Zero Knowledge Summit (zkSummit) 2024: Field notes

Joseph Bonneau

Editor’s note: Field notes is a series where we report on the ground at significant industry, research, and other events. For this edition, Joseph Bonneau, a16z crypto research partner and NYU assistant professor, attended the 11th Zero Knowledge Summit (zkSummit) in Athens on Wednesday, April 10, where he took notes on the talks. The event, hosted by the Zero Knowledge podcast, had roughly 500 attendees and ran four simultaneous tracks over talks over a single day. Below is a summary of Bonneau’s report, covering the latest in zero knowledge hardware, SNARK performance, and auction network design — including some mentions of Jolt, a new approach to SNARK design from the a16z crypto research and engineering teams that is already up to 2x faster than the state of the art, with more improvements still to come.

ZK hardware

Hardware support for proof generation has long been a goal of the community. The first two talks on the main stage outlined developments in that direction.

  • Justin Drake, researcher at the Ethereum Foundation, gave an overview of ZK hardware, including a taxonomy of companies in the space. The list included companies using general hardware (like Ulvetanna), companies making custom hardware (including Accseal, Cysic, and Fabric), and companies running decentralized prover networks (like Aleo). He predicted that an “end game” of a zkVM, such as Jolt augmented by Binius (a hardware-optimized SNARK proving system) and other upcoming optimizations plus dedicated hardware, could achieve a 1000x overhead over computation and could factor into the final, fully battle-tested version of Ethereum. He also predicted hardware will mostly focus on non-ZK succinct proofs, and most proofs will be Groth16-wrapped onchain. He also mentioned the Ethereum Foundation will be announcing a contest for formal verification of provers and verifiers, with $20 million in prizes.
  • Jim Posen, cofounder of Ulvetanna, talked about Binius, and the general concept of co-designing proof systems and hardware at the same time. Binius uses binary tower fields and the sumcheck protocol, which Jolt is also based on. An interesting takeaway from early testing of Binius is that performance was significantly better for the hash function Groestl (a SHA-3 runner up) than Keccak (the official SHA-3 standard), so it might be beneficial to use Groestl in some applications.

Decentralized prover networks

Many in the space envision a future where proof generation for large statements (e.g. correctness of a bundle of transactions in a rollup) is done by a competitive, decentralized marketplace of specialized provers.

  • Uma Roy, cofounder of Succinct, talked about Succinct’s upcoming prover network. She covered a variety of potential mechanism designs for decentralized prover networks, and predicted that designs based on racing (first prover wins) or mining (first prover wins, modulo some randomness) would not lead to good outcomes. She said design goals should be: Minimal cost, maximum latency, and censorship resistance, in that order. She predicted that an issuance/staking model could maybe work but an auction model is mostly likely to win out and may end up looking like block building does today. Succinct is building a general auction network for proofs that will support multiple zkVMs, not just Succinct’s own SP1, such as Jolt/Lasso, she said
  • Wenhao Wang, PhD student at Yale, talked about a new paper on the economics of prover networks that was released the morning of the talk written in collaboration with Ben Fisch (Espresso Systems) and Ben Livshits (Matter Labs). Wenhao mentioned that a two-sided auction is vulnerable to collusion between provers and bidders, and they introduce an alternative mechanism called Proo-phi that involves greedily matching transactions and provers. Proof-phi requires setting a capacity parameter, which appears to be a key open design question.
  • Daniel Kales, cofounder and chief technology officer of TACEO, talked about multiparty computation (MPC)-enabled proof markets, specifically using MPC to maintain privacy between a small client with a secret witness and a large untrusted prover. He talked about how we can choose combinations of proof systems to mostly do linear operations (like the Fast Fourier Transform algorithm) which are relatively cheap in MPC and minimize cost.

ZK credentials

Three different talks discussed efforts to build zero-knowledge credentials out of existing identity systems. Each relied on a different existing identity system.

  • Aayush Gupta and Sora Suegami, cofounders of ZK Email, talked about ZK proofs of email address ownership. These rely on proving knowledge of a DKIM signature of an email sent to a specific address, and DKIM is already widely deployed by major email providers (albeit primarily as an anti-spam measure). Many applications are possible with a ZK proof that a user controls an email address, including sending money to an email address but also applications like anonymous whistleblowing.
  • Alin Tomescu, research scientist at Aptos Labs, talked about Aptos Keyless, which uses OpenID connect to interact with traditional web2 identities. OpenID connect is the technology that enables “log in with Facebook, Google, etc.” to third-party websites. Aptos Keyless interacts with existing OpenID providers and proves that a user controls a given address, enabling applications like sending money to a Google or Facebook account.
  • Michael Elliot and Derya Karli of zkPassport discussed building anonymous credentials from existing ePassports. For example, users might prove that they hold a passport from the United States and are above 25 years of age, without revealing their passport number or exact age.

***

The views expressed here are those of the individual AH Capital Management, L.L.C. (“a16z”) personnel quoted and are not the views of a16z or its affiliates. Certain information contained in here has been obtained from third-party sources, including from portfolio companies of funds managed by a16z. While taken from sources believed to be reliable, a16z has not independently verified such information and makes no representations about the current or enduring accuracy of the information or its appropriateness for a given situation. In addition, this content may include third-party advertisements; a16z has not reviewed such advertisements and does not endorse any advertising content contained therein.

This content is provided for informational purposes only, and should not be relied upon as legal, business, investment, or tax advice. You should consult your own advisers as to those matters. References to any securities or digital assets are for illustrative purposes only, and do not constitute an investment recommendation or offer to provide investment advisory services. Furthermore, this content is not directed at nor intended for use by any investors or prospective investors, and may not under any circumstances be relied upon when making a decision to invest in any fund managed by a16z. (An offering to invest in an a16z fund will be made only by the private placement memorandum, subscription agreement, and other relevant documentation of any such fund and should be read in their entirety.) Any investments or portfolio companies mentioned, referred to, or described are not representative of all investments in vehicles managed by a16z, and there can be no assurance that the investments will be profitable or that other investments made in the future will have similar characteristics or results. A list of investments made by funds managed by Andreessen Horowitz (excluding investments for which the issuer has not provided permission for a16z to disclose publicly as well as unannounced investments in publicly traded digital assets) is available at https://a16z.com/investment-list/.

Charts and graphs provided within are for informational purposes solely and should not be relied upon when making any investment decision. Past performance is not indicative of future results. The content speaks only as of the date indicated. Any projections, estimates, forecasts, targets, prospects, and/or opinions expressed in these materials are subject to change without notice and may differ or be contrary to opinions expressed by others. Please see https://a16z.com/disclosures/ for additional important information.