一文读懂 ZK 模块化新星 Lumoz
导读
随着模块化区块链对 L2 的快速渗透、各类 RaaS 工具的成熟,以及坎昆升级的实施,L2 的构建门槛被大幅度降低,技术不再是构建 Rollup 的主要障碍。
此外,Base、Manta Pacific、Blast 等新兴 Rollup 通过采用现有工具低成本构建 Rollup,并将项目重点转向生态,获得了快速崛起,这为市场树立了标杆性的打法。传统应用转型 L2,以及各类轻量 L2 的爆发似乎已经成为不可逆转的趋势。
在 Rollup 的技术路线方面,早有 OP 和 ZK 之争,Vitalik 曾多次表示“短期 OP,长期 ZK”的观点,因为 ZK-Rollup 在技术方面还有许多问题尚待解决。
随着技术的进步,ZK-Rollup 相关的基础设施建设也愈发成熟,采用 ZK 方案的 Rollup 极有可能在未来的 L2 井喷中占据重要的市场份额。Lumoz 作为领先的专注于 ZK 的 RaaS,有巨大潜力在不久的将来取得成功。
ZK-Rollup 的瓶颈
2.1 模块化视角下的 Rollup
关于 OP-Rollup 和 ZK-Rollup 的基础原理可能读者已经较为清楚,这里将从模块化的视角来再次理解 Rollup。
Rollup 本质上是通过模块化的分工实现资源的最优配置,让不同的参与方能够专注承担一种任务,从而提高整体的效率。
以太坊的模块化构成可以简单拆解成:数据可用性层 DA、共识层 Consensus、结算层 Settlement、执行层 Execution。
执行层 Execution
提供执行环境来计算交易,将旧的状态转换为新的状态,向结算层提交新状态,以及欺诈/有效性证明。
执行层内部还可以进一步分工为 Sequencer 和 Prover,Sequencer 负责计算状态转换,而 Prover 负责生成证明(尤其是ZK-Rollup,因为生成证明的计算类型和开销对硬件有一定要求)。
结算层 Settlement
验证执行层计算的状态转换的正确性。一般是部署在 Layer1 上的智能合约,负责验证执行层的计算;通过验证的 Rollup 区块的状态哈希将被被记录在链上,此时这个由 Rollup 产生的区块获得了最终确定性 Finality。
对于 ZK-Rollup来说,该合约写入了对特定 ZK-Rollup 提交的 ZK Proof 的验证算法,ZK-Rollup 完成执行后向合约递交状态哈希和 ZKP,触发验证交易,当验证通过时,该状态哈希被证明有效,该区块获得 Finality。
(来源:https://docs.theradius.xyz/overview/introduction-to-radius)
共识层 Consensus
共识层在绝大部分情况中是 Layer1 承担,被共识层验证过的状态哈希被记录在链上,对应的 Rollup 上的交易区块获得了 Layer1 保护的安全性。
数据可用性层 DA
保存 Rollup 区块内的交易数据,并提供给任何人,让其随时能够重建 Rollup 的交易。DA 层可以是 Layer1,也可以是 Celestia、EigenDA 等的专用 DA 层,或者是较为中心化的数据可用性委员会,等等。
2.2 ZK-Rollup 普及面临的难题
虽然 ZK-Rollup 具有诸多优点,并被 Vitalik 看作长期的以太坊扩容方案,但其面临的诸多技术难题限制了现阶段的大规模采用。
如计算 ZKP 的成本过于高昂、zkEVM 过于复杂、ZKP 计算对硬件要求高可能导致中心化,等等。
计算 ZKP 的成本高昂
ZKP 计算密集。以最流行的 ZK 算法 zk-SNARKs 为例,ZKP 的生产实际上是把程序的执行过程转换成一个可以验证的命题。
这个命题会被抽象为一个多项式方程组,为了证明程序执行的正确性(多项式的解存在),需要在椭圆曲线上进行配对操作(pairing operations)。
多项式的生成和椭圆曲线配对是非常计算密集型的,因为它们需要处理大量的代数运算。
硬件要求与执行时间方面,这种计算复杂性导致了高昂的硬件要求。普通硬件可能难以在合理的时间内完成这些计算,尤其是当处理大量交易时。
生成一个 zk-SNARK 证明的时间,比执行原始程序(不包括证明过程)的时间要长得多。根据不同的实现和交易复杂性,生成证明的时间可能是原始计算时间的数百到数千倍。
ZKP 计算对硬件要求高可能导致中心化
由于ZKP的计算成本和硬件要求高,小规模的 Rollup 运营商可能难以承担必要的投资来成为证明者(Prover)。
这种情况下,只有少数拥有高性能计算资源的参与者能够有效地生成证明,从而导致 ZK-Rollup 中的中心化趋势。这种中心化可能与区块链的去中心化精神相悖,且可能引入单点故障和审查的风险。
zkEVM 过于复杂
设计兼容性方面,EVM 设计之初并未考虑兼容零知识证明技术。EVM 是基于堆栈的虚拟机,支持一系列操作码(opcode),用于执行智能合约。
为了使 EVM 执行的任意程序都能通过 zk-SNARKs 生成有效证明,需要对EVM 的每个操作码都创建相应的数学表示和证明逻辑。这不仅需要复杂的密码学转换,而且对现有智能合约的兼容性提出了挑战。
实现 zkEVM 需要对 EVM 操作码进行大量的数学建模,将程序执行转换为可以通过 zk-SNARKs 证明的形式。
这包括模拟 EVM 的状态转换、内存操作、以及合约调用等过程。考虑到 EVM 的灵活性和复杂性,这项任务极其艰巨。同时,保持 zkEVM 的效率和安全性,确保它能生成小型、可验证的证明,也是一大挑战。
Lumoz 如何解决 ZK-Rollup 的普及瓶颈
Lumoz 是一个去中心化的 ZK-RaaS(ZK-Rollup作为服务)平台,同时也是一个PoW(工作量证明)网络,用于支持ZKP(零知识证明)挖矿。
为了解决 ZK-Rollup 面临的一系列挑战,Lumoz 引入了 ZK-RaaS 的概念。该服务使开发者能够在一分钟内启动他们的zkEVM链,无需详细了解ZK或链节点。
Lumoz 还引入了 ZK-PoW 的概念,邀请矿工参与维护 zkEVM 并计算 ZKP。Lumoz 的目标是简化 ZK-Rollup 的使用,并促进其更广泛的采用,从而促进基于 zkEVM 的应用链的大规模部署。
开发者可以通过单击一次按钮在多个链上部署他们的 ZK-Rollup(zkEVM)。对于矿工来说,Lumoz 作为一个多链 PoW 协议,支持在各种公链上进行 ZK 挖矿并为 ZK-Rollup 生成零知识证明。
3.1 ZK-PoW 云:解决 ZK 算力与中心化问题
ZK 算力与中心化的问题本质上是 ZKP 计算对算力要求高,硬件门槛又进而导致了中心化问题。
Lumoz 利用 ZK-PoW机制激励矿工提供 ZKP 计算能力,为 ZK-Rollup 提供全面的硬件基础设施,这是 Lumoz 的核心理念之一。
所有参与者,包括用户、开发者和矿工,都可以从 Lumoz 的经济模型中获益,助力 ZK-Rollup 的大规模应用。
Lumoz 对现有硬件资源的利用
在从以太坊 PoW 过渡到 PoS 之后,许多以太坊挖矿机失去了应用场景。这些挖矿机的价值在资本规模上约为 120 亿美元,目前有很多处于闲置状态。随着 ZK-Rollup 的大规模实施,生成 ZKP需要大量的硬件和挖矿机,如 CPU、GPU 和 FPGA,提供计算能力。
Lumoz 优化的 ZKP 算法,降低矿工参与门槛,提高扩容效率
提出 ZKP 验证的两步提交机制,降低矿工参与门槛
为了鼓励更多的矿工同时参与 ZKP 计算任务,Lumoz 提出了 ZKP 验证的两步提交机制。
提交 proofhash:在一定的时间范围内,多个矿工可以参与 ZKP 的计算,而不是让最先计算出 ZKP 的矿工立刻获得奖励。这种设计允许更广泛的参与,不仅限于计算能力最强的矿工。矿工在完成 ZKP 的计算后,不会立即提交他们计算出来的原始证明,而是先对这个证明以及他们自己的地址(proof/address)进行哈希处理,生成一个称为 proofhash 的哈希值。然后,他们将这个 proofhash 提交到区块链上的一个特定合约中,这个步骤不需要透露证明的具体内容,保证了提交过程的安全性和效率,也能够让更多矿工能够参与到计算中。
提交 ZKP:时间范围结束后,矿工提交原始证明并与先前提交的 proofhash 进行对比验证,这一步骤确保了提交的证明是在第一步骤中声明的那个证明,防止了作弊行为。通过此验证的矿工将获得 PoW 奖励,奖励数量根据矿工的权益进行分配,并非只有最先计算出 ZKP 的矿工获得奖励。
(来源:https://docs.lumoz.org/v/zhong-wen-jian-ti/lumoz-bai-pi-shu-v2)
优化 ZKP 生成算法,提高证明效率
当 Rollup 智能合约验证 ZKP 时,如果提交原始证明,可能会引发链上攻击。为了避免此类攻击,ZK-Rollup 经常执行额外的操作以模糊原始证明数据。Lumoz
