Chainlens Space E7 - Efficient verification of ZK proofs on-chain with zkVerify

Conor Svensson: We can kick off this space now if you're ready to go. Rob, would you like to start by telling us a little bit about yourself, who you are and what it is that brought you into Blockchain? 

Rob Viglione: Yeah, no, happy to. Thanks for having me here, Conor. So yeah, I was I guess like an early, early bitcoiner. I got into the industry when really it wasn't much of an industry, but from the idea of changing the way that, or using technology to basically compete with the idea of money. And that's what Bitcoin was. But beyond that I just kind of got sucked into the ethos of what we're doing of sort of creating these online digital economies, just connecting people all over the world. So my path throughout the industry has just been very focused on kind of enabling technologies and then also just the cultures that we build and you know, building out these ecosystems.

Conor Svensson: And so with those, there's been a couple of different projects that you've worked on, both going back a few years and also more recently I believe the first one was Horizen and that kind of led into the ZKVerify. I'd love to get a bit more context about them as well.

Rob Viglione: Yeah, totally. So, the first project that I started getting actively involved on was Horizen. It's called Horizen today. Back in 2017 it was called Zencache. When we launched it. Actually my co-founder Ralph just joined the thread as well. Hey Ralph, what we were doing there was actually solving a specific problem that we saw at the time, which was if the world's digital activity were to go on chain, what a lot of people didn't realise was blockchains are actually quite transparent. They're pseudonymous, so they're not anonymous. And as soon as you correlate someone's address this long string of characters with a human being, you could just see everything they do forever, and everything that they've done in the past. So with Horizen or Zencache back then we were one of the first projects to experiment with this type of cryptography called Zero Knowledge Proofs. And Zero Knowledge proofs are really I think critical enabling technology for ultimately web3 to really scale and go mainstream because it gives you the ability to interact on chain with anyone else in the world in a privacy preserving way, but to still prove certain things. And what we were doing with Horizen was it was a privacy coin. So we were proving that money that person A would send, person B existed and was in person A's control to be able to send to person B and that it was all done according to the rules or the consensus of the blockchain at the time. But the industry has evolved a lot since then. A lot of different types of technology, tools and ecosystems have evolved tremendously. So what we realised was ZK is still at the core of what we think will be the future of the industry. But it requires a lot of infrastructure and a lot of unique tooling and layers to really scale efficiently. and that's what ultimately led us to ZKVerify. ZKVerify is a whole nother beast of a project and this kind of like enabling layer type of role for the industry. But at its core what it does is it's the most efficient place to verify these cryptographic proofs that are created.

Conor Svensson: And so when you started out on this journey, the ZK angle, it was coming at it from a privacy preserving perspective. But then as you say with the ZKVerify it's more in the context of this scaling technology. And so would you just like to enlighten people a little bit more about perhaps the differences in the approaches of using ZK for privacy versus the scaling and why at this point in time, I guess the verification piece is so important.

Rob Viglione: Sure, yeah. So this classic crypto, zk proofs, it's cryptography, right? There are a bunch of different things that you can do with it, at least three things that you can do with it in terms of broad categories. So clearly the first use case that we experimented with ZenCash and Horizen was private, financial transactions or private money, basically. That's only part of the story. It goes beyond just the monetary stuff that we were doing. It's also, you can have any type of, on chain data or any type of data structure could actually be made private. That's an important category of what we could do with the tech. The other is scaling like you said. Actually zero knowledge proofs are probably most widely used today in web3 to batch transactions. So this was the start of the modular blockchain movement where as an industry we started specialising in different parts of the stack. The part of the stack that people probably most know about today are like L2s on Ethereum for example, what an L2 is, it's an execution layer that's bumped off of the core L1 Ethereum. So you can have massive scale and then ZK is used to batch transactions and then have like a proof generated that all of the transactions within a batch were actually done correctly and then you could just send the proof down to the L1. Instead of executing all these transactions on the L1 directly, you can actually just send the proof down to the L1 and have the proof verified that everything was done correctly on the off chain execution layer. But also another class of utility from ZK is also just from pure verifiability. The ability to verify that some arbitrary computation was done correctly. I think this is massive and today very underrated within the industry because you can think about this as did an algorithm execute properly? And when you start speaking in those terms right away for me at least, artificial intelligence AI just pops up. AI is running you know, some extremely sophisticated algorithms over extremely massive data sets with you know, billions of parameter inputs and we have no idea basically, it's kind of like a black box from the user's perspective. This type of cryptography could also be used to verify has computation been executed properly, whether that was from some sort of  LLM or AI algo or maybe that's from some computation that was done off chain entirely from some other use case like proving that something happened or exists in a database that’s never going to be on chain. You might want to know what happened there so it is valuable for some input for an on chain application. So just to summarise, those are the three broad use case areas that I see for ZK and why I think the technology is just so powerful and exciting.

