Foresight Ventures: All about Polygon zkEVM and zkEVM Rollup

Foresight Ventures
17 min readSep 5, 2022

--

The future path of Ethereum is tailored to Rollup, and the most promising solution is zk Rollup, which uses zero-knowledge proof technology.

The common perception is that zk Rollup requires several years of development before it can really get into the production, due to the huge development difficulty of building zkEVM. In order for developers to seamlessly port and deploy EVM smart contracts to zk Rollup, development teams need to build and optimize the performance of EVM-compatible zkEVM.

Implementing zkEVM has been a priority for the Ethereum Foundation and other zk Rollup teams such as Polygon. In the long term, the implementation of zkEVM will not only address aspects of the consensus bottleneck in the Ethereum mainnet such as:

  • I/O: via statelessness and enshrined zkEVMs
  • Storage: via statelessness and enshrined zkEVMs
  • Compute: via enshrined zkEVMs

With zkEVM as a core component, it is possible to build a truly perfect universal Rollup network.

Polygon has recently brought such an alpha version of zk Rollup with zkEVM, which compares favorably with solutions such as Scroll, StarkNet, zkSync, Sin7Y, and others. The existence of these zkEVMs is a huge leap forward for Polygon and the Ethereum ecosystem, and means that a new and better Rollup user experience is on the horizon.

0. zkEVM

a) Intro to zkEVM

Before we can understand how zkEVM Rollup innovates Ethereum user experience, we need to understand the concept of zkEVM. If you want to learn more about zk, zkVM and zkEVM, feel free to read our previous research article.

The concept of zkEVM can be broken down into two parts:

  • zk: Zero-knowledge proof technology, which can prove the validity of a batch of tx through a succinct proof, to achieve computational trustworthiness and thus achieve scaling.
  • EVM: the smart contract execution environment of the Ethereum ecosystem. It is the existence of EVM that makes Ethereum capable of running smart contracts and becoming a global computing network (compared to Bitcoin, which is probably only counted as a calculator), and it also gives rise to the concepts of EVM compatible, EVM equivalent, EVM superset.

Then zkEVM is a zk virtual machine that is EVM-compatible at least at the programming language level. When a smart contract is run in zkEVM, it generates a zk proof, which proves the validity of the running state transition and guarantees that the computation is trustworthy. The verifier only needs to verify the proof (minimal cost) and does not need to re-execute it (significant redundancy).

b) Meaning of zkEVM

zkEVM is of great importance at all levels:

  • For Rollup scaling: zkEVM can generate proofs for tx batch for fast verification on the mainnet, enabling computational trust with the security of the mainnet in a fully trustworthy manner without multiple rounds of complex consensus.
  • For DApp developers: Developers can use zkEVM to give zk superpowers to any smart contract without learning any zk-related hardcore knowledge or new languages other than Solidity or maybe Vyper.
  • For zkEVM developers: Instead of writing different circuits for the smart contracts on the network, they can simply maintain zkEVM.
  • For Layer3 builders: You can try to build Layer3 Verifier in zkEVM, so that Layer3 batch transactions can be proven “off-rollup” and packaged into a single tx on the main network (L3: 1000 tx → L2: 10 tx → L1: 1 tx), enabling App-rollup.
  • For Ethereum: the existence of multiple zkEVM schemes will eventually become important public goods, helping Ethereum to achieve the next stage of Enshrined zkEVM and zk everything Roadmap.

c) zkEVM Solution and their Progress

The zk Rollup project has been very active lately. StarkNet announced a future token offering, Aztec released a privacy DeFi, zkSync released a countdown to the mainnet launch, Scroll released a Pre-Alpha version of zkEVM, and Polygon open-sourced their source code……

The Ethereum ecosystem is an arms race between zk and zkEVM projects. And as we said in our previous zkVM vs zkEVM article, zkEVM’s solutions are slightly different and have their own advantages.

First, there is a difference in the general direction of the technology, which is basically divided into two directions:

There are different players in both directions:

  • Native based: Polygon, AppliedZKP, Scroll, Taiko. Of course the last three are developing in the same repo and can be considered as basically the same solution (if only talking about zkEVM).
  • Compiler-based: StarkNet, zkSync, OlaVM, etc. This is the track with the most players, but it actually varies a lot from project to project.

