ZKP14.1 zkBridge: Trustless Bridge Made Practical

ZKP学习笔记

ZK-Learning MOOC课程笔记

Lecture 14.1 zkBridge: Trustless Bridge Made Practical

• Cross-chain Bridges

  • Multi-chain Universe
  • Bridge: generic and efficient communication cross blockchains
  • Desirable properties
    • Generality (support many applications)
    • Efficient
    • Secure with trust minimization (particularly crucial)

• Current Common Bridge Approach: Trust Intermediary

  • Existing Approach: intermediary
    • Side chain (PolyNetwork, Axelar) - 2/3 honest nodes
    • Committee (Wormhole, Ronin) - 2/3 honest committee
    • External oracles (LayerZero) - independence between Oracle and Relayer
  • Pros: Simple & efficient on-chain verification (e.g., multisig)
  • Cons: Need to rely on external trust on intermediaries

• Remove Trust on Intermediary

  • Light client verification: (only verify the block header rather than the whole block)
    • Verifying certain correctness properties of state transition in consensus protocol
    • E.g., for BFT-based consensus, a light client needs to verify validator signatures and keeps track of validator rotation
  • Cosmos IBC (a protocol in Cosmos)
    • Validators verifies block header information of another chain, performing light client verification
    • Cons: require each chain to implement an IBC client to perform the verification
  • NEAR Rainbow bridge
    • Implement light client verification as a smart contract in Ethereum
    • Cons: on-chain verification is very expensive

• zkBridge—Trustless Bridge Made Practical
  Xie-Zhang-Cheng-Zhang-Zhang-Jia-Boneh-Song, “zkBridge: trustless bridge made practical”, ACM CCS 2022 (zkbridge.org)

  • With ZKP, we replace honesty assumptions with Cryptographic assurance
  • Efficient on-chain verification using ZKP
    

• Advantages of zkBridge

  • Minimized trust
    • Cryptographic soundness instead of honest assumptions
  • Efficient on-chain verification
    • purpose-built zkSNARK enables efficient on-chain verification
  • Permissionless and Decentralized
    • Provers are not trusted so anyone can join
  • Extensible and Universal
    • Developers can develop their own application on top

• Challenges

  • SNARKs are expensive
  • Blockchains are not designed to be “ZK friendly”
    • EdDSA digital signature is expensive to express as anarithmetic circuit (~2M gates)
  • Each state transition can involve hundreds of sig verifications => Computing $\Pi$ naively can be prohibitively expensive

• Making zkBridge practical

  • deVirgo: a distributed version of Virgo (IEEE S&P 2020)
    • Exploits “data parallelism”
    • Optimal parallelization ---- 100x speedup with 128 machines
    • Practical communication ---- less than 20% of proving time
  • Reducing proof size by recursion
    • run deVirgo verifier in Groth16
  • Batching
    

• Approach: deVirgo & 2-layer Proof Composition
  

• Extensibility & Applications of zkBridge

  • Extensibility
    

  • Applications:

    • Message Passing
      

    • Cross-chain Assets Transfer/Swap

    • Cross-chain NFT Interoperations

• zkBridge Technology Enables Other Capabilities

  • State proof
    • A cryptographic proof of state changes that occur in a given set of blocks (e.g., Algorand State Proof)
  • zk-based light client verification
    • Support efficient light client verification, including mobile use cases (e.g., Celo Plumo)
  • zkBridge can be extended to privacy chains with privacy protection