With the rapid penetration of modular blockchain pairs, the maturity of various tools and the implementation of Cancun upgrade, the construction threshold has been greatly reduced. Technology is no longer the main obstacle to construction. In addition, these emerging industries have achieved rapid rise by adopting existing tools to build at low cost and shifting the focus of the project to ecology, which has set a benchmark for the market. The transformation of traditional applications and the outbreak of various lightweight seems to have become an irreversible trend. In terms of technical routes, there have been long-standing and short-term disputes. Long-term point of view, because there are still many problems to be solved in technology, with the progress of technology, the related infrastructure construction is becoming more and more mature. It is very likely that the scheme will occupy an important market share in the future blowout, as a leading and focused bottleneck with great potential to succeed in the near future. The basic principle of harmony from the modular perspective may be clear to readers. Here, we will once again understand from the modular perspective that resources are essentially realized through modular division of labor. The optimal configuration of allows different participants to focus on one task, thus improving the overall efficiency. The modular composition of Ethereum can be simply disassembled into data availability layer, consensus layer, settlement layer and execution layer. The execution layer provides an execution environment to calculate the transaction, convert the old state into a new state, submit the new state to the settlement layer and prove the validity of fraud. The execution layer can be further divided into and responsible for calculating the state conversion and generating the certificate, especially because of the calculation types and The overhead has certain requirements for hardware. The settlement layer verifies the correctness of the state transition calculated by the execution layer. Generally, the intelligent contract deployed on the network is responsible for verifying the calculation of the execution layer. The state hash of the verified block will be recorded on the chain. At this time, the generated block has obtained the final certainty. For me, the contract has written the verification algorithm for a specific submission, submitted the state hash to the contract after completion of execution, and triggered the verification transaction. When the verification passed, the state hash was proved to be valid, and the block was obtained. In most cases, the consensus layer is responsible for the state hash verified by the consensus layer, and the transaction block on the corresponding chain is protected. The data availability layer saves the transaction data in the block and provides it to anyone for reconstruction at any time. The transaction layer can be an equal dedicated layer or a centralized data availability committee. Although it has many advantages, it is regarded as a long-term expansion plan for Ethereum. However, many technical problems it faces limit its large-scale adoption at this stage, such as the high cost and complexity of calculation, the high demand for hardware, the centralization of calculation, etc. The production of the most popular algorithm is actually to transform the execution process of the program into a verifiable proposition, which will be abstracted into a polynomial equation set. In order to prove the correctness of the program execution, the pairing operation on the elliptic curve is needed. Polynomial generation and elliptic curve pairing are very computationally intensive, because they need to deal with a large number of algebraic operations, hardware requirements and execution time. This computational complexity leads to high hardware requirements, and it may be difficult for ordinary hardware to complete these calculations within a reasonable time, especially when dealing with a large number of transactions, the time for generating a certificate is much longer than that for executing the original