Promising Sector Preview: The Decentralized Computing Power Market (Part II)

Intermediate1/26/2024, 1:12:07 PM
This article starts from the basic concepts of zero-knowledge proofs and explores the multifaceted possibilities of the decentralized computing power market, a promising track.

Foreword

In the article ‘Promising Sector Preview: The Decentralized Computing Power Market (Part I)’, we have already grasped the importance of computational power in the context of AI expectations and have deeply explored the two main challenges currently faced in establishing a decentralized AGI computational power market. This article will begin with the fundamental concepts of zero-knowledge proofs and, progressively delving deeper, will explore the multiple possibilities of the decentralized computational power market, a burgeoning and promising sector. (The previous article also touched upon the Bitcoin computational power market, but considering the recent explosive growth in the Bitcoin ecosystem, this aspect will be further discussed in our future articles related to the Bitcoin ecosystem.)

Overview of Zero-Knowledge Proofs

In the mid-1980s, three cryptographers from MIT (Shafi Goldwasser, Silvio Micali, and Charles Rackoff) published a paper titled “The Knowledge Complexity of Interactive Proof Systems.” This paper described an innovative cryptographic technique that allows the verification of information’s authenticity without revealing the information itself. The authors named this technique “zero-knowledge proof” and provided a specific definition and framework for the concept.

Over the following decades, zero-knowledge proof technology, based on this paper, gradually developed and improved across various fields. Today, zero-knowledge proofs have become an all-encompassing term representing many “modern” or “advanced” cryptographic methods, especially those related to the future of blockchain.

Definition

Zero-Knowledge Proof (ZKP), used interchangeably in this text depending on the context, refers to a method where a prover can demonstrate the correctness of a statement to a verifier without providing any specific information about the statement itself. This method’s three fundamental attributes include completeness, soundness, and zero-knowledge. Completeness ensures the provability of true statements, soundness guarantees that false statements cannot be proven, and zero-knowledge means the verifier gains no information beyond the truth of the statement.

Types of Zero-Knowledge Proofs

Based on the communication method between the prover and verifier, there are two types of zero-knowledge proofs: interactive and non-interactive. In interactive proofs, there is a series of interactions between the prover and verifier. These interactions are part of the proof process, where the prover responds to a series of queries or challenges from the verifier to prove the truth of their statement. This process typically involves multiple rounds of communication, with the verifier posing a question or challenge in each round and the prover responding to prove the correctness of their statement. In non-interactive proofs, multiple rounds of interaction are not required. Here, the prover creates a single, independently verifiable proof and sends it to the verifier. The verifier can independently verify the truth of this proof without further communication with the prover.

Interactive vs. Non-Interactive Explained Simply

1.Interactive: The story of Alibaba and the Forty Thieves is a classic example often cited to explain interactive zero-knowledge proofs. In a simplified version of the story, Alibaba, who knows the magic words to open a treasure-filled cave, is captured by the thieves. If he reveals the magic words, he risks being killed for lack of further use. If he refuses, the thieves might kill him for not knowing the secret. To prove he knows the secret without revealing it, Alibaba uses two entrances, A and B, to the cave, which both lead to a central chamber with a password-protected door. Alibaba enters the cave and chooses one entrance while the thieves wait outside, unable to see his choice. The thieves then randomly call out A or B, demanding Alibaba exit through the chosen entrance. If Alibaba truly knows the magic words, he can use the password to pass through the central door and exit from the designated entrance. Repeating this process successfully multiple times, Alibaba proves he knows the secret without disclosing it.

  1. Non-Interactive: Imagine you and a friend each have a “Where’s Waldo?” book. You claim to know Waldo’s location on a specific page, but your friend is skeptical. To prove you know Waldo’s location without revealing it, you can cover the entire page with a large opaque paper, revealing Waldo through a small hole (a single, independently verifiable proof). This way, you prove you know Waldo’s location, but your friend still can’t determine Waldo’s exact coordinates in the picture.

Blockchain Implementation

Zero-knowledge proofs have various implementations in blockchain, with zk-STARK (Zero-Knowledge Scalable Transparent Argument of Knowledge) and zk-SNARK (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge) being the most well-known. Both are non-interactive zero-knowledge proofs, as indicated by “Non-Interactive” in their names.

zk-SNARK is a widely used general-purpose zero-knowledge proof scheme (not a single technology but a category). It converts any computational process into a series of gate circuits, then uses polynomial properties to transform these circuits into polynomials, thereby compressing and generating small non-interactive proofs for complex business applications. zk-SNARK requires a trusted setup, where multiple parties each generate a part of the key in a trusted setting and then destroy it. If the secret information used in the trusted setup is not destroyed, it could be exploited to forge transactions through false verification.

zk-STARK evolved from zk-SNARK, addressing the reliance on trusted setups. It can complete blockchain verification without any trusted setup, reducing the complexity of launching networks and eliminating collusion risks. However, zk-STARK has the issue of generating larger proofs, which are disadvantageous in terms of storage, on-chain verification, and generation time. If you’ve experienced early versions of StarkNet (using zk-STARK), you might have noticed a significant difference in speed and Gas fees compared to other Layer2 solutions. Thus, zk-SNARK is more commonly adopted. Other less mainstream solutions include PLONK and Bulletproofs, each with its own advantages and disadvantages in proof size, prover time, and verification time. Achieving an ideal zero-knowledge proof is challenging, and mainstream algorithms usually balance different dimensions.

Developing ZK typically involves two key components:

ZK-friendly computation expression: This includes a domain-specific language (DSL) or a low-level library. Low-level libraries like Arkworks provide necessary tools and primitives, allowing developers to manually rewrite code in a lower-level language. DSLs like Cairo or Circom are programming languages tailored for ZK applications, compiling into the primitives needed for proof generation. More complex operations lead to longer proof generation times, and certain operations (like bit operations used in SHA or Keccak) may not be suitable for ZK, resulting in lengthy proof generation.

Proof system: The proof system is the core of a ZK application, implementing two basic functions: Prove and Verify. The Prove function allows generating a proof (requiring extensive mathematical calculations, with more complex proofs taking longer to generate) that a statement is correct without revealing proof details. The Verify function is used to check the correctness of this proof (the more complex and larger the proof, the higher the performance, and the shorter the time required for verification). Different proof systems, such as Groth16, GM17, PLONK, Spartan, and STARK, vary in efficiency, security, and ease of use.

ZKP Application Map

  1. ZKP Cross-Chain Bridges and Interoperability: ZKP can create proofs of validity for cross-chain messaging protocols, allowing messages to be quickly verified on the target chain. This is similar to verifying zkRollups on the base L1. However, cross-chain messaging is more complex due to different signature schemes and cryptographic functions that need verification between the source and target chains.