Conor Svensson: Yeah and it does seem like we're just still in such early days as well with respect to where it's going to take us. So right now and the context that you mentioned that it's viewing use prominently is with L2s and app chains and where you have zero knowledge proofs being used for those networks. How are networks typically doing the proof and verification and again taking it back to the ZKVerify. How does that kind of offload and make this simpler for those networks?

Rob Viglione: Yeah, so proof generation is always done off chain as well. It's computationally extremely expensive and typically takes specialised hardware and a lot of computational power to do that. That's where it comes to, from the L2 example, you're batching large groups of transactions into a 6sigs proof and that's all done off chain on the generation side. What typically happens though for the classic L2 that is roll up on Ethereum is the proof itself would be generated off chain and then verified on ethereum on the L1. The way that happens through smart contracts on Ethereum that is kind of written in solidity. So it would be the verifier for the proof system that's being used and there's many different types of proof systems out there. The verifier gets written in Ethereum and then it's a smart contract that gets executed literally by every node that executes the Ethereum blockchain. It's expensive to do that, it's definitely much more expensive than if you were to have a verifier written natively in rust and done off chain for example. But there's good reason to verify on chain and why the world of L2s has exploded, thus far. Where you do your proof generation off chain and then your verification on chain is because the idea is you inherit the security of the L1 to which you're kind of binding that L2. And the kind of binding that matters typically for an L2 is that it's sort of a bridge in a way and that you commit again, the eth example, you commit eth, the native currency for Ethereum, into basically a bridge into the L2. And then what goes in also comes out, has the ability to come out. So in order to make sure that you have the integrity of the money supply of eth is you basically want to do your verification or at least historically through a smart contract that has the same exact security, meaning that every node of Ethereum is executing that smart contract. Now the downside there, and there's at least a few downsides, one is cost and as a company we started looking at this a couple of years ago because we've been in ZK since basically the beginning in web 3. We've been looking at every part of the value chain of ZK and realised that while everyone's focusing on making proof generation either faster, cheaper or more decentralised, there was a gap and that people weren't really focusing on the verification side. There are services that do things like aggregating proofs which is really you're batching more, more proofs together basically bashing more transactions into proofs that you can add together and therefore reduce your transaction cost. But you still always have this bottleneck on chain where you have to verify through the solidity based smart contract which is expensive. The other big trade off or downside to doing it on chain is there's a certain type of cryptography with one elliptic curve in particular that Ethereum uses for which all of the ZK projects basically do a conversion to be compatible with at the end. It's called Alt BN128 and that curve has some precompiled smart contracts that make it usable and basically this is an innovation bottleneck on chain. So projects that want to use more modern proof systems, maybe they want to have massive volumes of proofs to be verified on chain, they could use different elliptic curves, or maybe they want different cryptography as it kind of becomes available through the frontier of innovation. So when you bump the verification layer off chain and you specialise there, which is exactly what ZKVerify is doing, we can massively reduce costs. But I think the more important thing is that we can just always be on the innovation frontier because we do nothing but specialise in proof verification. Then further I would say, it's a big interoperability play as well and that you know we're building a one stop shop for verification where the results can go basically anywhere. So instead of verifying on a particular chain you can actually just verify with ZKVerify and have the results broadcast everywhere.