program without including the proof process. According to different implementations and transaction complexity, the time for generating a certificate may be the same. Hundreds to thousands of times of the initial computing time, high hardware requirements for computing may lead to centralization. Because of the high computing cost and hardware requirements, small-scale operators may find it difficult to bear the necessary investment to become certifiers. In this case, only a few participants with high-performance computing resources can effectively generate certificates, which may lead to the centralization trend in China. This centralization may be contrary to the decentralization spirit of blockchain, and may introduce a single point of failure and the risk of review is too complicated to design compatibility parties. At the beginning of surface design, compatible zero-knowledge proof technology was not considered. A stack-based virtual machine supported a series of opcodes for executing intelligent contracts. In order to make any executed program generate an effective proof, it is necessary to create a corresponding mathematical representation and proof logic for each opcode, which not only requires complex cryptographic transformation, but also challenges the compatibility of existing intelligent contracts. The realization requires a lot of mathematical modeling of opcodes to transform program execution into a form that can be proved. This includes the flexibility and complexity of the simulated state transition memory operation and contract call. This task is extremely arduous, while maintaining efficiency and security. It is also a big challenge to ensure that it can generate small verifiable proofs. How to solve the popularization bottleneck is a decentralized service platform and also a workload proof network. In order to solve a series of challenges, the service enables developers to mine with zero knowledge. The concept of inviting miners to participate in maintenance and calculation is introduced without detailed understanding or chain nodes in the clock. The goal is to simplify the use and promote its wider adoption, thus promoting the large-scale deployment of application chains based on. Developers can deploy their chains by clicking a button. For miners, it is a multi-chain protocol to support mining on various public chains, and to prove the essence of cloud computing power and centralization for generating zero knowledge. In fact, the hardware threshold of computing requires high computing power, which leads to the problem of centralization. It is one of the core concepts that all participants, including users, developers and miners, can benefit from the economic model. After the transition from Ethereum, many Ethereum mining machines have lost their application scenarios. The value of these mining machines is about 100 million US dollars in capital scale at present. With the large-scale implementation of, many idle miners need a lot of hardware and mining machines, such as providing algorithms to optimize computing power, lowering the threshold of miners' participation, improving the efficiency of capacity expansion, and proposing a two-step submission mechanism for verification to lower the threshold of miners' participation. In order to encourage more miners to participate in computing tasks at the same time, a two-step submission mechanism for verification is proposed to submit the calculations that multiple miners can participate in within a certain time range, rather than allowing the miners who are the first to be rewarded immediately. This design allows wider participation and is not limited to the miners with the strongest computing power, who will not submit their plans immediately after completing the calculations. 比特币今日价格行情网_okx交易所app_永续合约_比特币怎么买卖交易_虚拟币交易所平台
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
1.本站遵循行业规范,任何转载的稿件都会明确标注作者和来源;2.本站的原创文章,请转载时务必注明文章作者和来源,不尊重原创的行为我们将追究责任;3.作者投稿可能会经我们编辑修改或补充。