According to Vitalik’s classification comparison method, they are classified as follows:

  • Type 1: Fully enshrined zkEVM fully adapted to Ethereum L1. e.g. AppliedZKP.
  • Type 2: Fully EVM-equivalent zkEVM, with slightly different internal structure. Such as the future Scroll and Hermez.
  • Type 2.5: EVM-equivalent zkEVMs with only different gas costs (which may lead to minor compatibility differences). e.g. Scroll and Hermez with precompiles for complex operations.
  • Type 3: zkEVMs that are almost EVM equivalent. e.g. Scroll and Hermez at this stage.
  • Type 4: EVM-compatible zkEVM at the language level, with different features and developer toolings, and developers cannot write bytecode directly. e.g. zkSync and StarkNet.

There are actually a lot of variables in the choice of options. Only a certain amount of focus can be assigned to each aspect, forming it another trilemma:

  • Performance (zk Prover, verifier, overall overhead, hardware acceleration)
  • Compatibility (DApp developers, infrastructure, development tools, miners)
  • Development Difficulty (maintenance difficulty, development progress, system complexity, engineering implementation complexity)

The differences between typical solutions are:

  • StarkNet: implementation of a completely new zkVM (CairoVM), good performance, not too difficult to develop on, but not enough compatibility (requires Warp tranpiler to achieve EVM ability), the best part is that an ecosystem with innovations such as storage proof and fractal scaling has been forming.
  • zkSync: zkEVM at IR level (the LLVM-IR part). Good compatibility (language level), medium performance and development effort, more flexible. The highlight is the ability to support languages other than Solidity via LLVM after compiler iterations.
  • Hermez and Scroll: both are considered zkEVM at the Bytecode level (does not means have to be an exact reuse of EVM Bytecode, but the differences of them are subtle). Compatibility is excellent, performance is sacrificed (the original EVM is not zk-friendly, and there are many performance challenges to overcome after “circuitization”). Development is difficult. The best part is that the architecture is secure and most native.

1. Polygon zkEVM Rollup

The core component of Polygon Hermez’s open source zkEVM Rollup network is zkEVM. Its overall technical solution compares favorably with other solutions and is essentially the same as described in our previous article.

a) Polygon zkEVM Rollup Architecture

The overall architecture of the Polygon zkEVM Rollup is as follows:

The core of the architecture is the zkEVM itself. The zkEVM executes the L2 tx, and the off-chain proof network generates a proof of validity for the execution of the tx in the zkEVM, with the final state transition and proof being submitted to the Ethereum mainnet.

The key components of Polygon zkEVM Rollup are: PoE consensus algorithm, zkNode, zkProver, Proof Builder for STARK and SNARK, and Rollup cross-chain bridge:

  • PoE consensus algorithm: for security, efficiency, and decentralization enhancement, the PoE algorithm replaces Hermez 1.0’s PoD algorithm. PoE can be combined with PoS to ensure decentralization and efficiency of producing blocks in Polygon zkEVM Rollup. Any miner running a zkNode can become a Sequencer, and any miner running a zkNode and zkProver can become an Aggregator. The gas fee for the miner’s right to produce block will be denominated using $MATIC.
  • zkNode: zkNode is the software that any miner who wants to participate in the Polygon zkEVM Rollup network needs to run. zkNode does tx synchronization, sorting, and verification. Otherwise, if you just want to know the status of the network, rather than participate, you only need to run a read-only node, not a zkNode.
  • zkProver: zkProver is the software that any miner who wants to participate in the Polygon zkEVM Rollup network as an Aggregator needs to run. As the name implies, zkProver is a prover that generates zk proofs. Essentially, zkEVM is a polynomial representation of state transitions, and zkProver contains a Main SM Executor and several Secondary State Machines to generate proofs for the state transitions.

STARK and SNARK Proof Builder: The two Proof Builders generate proofs for two different types of zero-knowledge proof techniques, STARK and SNARK. STARK (PIL STARK) generates proofs for the polynomial constraints on state transition batches, while SNARK (SnarkJS) generates constant size proofs for the construction of STARK proofs, which can be published on the mainnet at a lower cost.