Conor Svensson: So, with the point you were saying there about the curves for actually for verifying the proofs on Ethereum that this is a constraint by what are effectively the precompiled contracts that you have with Ethereum nodes that support specific curves. Is that right?

Rob Viglione: Correct. Yeah, that's exactly right. so as an example we have one partner that submitted an EIP, an Ethereum improvement proposal, some time ago to add a different curve. They expect that they're going to have just such a massive volume of proofs generated on their system that they just need a different curve to be more efficient and cost effective. This is the good and the bad thing about having a massively decentralised ecosystem like Ethereum is that there are many different types of stakeholders and there's many different types of priorities because every stakeholder can have a different priority. And then the governance has to come to terms basically like weighting all these different visions of where people think Ethereum should go and that EIP just never had any uptake. So that curve was never introduced, the EIP is still sitting there. Whereas with us we actually just integrated a verifier for this organisation. So we can cater to them specifically and just always be ahead because ZKVerify specialises, we're just in the business of efficient, proof verification and we want to do this for any important proof,  proofing system that's out there and we want to do it quickly. So we're just always going to be super responsive to the needs of that particular service that the industry needs.

Conor Svensson: And is it a fair parallel, so to speak, that we have data availability networks now that have spun up with regards to taking storage off  these L2s, so they're optimised specifically for storage and retrieval of data associated with on chain activity. And so is it fair to say that this verification is kind of a similar type of service, but specifically for the verification of proofs?

Rob Viglione: That's exactly right. So it's a different philosophy on where the industry is going. You've got, and I'll just tell you my take on it is, I can see the industry kind of evolving where you have, I don't know, call it 5 to 10 really important L1s, that are used as settlement layers. Then around these you'll have kind of their own ecosystems. Like on Ethereum as an example, you'll probably, people say thousands of L2s will one day exist on Ethereum and you'll have different kind of networks of L2s that will be networked with each other, like Supernets, you know, in different systems that will evolve, and then you'll have your bitcoins, maybe L2s around that and sidechains, you'll have your Solana and you'll have some other, you know, very specific L1s that do things differently or for some important kind of set of use cases. Maybe they're just blazingly fast. Right? Then there's this other way that I can see the industry evolving and I think it'll co evolve this way, I don't think it's black and white one or the other. I think the other thing will be kind of a set of modular services that products or protocols or ecosystems will have specific needs and they'll just call in these services. And you mentioned like Celestia and data availability DA is one of these types of services. Right? So do you need DA from Ethereum, which is expensive, or can you get your DA from a modular service that's just specialised into nothing but DA? Same thing for proof generation. Well, proof generation is never done on chain, but you'll have your proof generation services, you'll have your ZKverify type of proof verification services. And then the way I see the industry evolving is again like the 5 to 10 core L1s and their associated networks and even within those networks you'll probably still see lots of different combinations of services being pulled in from just specialised layers like what we have as a ZK Verify or Celestia. Then you'll just have products that just care about their products' needs and their products will say they don't care what L1 they settle to because they don't need to. Settlements to them will be defined by where they do DA and proof verification. So that's where I see the industry going and I think it's the perfect comparison is to look at you know ZKVerify is analogous like on the ZK side to what Celestia is doing for DA.

Conor Svensson: Yeah, it's just super helpful for framing it and understanding how important that service is there. And so having a look at some of the more recent announcements as well, it seems that ZK verifies broad attestations to apechain. So is attestations another area that works well with it too?

