Research Summary: Enabling Blockchain Services for IoE with Zk-Rollups

TLDR

  • Blockchains are incredible tools to decentralize and secure exchanges. They are traditionally used for financial transactions but their use can be extended to broader applications.
  • The adoption of IoT, and more generally, the Internet of Everything (IoE) which includes IoT, people, data and processes, has been accelerating in recent years. The needs of IoE (computing power, memory space, synchronization speed and latency, etc.) are high and many works have demonstrated the potential benefits of blockchains in various IoE domains. However, most IoE applications are currently not compatible with the constraints of traditional blockchains.
  • In this paper, we review the different tools or parameters that increase the scalability of blockchains to fit the needs of IoE. Our target audience is familiar with IoT or IoE and not very familiar with blockchains. Therefore, we explain how blockchains and their Layer 2 solutions work in detail.
  • In the second part, we investigate the use of zk-rollups beyond the financial. To do so, we propose new architectures or parameters for using zk-rollups and give some concrete use cases related to IoE.

Core Research Question

Can zk-rollups and their improvements be the technology that will facilitate the use of blockchains in IoE?

Citation

Lavaur, T.; Lacan, J.; Chanel, C.P.C. Enabling Blockchain Services for IoE with Zk-Rollups. Sensors 2022 , 22 , 6493. Sensors | Free Full-Text | Enabling Blockchain Services for IoE with Zk-Rollups

Background

  • Scaling Solution: Solution to increase the capacities of a blockchain. Often, this increases the number of transactions per second (TPS), but it can also be a decrease in the computing power needed to verify or produce blocks or in the memory space required by the blockchain.
  • Layer 2: Layer 2 are scalability solutions that rely on a blockchain but are not included in it. For example, a blockchain built on top of another blockchain and communicating with it are respectivelly called Layer 2 and Layer 1.
  • Verifiable Computation: A cryptographic protocol (e.g. STARK or SNARK) allowing a prover to convince a verifier of the correctness of a computation through an argument (often called a proof, even if it is probabilistic and not deterministic). They are also called proofs of computational integrity. When they are combined with zero-knowledge, they are called zero-knowledge verifiable computations where the most well-known are zk-STARKs or zk-SNARKs, depending on the cryptographic protocol.
  • Merkle Tree: Binary tree where the leaves contain information, each leaf has a node containing the hash of its leaf and each node above contains the hash of these two sub-nodes. It is then easy to provide a Merkle proof, proving that an element belongs to the tree without revealing the others by showing a path to the root.

Summary

  • While blockchains were initially built for financial applications, their properties can be interesting for numerous IoE applications such as IoT, marketplaces connecting providers and consumers, social networks, etc. Proposals for non-financial applications have been made, but in practice, these represent a small portion of transactions.

  • A blockchain has several advantages. It is publicly verifiable because all the rules are set in advance. Most of the applications of our daily life are centralized by few entities that manage and process our personal data to provide services. If this third party is attacked or corrupted, our data can be corrupted, blocked or deleted. Blockchain makes it possible to decentralize these applications, giving the user back the power over their data and thus avoiding a single point of failure.

  • To be used in IoE applications, a blockchain must meet three main criteria:

    • Objects and people must be able to communicate through it quickly regardless of their environment.
    • It must provide the ability to analyze data to produce intelligent actions or proposals. This requires a connection between local, distributed and cloud computing, as well as a structure that allows for efficient, secure and easily analyzed storage.
    • It must support a wide variety of different objects and applications while maintaining the same security and decentralization, regardless of their geographic location, environment, utility, or technological requirements.
  • To meet the requirements of IoE, we review the different scalability solutions on-chain and off-chain. Among them, rollups are the most promising solution in our opinion, because they allow for the same security as a Layer 1 blockchain while increasing the number of transactions per second and reducing their cost and the memory space required to store them.