Rollup cross-chain bridge: Polygon zkEVM Rollup is a traditional Burn/Mint cross-chain bridge, but can also be used as a bridge to other L2s.

b) Polygon zkEVM Rollup Design

The core idea behind Polygon zkEVM Rollup’s design is:

  • Decentralized (anyone can rebuild the entire Rollup state through DA, without any censorship or centralized control)
  • No access (anyone can participate in the network, as Sequencer or Aggregator)
  • Security (Inherits the security of Ethereum, helping to verify Rollup state updates and proofs through the Ethereum network)
  • Performance and efficiency (performance improvement through PoE, off-chain computing, UTXO mode settlement of cross-chain bridge contracts, and various cryptographic optimization schemes)

c) Polygon zkEVM Rollup Advantages

There are a number of advantages that really make Polygon’s solution stand out.

First, the collaboration between Polygon’s development teams is a natural synergy. Polygon’s zk universe includes Polygon Hermez (the main development team of Polygon zkEVM), Polygon Zero, Polygon Miden, and Polygon Nightfall, as well as many other teams in the modular blockchain fields. Although the three zk teams have slightly different orientations, they are all top teams in the zkVM space and can collaborate and help each other directly on technical solutions and architecture. For example, Polygon Hermez chose the 64-bit small field STARK proof generation as suggested by Polygon Zero.

In addition, the Polygon zkEVM Rollup has a number of innovations in zk technology. For example, the creation of two DSL zkASMs and PIL, which can be used to interpret EVM byte codes and encode polynomial commitments; the combination of STARK and SNARK, which exploits the Scalable of STARK and Succinct of SNARK to make the proofs faster overall while ultimately consuming less space on the mainnet; optimization-wise, which uses the very efficient Goldilocks as the base field, parallel computation of the Keccek circuit is implemented, and a Poseidon-hash Merkle tree is used as the data structure for the system’s storage.

Both Polygon Hermez and Scroll have made great efforts in their own ways to prove the equivalence of generative decentralization and EVM. To achieve EVM equivalence, it is necessary to write the EVM opcode as a zk circuit, which Polygon interprets via zkASM and then executes in zkExecutor (Geth is essentially also interpretation, while Scroll is directly available to the Geth client’s Execution Trace generates proofs). There is practically no difference in compatibility between the two (runtime’s terpretation or transpilation have no impact on adaptability), in contrast, Polygon’s solution is more prover-friendly and efficient in addition EVM compatibility. In contrast, Scroll focuses on fully reusing Geth’s security model, making it easier to audit.

I think Polygon Hermez’s zkEVM solution hits the sweet spot between native EVM support and performance. Not only does it avoid the complexity of developing the underlying EVM by interpreting it with zkASM, but it also makes performance less of an issue with zkEVM by innovating and optimizing it from different angles.

2. zkEVM Rollup’s Strength

a) Layer 1 vs Rollup

Users have been suffering from Layer 1 gas for a long time, and in our previous MEV study, the model of an ideal network was discussed.

In an ideal network:

  • anyone can send transactions (no censorship)
  • no spam
  • very low fees

Also in the context of Crypto and blockchain, the network needs to be decentralized and scalable in performance. This is the trilemma of an ideal blockchain network:

  • low fees with no spam
  • decentralized with no permission and no censorship
  • scalable with general computation

The monolithic blockchain of Layer 1 cannot do all these things at the same time, but Rollup achieves the ultimate performance, decentralization, and low fees by centralizing block producing and decentralizing verification.

This is also our conclusion in the Rollup article.

b) Optimistic Rollup vs zk Rollup

In the long term and with realistic theoretical performance limits, zk Rollup is more scalable than OP Rollup, with stronger security assumptions.

Optimistic Rollup has a challenge period that makes it take a long time for a tx to be truly finalized, while zk Rollup’s proofs, once generated and verified, directly finalize the tx.

The OP of Rollup is like Layer 1’s PoW and the longest chain principle, and zk is like PoS and its associated consensus. For Layer 1, both PoW and PoS mechanisms are possible, but the performance-oriented Rollup requires a stronger guaranteed (by pledge or cryptography) zk mechanism in the endgame.