  2. ZKP in On-Chain Gaming Engines: Dark Forest demonstrates how ZKP can enable incomplete information games on-chain. This is crucial for designing more interactive games where players’ actions remain private until they choose to reveal them. As on-chain gaming matures, ZKP will become a part of game execution engines. Startups that successfully integrate privacy features into high-throughput on-chain gaming engines will play a significant role.

  3. Identity Solutions: ZKP opens multiple opportunities in the identity domain. They can be used for reputation proofs or linking Web2 and Web3 identities. Currently, our Web2 and Web3 identities are separate. Projects like Clique use oracles to connect these identities. ZKP can take this further by anonymously linking Web2 and Web3 identities, enabling use cases like anonymous DAO membership, provided they can prove domain-specific expertise using Web2 or Web3 data. Another use case is uncollateralized Web3 loans based on a borrower’s Web2 social status (e.g., Twitter follower count).

  4. ZKP for Regulatory Compliance: Web3 allows anonymous online accounts to actively participate in the financial system, achieving significant financial freedom and inclusivity. With increasing Web3 regulations, ZKP can be used to comply without breaking anonymity. ZKP can prove that a user is not a citizen or resident of a sanctioned country. It can also be used to prove accredited investor status or any other KYC/AML requirements.

  5. Native Web3 Private Debt Financing:TradeFi debt financing is often used to support growing startups to accelerate growth or start new business lines without adding extra venture capital. The rise of Web3 DAOs and anonymous companies creates opportunities for native Web3 debt financing. For instance, using ZKP, DAOs or anonymous companies can obtain uncollateralized loans and competitive rates based on proof of growth metrics, without disclosing borrower information to lenders.

  6. Privacy in DeFi: Financial institutions often maintain the privacy of their transaction history and risk exposure. However, using decentralized finance (DeFi) protocols on-chain becomes challenging due to advancing on-chain analysis techniques. A potential solution is developing privacy-focused DeFi products to protect participants’ privacy. One such protocol attempting this is Penumbra’s zkSwap. Additionally, Aztec’s zk.money offers some private DeFi earning opportunities by obfuscating user participation in transparent DeFi protocols. Generally, protocols that successfully implement efficient and privacy-focused DeFi products can attract significant transaction volumes and revenue from institutional participants.

  7. ZKP for Web3 Advertising: Web3 empowers users to own their data rights, like browsing history, private wallet activities, etc. Web3 also enables monetization of this data for users’ benefit. Since data monetization can conflict with privacy, ZKP can play a crucial role in controlling which personal data can be disclosed to advertisers and data aggregators.

  8. Sharing and Monetizing Private Data: Many of our private data, if shared with the right entities, can have significant impacts. Personal health data can be crowdsourced to help researchers develop new drugs. Private financial records can be shared with regulatory and oversight bodies to identify and punish corrupt practices. ZKP can enable private sharing and monetization of such data.

  9. Governance: As DAOs (Decentralized Autonomous Organizations) and on-chain governance become more prevalent, Web3 is moving towards direct participatory democracy. A major flaw in the current governance model is the non-privacy of participation. ZKP can be foundational in solving this issue. Governance participants can vote without revealing their voting choices. Additionally, ZKP can restrict the visibility of governance proposals to DAO members only, allowing DAOs to build competitive advantages.

  10. ZKRollup: Scaling is one of the most important use cases of ZKP in blockchain. zkRollup technology aggregates multiple transactions into a single transaction. These transactions are processed and computed off-chain (outside the blockchain’s main chain). For these aggregated transactions, zkRollup uses ZKP to generate a proof that can verify the transactions’ validity without revealing their specific details, significantly compressing data size. The generated ZKP is then submitted to the main chain of the blockchain. Nodes on the main chain only need to verify the proof’s validity, not process each individual transaction, greatly reducing the main chain’s burden.

ZKP Hardware Acceleration

Zero-Knowledge Proof (ZKP) protocols, while having multiple advantages, currently face a primary issue: verification is easy, but generation is difficult. The main bottleneck in the generation of most proof systems is either Multi-Scalar Multiplication (MSM) or Fast Fourier Transform (FFT) and its inverse. The composition and pros and cons of these are as follows:

Multi-Scalar Multiplication (MSM): MSM is a key computation in cryptography, involving the multiplication of points and scalars in elliptic curve cryptography. In ZKPs, MSM is used to construct complex mathematical relationships about points on elliptic curves. These computations usually involve a large number of data points and operations, key to generating and verifying proofs. MSM is particularly important in ZKPs as it helps construct proofs that can verify encrypted statements without exposing private information. MSM can be executed across multiple threads, thus supporting parallel processing. However, when dealing with large vectors of elements, such as 50 million elements, multiplication operations can still be slow and require substantial memory resources. Moreover, MSM faces scalability challenges, remaining slow even with extensive parallelization.

Fast Fourier Transform (FFT): FFT is an efficient algorithm for computing polynomial multiplication and solving polynomial interpolation problems. In ZKPs, it is often used to optimize the computation of polynomials, a crucial step in proof generation. FFT accelerates computation by breaking down complex polynomial operations into smaller, simpler parts, crucial for efficiency in the proof generation process. The use of FFT significantly enhances the ability of ZKP systems to handle complex polynomials and large datasets. However, FFT operations rely on frequent data exchanges, making it difficult to significantly improve efficiency through distributed computing or hardware acceleration. Data exchanges in FFT operations require substantial bandwidth, especially when dealing with datasets larger than the hardware memory capacity.

While software optimization is also an important research direction, the most direct and brute-force method to accelerate proof generation is through stacking sufficient computational power in hardware. Among the various computational hardware options (GPU, FPGA, ASIC), which is the best choice? Since GPUs have already been briefly introduced in the previous section, here we mainly understand the design logic and pros and cons of FPGA and ASIC.

ASIC: ASIC (Application-Specific Integrated Circuit) is an integrated circuit designed specifically to meet the needs of a particular application. Compared to general-purpose processors or standard integrated circuits, ASICs are customized to perform specific tasks or applications, thus usually exhibiting higher efficiency and performance in their designed applications. In the well-known field of Bitcoin mining, ASICs are very important computational hardware, with their high efficiency and low power consumption making them an ideal choice for Bitcoin mining. However, ASICs have two clear disadvantages: since they are designed for specific applications (for example, Bitcoin ASIC mining machines are designed around the SHA-256 hashing algorithm), the design and manufacturing costs can be very high without mass adoption, and the design and verification cycle can be relatively long.

