解析Polyhedra:为什么说ZK技术价值只被发掘了冰山一角?
作者: 郝天;来源:链上观
最近,Paradigm领投Succinct $4300万的消息点燃了一级市场,而刚TGE的 @PolyhedraZK 总融资金额甚至达到了$7500万。可见,ZKP底层技术设施,承载了资本市场多大的厚望。
事实上,ZK做layer2扩容只被挖掘了有限的潜力,在全链可交互操作性方面,ZK技术的想象空间还很大。Why?接下来,谈谈我的理解:
除了Polyhedra之外,包括 @SuccinctLabs @RiscZero @ProjectZKM 等这类以ZKP技术为基础的可交互操作通信类的项目,它们都在尝试挖掘ZK技术的潜力,为ZK技术的大规模采用而努力。
大部分了解ZK零知识证明技术只因“隐私”、“扩容”或者“链抽象”等其表,鲜有人思考为什么ZK技术可以做到这些,以及当下ZK技术是否被充分发挥等等。
之所以会造成这种“误读”在于,真正的ZK技术目前确实只发挥了皮毛,而且它们都在layer0、zkSync、Optimism等明星项目服务的更上游,比如:
Polyhedra 为layerZero提供了zkBridge跨链资产转移方案;RISC Zero为OP-Rollups提供了ZK欺诈证明系统可减少欺诈证明的时间损耗;ZKM则采用ZK General-Purpose用于实现安全的可验证计算,最终赋能以太坊成为全球结算层。
简单而言:这些ZK底层技术项目都在从不同角度探索ZK零知识证明技术的大规模应用,并努力克服几个关键挑战:
1、开发通用化General-Purpose 零知识证明技术;
2、构建分布式的证明系统;
3、优化ZK证明过程中的计算消耗;
4、提供兼容多种编程语言的开发环境;
5、扩大零知识证明计算的硬件支撑范围,PC、移动端、IOT设备等等。
相比RISC Zero、Succinct、ZKM等项目更上游的技术服务,@Polyhedra 要解决的可交互操作“跨链桥”问题,距离目前市场落地还更近一些,不妨就以大家更熟悉的zkBridge为例,来展示下ZKP技术的硬核底气到底在哪里?
Polyhedra构建了分布式ZK证明系统deVirgo,Virgo是一个开源且帮助开发者构建和验证非交互式的零知识证明协议,节点可以不需要做“可信初始化”,就可以直接Permissionless无许可成为Prover。而deVirgo是一种基于Virgo协议的高效率分布式ZKP协议,可以支持多台分布式计算网络,同时证明生成时间还能缩短。
基于deVirgo分布式证明系统实现的第一个zk-SNARK协议为zkBridge,目标是实现跨链环境下的信息通信,资产跨链以及数据共享等,目前已经实现了超25条链的跨链通信服务,我们所熟知的layer0采用的就是Polyhedra提供的zkBridge服务,而layerZero更注重全链环境下的链、DApp等基础设施构建服务。
为何zkBridge如此重要?因为它可以直接利用POS公链节点本身的能力来实现“共识层”的通信交互。
一般来说,我们想达成A链和B链两条链之间的可交互操作,常用方式是构建一条“链中链”,该链有自己的共识机制和分布式验证节点来确保跨链交互的资产安全性。中继链为提升服务能力会在各个支持智能合约的链上部署可交互的智能合约,由中继链的总智能合约对分布在各个链上的智能合约进行资产调控。
比如,当用户从A链向B链发起资产转移,中继链会先让A链上智能合约锁住某个资产,然后再让B链上的智能合约释放某个资产,整个过程中继链要监听一切链上操作的记录,以确保资产在不同链间的正确锁定和释放,只有这样中继链只要能控制资产的总量平衡,管好账本避免双花等情况的出现。
但中继链本身会额外分出一层信任成本出来,只有用户信任中继链且中继链必须在各个同构链环境下构建同一交互标准的智能合约才行,若遇到BTC这种非智能合约链,就得额外进行开发适配来确保资产的安全流通。
总之,中继链提供的跨链服务最终都会考验一个管理总智能合约背后的Security Committee身上,而该委员会由背后有身份的群体或MPC多签管理主体就成了一个“不信任因素”。
作为最常见跨链解决方案,大部分layer2都采用安全委员治理的方式来保障资产安全,一旦委员会群体意图作恶,那造成的损失则是不可逆的。
zkBridge的厉害之处在于,它能充分发挥zk零知识证明技术的潜力,让两条链之间维护共识层的节点可以直接建立通信,且能安全控制,资产的转移,而提供可交互操作性的deVirgo分布式系统,并非一个特定的中继链,而更像一个开源无许可且可信的三方组件。
A链的节点可通过deVirgo生成zk-SNARKs状态来发起资产转移声明,B链的节点则可通过deVirgo直接校验该ZKP证明的正确性,还能以极低的计算和时间消耗成本。
很显然,zkBridge这类技术服务方案相交MPC多签安全委员会的中继链服务方式更容易获得市场的信任,其实也更加安全且高效率。(注:这只是相对概念,当下不少跨链方案还都是MPC多签,ZK基础设施还得进一步加强)
zkBridge可以直接让Pos链的全节点参与到整个证明生成和校验的过程中,但却不利于快速、横向广泛拓展。怎么办呢?Polyhedra通过zkLightClient轻客户端来解决此问题。
1、采用轻客户端,可以降低资源需求,对存储、带宽和计算资源消耗少;
2、采用轻客户端可以横向兼容非智能合约链或其他异构链,提供更广泛的可交互操作性,比如BTC链,只能采用轻客户端和哈希时间锁的方式来控制资产转移;
3、采用轻客户端加上layerZero的轻量化一体化辅助,可以简化开发者门槛,缩短开发周期,加快全链基础设施的普及。
由于零知识证明的计算、验证以及通信过程需要一系列的处理操作,因此要权衡成本、消耗以及时效等问题,有太多技术难题需要克服。某种程度上,“链中链”跨链解决方案成为一种市场选择也在情理之中。
但,眺望未来,ZK跨链解决方案,包括Polyhedra、Succinct、ZKM、RISC Zero等都在往轻量、高效、低能耗方向改进优化。
再往细节说,比如,Polyhedra利用deVirgo和改进的签名方案提出了Single Slot Finality单插槽最终确定性,BLS是一种数字签名方案,允许把多个签名合成一个,以减少存储和数据传输。通过把BLS签名与ZKP结合可以创建紧凑的证明,可以证明一些必要的签名已经完成而并不需要传输和验证签名本身,因此降低了延迟,可在每个Slot区块产生后即可为最终确定态。
此外,随着BTC layer2把BTC作为主链资产结算层的需求增大,Polyhedra通过借用Eigenlayer的双质押经济系统,特别设置了比特币AVS节点系统,让比特币具备了信任最小化的互操作性。同时用BTC和ETH上双映射liquidity pool以及Maker的角色协作锁定资产的形式,应用FRI特殊编码方式,可以实现在比特币上直接验证ZK证明,完成了ZK全链互通最难的一环。
ZK目标不仅要做layer2的Endgame,同样志在成为全链基础设施的Endgame。
以上
polyhedra作为一个ZKP技术的落地实践代表,正在加速推进各类ZKP方案的落地,以上只罗列了一部分,只为让大家清晰感受到ZKP作为技术底层框架的优势所在。
事实上,整个ZKP赛道的潜力远不止Polyhedra提供的这些。更多ZK技术基础设施的各大上游供应方正在ZK跨链桥、ZK轻量化、ZK General-Purpose、ZK Coprocessor、ZK 分布式Prover系统等等垂直细分方向,持续来加速ZKP技术的大规模普及。
不夸张的说,每一项ZK细分方向的成熟,都会对当下行业带来重塑性的效果,我们现在看到的ZK技术应用落地,都只有冰山一角。