Rob Viglione: It is, yeah. So our goal is to be a universal verification layer where we can take any proof from anywhere of any type and then send the result wherever it's needed. We started off calling them attestations because this is what Celestia does. Right. Basically what an attestation is, because you're doing something in the specialised Layer like DA or in our case for verification, you often like what we do and what Celestia does, we have a smart contract on the target L1 where we want the result to go. In this case would be like we'll have a ZKVerify smart contract on Ethereum and right now we have it on Ethereum Sepolia Testnet, where we basically bundle the results of verification into a Merkle tree and the root of the Merkle tree gets sent over to the ZKVerify smart contract on Ethereum. So that any application on Ethereum that needs to have an input of the results of verification for their app, maybe to release funds or to take some kind of action, they can just reference the leaf of that Merkle tree with their attestation id. Now like we're calling it on the product side more like receipts. But I mean the idea is the same as it's a representation of the result of verification, really wherever you need it for your product. If your product is on Ethereum, your product's on Arbitrum or like you mentioned, if your product is on Apechain, which we're obviously super bullish on since Horizen Labs was a big part of the go to market for Ape chain. You can just reference the receipt or the attestation of the verification on your app on the chain that you care about for your application.

Conor Svensson: Yes, it's really cool technology to see it there. And one of the other areas, it seems that it has relevance. You mentioned AI earlier but then also gaming as well.

Rob Viglione: Yep. Yeah. So I mean there, there's literally so many. So I think you know, the best, in my mind the best ways to go to market, it's kind of like some combination of top down strategic thinking and just bottom up, let's see what emerges kind of thing. I think that this is where some of the best ecosystems are built in the industry. So one example of a use case that just kind of emerged spontaneously was a ZK Verify on Apechain was actually a provably fair raffle, which is really cool to see. Whether it's an online card game or online gambling or an online raffle, there are users or customers of that product that have this kind of trust problem or at least demand some level of trust. Whether you believe in the organisation itself or the company making the product or if you want it to be ZK verified. In this case some group just spontaneously integrated ZKVerify for the raffle product and ended up being a great use case. Another one which was, I think, really foundational to Web3 and I think many other ultimately many Web2 apps is going to be this idea of true randomness. In web 3 we often talk about VRF functions or verifiable random functions. This is really just to prove that something that some random draw, some gaming pairing or something that you want to randomly happen in your application was actually done properly and the user can trust that it was done properly. In our case we have a really cool use case with a group called Pixel Vault that uses their VRF to ZKVerify to actually prove that it is, in fact, randomly generating information. So there's many use cases like that. But I will say that I'm actually probably even more excited about proof verification so ZK specifically and public verification of ZK Proofs as being the big missing link from Web three going to Web two and making a big impact in what we call the real world. And there's so many use cases there to explore. And this is the other end of the spectrum that I mentioned, like the strategic top down. We need to think deeply about how this technology can actually solve deep trust problems in many many parts of the real world. And we're tackling that. But that's going to be like the longer tail of our go to market.

Conor Svensson: And kind of thinking about conceptualising that future more. And I think the discussions of attestations they're obviously a very useful proof in terms of individuals for instance to prove that they are a certain individual or linking and it could be online personas together to prove that this person is who they say they are. But then you've got the other side which is where there's also proofs as well of computations. Down the line, how do you think it will kind of manifest itself from an individual user perspective? Like would it be that there's a transaction that happens on chain and then there's some optionality there that in and just see the proof or would there be some other way to actually show it to someone that just makes it more kind of palatable? Because of course when we're building these complex systems to underpin, that provide key services for Web3 infrastructure, there's often challenges with how you present that to the end users in a way that they can understand what's going on.