FPGA: FPGA stands for Field Programmable Gate Array, a type of reprogrammable device developed on the basis of traditional logic circuits and gate arrays such as PAL (Programmable Logic Array), GAL (Generic Array Logic), and CPLD (Complex Programmable Logic Device). Like ASICs, FPGAs are integrated circuits used in electronic design to implement specific functions, overcoming the limitations of past semi-custom circuits and the limited number of gates in previous programmable devices. Its key features are “reprogrammability, low power consumption, low latency, and strong computational power.” However, the drawback of FPGAs is that their functionality entirely depends on hardware implementation, unable to perform operations like branch condition jumps, and they can only perform fixed-point operations. In terms of cost, the design cost of FPGAs is lower than that of ASICs, but manufacturing costs also need to be considered based on scale. Of course, the overall cost of both is much higher than that of GPUs.

Returning to the discussion of ZKP hardware acceleration, it must first be acknowledged that ZKP is still in the early stages of development. System parameters (such as FFT width or bit size of elements) or the choice of proof systems (just the proof systems mentioned above have five varieties) are still rarely standardized. We compare the three types of computational hardware in this environment:

· Changes in ZK ‘Meta’: As mentioned above, the business logic on ASICs is written once. If any ZKP logic changes, it needs to start from scratch. FPGAs can be refreshed any number of times within 1 second, meaning they can be reused on multiple chains with incompatible proof systems (e.g., cross-chain MEV extraction) and adapt flexibly to changes in ZK ‘meta’. While GPUs are not as quickly reconfigurable at the hardware level as FPGAs, they offer great flexibility at the software level. GPUs can adapt to different ZKP algorithms and logic changes through software updates. Even though these updates may not be as rapid as with FPGAs, they can still be completed in a relatively short time.

· Supply: The design, manufacturing, and deployment of ASICs typically require 12 to 18 months or longer. In contrast, the FPGA supply chain is relatively healthy, with leading suppliers like Xilinx allowing a large number of retail orders to arrive within 16 weeks from the website (i.e., without any contact points). Looking at GPUs, they naturally have a huge advantage in supply. Since the Ethereum Shanghai merge, there has been a large number of idle GPU mining machines across the network. Subsequent graphics card series developed by Nvidia and AMD can also be supplied in large quantities.

From the above two points, unless the ZK track forms a consensus and standardizes the adoption of one scheme, ASICs do not have any advantages. Given the current diversified development of ZKP schemes, GPUs and FPGAs will be the two main types of computational hardware we need to discuss next.

· Development Cycle: Due to the popularity of GPUs and mature development tools such as CUDA (for NVIDIA GPUs) and OpenCL (cross-platform), GPU development is more accessible. FPGA development typically involves more complex hardware description languages (such as VHDL or Verilog), requiring longer learning and development times.

· Power Consumption: FPGAs typically outperform GPUs in terms of energy efficiency. This is mainly because FPGAs can be optimized for specific tasks, thus reducing unnecessary energy consumption. While GPUs are powerful in processing highly parallelized tasks, this also comes with higher power consumption.

· Customizability: FPGAs can be programmed to optimize specific ZKP algorithms, enhancing efficiency. For specific ZKP algorithms, the general architecture of GPUs may not be as efficient as specialized hardware.

· Generation Speed: According to a comparison by trapdoor-tech of GPUs (using Nvidia 3090 as an example) and FPGAs (using Xilinx VU9P as an example), under BLS12–381 (a specific type of elliptic curve), using the same modular multiplication/modular addition algorithm, the generation speed of GPUs is five times that of FPGAs.

In summary, in the short term, considering the development cycle, parallelism, generation speed, cost, and the large number of idle devices ready across the network, GPUs are undoubtedly the most advantageous choice at present. The current direction of hardware optimization is also mainly focused on GPUs. The time for FPGAs to completely take over the competition has not yet come. Therefore, is it possible to build a ZKP computational power market similar to PoW mining (a term I personally conceived)?

Reflections on Building a ZKP Computational Power Market

In contemplating the construction of a ZKP computational power market, we have already drawn conclusions about the hardware aspect from the previous text. The remaining questions are as follows: Does ZKP need decentralization? Is the market size attractive enough? If ZK-based public chains all choose to build their own proof generation markets, what is the significance of a ZKP computational power market?

The Significance of Decentralization: Firstly, most current zkRollup projects (such as Starkware and zKsync) rely on centralized servers, considering only the expansion of Ethereum. Centralization means that the risk of user information being censored still exists, somewhat sacrificing the most important permissionless nature of blockchain. For privacy protocols using ZK, the decentralization of ZKP generation is extremely necessary. The second reason for decentralization is cost, similar to the previous section on AGI. The cost of cloud services and hardware procurement is very high, and proof generation is usually only suitable for large projects. For small projects in their initial stages, a decentralized proof market can greatly alleviate their funding difficulties at startup, and also reduce unfair competition due to financial constraints.

Market Size: Paradigm predicted last year that the ZK miner/proof generator market might grow to a size comparable to the past PoW mining market. The fundamental reason is that both buyers and sellers in the ZKP computational power market are abundant. For former Ethereum miners, the numerous ZK-based public chain and Layer 2 projects are far more attractive than Ethereum’s forked public chains. However, we also need to consider that most ZK-based public chains or Layer 2s are fully capable of building their own proof generation markets. If they are to conform to the decentralization narrative, this step is also inevitably in their roadmap (as with Starkware and zkSync, which will have their own decentralized solutions in the future). So, does the ZKP computational power market still have a purpose?

The Significance of Building It: Firstly, the applications of ZKP are extremely widespread (as we have already exemplified several times in the previous text, and will refer to a project later). Secondly, even if every ZK chain has its own proof generation market, the computational power market still has three functions that can make sellers consider selling their computational power.

  1. Divide the computational power into two parts: one for mining and the other for selling computational power contracts. This method can help hedge against the volatility of the cryptocurrency market. When the market falls, the sold computational power contracts provide a stable income; when the market rises, mining on one’s own can bring additional profits.
  2. Sell all computational power to obtain a fixed income, which is a more conservative approach. This can reduce the impact of market fluctuations on income and ensure the stability of earnings.
  3. Due to differences in cost structures (such as electricity costs), some miners may achieve lower operating costs than the market average. These miners can use their cost advantage to sell computational power contracts at market prices and retain the difference due to lower electricity costs, achieving arbitrage.