This is what we concluded in Modular Blockchain article.

c) zk Rollup vs zkEVM Rollup

If zk Rollup, then why is Optimistic Rollup the more popular one now?

Because currently zk Rollups in production mode do not have general-purpose computational power, such as Loopring, and are only at the stage of single operation like transaction, so developers cannot deploy and deploy smart contracts to Rollup.

The emergence of a zkEVM Rollup can foster an ecosystem of smart contracts like the Optimistic Rollup, which is far more flexible than the normal zk Rollup transaction network, and more secure and user-friendly than the Optimistic Rollup.

3. UX of zkEVM Rollup

a) The Right Time, Place and People

The emergence of zkEVM Rollup is the right time and the right place:

  • Timing: Layer 1 scaling has hit a bottleneck, and Optimistic Rollup has explored the development path to Rollup.
  • Place: The security and social consensus provided by Ethereum provided the perfect ground for the establishment of zkEVM Rollup.
  • People: The EVM ecosystem dominates blockchain development, and numerous zk development teams are contributing to the zkEVM solution.

So what exactly is the experience enhancement of zkEVM Rollup for users?

First of all, we need to define the users, which I think includes both developers and regular users:

b) UX for Developers

  • zkEVM ⇒ No need to learn a new language or even write a new contract to develop a DApp: Solidity is the number one language in the blockchain contract world, with countless resources and great ecosystem, and is the most suitable language for blockchain scenarios, the combination of these two advantages is far better than Move or Rust etc.
  • Rollup ⇒ Unlock more application scenarios: Using the Ethereum mainnet for applications such as payments or games is not suitable due to performance and cost issues. zkEVM Rollup allows more apps to be implemented as DApps.

c) UX of Users

  • zk ⇒ Stronger security than PoS networks and faster finality than OP Rollup: Some PoS networks rely on staking for security, but their small capitalization creates weak security guarantees. zk’s cryptography guarantees absolute security through mathematics. OP Rollup’s challenge period prevents a tx from being confirmed for a certain period of time, while zk Rollup’s proof of a tx confirms the tx once it is generated.
  • EVM ⇒ Exactly the same usage process and infrastructure: Except for the need to switch networks within the wallet and application, all user usage processes will be exactly the same as on the main network, with no additional learning costs, just use the application as before.
  • Rollup ⇒ OP and zk Rollup both offer L2 instant finality: in terms of user experience, the transaction is executed before the user is even aware of it. So the user does not have to wait for 10 seconds or 10 minutes to send the next transaction. In terms of application usage, users can carry out on-chain activities, high-frequency transactions or on-chain games, etc. in a more hassle-free way.

d) UX of Polygon zkEVM Rollup

In the future, the experience of users and developers on zkEVM Rollup will be infinitely similar to that of the main net, and will be even faster and smoother with the advantages of low gas and fast confirmation.

In Polygon zkEVM Rollup’s plan, ETH will always be the gas fee token for Rollup, and MATIC will be the token for staking, which is a very good decision:

  • Better value capture: Polygon’s experience running PoS networks has led to the conclusion that value capture from staking is better than using tokens directly as gas.
  • Better experience: ETH as a Rollup token allows L1 users or cross-chain bridge projects to avoid the extra Swap step in the process (most will cross ETH directly). ETH is also more orthodox as a gas.
  • More significant differentiation: The Polygon zkEVM Rollup will be more distinctly different from the Polygon PoS, and the difference in mechanics does require such a difference to allow users to choose a solution that suits them better.

Also, what Polygon brings to zkEVM Rollup is:

  • A familiar “environment”: Users don’t have to worry about the underlying technical changes, everything will be very similar to Polygon PoS, except that zkEVM Rollup will be faster, safer, and more usable in every way. Developers will also be able to participate in familiar hackathon and enjoy the rich development ecosystem and community that Polygon has built up.

4. The Future of zkEVM Rollup

For the future of the zkEVM Rollup solution, we will analyze the technical future, and what the end game of the solution will be.

a) zkEVM Tech

Vitalik has very deep insights on this topic. Among the four classifications of zkEVM he outlined, there is no real good or bad solution, just different technical trade-offs: closer to the low-level but development progress will be slower, less compatibility but development progress will be faster.

