Cryptocurrency

ZK-rollups are the hottest thing in Ethereum right now, having seemingly appeared out of nowhere in late 2018 to fundamentally reshape the “Eth2” plan to scale via sharding alone.

Zero-knowledge, or validity proof rollups, essentially perform the computations for many thousands of transactions away from Ethereum and then write a tiny cryptographic proof back to the blockchain that verifies those transactions were performed correctly. It’s much faster and cheaper than using the base layer and has the potential for virtually unlimited scaling.

To an outsider, it looked like the technology went from 0 to 100 in a couple of years, but from the perspective of Polygon Miden founder Bobbin Threadbare, it doesn’t seem fast enough.

“Your internal perception is that it’s moving slowly,” he says. “People say, ‘We’re going to be doing this in a year,’ and it takes longer because people overestimate [how quickly it can be done].”

“But if you take a step back out of your own bubble, I do think that the tech is moving at an amazing pace. A lot of the things we’re doing now did not exist 10 years ago — or even maybe like eight years ago — they were just theoretical concepts.”

“So, it’s not often that you see that something goes from pure theory — that is probably not practical or ‘maybe we can do it in the long term future’ — to ‘OK, we’re doing it now, and there are now billions of dollars riding on it.’”

Polygon Miden at StarkWare Sessions

Magazine catches up with Threadbare at the StarkWare Sessions in Israel. Since Polygon Miden is a competing ZK-rollup solution to StarkWare’s tech, this is a little like interviewing the CEO of Pepsi at a Coca-Cola convention. But it turns out zero-knowledge proofs are not as cutthroat as sodas.

“On the technical side, there is a lot of collaboration,” Threadbare explains. “If you follow Twitter, you may get an impression that people are at each other’s throats all the time, but you know, it’s Twitter more than anything.”

He points out that all of the projects are building open-source technology (or plan to make it open-source). “We’re not building like Web2 walled gardens here,” he says, adding that various projects “don’t necessarily perceive other rollups as their technical competitors; we learn from each other more.”

Polygon is the 8th-most valuable project

Polygon’s MATIC became the eighth-most valuable cryptocurrency in the world thanks to its current Ethereum scaling solution, but Polygon’s founders knew ZK-rollups could potentially render the network obsolete and spent some of their massive war chest on a ZK tech acquisition and hiring spree.

The Polygon team’s approach is essentially to throw a lot of stuff at the wall and see what sticks. Their zkEVM project has just launched on mainnet in beta, and it enables any Ethereum Virtual Machine-compatible project to scale on its new network.

Other ZK flavors at Polygon include Zero (recursive scaling), Hermez 2.0 (an EVM-compatible solution focused on decentralization and a proof-of-efficiency consensus) and Nightfall (Optimistic Rollups meet zero-knowledge cryptography).

Threadbare, who was working for Facebook at the time, was headhunted to develop his open-source ZK technology into Miden.

“This strategy made sense to me; the space is very early,” he says. “I mean, in all honesty, they didn’t even require that I use STARKs, or SNARKs, or anything.” STARKs (zero-knowledge Scalable Transparent Argument of Knowledge) and SNARKs (Succinct Non-Interactive Argument of Knowledge) are the two different types of ZK proof systems.

“They were very open to whatever technology because nobody had the answer. Hopefully, now we have more of an answer than we did like a year or two years ago.”

What is Polygon Miden?

Polygon Miden is essentially the Polygon version of StarkNet. It enables a bunch of transactions to be processed off the main blockchain, and then “validity proof” demonstrating the transactions are computed correctly, to be written back as a single transaction on Ethereum.

STARKs have some advantages over SNARKs in that less trust is required for the setup, and they’ll be resistant to quantum computer attacks. However, STARKs have much, much larger validity proof sizes, which is more expensive to write back to Ethereum.