Proof Market

Proof Market is a decentralized ZKP computational power market built by =nil; (an Ethereum development company). To my knowledge, it is currently the only computational power market built around ZKP generation. Essentially, it is a trustless data accessibility protocol that enables Layer 1 and Layer 2 blockchains and protocols to generate zero-knowledge proofs based on the need for seamless data sharing, without relying on centralized intermediaries. Although Proof Market is not the market built around individual GPUs as I imagined (Proof Market is built around professional hardware vendors, and GPU mining for ZKP can also refer to the Roller Network in the Scroll architecture or Aleo), it is still very relevant in considering how a ZKP computational power market is constructed and widely applied. The workflow of Proof Market is as follows:

Proof Requester:

  • Entities requesting proofs, such as zkBridge, zkRollup, zkOracle, or zkML applications.
  • If the circuit does not exist, a preparation phase is needed, where a new circuit is generated by running zkLLVM.
  • If the circuit already exists, a zkProof request for the predefined circuit is created.

zkLLVM:

  • This component is responsible for generating circuits, i.e., programs that encode computational tasks.
  • In the preparation phase, zkLLVM performs preprocessing on the computation to generate the circuit and submits it to Proof Market.

Proof Market:

  • A central marketplace that matches orders from proof requesters with proof generators.
  • Verifies the validity of proofs and provides rewards after the proof is verified.

Proof Generator:

  • Performs computations to generate the required zero-knowledge proofs.
  • Receives orders from Proof Market and returns the generated proofs.

Reward Mechanism:

  • Circuit Developer Reward: The author of the circuit receives a reward each time a proof requester uses the circuit to generate a proof.
  • Proof Generator Reward: Once a proof is verified in Proof Market, the generator receives a reward based on the terms of the order.

In the entire process, the request, generation, verification, and distribution of rewards for proofs all revolve around Proof Market. This process aims to create a decentralized market where the generation and verification of ZKP are automated, and participants can receive rewards corresponding to their contributions.

Application Scenarios

Since its test release in January 2023, the main application scenarios for Proof Market have been protocols operating outside Ethereum Layer 1 (L1), such as zkRollup, zkBridge connected to Ethereum, and public chains using zkP.

With the integration of Ethereum endpoints (a gateway interface that allows other systems or services to connect and integrate), Proof Market will be applicable to more applications, especially those that need to directly request proofs from EVM applications to provide a smoother user experience or need to work with on-chain stored data.

Here are some potential application scenarios:

  • Machine Learning (ML): Inference requests can be initiated on-chain to zkML applications. Applications like fraud detection, predictive analytics, and identity verification can be deployed on Ethereum.
  • Ethereum Data Processing (zkOracles): Many applications require historical or processed data from Ethereum. Using zkOracles, users can obtain data from the consensus layer for the execution layer.
  • Data Transfer (zkBridges): Users can directly request data transfer and pay for proof fees, eliminating the need for bridge operators as intermediaries between users and the market.
  • Fraud Proof: Some fraud proofs can be easily verified on-chain, while others cannot. Fishermen (network participants focused on verifying the main protocol and looking for potential fraud) can focus on verifying the main protocol and point to the required proofs provided by Proof Market.
  • Data Updates and Accumulation: Applications can store the latest updates directly on Layer 1 and later accumulate them into a Merkle tree, with proofs of correct root updates.
  • Random Number Generation: Applications can order random numbers generated through trustless hash-based VDFs.
  • Proof Aggregation: If applications independently send their proofs (without verification), aggregating them into a single proof and then verifying them at once can reduce the cost of proof verification.

Practical Implementation

The well-known LSD project Lido is also using Proof Market to build a solution to enhance the security and credibility of the Lido Accounting Oracle contract. The Lido Accounting Oracle relies on an Oracle committee composed of trusted third parties and a quorum mechanism to maintain its state, which poses potential attack vectors. The solution process in Proof Market is as follows:

Problem Definition

  • Lido Accounting Oracle Contract: Handles complex reporting, including Consensus Layer data (such as Total Value Locked (TVL), number of validators, etc.).
  • Objective: To make reporting trustless, it is necessary to expand the report to include proofs of computational validity.

Solution Specification

  • Preliminary Goal: In the first phase, only report a subset such as Lido CL balance (referring to assets related to the Consensus Layer in the Lido protocol), active and exiting balance numbers, etc.
  • Key Participants:

Lido: Needs to make certain data from the Consensus Layer state accessible in the Execution Layer.

Oracle: Reports TVL and validator numbers to the TVL contract.

Proof Producer: Generates computational integrity proofs.

Proof Verifier: Verifies proofs in the EL contract.

Technical Implementation

  • Oracle: An independent application that obtains input data, calculates Oracle reports, and produces proofs.
  • zkLLVM Circuit: Used to build zero-knowledge proofs for computational integrity.
  • Trustless Accounting Audit Oracle Contract: Verifies binary proofs and validates computational validity information.

Deployment Phases

  • Current State: When enough trusted Oracle members submit reports and reach a quorum.
  • “Dark Launch” Phase: Reaches trusted quorum but also accepts trustless reports and performs necessary verification.
  • Transition Period: Reaches trusted quorum, receives at least one valid trustless report, and the reports are consistent.
  • Full Launch: The accounting contract uses only trustless reports to determine TVL and validator numbers.
  • Final State: Completely abolishes quorum reporting, using only trustless reports.

Conclusion

Compared to the grand blueprint of the AGI computational power market, the ZKP computational power market is indeed more limited to applications within the blockchain. However, the advantage is that the development of the ZKP computational power market does not need to consider extremely complex designs like neural networks, making the overall development difficulty lower and the funding requirements less. Combining the projects mentioned above, it is not difficult to see that while the AGI computational power market is still puzzled about how to land, the ZKP computational power market has already penetrated multiple application scenarios in the blockchain in multiple dimensions.

From a market perspective, the ZKP computational power market is still in a very blue ocean stage, and the aforementioned Proof Market is not the ideal design in my mind. Combining algorithm optimization, application scenario optimization, hardware optimization, and the choice of different computational power seller markets, there is still a lot of imaginative space in the design of the ZKP computational power market. Furthermore, considering the development perspective, Vitalik has repeatedly emphasized that ZK’s impact on the blockchain field in the next decade will be as important as blockchain itself. However, given the versatility of ZK, as the design matures, ZK’s future importance in non-blockchain fields may not be inferior to the current AGI, and its prospects should not be underestimated.

About YBB

YBB is a web3 fund dedicating itself to identify Web3-defining projects with a vision to create a better online habitat for all internet residents. Founded by a group of blockchain believers who have been actively participated in this industry since 2013, YBB is always willing to help early-stage projects to evolve from 0 to 1.We value innovation, self-driven passion, and user-oriented products while recognizing the potential of cryptos and blockchain applications.

Disclaimer:

  1. This article is reprinted from [medium]. All copyrights belong to the original author [YBB]. If there are objections to this reprint, please contact the Gate Learn team, and they will handle it promptly.
  2. Liability Disclaimer: The views and opinions expressed in this article are solely those of the author and do not constitute any investment advice.
  3. Translations of the article into other languages are done by the Gate Learn team. Unless mentioned, copying, distributing, or plagiarizing the translated articles is prohibited.