In the long run, it is only a matter of time before zkEVM is engineered and optimized. All solutions have their own value. Vitalik also says that these different solutions may slowly transform over time until they find the one that fits their niche.

The best future is that we have very many different flavors of zkEVM, so developers can choose the one they like, and the ethereum mainnet can go through their innovations to improve itself. The more innovation is the better the future.

b) Rollup Tech

The endgame of Rollup technology will be zkEVM Rollup, while Optimistic Rollup will continue to have its own place, and there will even be a hybrid of zkEVM and Optimistic Rollup (personally, I think one mechanism is sufficient).

The zkEVM Rollup is better than the Optimistic Rollup in many ways. But the biggest advantage of Optimistic Rollup is that it is much simpler to build, the difference between Optimism Bedrock and Geth is only 500 lines of code, any engineer who knows Geth can easily build an Optimistic Rollup, or in the future use Optimint on Celestia and other engines, the path of OP Rollup has been fully explored. The zkEVM Rollup is much more complex, has a higher learning curve, and has no real experience or solutions that are fully implemented.

c) Tech…is not the most important

We talked a lot about technology, but technology is certainly not the most important thing. The bottlenecks in zkEVM Rollup, Rollup, Ethereum, and even blockchain are never technical bottlenecks in engineering implementation or DA or consensus, but users.

As an example from Web2 (thanks Nelson): Apple’s App Store. All developers prefer to publish their apps on the App Store, but the App Store is very unstable and often rejects apps at random. In contrast, Android’s App Market, or Amazon’s App Market is much friendlier. But why do people want to publish to the App Store? Because the App Store has a mature and stable user base! No matter how good the developer experience is on Android or Amazon, developers will still flock to a platform with users.

The goal of software development is not elegant APIs, 100% Test Coverage, and the best programming language, but: solving more problems and providing more value. That means more users.

d) End Game

So what do we imagine a true endgame zkEVM Rollup would look like?

  1. The foundation of the endgame: technology
  • zkEVM level: All solutions are good as long as they can be implemented, but they don’t have to be too fundamentalist. Ethereum EVM is a “legacy and obsolete” system (still a top solution, of course), although it is possible to improve and innovate more on zkEVM. Besides zkEVM needs more optimization, reducing proving overhead to catch up with the Optimistic solution.
  • Rollup level: Ensure that the core values of the blockchain (decentralization, security) are prioritized, instead of an arms race for TPS.

2. The core of the endgame: Social Consensus

  • Ecosystem level: Ideally, all applications on the Ethereum mainnet should be migrated to a Rollup. If the zkEVM Rollup itself has a good ecosystem-wise foundation, it will be very much ahead of other solutions in terms of startup. In this respect, Polygon has a huge advantage.
  • Developer level: EVM compatibility is not the deciding factor. It’s which zkEVM Rollup can reach the fastest developers and get them to use it as a network for development. It is never about the network conforming to the developer, but rather about the developer picking the fastest or best network overall, and then slowly adapting to that network’s development.
  • User Level: The mindset and social consensus of users is very important. In addition to the Reach developers, the most important factor is who is the first and most effective Reach to the users. A successful network should not become a technical geek’s ego about the superiority of a technical solution, but a real solution that creates value for users.

All those zkEVM Rollups have bright future.

Related Links

https://foresightventures.medium.com/foresight-ventures-almost-everything-about-rollup-95319ef0675e

https://foresightventures.medium.com/foresight-ventures-zk-zkvm-zkevm-and-their-future-6fb4b8b527d8

https://mp.weixin.qq.com/s/sl3JewEsVNZ7bhSAgd8z1g

https://blog.polygon.technology/the-future-is-now-for-ethereum-scaling-introducing-polygon-zkevm/

https://www.youtube.com/watch?v=sokVnpaqIEc

0a:

https://foresightventures.medium.com/foresight-ventures-zk-zkvm-zkevm-and-their-future-6fb4b8b527d8

https://twitter.com/toghrulmaharram/status/1518270138876891138

https://docs.google.com/presentation/d/1XB96F9ahIlGUevpOTdi-yx_gkrwmX4WGcCjwf3gEiYc/edit#slide=id.g13232b2e9d8_0_401

https://www.cryptologie.net/article/564/what-are-zkvms-and-whats-the-difference-with-a-zkevm/

