What are ZK Rollups (Validity Rollups)?

As blockchains grow in popularity, they face a crucial challenge: how to handle more users without compromising their core principles. This challenge is known as the blockchain trilemma – the difficulty in achieving scalability, security, and decentralization all at once. Typically, improving one aspect comes at the cost of the others.

Layer 2 (L2) solutions are designed to address this scalability issue by building a network to help an existing blockchain. The idea is that the new chain can handle some of the original blockchain’s processes, thus lessening the burden on the original chain.

While a range of layer two solutions tackle different aspects of the blockchain trilemma, ZK (Zero-Knowledge) Rollups, also known as Validity rollups, are one of the most popular options, offering both scalability and security.

Let’s dive into what ZK rollups are, how they work, and how they impact a chain’s scalability, security, and decentralization.

What are ZK-Rollups (Validity Rollups)?

ZK-Rollups are a Layer 2 scaling solution for blockchain networks designed to address transaction speed and cost challenges. 

Processing decentralized transactions on a big network is complicated, and can take some time. As a network grows and adds users, it can take even longer to process the growing number of transactions. To complicate things, increasing a network’s ability to scale typically compromises its security or decentralization.  

ZK-Rollups address this issue by moving most of the transaction processing off the main blockchain layer. This method allows for thousands of transactions to be processed quickly and cheaply, while still making use of the security of the underlying blockchain.

How do ZK-Rollups work?

ZK-Rollups process transactions off the main chain, bundle them together, and then submit a cryptographic proof of their validity back to the main chain. 

To do so, ZK rollups rely on Merkle Trees, data structures that efficiently encode blockchain data. In a ZK-Rollup, transactions are processed off-chain and then compressed into a Merkle tree. 

Only the ‘root’ of this tree, along with a cryptographic proof of its validity, is submitted to the main blockchain as proof of valid transaction. This is what is known as a ‘zero-knowledge proof,’ a cryptographic method that allows the validity of these bundled transactions to be verified without revealing anything about the underlying data for each transaction. 

Using Merkle trees, ZK-Rollups can include thousands of transactions in a single on-chain submission, dramatically increasing scalability. At the same time, they inherit the security of the main chain and maintain decentralization by allowing anyone to verify the proofs. 

Types of Zero-knowledge Rollup (ZK-Rollup):

There are three types of ZK Rollups and what sets each of them apart is how they handle proof verification, how transactions are processed on the L2 chain, and where they store transaction data. 

The differences between these rollup types revolve around three key elements: the Proof System, the Circuit Design, and Data Availability.

Let’s take a deeper look into them below:

Proof System

The proof system dictates how transaction validity is verified without revealing the underlying data. These systems are responsible for proving that computations were done correctly. Here are the main proof systems:

zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge): 

zk-SNARKs are popular for ZK-Rollups because they allow for small, quickly verifiable proofs. What’s great about them is that once a zk-SNARK is generated, it can be verified without any back-and-forth interaction between the prover and verifier. This speeds things up a lot. 

However, zk-SNARKs require something called a “trusted setup” at the start, where public parameters are created to help generate proofs. If someone compromises this setup, it could lead to issues. Nonetheless, zk-SNARKs are efficient, compact, and widely used in many ZK-Rollup implementations.

zk-STARKs (Zero-Knowledge Scalable Transparent Arguments of Knowledge): 

zk-STARKs are similar to zk-SNARKs but are designed to be more scalable and don’t need a trusted setup. Instead of relying on that initial trusted phase, zk-STARKs use publicly verifiable randomness to generate proofs. 

This makes them “transparent,” and in a way, they’re more future-proof, especially in a world where quantum computing is becoming a concern (zk-SNARKs might be vulnerable to quantum attacks, while zk-STARKs are not). The downside to zk-STARKs is that their proofs are larger and take up more space, which can drive up costs when verifying them on the Ethereum network.

Circuit Design

Circuit design refers to how transactions are executed within the ZK-Rollup’s Layer 2 environment. Think of it as the architecture that shapes how your transactions flow and get processed. 

Account-based Design: 

In an account-based design, the architecture mirrors how the L1 itself functions. In this design, each user or smart contract has an account that tracks balances and other information. Developers familiar with Ethereum (or other L1s) can easily build on ZK-Rollups using this system, as transactions directly modify account states, just like sending ETH between wallets.

UTXO-based Design: 

Similar to Bitcoin, UTXO-based systems track “unspent transaction outputs” instead of accounts. Transactions spend and create new UTXOs, offering more privacy since outputs aren’t tied to specific users. However, it’s less suitable for complex applications like smart contracts or DeFi protocols.

ZKVM-based Design: 

The ZKVM (Zero-Knowledge Virtual Machine) is a newer, more advanced design that allows for more complex computations. It supports advanced computations while preserving privacy. It’s designed for more complex dApps that need to prove computations without revealing details. Though, similar to the Ethereum Virtual Machine (EVM), ZKVM focuses on privacy and is more resource-intensive, making it ideal for complex use cases.