Promising Sector Preview: The Decentralized Computing Power Market (Part II)

Intermediate1/26/2024, 1:12:07 PM
This article starts from the basic concepts of zero-knowledge proofs and explores the multifaceted possibilities of the decentralized computing power market, a promising track.

Foreword

In the article ‘Promising Sector Preview: The Decentralized Computing Power Market (Part I)’, we have already grasped the importance of computational power in the context of AI expectations and have deeply explored the two main challenges currently faced in establishing a decentralized AGI computational power market. This article will begin with the fundamental concepts of zero-knowledge proofs and, progressively delving deeper, will explore the multiple possibilities of the decentralized computational power market, a burgeoning and promising sector. (The previous article also touched upon the Bitcoin computational power market, but considering the recent explosive growth in the Bitcoin ecosystem, this aspect will be further discussed in our future articles related to the Bitcoin ecosystem.)

Overview of Zero-Knowledge Proofs

In the mid-1980s, three cryptographers from MIT (Shafi Goldwasser, Silvio Micali, and Charles Rackoff) published a paper titled “The Knowledge Complexity of Interactive Proof Systems.” This paper described an innovative cryptographic technique that allows the verification of information’s authenticity without revealing the information itself. The authors named this technique “zero-knowledge proof” and provided a specific definition and framework for the concept.

Over the following decades, zero-knowledge proof technology, based on this paper, gradually developed and improved across various fields. Today, zero-knowledge proofs have become an all-encompassing term representing many “modern” or “advanced” cryptographic methods, especially those related to the future of blockchain.

Definition

Zero-Knowledge Proof (ZKP), used interchangeably in this text depending on the context, refers to a method where a prover can demonstrate the correctness of a statement to a verifier without providing any specific information about the statement itself. This method’s three fundamental attributes include completeness, soundness, and zero-knowledge. Completeness ensures the provability of true statements, soundness guarantees that false statements cannot be proven, and zero-knowledge means the verifier gains no information beyond the truth of the statement.

Types of Zero-Knowledge Proofs

Based on the communication method between the prover and verifier, there are two types of zero-knowledge proofs: interactive and non-interactive. In interactive proofs, there is a series of interactions between the prover and verifier. These interactions are part of the proof process, where the prover responds to a series of queries or challenges from the verifier to prove the truth of their statement. This process typically involves multiple rounds of communication, with the verifier posing a question or challenge in each round and the prover responding to prove the correctness of their statement. In non-interactive proofs, multiple rounds of interaction are not required. Here, the prover creates a single, independently verifiable proof and sends it to the verifier. The verifier can independently verify the truth of this proof without further communication with the prover.

Interactive vs. Non-Interactive Explained Simply

1.Interactive: The story of Alibaba and the Forty Thieves is a classic example often cited to explain interactive zero-knowledge proofs. In a simplified version of the story, Alibaba, who knows the magic words to open a treasure-filled cave, is captured by the thieves. If he reveals the magic words, he risks being killed for lack of further use. If he refuses, the thieves might kill him for not knowing the secret. To prove he knows the secret without revealing it, Alibaba uses two entrances, A and B, to the cave, which both lead to a central chamber with a password-protected door. Alibaba enters the cave and chooses one entrance while the thieves wait outside, unable to see his choice. The thieves then randomly call out A or B, demanding Alibaba exit through the chosen entrance. If Alibaba truly knows the magic words, he can use the password to pass through the central door and exit from the designated entrance. Repeating this process successfully multiple times, Alibaba proves he knows the secret without disclosing it.

  1. Non-Interactive: Imagine you and a friend each have a “Where’s Waldo?” book. You claim to know Waldo’s location on a specific page, but your friend is skeptical. To prove you know Waldo’s location without revealing it, you can cover the entire page with a large opaque paper, revealing Waldo through a small hole (a single, independently verifiable proof). This way, you prove you know Waldo’s location, but your friend still can’t determine Waldo’s exact coordinates in the picture.

Blockchain Implementation

Zero-knowledge proofs have various implementations in blockchain, with zk-STARK (Zero-Knowledge Scalable Transparent Argument of Knowledge) and zk-SNARK (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge) being the most well-known. Both are non-interactive zero-knowledge proofs, as indicated by “Non-Interactive” in their names.

zk-SNARK is a widely used general-purpose zero-knowledge proof scheme (not a single technology but a category). It converts any computational process into a series of gate circuits, then uses polynomial properties to transform these circuits into polynomials, thereby compressing and generating small non-interactive proofs for complex business applications. zk-SNARK requires a trusted setup, where multiple parties each generate a part of the key in a trusted setting and then destroy it. If the secret information used in the trusted setup is not destroyed, it could be exploited to forge transactions through false verification.

zk-STARK evolved from zk-SNARK, addressing the reliance on trusted setups. It can complete blockchain verification without any trusted setup, reducing the complexity of launching networks and eliminating collusion risks. However, zk-STARK has the issue of generating larger proofs, which are disadvantageous in terms of storage, on-chain verification, and generation time. If you’ve experienced early versions of StarkNet (using zk-STARK), you might have noticed a significant difference in speed and Gas fees compared to other Layer2 solutions. Thus, zk-SNARK is more commonly adopted. Other less mainstream solutions include PLONK and Bulletproofs, each with its own advantages and disadvantages in proof size, prover time, and verification time. Achieving an ideal zero-knowledge proof is challenging, and mainstream algorithms usually balance different dimensions.

Developing ZK typically involves two key components:

ZK-friendly computation expression: This includes a domain-specific language (DSL) or a low-level library. Low-level libraries like Arkworks provide necessary tools and primitives, allowing developers to manually rewrite code in a lower-level language. DSLs like Cairo or Circom are programming languages tailored for ZK applications, compiling into the primitives needed for proof generation. More complex operations lead to longer proof generation times, and certain operations (like bit operations used in SHA or Keccak) may not be suitable for ZK, resulting in lengthy proof generation.

Proof system: The proof system is the core of a ZK application, implementing two basic functions: Prove and Verify. The Prove function allows generating a proof (requiring extensive mathematical calculations, with more complex proofs taking longer to generate) that a statement is correct without revealing proof details. The Verify function is used to check the correctness of this proof (the more complex and larger the proof, the higher the performance, and the shorter the time required for verification). Different proof systems, such as Groth16, GM17, PLONK, Spartan, and STARK, vary in efficiency, security, and ease of use.

ZKP Application Map

  1. ZKP Cross-Chain Bridges and Interoperability: ZKP can create proofs of validity for cross-chain messaging protocols, allowing messages to be quickly verified on the target chain. This is similar to verifying zkRollups on the base L1. However, cross-chain messaging is more complex due to different signature schemes and cryptographic functions that need verification between the source and target chains.