The author Hao Tian's view on the source chain has recently ignited the primary market, and the total financing amount has even reached 10,000. It can be seen how much hope the underlying technical facilities bear in the capital market. In fact, the expansion has only been tapped, and there is still a lot of room for imagination in the interoperability of the whole chain. Next, I will talk about my understanding, including such technology-based interoperable communication projects, which are all trying to tap the potential of technology for large-scale technology. Adopting and working hard, most people understand the zero-knowledge proof technology only because of privacy expansion or chain abstraction, and few people think about why the technology can do this and whether the current technology is fully utilized. The reason for this misunderstanding is that the real technology has really only played a superficial role at present, and they are all waiting for the service of star projects. For example, in order to provide a cross-chain asset transfer scheme, the fraud proof system can reduce the time loss of fraud proof, and it is used to achieve security. In short, these low-level technical projects are exploring the large-scale application of zero-knowledge proof technology from different angles and trying to overcome several key challenges, developing universal zero-knowledge proof technology, building a distributed proof system, optimizing the calculation consumption in the proof process, providing a development environment compatible with multiple programming languages, expanding the hardware support range of zero-knowledge proof calculation, and so on. Solving the problem of interoperable cross-chain bridge is closer to the current market landing. Let's take a more familiar example to show where the hard-core strength of the technology lies. The distributed proof system is an open source and helps developers to build and verify non-interactive zero-knowledge proof protocol nodes, which can be directly unlicensed without credible initialization, but an efficient distributed protocol based on protocols, which can support multiple distributed computing networks to prove generation at the same time. Time can also be shortened. The first protocol based on distributed proof system aims at realizing information and communication assets cross-chain and data sharing in cross-chain environment. At present, we have achieved cross-chain communication services with super-chain. What we are familiar with is the service provided, and we pay more attention to the infrastructure construction services such as chain in full-chain environment. Why is it so important because it can directly use the capabilities of public chain nodes to realize communication interaction at the consensus level? Generally speaking, we want to achieve both chain and chain. The common way to interoperate between chains is to build a chain in the chain, which has its own consensus mechanism and distributed verification nodes to ensure the asset security of cross-chain interaction. In order to improve the service capacity, the relay chain will deploy interactive smart contracts on each chain that supports smart contracts, and the total smart contracts of the relay chain will control the assets of the smart contracts distributed in each chain. For example, when users initiate asset transfer from chain to chain, the relay chain will lock an asset first and then. Let the smart contract on the chain release an asset. In the whole process, the relay chain should listen to all the records of chain operations to ensure the correct locking and release of assets between different chains. Only in this way can the relay chain control the total balance of assets, manage the account books and avoid the occurrence of double flowers, but the relay chain itself will have an additional layer of trust cost. Only when users trust the relay chain and the relay chain must build smart contracts with the same interaction standard in various isomorphic chain environments can it do so. If this kind of non-intelligent combination is encountered, In short, the cross-chain service provided by the relay chain will eventually test the body behind a management general intelligent contract, and the Committee is a distrust factor because of the group with identity behind it or the multi-signing management subject. As