ZKP学习笔记

ZK-Learning MOOC课程笔记

Lecture 14.1 zkBridge: Trustless Bridge Made Practical

  • Cross-chain Bridges
    • Multi-chain Universe
    • Bridge: generic and efficient communication cross blockchains
    • Desirable properties
      • Generality (support many applications)
      • Efficient
      • Secure with trust minimization (particularly crucial)
  • Current Common Bridge Approach: Trust Intermediary
    • Existing Approach: intermediary
      • Side chain (PolyNetwork, Axelar) - 2/3 honest nodes
      • Committee (Wormhole, Ronin) - 2/3 honest committee
      • External oracles (LayerZero) - independence between Oracle and Relayer
    • Pros: Simple & efficient on-chain verification (e.g., multisig)
    • Cons: Need to rely on external trust on intermediaries
  • Remove Trust on Intermediary
    • Light client verification: (only verify the block header rather than the whole block)
      • Verifying certain correctness properties of state transition in consensus protocol
      • E.g., for BFT-based consensus, a light client needs to verify validator signatures and keeps track of validator rotation
    • Cosmos IBC (a protocol in Cosmos)
      • Validators verifies block header information of another chain, performing light client verification
      • Cons: require each chain to implement an IBC client to perform the verification
    • NEAR Rainbow bridge
      • Implement light client verification as a smart contract in Ethereum
      • Cons: on-chain verification is very expensive
  • zkBridge—Trustless Bridge Made Practical
    Xie-Zhang-Cheng-Zhang-Zhang-Jia-Boneh-Song, “zkBridge: trustless bridge made practical”, ACM CCS 2022 (zkbridge.org)
    • With ZKP, we replace honesty assumptions with Cryptographic assurance
    • Efficient on-chain verification using ZKP
  • Advantages of zkBridge
    • Minimized trust
      • Cryptographic soundness instead of honest assumptions
    • Efficient on-chain verification
      • purpose-built zkSNARK enables efficient on-chain verification
    • Permissionless and Decentralized
      • Provers are not trusted so anyone can join
    • Extensible and Universal
      • Developers can develop their own application on top
  • Challenges
    • SNARKs are expensive
    • Blockchains are not designed to be “ZK friendly”
      • EdDSA digital signature is expensive to express as anarithmetic circuit (~2M gates)
    • Each state transition can involve hundreds of sig verifications => Computing $\Pi$ naively can be prohibitively expensive
  • Making zkBridge practical
    • deVirgo: a distributed version of Virgo (IEEE S&P 2020)
      • Exploits “data parallelism”
      • Optimal parallelization —- 100x speedup with 128 machines
      • Practical communication —- less than 20% of proving time
    • Reducing proof size by recursion
      • run deVirgo verifier in Groth16
    • Batching
  • Approach: deVirgo & 2-layer Proof Composition
  • Extensibility & Applications of zkBridge
    • Extensibility
    • Applications:
      • Message Passing
      • Cross-chain Assets Transfer/Swap
      • Cross-chain NFT Interoperations
  • zkBridge Technology Enables Other Capabilities
    • State proof
      • A cryptographic proof of state changes that occur in a given set of blocks (e.g., Algorand State Proof)
    • zk-based light client verification
      • Support efficient light client verification, including mobile use cases (e.g., Celo Plumo)
    • zkBridge can be extended to privacy chains with privacy protection