  2. ZKP in On-Chain Gaming Engines: Dark Forest demonstrates how ZKP can enable incomplete information games on-chain. This is crucial for designing more interactive games where players’ actions remain private until they choose to reveal them. As on-chain gaming matures, ZKP will become a part of game execution engines. Startups that successfully integrate privacy features into high-throughput on-chain gaming engines will play a significant role.

  3. Identity Solutions: ZKP opens multiple opportunities in the identity domain. They can be used for reputation proofs or linking Web2 and Web3 identities. Currently, our Web2 and Web3 identities are separate. Projects like Clique use oracles to connect these identities. ZKP can take this further by anonymously linking Web2 and Web3 identities, enabling use cases like anonymous DAO membership, provided they can prove domain-specific expertise using Web2 or Web3 data. Another use case is uncollateralized Web3 loans based on a borrower’s Web2 social status (e.g., Twitter follower count).

  4. ZKP for Regulatory Compliance: Web3 allows anonymous online accounts to actively participate in the financial system, achieving significant financial freedom and inclusivity. With increasing Web3 regulations, ZKP can be used to comply without breaking anonymity. ZKP can prove that a user is not a citizen or resident of a sanctioned country. It can also be used to prove accredited investor status or any other KYC/AML requirements.

  5. Native Web3 Private Debt Financing:TradeFi debt financing is often used to support growing startups to accelerate growth or start new business lines without adding extra venture capital. The rise of Web3 DAOs and anonymous companies creates opportunities for native Web3 debt financing. For instance, using ZKP, DAOs or anonymous companies can obtain uncollateralized loans and competitive rates based on proof of growth metrics, without disclosing borrower information to lenders.

  6. Privacy in DeFi: Financial institutions often maintain the privacy of their transaction history and risk exposure. However, using decentralized finance (DeFi) protocols on-chain becomes challenging due to advancing on-chain analysis techniques. A potential solution is developing privacy-focused DeFi products to protect participants’ privacy. One such protocol attempting this is Penumbra’s zkSwap. Additionally, Aztec’s zk.money offers some private DeFi earning opportunities by obfuscating user participation in transparent DeFi protocols. Generally, protocols that successfully implement efficient and privacy-focused DeFi products can attract significant transaction volumes and revenue from institutional participants.

  7. ZKP for Web3 Advertising: Web3 empowers users to own their data rights, like browsing history, private wallet activities, etc. Web3 also enables monetization of this data for users’ benefit. Since data monetization can conflict with privacy, ZKP can play a crucial role in controlling which personal data can be disclosed to advertisers and data aggregators.

  8. Sharing and Monetizing Private Data: Many of our private data, if shared with the right entities, can have significant impacts. Personal health data can be crowdsourced to help researchers develop new drugs. Private financial records can be shared with regulatory and oversight bodies to identify and punish corrupt practices. ZKP can enable private sharing and monetization of such data.

  9. Governance: As DAOs (Decentralized Autonomous Organizations) and on-chain governance become more prevalent, Web3 is moving towards direct participatory democracy. A major flaw in the current governance model is the non-privacy of participation. ZKP can be foundational in solving this issue. Governance participants can vote without revealing their voting choices. Additionally, ZKP can restrict the visibility of governance proposals to DAO members only, allowing DAOs to build competitive advantages.

  10. ZKRollup: Scaling is one of the most important use cases of ZKP in blockchain. zkRollup technology aggregates multiple transactions into a single transaction. These transactions are processed and computed off-chain (outside the blockchain’s main chain). For these aggregated transactions, zkRollup uses ZKP to generate a proof that can verify the transactions’ validity without revealing their specific details, significantly compressing data size. The generated ZKP is then submitted to the main chain of the blockchain. Nodes on the main chain only need to verify the proof’s validity, not process each individual transaction, greatly reducing the main chain’s burden.

ZKP Hardware Acceleration

Zero-Knowledge Proof (ZKP) protocols, while having multiple advantages, currently face a primary issue: verification is easy, but generation is difficult. The main bottleneck in the generation of most proof systems is either Multi-Scalar Multiplication (MSM) or Fast Fourier Transform (FFT) and its inverse. The composition and pros and cons of these are as follows:

Multi-Scalar Multiplication (MSM): MSM is a key computation in cryptography, involving the multiplication of points and scalars in elliptic curve cryptography. In ZKPs, MSM is used to construct complex mathematical relationships about points on elliptic curves. These computations usually involve a large number of data points and operations, key to generating and verifying proofs. MSM is particularly important in ZKPs as it helps construct proofs that can verify encrypted statements without exposing private information. MSM can be executed across multiple threads, thus supporting parallel processing. However, when dealing with large vectors of elements, such as 50 million elements, multiplication operations can still be slow and require substantial memory resources. Moreover, MSM faces scalability challenges, remaining slow even with extensive parallelization.

Fast Fourier Transform (FFT): FFT is an efficient algorithm for computing polynomial multiplication and solving polynomial interpolation problems. In ZKPs, it is often used to optimize the computation of polynomials, a crucial step in proof generation. FFT accelerates computation by breaking down complex polynomial operations into smaller, simpler parts, crucial for efficiency in the proof generation process. The use of FFT significantly enhances the ability of ZKP systems to handle complex polynomials and large datasets. However, FFT operations rely on frequent data exchanges, making it difficult to significantly improve efficiency through distributed computing or hardware acceleration. Data exchanges in FFT operations require substantial bandwidth, especially when dealing with datasets larger than the hardware memory capacity.

While software optimization is also an important research direction, the most direct and brute-force method to accelerate proof generation is through stacking sufficient computational power in hardware. Among the various computational hardware options (GPU, FPGA, ASIC), which is the best choice? Since GPUs have already been briefly introduced in the previous section, here we mainly understand the design logic and pros and cons of FPGA and ASIC.

ASIC: ASIC (Application-Specific Integrated Circuit) is an integrated circuit designed specifically to meet the needs of a particular application. Compared to general-purpose processors or standard integrated circuits, ASICs are customized to perform specific tasks or applications, thus usually exhibiting higher efficiency and performance in their designed applications. In the well-known field of Bitcoin mining, ASICs are very important computational hardware, with their high efficiency and low power consumption making them an ideal choice for Bitcoin mining. However, ASICs have two clear disadvantages: since they are designed for specific applications (for example, Bitcoin ASIC mining machines are designed around the SHA-256 hashing algorithm), the design and manufacturing costs can be very high without mass adoption, and the design and verification cycle can be relatively long.

