waiting for the answer would require several transactions to go back and forth. That's not very efficient at all. With zk-SNARKs, or non-interactive zero-knowledge proofs, we can do this in one round. Essentially the questions are pre-determined based on a random oracle model. The prover can then send all answers in one single transaction.

The whole concept of zk-SNARKs is a very interesting topic. Vitalik posted a beginner-friendly introduction some days ago here. Well, as beginner-friendly as possible. You'll see what I mean. Or this paper goes into it even more deeply. If you want to go really deep into the math behind it, it will be anything but easy. I certainly haven't figured out everything in the article myself, but here's my high-level understanding if you just want to know the basics:

• zk-SNARKs are based on very heavy computation, like computing a hash 100 million times.
• Verifying a proof itself doesn't require running the heavy computation.
• Actual data is represented by polynomials, .e.g., x² − 4x + 7.
• Using the factor theorem, we can transform certain polynomials into multiples of its lowest degree polynomial.
• Then using polynomial commitments and the Schwartz–Zippel lemma, we can verify a proof for such polynomials by just randomly checking some coordinates.

Now the main issue with this is we have to transform the questions into polynomials. With polynomial commitments we can transform polynomials to simple operations like additions and subtractions. But that still doesn't give us the capability for general computation protocols that are Turing-complete. And this is what we ultimately want if we have to prove any kind of smart contract execution.

zkEVM solved this by using a modified TinyRAM protocol. The idea is to arithmetize generic computations by representing them as operations in an operation circuit in the form of 

• x = 'op=ADD' ? 1 : 0 * (a + b) + 'op=SUB' ? 1 : 0 * (a - b) + 'op=MUL' ? 1 : 0 * (a * b)

Assuming we only support ADD, SUB and MUL operations. This performs all available operations in each step, so it's very computationally intensive. But it allows general computations to be verified by Zeroknowledge proofs. However on its own it's simply too extensive and not helpful. zkEVM built on top two mechanisms to make it more scalable:

1. Using recursive proofs, basically you create a circuit which verifies the proof of a different circuit.
2. Having optimized special circuits for heavy operations like computing the Keccak256 hash.

You can find a detailed explanation of the approach in this video:

Now with zkEVM we have a way to prove smart contract executions. The way we can now build our Layer 2 chain is like this:

1. Run a separate blockchain.
2. For every block update the merkle root (see my previous merkle root explanation when talking about Optimistic rollups here) in the L1 Ethereum chain. But we could put any hash here, so this is where the Zeroknowledge proof comes in. A smart contract on Ethereum will verify every single merkle root update:
   1. Every transaction that happened on the separate blockchain will have its own Zeroknowledge proof created as a zkSNARK proof. So we can easily verify it in the smart contract.
   2. Once every transaction is verified, you can compute the new merkle root and store it in the Ethereum L1 chain. And a transaction verification is much more efficient than actually running the transaction. This part is possible thanks to the zkEVM.

Unlike Optimistic rollups, ZK rollups don't require a fraud proof. This is great, because we don't have to rely on other people checking the validity off-chain, instead all transactions are always checked for validity.

Since Solidity is supported, deploying is pretty simple. There is an existing Hardhat plugin which you can already use to deploy on the new testnet. And support for zkSync deployments has also been added to hardhat-deploy.

1. Install Docker. You will need it to compile the contract using the zkSync compiler VM.
2. A wallet with Görli ETH. For example you could try this or this faucet.

   
   

And then you are ready to pretty much follow the great guide here. 

• You can find a bridge and block explorer for the testnet here.
• If you just want to play around on the testnet as a user, this testnet guide is great.

Some features are missing, but only very few:

1. Native ETH transfers are not supported, so msg.value is always zero.
2. External libraries are not supported.

Returning constant value

• block.gaslimit always returns 2^32-1.
• EXTCODESIZE always returns 0xffff.
• MSIZE always returns 2^16.

Always returning zero

• GASLIMIT (tx.gasprice)
• CALLVALUE (msg.value)
• ORIGIN (tx.origin)
• GASPRICE (tx.gasprice)
• CHAINID (chain_id)
• BLOCKHASH (tx.blockhash)
• DIFFICULTY (block.difficulty)
• PC
• BALANCE (address(addr).balance)
• SELFBALANCE (address(this).balance)
• COINBASE (block.coinbase)
• EXTCODEHASH (hash)

NOOP

• EXTCODECOPY
• SELFDESTRUCT (selfdestruct(addr))
• CALLCODE (callcode)

Not long ago in December 2021, Vitalik still wrote:

But it does seem that the speed of development for ZK rollups has been exceeding expectations at this point. Regardless it seems we are headed into a future where Ethereum becomes a data availability layer for these L2 technologies.

Will this combined with sharding be the final scaling solution for Ethereum? What do you think?