In another similarity to StarkNet, which uses the Cairo programming language and virtual machine instead of Solidity and EVM, Miden uses its own virtual machine. For both projects, this is a gamble, as it makes it more difficult for Ethereum projects to port over to the rollup. On the other hand, it means Polygon Miden can scale faster and further by enabling it to escape Ethereum’s constraints.

“Within Polygon, we do think about How do we expand Ethereum?, and there are multiple dimensions,” Threadbare says. “So, scaling is one dimension but also features and other things that are not easy to do on Ethereum, such as privacy and parallel processing, would be another dimension, and this is where Miden comes in.”

Magazine later asks StarkNet co-founder Eli Ben-Sasson for his assessment of his competitor, whom he’s known since the first StarkWare Sessions four years earlier.

“I think Miden is amazing,” says Ben-Sasson. “I have a lot of respect for all of those working within the framework of general validity proofs.”

“Having said that, and with all due respect, I do think that, as far as VMs and feature-laden compute frameworks go, I think that Cairo is better. And I’ve said so to Bobbin.”

Threadbare isn’t a cryptographer; he’s a hands-on builder and says the instant he learned about ZK-rollups, he knew it would be the answer to blockchain scaling because it removes one of technology’s greatest inefficiencies — requiring everyone on the network to process each transaction.

“Once I learned about ZK tech, it became almost obvious that this is going to be the end game. Because in the blockchain, basically, you have the same computation that everybody has to reexecute. And this is so wasteful. When you see this technology where you only have to execute once and everybody can verify your computation exponentially faster, that’s almost like an obvious thing that needs to be done.”

Run smart contracts locally with Polygon Miden

With Polygon Miden, anyone will be able to run a smart contract locally and just send the proof to the network, which enables transactions to be run in parallel, rather than sequentially. If Polygon Miden had stuck with the EVM, that would be very difficult, and that limits throughput.

With Ethereum currently processing a dozen or so transactions a second, that’s not a problem, but when TPS ticks over into the thousands, it will be. “You need to be able to process transactions in parallel because, in a single thread, there’s only so much you can do,” he says. “I don’t think you can go much more than a few thousand TPS without parallelizing things.”

“Being able to execute transactions locally means you can run arbitrarily complex computation, and it places almost no burden on the network,” he explains, pointing out that running a 3D physics engine is impossible on Ethereum right now, but will become possible with Polygon Miden. “The design space opens up,” he says. “That enables a bunch of new use cases, but it also helps with privacy if I don’t have to actually reveal the computation.”

Like zkSync Era and StarkNet, the plan is to launch with a centralized prover and then gradually decentralize. Eventually, all of Polygon’s ZK solutions will become interoperable, with MATIC remaining the key token. However, native account abstraction means users could pay with other major tokens, too.

Read also


Features

Blockchain games take on the mainstream: Here’s how they can win


Features

US enforcement agencies are turning up the heat on crypto-related crime

Who is Polgon Miden founder Bobbin Threadbare?

Threadbare (not his real name) was born in the Republic of Georgia in the dying days of the USSR in the 1980s. He moved to the United States when he was 17 to study computer science in San Diego, later attending business school at the University of Chicago. He was a consultant for five years before he launched a Web2 startup that calculated user trustworthiness and reputation scores for things like P2P transactions. He started exploring blockchain in 2018 as a way to avoid having to store a large database of user information.

“Self-sovereign identity is one of the things that was very interesting to me,” he says. 

“And then I got very deep into the technical aspects and then came across zero-knowledge proofs. Once I understood what they can do, the identity use case wasn’t all that interesting anymore. I thought there are much bigger and more interesting things you can do with them.”

He stumbled across a blog about STARKs by Ethereum co-founder Vitalik Buterin, and that set him off down the rabbit hole. “He actually had a code written that demonstrates a very basic proof-of-concept of how it works — and that was, for me, very, very useful.”

Threadbare took the code and rewrote it in another language so he could understand how it worked from the inside out. A born tinkerer, he started improving aspects to make them more general. Before long, he’d built a basic general-purpose prover for STARKs and posted it on Eth Research.