the most common cross-chain solution, most of them adopt the way of security Committee governance to ensure the safety of assets. Once the Committee group intends to do evil, the loss is irreversible. The great point is that it can be replenished. Give full play to the potential of zero-knowledge proof technology, so that the nodes maintaining the consensus layer between the two chains can directly establish communication and safely control the transfer of assets, and provide interoperability. The distributed system is not a specific relay chain, but more like an open source, unlicensed and credible three-party component chain. The nodes of the chain can initiate the asset transfer declaration by generating the state, and the nodes of the chain can directly verify the correctness of the proof, and obviously, this kind of technology can serve at a very low cost of calculation and time consumption. The relay chain service mode of the security Committee is easier to gain the trust of the market, in fact, it is safer and more efficient. Note that this is only a relative concept. At present, many cross-chain schemes are still multi-sign infrastructure, which needs to be further strengthened. It can directly let all nodes of the chain participate in the whole process of certificate generation and verification, but it is not conducive to rapid and extensive horizontal expansion. What should we do to solve this problem through light clients? Using light clients can reduce resource requirements, storage bandwidth and computing capital. Less source consumption, light client can be horizontally compatible with non-intelligent contract chains or other heterogeneous chains to provide wider interoperability. For example, chains can only use light clients and hash time locks to control asset transfer. Using light client plus lightweight integrated assistance can simplify the threshold for developers, shorten the development cycle and accelerate the popularization of the whole chain infrastructure. Because the calculation and verification of zero knowledge proof and the communication process require a series of processing operations, we must weigh the cost consumption and timeliness. There are too many technical problems to overcome. To some extent, it is reasonable for the chain-in-chain cross-chain solution to become a market choice. However, looking forward to the future, cross-chain solutions, including, are all improving and optimizing in the direction of light weight, high efficiency and low energy consumption. In detail, such as using and improving the signature scheme, the single-slot final certainty is a digital signature scheme that allows multiple signatures to be combined into one to reduce storage and data transmission. It can be proved that by combining signatures, a compact proof can be created. Some necessary signatures have been completed without the need to transmit and verify the signatures themselves, thus reducing the delay, which can be the final state after each block is generated. In addition, with the increasing demand as the settlement layer of the main chain assets, the Bitcoin node system is specially set up through the borrowed dual-pledge economic system, which makes Bitcoin have the interoperability of minimizing trust. At the same time, the application of special coding methods in the form of cooperating with the upper and lower double mapping and locking assets can realize direct verification on Bitcoin, which proves that the most difficult part of the whole chain interoperability has been completed. The goal is not only to become the infrastructure of the whole chain. 比特币今日价格行情网_okx交易所app_永续合约_比特币怎么买卖交易_虚拟币交易所平台
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
1.本站遵循行业规范,任何转载的稿件都会明确标注作者和来源;2.本站的原创文章,请转载时务必注明文章作者和来源,不尊重原创的行为我们将追究责任;3.作者投稿可能会经我们编辑修改或补充。