  • A rollup is a Layer 2 that increases the number of transactions per second while decreasing their verification time and the memory space needed to store them. For this purpose, Layer 1 accounts and their balances are stored in two separate Merkle trees of which a smart contract stores the roots.

  • Optimistic rollups are the first type of rollup whose execution is presupposed to be correct and whose security is based on a dispute system in case of a contested transaction. Their main drawback is that the information provided by the rollup is validated on the Layer 1 only at the end of the dispute phase which can last up to a week. In the case of a zk-rollup, a prover will regularly prove a batch of transactions, with a verifiable computation protocol, that the blockchain will only have to verify. Thanks to Zero-Knowledge properties, the signature of each transaction will be embedded in the proof and will not need to be stored on the blockchain. The validation of the proof by a smart contract on the Layer 1 implies the immediate validation of all the information provided by the rollup. Rollups will have an increasingly important place in the Ethereum blockchain whose roadmap is rollup-centric. Smart contracts are directly supported in optimistic rollups and in the latest zk-rollups.

  • We revisit the use of rollups beyond the scope of financial applications. As far as we know, rollups are used quasi-exclusively for financial applications and we present new ideas for more general use that can benefit IoE. We propose the construction of more general rollups where Merkle trees can contain different information than account states and where proven transactions can be any state change.

  • We also propose using a tree structure to build rollups on other rollups thanks to smart-contract-compatible rollups allowing them to check proofs of verifiable computation or fraud proofs. We also consider the creation of dynamic rollups allowing the creation of temporary groups in a context of planned disconnections or asynchronicity.

  • Finally, we present some IoE-related use cases using rollups and our proposals. We present the setup of a large-scale service using the example of a taxi or delivery service. Then we introduce the example of a drone mission implementing a dynamic rollup with a separation into two groups. To conclude, we show an example of private use such as for a company or a smart house where the rollup data is private but the security is based on a public blockchain.

Method

  • We first analyze and present the needs and constraints related to IoE. In parallel, we have identify the pros and cons of the use of blockchains in this context.
  • Then to address these issues and make IoE compatible with blockchains, we review existing solutions increasing the scalability of blockchains. Some of these works are rarely formalized, validated and published in scientific conferences or journals. This is why it is urgent to synthesize and submit these latest advances in order to make them accessible to the academic community.
  • We then present, in greater detail, how rollups and their derivatives (validium and volition) work as well as the prerequisites for zk-rollups which are, for us, an essential element making blockchains accessible to new applications.
  • The last part of the paper introduces new ideas for the use of rollups beyond the financial and then presents these proposals in some IoE use cases.

Results

  • Rollups can be used more widely than for financial transaction management or NFT. Their internal state management can handle any type of data as long as it is possible to prove transitions using zero-Knowledge proofs or fraud proofs.
  • Improvements can be made to their structures to add new properties beneficial to certain use cases.
  • Rollups can be the solution to facilitate the uses of blockchains in IoE.

Discussion and Key Takeaways

  • Our paper is a combination of a review and an article. It aims to do a non-systematic review of scalability solutions and more particularly of rollups. In the futur, we hope to promote the use of zk-rollups in new fields.

Implications and Follow-Ups

  • In this paper, we discuss potential use cases. Each case could be a study in its own right because the possibilities of customization are numerous and thorough study is necessary for the implementation of each rollup according to its application.
  • It is possible to implement concrete use cases such as drone reconnaissance missions on the existing Ethereum network or on a testnet.
  • This work also makes it possible to synthesize and formalize the workaround zk-rollups in a scientific publication, which are often carried out by companies and do not follow a review process. We hope to make the latest advances related to blockchains accessible to the academic world at large and, at the same time, to an audience that is not familiar with blockchains.

Applicability

  • We are convinced that zk-rollups are the solution to many scalability problems and that they are part of the solution to enable the global adoption of blockchains across many sectors.
  • Any application that cannot currently be deployed on blockchains due to their low capacities, can be inspired by our paper to investigate the use of zk-rollups.
8 Likes

I’m not surprised that blockchain is finding applications in the Internet of Everything(IoE). We have seen cases of applications in a myriad of other fields other than finance, and this further cements the belief in blockchain as a revolutionary technology.