FPGA: FPGA stands for Field Programmable Gate Array, a type of reprogrammable device developed on the basis of traditional logic circuits and gate arrays such as PAL (Programmable Logic Array), GAL (Generic Array Logic), and CPLD (Complex Programmable Logic Device). Like ASICs, FPGAs are integrated circuits used in electronic design to implement specific functions, overcoming the limitations of past semi-custom circuits and the limited number of gates in previous programmable devices. Its key features are “reprogrammability, low power consumption, low latency, and strong computational power.” However, the drawback of FPGAs is that their functionality entirely depends on hardware implementation, unable to perform operations like branch condition jumps, and they can only perform fixed-point operations. In terms of cost, the design cost of FPGAs is lower than that of ASICs, but manufacturing costs also need to be considered based on scale. Of course, the overall cost of both is much higher than that of GPUs.

Returning to the discussion of ZKP hardware acceleration, it must first be acknowledged that ZKP is still in the early stages of development. System parameters (such as FFT width or bit size of elements) or the choice of proof systems (just the proof systems mentioned above have five varieties) are still rarely standardized. We compare the three types of computational hardware in this environment:

· Changes in ZK ‘Meta’: As mentioned above, the business logic on ASICs is written once. If any ZKP logic changes, it needs to start from scratch. FPGAs can be refreshed any number of times within 1 second, meaning they can be reused on multiple chains with incompatible proof systems (e.g., cross-chain MEV extraction) and adapt flexibly to changes in ZK ‘meta’. While GPUs are not as quickly reconfigurable at the hardware level as FPGAs, they offer great flexibility at the software level. GPUs can adapt to different ZKP algorithms and logic changes through software updates. Even though these updates may not be as rapid as with FPGAs, they can still be completed in a relatively short time.

· Supply: The design, manufacturing, and deployment of ASICs typically require 12 to 18 months or longer. In contrast, the FPGA supply chain is relatively healthy, with leading suppliers like Xilinx allowing a large number of retail orders to arrive within 16 weeks from the website (i.e., without any contact points). Looking at GPUs, they naturally have a huge advantage in supply. Since the Ethereum Shanghai merge, there has been a large number of idle GPU mining machines across the network. Subsequent graphics card series developed by Nvidia and AMD can also be supplied in large quantities.

From the above two points, unless the ZK track forms a consensus and standardizes the adoption of one scheme, ASICs do not have any advantages. Given the current diversified development of ZKP schemes, GPUs and FPGAs will be the two main types of computational hardware we need to discuss next.

· Development Cycle: Due to the popularity of GPUs and mature development tools such as CUDA (for NVIDIA GPUs) and OpenCL (cross-platform), GPU development is more accessible. FPGA development typically involves more complex hardware description languages (such as VHDL or Verilog), requiring longer learning and development times.

· Power Consumption: FPGAs typically outperform GPUs in terms of energy efficiency. This is mainly because FPGAs can be optimized for specific tasks, thus reducing unnecessary energy consumption. While GPUs are powerful in processing highly parallelized tasks, this also comes with higher power consumption.

· Customizability: FPGAs can be programmed to optimize specific ZKP algorithms, enhancing efficiency. For specific ZKP algorithms, the general architecture of GPUs may not be as efficient as specialized hardware.

· Generation Speed: According to a comparison by trapdoor-tech of GPUs (using Nvidia 3090 as an example) and FPGAs (using Xilinx VU9P as an example), under BLS12–381 (a specific type of elliptic curve), using the same modular multiplication/modular addition algorithm, the generation speed of GPUs is five times that of FPGAs.

In summary, in the short term, considering the development cycle, parallelism, generation speed, cost, and the large number of idle devices ready across the network, GPUs are undoubtedly the most advantageous choice at present. The current direction of hardware optimization is also mainly focused on GPUs. The time for FPGAs to completely take over the competition has not yet come. Therefore, is it possible to build a ZKP computational power market similar to PoW mining (a term I personally conceived)?

Reflections on Building a ZKP Computational Power Market

In contemplating the construction of a ZKP computational power market, we have already drawn conclusions about the hardware aspect from the previous text. The remaining questions are as follows: Does ZKP need decentralization? Is the market size attractive enough? If ZK-based public chains all choose to build their own proof generation markets, what is the significance of a ZKP computational power market?

The Significance of Decentralization: Firstly, most current zkRollup projects (such as Starkware and zKsync) rely on centralized servers, considering only the expansion of Ethereum. Centralization means that the risk of user information being censored still exists, somewhat sacrificing the most important permissionless nature of blockchain. For privacy protocols using ZK, the decentralization of ZKP generation is extremely necessary. The second reason for decentralization is cost, similar to the previous section on AGI. The cost of cloud services and hardware procurement is very high, and proof generation is usually only suitable for large projects. For small projects in their initial stages, a decentralized proof market can greatly alleviate their funding difficulties at startup, and also reduce unfair competition due to financial constraints.

Market Size: Paradigm predicted last year that the ZK miner/proof generator market might grow to a size comparable to the past PoW mining market. The fundamental reason is that both buyers and sellers in the ZKP computational power market are abundant. For former Ethereum miners, the numerous ZK-based public chain and Layer 2 projects are far more attractive than Ethereum’s forked public chains. However, we also need to consider that most ZK-based public chains or Layer 2s are fully capable of building their own proof generation markets. If they are to conform to the decentralization narrative, this step is also inevitably in their roadmap (as with Starkware and zkSync, which will have their own decentralized solutions in the future). So, does the ZKP computational power market still have a purpose?

The Significance of Building It: Firstly, the applications of ZKP are extremely widespread (as we have already exemplified several times in the previous text, and will refer to a project later). Secondly, even if every ZK chain has its own proof generation market, the computational power market still has three functions that can make sellers consider selling their computational power.

  1. Divide the computational power into two parts: one for mining and the other for selling computational power contracts. This method can help hedge against the volatility of the cryptocurrency market. When the market falls, the sold computational power contracts provide a stable income; when the market rises, mining on one’s own can bring additional profits.
  2. Sell all computational power to obtain a fixed income, which is a more conservative approach. This can reduce the impact of market fluctuations on income and ensure the stability of earnings.
  3. Due to differences in cost structures (such as electricity costs), some miners may achieve lower operating costs than the market average. These miners can use their cost advantage to sell computational power contracts at market prices and retain the difference due to lower electricity costs, achieving arbitrage.

