# Zero-Knowledge-Proof Mining By [shadowsocksr](https://paragraph.com/@shadowsocksr) · 2022-07-29 --- The definition of ZKP is very broad. According to “[Why and How zk-SNARK Works](https://arxiv.org/abs/1906.07221),” there is a **prover** who wants to convince a **verifier** that some **statement** is true, and the ZKP protocol should satisfy three properties: 1. Completeness — if the **statement** is true then a **prover** can convince a **verifier** 2. Soundness — a cheating **prover** can not convince a **verifier** of a false **statement** 3. Zero-knowledge — the interaction only reveals if a **statement** is true and nothing else A ZKP protocol For example, Alice wants to convince Bob that she knows Carol’s phone number. She calls Carol. Then Carol’s phone rings and shows it’s Alice calling. In this way, Alice proves to Bob her knowledge of the phone number without revealing what the number is. It is also a ZKP protocol. When we talk about ZKP in the context of blockchain, it often refers to a particular branch of algorithms within the definition. These algorithms are called zkSNARKs (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge) in most cases and have the following properties. 1. **Non-Interactive** proving process. The proving process only needs the prover to send a **proof** to the verifier. 2. **Succinct** proof. The **proof** has a small size, and verifiers can quickly verify it. 3. **Programmable** statement. The algorithm can convert any **statement** into a [QAP](https://medium.com/@VitalikButerin/quadratic-arithmetic-programs-from-zero-to-hero-f6d558cea649) (Quadratic Arithmetic Program) for proving. You can refer to “[awesome zero knowledge proofs](https://github.com/matter-labs/awesome-zero-knowledge-proofs)” for detailed ZKP algorithms used in blockchains. Their development follows such a trend: the computation speed is getting faster, the reliance on the “[trusted setup](https://vitalik.ca/general/2022/03/14/trustedsetup.html)” is getting lower, and the proof size is getting smaller. Some algorithms and their related projects are listed as follows. 1. **Pinocchio** (ZCash Sprout version): the earliest introduction of ZKP to the blockchain. 2. **Groth16** (ZCash Sapling version, Filecoin): faster than Pinocchio. 3. **ZK-STARKs** (StarkWare): no trusted setup. 4. **PLONK** (zkSync), **Marlin** (Aleo): universal trusted setup 5. **Halo 2** (ZCash NU5 version): no trusted setup, recursive ZKP has properties suitable for the blockchain. First, compared to other proving systems like Merkle proof and signatures, ZKP is able to prove any statement, bringing varieties to the on-chain logic. Second, its proof is succinct, costing less gas when verified on-chain. The earliest usage of ZKP emphasizes its feature of zero-knowledge, proving transaction validities without revealing any transaction information, for example, ZCash. Later, ZKP experienced a bottleneck period. People find that blockchain privacy is not strongly needed, and ZKP is not user-friendly because it takes a long time to compute. Recently, ZKP regained people’s attention because of its usage in blockchain scalability. By proving the validity of a large piece of data, ZKP scales the computation and storage capacities of the blockchain. Some proved data and their related projects: 1. L2 transactions: zk-Rollup projects like zkSync, StarkWare 2. L1 transactions: Mina 3. Off-chain data: Filecoin Discussions on ZKP are very lively these days. [Paradigm](https://www.paradigm.xyz/2022/04/zk-hardware) analyzes the hardware acceleration of ZKP and thinks FPGA is better than GPU and ASIC. [a16z](https://a16z.com/2022/04/15/zero-knowledge-proofs-hardware-decentralization-innovation/) summarizes an overview of the ZKP. Presentations at “[Zero Knowledge Summit Amsterdam](https://youtu.be/SCIuwh9ya8U)” provide many thoughts and new ideas on ZKP. Mining ------ This year, Ethereum will switch from PoW to PoS so that the blockchain mining market will shrink significantly. Although storage mining has emerged in recent years, including Filecoin, Chia, and Arweave, it is still unable to meet the market vacancy caused by the exit of Ethereum. On the other hand, ZKP has some early applications in blockchain mining. There is a marketplace in [Mina](https://docs.minaprotocol.com/en/architecture/snark-workers) for ZKP workers to submit their generated proofs to earn tokens. In [Filecoin](https://spec.filecoin.io/#section-algorithms.pos.porep), miners need to generate ZKP for every data sector stored off-chain, thus gaining storage power. Mina ZKP marketplace We can see that traditional hash mining is surrounded by controversies about energy-wasting, meaningless computation. Therefore, the blockchain area is trying to find a meaningful mining method. The properties of ZKP (proving arbitrary statement, complex proving but simple verification) provide more possibilities to the blockchain mining market. Opportunities ============= We are focusing on some ZKP mining projects this year. Filecoin -------- Filecoin leverages ZKP to prove off-chain data through algorithms named [Proof of Replication](https://spec.filecoin.io/#section-algorithms.pos.porep) and [Proof of Spacetime](https://spec.filecoin.io/#section-algorithms.pos.post). We think Filecoin mining will continue to be popular this year for three reasons: 1. Due to its [economic model](https://filfox.info/en/stats/miner), the sector pledge has decreased from 0.25 to 0.16 FIL in the past year. 2. The price of FIL has dropped significantly, further reducing its mining cost. 3. The roadmap of [FVM](https://fvm.filecoin.io/) smart contracts brings a positive signal to the project. Sector Initial Pledge Variations (FIL/32GiB) Aleo ---- Aleo starts the first “Proof of ZKP” mining mode in which the miner’s computing power is determined by how many proofs it can compute per unit of time. The mining algorithm is named [PoSW](https://developer.aleo.org/advanced/posw/posw/) (Proof of Succinct Work) and can be described in short as follows: pseudo_random(zk_prove(nonce)) < target_difficulty `zk_prove()` is to generate a proof of “the current block containing its transactions” with `nonce` as its input. `target_difficulty` is adjusted according to the computing power of the whole network. You can see that PoSW and PoW are mostly the same, with the only difference being that PoW computes hashes while PoSW computes ZKPs. In addition, Aleo developed the first “private smart contracts” Leo. Although there are other ZKP-based smart contracts like zkSync’s zkEVM, StarkWare’s Cairo, and Mina’s zkApps, none of them support privacy. Decentralized ZK-Rollups ------------------------ Current designs of ZK-Rollups are centralized: only specific operators can submit transaction batches and validity proofs to L1. [Vitalik](https://vitalik.ca/general/2021/01/05/rollup.html) gives several suggestions for making the operator decentralized, like sequencer auction, random selection from PoS set, and DPoS voting. Both [zkSync](https://docs.zksync.io/userdocs/decentralization.html) and [StarkNet](https://starkware.co/starknet/) have clear roadmaps to decentralized ZK-Rollups. There are also some cutting-edge researches, like [Polygon Hermes](https://ethresear.ch/t/proof-of-efficiency-a-new-consensus-mechanism-for-zk-rollups/11988), [StarkNet](https://community.starknet.io/t/starknet-decentralization-tendermint-based-suggestion/998), [PoVP](https://ethresear.ch/t/a-design-of-decentralized-zk-rollups-based-on-eip-4844/12434), and [taikocha.in](http://taikocha.in/). Decentralized ZK-Rollups bring a new mining mode: miners can submit their generated proofs and thus earn rewards. It’s similar to the ZKP marketplace in Mina. But the marketplace is not the best solution since some proofs will be wasted due to no one buying. We need a parallel computing architecture for ZKP to aggregate power from all miners. --- *Originally published on [shadowsocksr](https://paragraph.com/@shadowsocksr/zero-knowledge-proof-mining)*