“A lot of people were interested in zero-knowledge proofs at that time, but there were not a lot of tools, especially around STARKs. And I just got lucky in the thing that I picked to learn and build on because it fascinated a bunch of people.”

“Even Vitalik himself basically sent me a message on Eth Research, saying, ‘Hey, who are you? What are you doing?’” It was Buterin who introduced him to StarkWare, and they invited him along to the first StarkWare Sessions four years ago. 

Threadbare started creating ZK tools and libraries. He developed the AirScript and AirAssembly domain-specific languages, which in turn led him to develop the Distaff Virtual Machine in early 2020 so people could code without having to learn those new languages.

Read also


Art Week

Coldie And Citadel 6.15: The Creator, The Collector, The Curator


Features

Crypto audits and bug bounties are broken: Here’s how to fix them

Facebook experimented with ZK-rollups

But as the pandemic started, he took up a job as a core ZK researcher for Facebook, working on the Libra cryptocurrency project. Part of the appeal was working alongside and learning from “real” cryptographers, and he helped build the open-source Winterfell STARK prover and verifier.

Facebook didn’t actually need one or plan to use it. “I don’t want to say that it was just for the hell of it,” he says. “The thought was it was going to be used at some point in time. But it was probably fairly clear this is not going to be used in the next two to three or maybe even five years time frame.”

Ultimately, regulators did not approve of the social media giant launching a private currency, and Libra transformed into Diem and then quietly disappeared. Around the same time in 2021, Polygon co-founder Mihailo Bjelic was assembling his crack team of ZK developers and remembered the shadowy anon who’d posted a bunch of useful ZK tech like Distaff on Eth Research. So, he got in touch, totally unaware Threadbare was working at Facebook.

For his part, Threadbare was totally unaware Polygon even existed but started holding regular calls every couple of weeks with Bjelic to talk about their scaling plans and sketch out a possible collaboration.

Polygon zkEVM? Nope, Polygon Miden is something else

They discussed building a ZK EVM, but Threadbare was keen to use his own virtual machine and combine STARKs with the power of recursion. That’s where you take a bunch of validity proofs, each representing a bundle of transactions, and produce one validity proof that proves all other validity proofs were done correctly. Suddenly, the fact the STARK-proof size is 50–100 times bigger than a SNARK-proof size was a lot less important.

“That’s one of the reasons I went the virtual machine route because if you have the VM, it’s much easier to have this infinite recursion because if you think about it, when you have a virtual machine that is Turing-complete, it basically it can execute any program.”

“You just write a program that verifies itself, and you kind of have infinite recursion at this point in time. And that was appealing to me.”

This talk of infinite recursion recalls Declan Fox, product manager for rollups at ConsenSys, who told Magazine last year that ZK-rollups and recursion meant it was “theoretically possible” for the entire world’s financial system to run on Ethereum.

Infinite scaling is unfortunately still limited by data availability on Ethereum — which refers to how much data needs to be, and can be, written back to the chain. The new rollup-focused roadmap will increase the amount of data each block can carry by 160 times. Even that probably won’t be enough.

“There are still limitations like nothing is infinite,” he says. “Assuming the blockchain and the crypto space succeeds… the demand for TPS will be hundreds of thousands or maybe millions of TPS eventually, so I don’t know if the base layer will always be able to provide this much data availability.”

But he’s very hopeful we’ll see a huge amount of adoption within the next 10 years. 

“Hopefully, if we are successful, Ethereum will be the most secure base layer, and there will be a thriving rollup ecosystem that caters to different things, and hopefully, Polygon will be a big part of that ecosystem.”

Andrew Fenton

Based in Melbourne, Andrew Fenton is a journalist and editor covering cryptocurrency and blockchain. He has worked as a national entertainment writer for News Corp Australia, on SA Weekend as a film journalist, and at The Melbourne Weekly.