Data Availability

Data availability ensures that off-chain transaction data is stored and accessible for verification. There are several methods:

Decentralized Storage (e.g., IPFS)

Data is stored across a decentralized network like IPFS, ensuring resilience against censorship or failure. However, synchronization with on-chain data must be maintained.

Data Availability Committees (DACs)

Trusted committees store off-chain data and ensure its availability, offering efficiency but introducing some centralization risks.

Data Availability Sampling

Only portions of data are stored across multiple nodes, allowing reconstruction when needed. This reduces storage requirements but adds complexity.

Each method balances efficiency, cost, and decentralization while keeping data accessible for verification.

Benefits of ZK-Rollups

There are many benefits to using ZK Rollups as a scaling solution, particularly when it comes to security and privacy. 

ZK Proofs verify transactions without revealing their details, and at the same time inherit the security provided by their parent chain. Moreover, faster finality and the bundling up of transactions via ZK proofs mean significantly more throughput and reduced computation on the layer one chain; contributing to lower gas fees.

Challenges of ZK-Rollups:

ZK-Rollups face challenges due to their complexity, especially when it comes to general-purpose smart contracts. They require advanced cryptographic techniques, which makes development slower compared to Optimistic Rollups. 

Additionally, some ZK-Rollup systems need a trusted setup—an initial configuration by a trusted party—introducing a security risk if not handled correctly.

ZK-Rollups vs Optimistic Rollups:

Optimistic Rollups are Layer-2 scaling solutions that assume all off-chain transactions are valid unless challenged by validators. Here are a few factors that differentiate Optimistic Rollups from ZK Rollups:

Validity of State Changes

ZK-Rollups instantly verify transactions using zero-knowledge proofs, offering faster finality without revealing transaction details. In contrast, Optimistic Rollups assume transactions are valid unless challenged within a specific window, which adds a delay for potential disputes.

Withdrawal Time

ZK-Rollups offer instant withdrawals due to immediate transaction finality, while Optimistic Rollups introduce a waiting period (often 7 days) to allow for potential fraud checks.

Verification-only data

ZK-Rollups rely on zero-knowledge proofs, eliminating the need to store verification data on-chain, making them more efficient and cost-effective compared to Optimistic Rollups, which store all verification data on-chain for fraud detection.

If your main concern is preserving privacy, ZK-rollups require significantly less on-chain data compared to Optimistic rollups, leading to greater efficiency and lower costs.

Conclusion

By using zero-knowledge proofs, Layer 2 solutions dramatically increase transaction capacity while maintaining the security guarantees of the underlying blockchain. 

This scalability breakthrough positions ZK-Rollups as a crucial technology for enabling widespread blockchain adoption, particularly for applications requiring high-volume, low-cost transactions.

As the technology matures, we can expect ZK-rollups to play a pivotal role in shaping the future of blockchain infrastructure, potentially catalyzing widespread adoption across various sectors. The ongoing development and refinement of ZK-rollups will likely be a key focus in the blockchain space for years to come.

Frequently Asked Questions about ZK-Rollups

What is the purpose of zero-knowledge rollups?

Zero-knowledge rollups aim to increase blockchain scalability by processing transactions off-chain while maintaining security through cryptographic proofs and on-chain data availability.

What is an example of ZK-Rollup?

Examples of ZK-rollups include zkSync, StarkNet, and Loopring, each implementing different approaches to zero-knowledge proofs and Layer 2 scaling. Let’s dive into a couple of these below: 

zkSync

zkSync, developed by Matter Labs, is a ZK-Rollup using zk-SNARKs for fast, low-cost token transfers (ETH, ERC-20) and micropayments. It now supports smart contracts via zkSync Era, which is EVM-compatible. zkSync is known for instant finality and seamless withdrawals back to Ethereum.

• Use Case: Fast token transfers, micropayments, DeFi, and general-purpose smart contracts.
• Key Features: Instant finality, low gas fees, EVM compatibility.

StarkNet

StarkNet, developed by StarkWare, uses zk-STARKs for scalability without a trusted setup, making it ideal for complex, high-volume applications. It’s designed for computation-heavy dApps like decentralized exchanges, gaming, and advanced DeFi.

• Use Case: Computation-heavy dApps, DEXs, and complex DeFi applications.
• Key Features: High scalability, zk-STARKs for quantum resistance, advanced computation.

What is the difference between a side chain and ZK-Rollup?

Side chains are separate blockchains with their own consensus mechanisms, while ZK-rollups are Layer 2 solutions that inherit security from the main chain and use zero-knowledge proofs for transaction validation.

A sidechain, like Polygon PoS, is an independent blockchain with its own Proof-of-Stake consensus, interacting with but not inheriting Ethereum’s security, meaning it relies on its own validators for safety. 

On the other hand, ZK-Rollups like zkSync are L2 solutions that process transactions off-chain while inheriting Ethereum’s security through zero-knowledge proofs. This ensures that even if the rollup operator is compromised, Ethereum can still validate and secure the transactions, providing stronger security.