However, just like other applications before it, blockchain applications in IoE will come with numerous challenges. Nevertheless, these challenges shouldn’t be seen as a reason to nip the idea in the bud.The blockchain community should be ready for such challenges. This paper already highlights some of the challenges and proposes solutions.

While reading through this summary, I kept asking myself, " why must layer 2 blockchains be used for this solution?" Along the line, I found out that it was for the scalability concerns of blockchain on running IoE applications, which is very reasonable.

@TLavaur , this is an amazing research for the possibilities that it embodies. I’m always intrigued about Rollups, and it feels good seeing its application seeping into other fields which are not finance-related. I can’t wait for your future work on Rollups. I’m curious,

:heavy_check_mark:What other areas of Rollup applications are you hoping to work on and why?

:heavy_check_mark:There were three criteria you spelt out for a blockchain to be qualified for use in IoE. Criteria one and three, which bother on scalability and security, have been tackled using Rollup as a solution. Does Rollup also cover for the third criterion? Or are you planning a future research around that? I hope I’m not missing anything.

5 Likes

Thanks for your enthusiasm! Regarding your questions, my doctoral thesis is the use of blockchains for drone swarms. I would like to develop a zk-rollup to create a taxi or delivery service using drones or autonomous vehicles. However, I am interested in many fields and very excited about the use of zk-rollups in different fields.

For the second criterion of IoE, rollups do not directly address the problem. There are already forms of connections between cloud or distributed computing with rollups through validium, for example, where the database is hosted on a cloud or distributed proof of verifiable computation protocols. Zk-rollups already offer significant security thanks to the properties and the security of the underlying blockchain. Since the proofs are fast and easy to verify, it is easy to analyze data and make decisions in a secure way. But they don’t allow you to directly introduce the results without verifying them, even though zk-rollups already use protocols that could allow you to verify (verifiable computation). I think this is a question I would look into later to solve decision problems like shortest path selection or task assignment in the case of drones/autonomous vehicles.

4 Likes

Thanks for your response. Amazing plans you have there.

1 Like

Wonderful work, @TLavaur I’ve learned a lot from this research and find it to be quite fascinating. Due to privacy concerns, we as a society must truly work on this new technology (zk snarks) as KYC and AML regulatory interference is now present in blockchain.

I also need some clarification on a few assertions and inquiries.

➵ Is there an updated version of zk snarks?

➵ It is impossible to have Zk prove at a bigger scale, especially in the Blockchain scenero, because Zk snarks is not interactive and both the prover and verifier need to be online.

➵ Zk snarks and the rollups are important, but one of the first to integrate zk-starks into their Blockchain was Z-cash, and it’s being delisted from several exchanges. why?

1 Like

Verifiable computation or specific zero-knowledge proof schemes can clearly benefit users by enabling them to comply with KYC and AML regulations while maintaining their privacy and disclosing only strictly necessary information.

➵ Is there an updated version of zk snarks?

This is a big question! By SNARKs we often refer to verifiable computation protocols before the emmergence of STARKs. The distinction between the two is sometimes difficult to see because some schemes have properties of both families. To try to be clear:

  • STARKs do not have a trusted setup and do not rely on any other cryptographic problem than the collision resistance of a hash function. The ‘S’ stand for ‘Scalable’ but most SNARKs are fast as well.
  • SNARKs are succinct.