0b:

https://appliedzkp.org

https://twitter.com/0xShitTrader/status/1549816145053728769

https://twitter.com/yezhang1998/status/1549771898393100288

0c:

https://vitalik.eth.limo/general/2022/08/04/zkevm.html

https://foresightventures.medium.com/foresight-ventures-zk-zkvm-zkevm-and-their-future-6fb4b8b527d8

https://twitter.com/aliatiia_/status/1422655305540902913

https://twitter.com/toghrulmaharram/status/1550065886064779265

https://twitter.com/aliatiia_/status/1498647477754474502

https://twitter.com/LuozhuZhang/status/1538166119785111552

https://twitter.com/aliatiia_/status/1422655305540902913

https://twitter.com/aliatiia_/status/1549999424650215430

https://twitter.com/cronokirby/status/1550750051873562624

https://twitter.com/henrlihenrli/status/1559173089971146753

https://twitter.com/henrlihenrli/status/1559173135789830144

1:

https://github.com/0xPolygonHermez/zkevm-doc/blob/main/mkdocs/docs/zkEVM/Polygon-zkEVM-Archtectural-Overview.md

https://blog.polygon.technology/zkverse-deep-dive-into-polygon-hermez-2-0/

https://www.youtube.com/watch?v=T2fH1NlHnAc

1b:

https://twitter.com/0xDinoEggs/status/1544868275829571584

1c:

https://twitter.com/Ingo_zk/status/1550121968904507393

https://blog.polygon.technology/introducing-plonky2/

https://twitter.com/_bfarmer/status/1549807101010010115

https://twitter.com/toghrulmaharram/status/1549863723556282370

https://twitter.com/dlubarov/status/1550491404345950216

https://twitter.com/yezhang1998/status/1549808592936906752

https://twitter.com/dlubarov/status/1550506366527086594

https://twitter.com/dlubarov/status/1550491438470668290

https://twitter.com/toghrulmaharram/status/1550065886064779265

https://twitter.com/aliatiia_/status/1549999427791765504

https://twitter.com/mt_1466/status/1550490476201082880

https://youtu.be/T2fH1NlHnAc?t=516

2a:

https://foresightventures.medium.com/foresight-ventures-mev-definition-difference-decrease-33923783c793

https://twitter.com/0xmisaka/status/1511370037306834954

https://foresightventures.medium.com/foresight-ventures-almost-everything-about-rollup-95319ef0675e

2b:

https://foresightventures.medium.com/foresight-ventures-unified-to-divided-modular-blockchain-and-data-availability-layer-459b35673381

https://vitalik.ca/general/2020/08/20/trust.html

3d:

https://twitter.com/sandeepnailwal/status/1550009537406574593

https://twitter.com/sreeramkannan/status/1551439980991377410

4a:

https://vitalik.eth.limo/general/2022/08/04/zkevm.html

4b:

https://twitter.com/VitalikButerin/status/1553342590786813952

4c:

https://thorstenball.com/blog/2022/05/17/professional-programming-the-first-10-years/

4d:

https://twitter.com/itamarl/status/1552616078068838401

https://twitter.com/sgoldfed/status/1551607983167229954

https://twitter.com/EdFelten/status/1555163841469841411

https://twitter.com/MihailoBjelic/status/1554994843851554816

https://twitter.com/pseudotheos/status/1554937456050544641

Others:

https://ethresear.ch/t/nearly-zero-cost-attack-scenario-on-optimistic-rollup/6336/3

https://ethresear.ch/t/a-pre-consensus-mechanism-to-secure-instant-finality-and-long-interval-in-zkrollup/8749

https://twitter.com/yezhang1998/status/1553785807521325057

https://twitter.com/kelvinfichter/status/1553323160564404225

--

--

Foresight Ventures
Foresight Ventures

Written by Foresight Ventures

Foresight Ventures is a blockchain technology-focused investment firm, focusing on identifying disruptive innovation opportunities that will change the industry

Responses (1)