Proof Market

Proof Market is a decentralized ZKP computational power market built by =nil; (an Ethereum development company). To my knowledge, it is currently the only computational power market built around ZKP generation. Essentially, it is a trustless data accessibility protocol that enables Layer 1 and Layer 2 blockchains and protocols to generate zero-knowledge proofs based on the need for seamless data sharing, without relying on centralized intermediaries. Although Proof Market is not the market built around individual GPUs as I imagined (Proof Market is built around professional hardware vendors, and GPU mining for ZKP can also refer to the Roller Network in the Scroll architecture or Aleo), it is still very relevant in considering how a ZKP computational power market is constructed and widely applied. The workflow of Proof Market is as follows:

Proof Requester:

  • Entities requesting proofs, such as zkBridge, zkRollup, zkOracle, or zkML applications.
  • If the circuit does not exist, a preparation phase is needed, where a new circuit is generated by running zkLLVM.
  • If the circuit already exists, a zkProof request for the predefined circuit is created.

zkLLVM:

  • This component is responsible for generating circuits, i.e., programs that encode computational tasks.
  • In the preparation phase, zkLLVM performs preprocessing on the computation to generate the circuit and submits it to Proof Market.

Proof Market:

  • A central marketplace that matches orders from proof requesters with proof generators.
  • Verifies the validity of proofs and provides rewards after the proof is verified.

Proof Generator:

  • Performs computations to generate the required zero-knowledge proofs.
  • Receives orders from Proof Market and returns the generated proofs.

Reward Mechanism:

  • Circuit Developer Reward: The author of the circuit receives a reward each time a proof requester uses the circuit to generate a proof.
  • Proof Generator Reward: Once a proof is verified in Proof Market, the generator receives a reward based on the terms of the order.

In the entire process, the request, generation, verification, and distribution of rewards for proofs all revolve around Proof Market. This process aims to create a decentralized market where the generation and verification of ZKP are automated, and participants can receive rewards corresponding to their contributions.

Application Scenarios

Since its test release in January 2023, the main application scenarios for Proof Market have been protocols operating outside Ethereum Layer 1 (L1), such as zkRollup, zkBridge connected to Ethereum, and public chains using zkP.

With the integration of Ethereum endpoints (a gateway interface that allows other systems or services to connect and integrate), Proof Market will be applicable to more applications, especially those that need to directly request proofs from EVM applications to provide a smoother user experience or need to work with on-chain stored data.

Here are some potential application scenarios:

  • Machine Learning (ML): Inference requests can be initiated on-chain to zkML applications. Applications like fraud detection, predictive analytics, and identity verification can be deployed on Ethereum.
  • Ethereum Data Processing (zkOracles): Many applications require historical or processed data from Ethereum. Using zkOracles, users can obtain data from the consensus layer for the execution layer.
  • Data Transfer (zkBridges): Users can directly request data transfer and pay for proof fees, eliminating the need for bridge operators as intermediaries between users and the market.
  • Fraud Proof: Some fraud proofs can be easily verified on-chain, while others cannot. Fishermen (network participants focused on verifying the main protocol and looking for potential fraud) can focus on verifying the main protocol and point to the required proofs provided by Proof Market.
  • Data Updates and Accumulation: Applications can store the latest updates directly on Layer 1 and later accumulate them into a Merkle tree, with proofs of correct root updates.
  • Random Number Generation: Applications can order random numbers generated through trustless hash-based VDFs.
  • Proof Aggregation: If applications independently send their proofs (without verification), aggregating them into a single proof and then verifying them at once can reduce the cost of proof verification.

Practical Implementation

The well-known LSD project Lido is also using Proof Market to build a solution to enhance the security and credibility of the Lido Accounting Oracle contract. The Lido Accounting Oracle relies on an Oracle committee composed of trusted third parties and a quorum mechanism to maintain its state, which poses potential attack vectors. The solution process in Proof Market is as follows:

Problem Definition

  • Lido Accounting Oracle Contract: Handles complex reporting, including Consensus Layer data (such as Total Value Locked (TVL), number of validators, etc.).
  • Objective: To make reporting trustless, it is necessary to expand the report to include proofs of computational validity.

Solution Specification

  • Preliminary Goal: In the first phase, only report a subset such as Lido CL balance (referring to assets related to the Consensus Layer in the Lido protocol), active and exiting balance numbers, etc.
  • Key Participants:

Lido: Needs to make certain data from the Consensus Layer state accessible in the Execution Layer.

Oracle: Reports TVL and validator numbers to the TVL contract.

Proof Producer: Generates computational integrity proofs.

Proof Verifier: Verifies proofs in the EL contract.

Technical Implementation

  • Oracle: An independent application that obtains input data, calculates Oracle reports, and produces proofs.
  • zkLLVM Circuit: Used to build zero-knowledge proofs for computational integrity.
  • Trustless Accounting Audit Oracle Contract: Verifies binary proofs and validates computational validity information.

Deployment Phases

  • Current State: When enough trusted Oracle members submit reports and reach a quorum.
  • “Dark Launch” Phase: Reaches trusted quorum but also accepts trustless reports and performs necessary verification.
  • Transition Period: Reaches trusted quorum, receives at least one valid trustless report, and the reports are consistent.
  • Full Launch: The accounting contract uses only trustless reports to determine TVL and validator numbers.
  • Final State: Completely abolishes quorum reporting, using only trustless reports.

Conclusion

Compared to the grand blueprint of the AGI computational power market, the ZKP computational power market is indeed more limited to applications within the blockchain. However, the advantage is that the development of the ZKP computational power market does not need to consider extremely complex designs like neural networks, making the overall development difficulty lower and the funding requirements less. Combining the projects mentioned above, it is not difficult to see that while the AGI computational power market is still puzzled about how to land, the ZKP computational power market has already penetrated multiple application scenarios in the blockchain in multiple dimensions.

From a market perspective, the ZKP computational power market is still in a very blue ocean stage, and the aforementioned Proof Market is not the ideal design in my mind. Combining algorithm optimization, application scenario optimization, hardware optimization, and the choice of different computational power seller markets, there is still a lot of imaginative space in the design of the ZKP computational power market. Furthermore, considering the development perspective, Vitalik has repeatedly emphasized that ZK’s impact on the blockchain field in the next decade will be as important as blockchain itself. However, given the versatility of ZK, as the design matures, ZK’s future importance in non-blockchain fields may not be inferior to the current AGI, and its prospects should not be underestimated.

About YBB

YBB is a web3 fund dedicating itself to identify Web3-defining projects with a vision to create a better online habitat for all internet residents. Founded by a group of blockchain believers who have been actively participated in this industry since 2013, YBB is always willing to help early-stage projects to evolve from 0 to 1.We value innovation, self-driven passion, and user-oriented products while recognizing the potential of cryptos and blockchain applications.

Disclaimer:

  1. This article is reprinted from [medium]. All copyrights belong to the original author [YBB]. If there are objections to this reprint, please contact the Gate Learn team, and they will handle it promptly.
  2. Liability Disclaimer: The views and opinions expressed in this article are solely those of the author and do not constitute any investment advice.
  3. Translations of the article into other languages are done by the Gate Learn team. Unless mentioned, copying, distributing, or plagiarizing the translated articles is prohibited.
Start Now
Sign up and get a
$100
Voucher!