To the main question, I would answer yes and no. No because the main SNARK protocol is Jen Groth’s protocol [1] which provides a constant size proof whatever the program or the computation to be proved. But yes, because multiple improvements have been made in the field but these are specific to particular uses:

  • Plonk [2] and Marlin [3] are two SNARK protocols but also called SNORKs, which are widely used today. These are used because even though they have a trusted setup like [1], it does not need to be redone for each specific circuit but can be used for any computation up to a certain number of operations (constraints). Where [1] can only handle addition and multiplication (the number of constraints being here the number of multiplications), [2] can set up specialized gates that will count as only one constraint.
  • New schemes are aiming at making proofs incremental, i.e. capable of proving the verification of a proof and thus establishing a kind of recursion. These schemes are often used for smart contract verification on zk-rollups and often employ SNARK arithmetization and STARK polynomial evaluation proofs. ZkSync developped the RedShift protocol for its v2 [4], Polygon Hermez is trying to prove a STARK verifier using SNARKs [5] etc.

I hope that was clear enough and not too confusing. Don’t hesitate to ask questions if it wasn’t!

➵ It is impossible to have Zk prove at a bigger scale, especially in the Blockchain scenero, because Zk snarks is not interactive and both the prover and verifier need to be online.

I’m not sure I totally understand the question. In the context of a blockchain, the verifier is often a smart contract (or part of the blockchain’s block verification) that verifies the proof while the prover is an external user outside the blockchain. It is possible to prove large computations like filecoin [6] does with more than a million proven transactions. I’m not sure how to answer the question, but even though the verifier and the prover have to be online, the fact that zk-SNARKs are non-interactive means users do not have to be online at the same time. Multiple provers can coordinate to do different proofs on the same verifier or multiple verifiers. A good example of this is the Mina blockchain [7] which uses SNARKs to obtain a blockchain (light node) of constant size (22kB).

➵ Zk snarks and the rollups are important, but one of the first to integrate zk-starks into their Blockchain was Z-cash, and it’s being delisted from several exchanges. why?

In my opinion, the delisting of Zcash has nothing to do with rollups. It’s their use of STARKs and SNARKs which allows total anonymization that is criticized. This goes against most of the regulations that try to trace a part of the exchanges. In a Zcash transaction, the amount, the issuer and the receiver are hidden and cannot be known. In my opinion, the delisting of Zcash is related to the uncertainty of government decisions regarding Zcash and mandatory deanonymization.

Citations

[1] Groth, J. (2016, May). On the size of pairing-based non-interactive arguments. In Annual international conference on the theory and applications of cryptographic techniques (pp. 305-326). Springer, Berlin, Heidelberg. On the Size of Pairing-Based Non-interactive Arguments | SpringerLink

[2] Gabizon, A., Williamson, Z. J., & Ciobotaru, O. (2019). Plonk: Permutations over lagrange-bases for oecumenical noninteractive arguments of knowledge. Cryptology ePrint Archive . PLONK: Permutations over Lagrange-bases for Oecumenical Noninteractive arguments of Knowledge

[3] Chiesa, A., Hu, Y., Maller, M., Mishra, P., Vesely, N., & Ward, N. (2020, May). Marlin: preprocessing zkSNARKs with universal and updatable SRS. In Annual International Conference on the Theory and Applications of Cryptographic Techniques (pp. 738-768). Springer, Cham. Marlin: Preprocessing zkSNARKs with Universal and Updatable SRS | SpringerLink

[4] Kattis, A., Panarin, K., & Vlasov, A. (2019). RedShift: transparent SNARKs from list polynomial commitment IOPs. Cryptology ePrint Archive . RedShift: Transparent SNARKs from List Polynomial Commitment IOPs

[5] https://blog.polygon.technology/zkverse-deep-dive-into-polygon-hermez-2-0/

[6] Snarks for the world and https://filecoin.io/

[7] Bonneau, J., Meckler, I., Rao, V., & Shapiro, E. (2020). Mina: Decentralized Cryptocurrency at Scale. New York Univ. O (1) Labs, New York, NY, USA, Whitepaper , 1-47. https://docs.minaprotocol.com/static/pdf/technicalWhitepaper.pdf and https://minaprotocol.com/

4 Likes

I just understood what blockchain really does now. Does that means it can also be a ledger to calculate the total amount spent in a transaction