Rob Viglione: So I think it's a really good question because we've been in the privacy business since 2017, starting with Horizen. And what we found is that many users really don't care about privacy. And like we probably, we probably all face this in our daily lives. When we're on our phones or some social media app or you're ordering on Amazon or whatever web app you're using. People don't often, have privacy in top of mind, until it really matters. And I think where it really matters is kind of like when it comes to the moment where you're inputting your credit card into a web app, to go buy something, you kind of want to know that that thing is secure and that transaction is going to be private. At least the sensitive information part is going to be private to the world. I think what's going to happen in Web three is going to be very analogous to Web two and it's just going to become part of the infrastructure of our daily experiences. I don't think that many users, so there is definitely a core community and in Horizen we have a core privacy oriented community that cares about that and that's a culture that we have. I will admit that that culture doesn't extend everywhere for sure. But I think where Web three really starts to scale and really starts to take over more and more of our digital lives, like when your bank account goes from whatever bank you're using, whatever country any of the listeners are in, when that goes on chain and you're dealing with stablecoins and some basket of cryptocurrencies and tokens, you're not going to want all that information to be public. You're not going to want all of everything you do with your financial life to be visible to the world. When Uber becomes decentralised and there's either Uber itself or some competitive application that does ride service in a decentralised way, you're not going to want the entire world to see  everywhere you go all the time and develop a pattern of life on you, right? So I think the way that I look at it is there's going to be this period of time where we're advancing the state of the art in tech and we're integrating the tech into specific products. It'll probably be like from a tangibility perspective. It'll probably start with things like privacy preserving IDs and identifiers so that you can prove that someone's a unique human being without revealing who they are. Aall of the information that went into proving that, you're not going to display to the world, but you can still reveal the output that this is a unique human. And I think it'll go from there because then I think that these kind of privacy preserving IDs are going to ripple through into many different products and services that we end up ultimately consuming. And at the end of the day I think that Web3, when it grows big enough to start consuming big chunks of Web2, it's going to be done in a completely privacy preserving way. All of our transactions, all of our interactions, our identity, everything that's visible to the world, that needs to be visible to the world will be private or at least privacy preserving. That's the way I see it happening. And like, you know, I could go off on tangents on, you know, like the right to own your own data. And I don't think people really care that much about their own data right now because they don't realise that it is valuable. But in an age of AI where we can actually, we need massive amounts of data to ingest into training these algorithms, I think data has never been more valuable. And I think that as soon as we can, people will start caring about that. As soon as we can start monetizing it. For people, when they can just toggle that button on their phone that just says, do you want to monetize your data or not? I think they'll just toggle that button. And I think under the hood it'll be a very sophisticated set of privacy preserving technologies like ZK proofs that will make that possible. But I don't think people are going to demand it. I think it'll be once they can just toggle that button that it'll happen. And I think that that's where we really hit the inflection point.

Conor Svensson: Yeah, I think you raised a really good point there about how when people started providing credit card details online, that's where they suddenly started caring about privacy. And when we see those inflection points for these more traditional details, where there is an opportunity to potentially monetize them or at least be aware of the need to protect them, this will certainly be a much better place for us to be. We're just about out of time. But, just what's coming next for ZKVerify, the network and where can people find out more about it?

Rob Viglione: Yeah, so the cool thing about ZKVerify is that we've recently launched an incentivized testnet. And what that is is basically we want early users, because early users now are just disproportionately so much more valuable because we need to learn quickly before we actually go into production or to mainnet. So guys, what I would say is go to zkverify.io, look us up. If you're technically oriented, we've got phenomenal docs page white paper. You can go into the weeds there. If you're a developer, you can contribute, but I would say just join the community, join the conversation, because I think there's a lot of really cool stuff coming. In particular, we could use help on the incentivize testnet. That's one thing. If there's one tangible thing, I would say check out that programme, see what you can do to contribute to it, whether you're a user of a product. We have some cool, online games right now, like an online Sudoku game that we worked with one of our partners, sindury, on. we've got another one called ZK Mastermind. You could just play these games that literally helps us to play a game. Or you could contribute in other ways. So I would say please check it out. It's really cool what we're doing because I would say that ZK has never been more valuable than it is now. And we're just at the starting point. It's going to go exponential. and a project like ZKVerify is exactly the ecosystem. I think that will be at the cutting edge of that.

Conor Svensson: Well, that's awesome. And, just, to wrap up, thank you so much for joining us on the space today, Rob. And look forward to hearing more about ZKVerify in the coming months.

Rob Viglione: Thank you, Conor. I appreciate the opportunity.