Alex Gluchowski: zkSync – The First EVM-Compatible zkRollup Protocol - podcast episode cover

Alex Gluchowski: zkSync – The First EVM-Compatible zkRollup Protocol

Epicenter - Learn about Crypto, Blockchain, Ethereum, Bitcoin and Distributed Technologies
Jun 15, 20211 hr 9 minEp. 396
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

zkSync is a trustless protocol for scalable low-cost transactions on Ethereum. It's also the only zkRollup protocol which supports EVM smart contracts.

Alex Gluchowski is co-founder of Matter Labs, and co-creator of zkSync. We spoke with Alex in depth about how the protocol works and the potential for a highly scalable transaction and application layer on Ethereum.

Topics covered in this episode:

  • Alex's background and how he got into the crypto space
  • An overview of existing Ethereum scaling solutions
  • Difference between Optimistic Rollup and zkRollup
  • Transferring funds to the zkSync Layer 2 and gas fees involved
  • How the zkSync transaction sequencer works
  • Withdrawing funds to Layer 1 and timescales involved
  • How the procol deals with reorgs
  • How block formation works on zkSync
  • The function of the zkSync token

Episode links:

Sponsors:

  • Solana: Solana is the high performance blockchain supporting over 50k transactions per second to power the next generation of decentralized applications. - https://solana.com/epicenter
  • Exodus: Exodus the easy-to-use crypto wallet available on all platforms and supporting over 100 different assets. - https://exodus.com/epicenter
  • ParaSwap: ParaSwap’s state-of-the-art algorithm beats the market price across all major DEXs and brings you the most optimized swaps with the best prices, and lowest slippage - http://paraswap.io/epicenter 

This episode is hosted by Friederike Ernst & Sebastien Couture. Show notes and listening options: epicenter.tv/396

Transcript

This is epicenter episode 396 with guests Alex glue Kowski. Hi, welcome to epicenter of the podcast where we used for crypto Founders, Builders and thought leaders. I'm Sebastian Cujo. And I'm here with for like a Ernst today. We're speaking with Alex glukhovsky. He's the co-founder of matter labs and the co-creator of ZK sink and it is the first evm, compatible, ZK, roll up. So before we speak with Alex, about ZK sink and get into all the Think will mitigate he's

about how that works. We'd like to tell you about our sponsors for this week. It's a lot of guys on Next Generation, blockchain with lightning-fast blocks and fees less than one cent per transaction. Scalability is probably the biggest challenge preventing crypto from becoming the backbone of the world's Financial system. And Solana is one of the solutions. We have today, go to salon.com,

epicenter to learn more. We're also sponsored by Exodus is an easy-to-use wallet that supports hundreds of assets and has native apps for all platforms, including IOS. And Android And it's fully non-custodial. The team are firm Believers in the not your keys. Not your coins, Mantra codexes.com and give it a try and finally Paris swap. They just came out with a huge update. That's even faster and more liquid. It's cheaper than you swap.

And it comes with a new gas token that can cut your gas fees by up to 50%. It's also multi chain now and they've expanded to polygon and finance Mart chain, start trading at Paris swap, dot IO, / epicenter, Alex. Hi. Thanks for joining us today. Hello, very excited to be here. Thank you guys. So tell us about your background and how you became involved in a

crypto space. Well, I studied computer science in Berlin and I worked as a team lead and software engineer, and CTO and multiple companies starting with telecommunication space and then moved into startups was co-founder of two startups in Berlin. And at some point I just felt that crypto is going vertical and and it's just like, I can't wait anymore. I have to jump there because my heart is with in crypto. So, I Very excited about Bitcoin. Actually.

I think I learned about the coin one year after it was invented and that van, it's really appeal to me as a kind of libertarian person and it was a very exciting technological thing. Also from from the beauty of the architecture of it. But back, then I thought, well, if we could only bind it to go somehow, maybe it would work, but eventually it actually worked. But I switched only once

etherium of here. I actually, I try to do to build a startup in the Bitcoin space, but I felt it was too early with what was it started. We were trying to do something reputation-based, like, Sovereign reputation thing. I was doing it with our to been Deacon who is now secured at Aurora. But yeah, we couldn't find investors and we thought like it's maybe a bit early. So, I went back to the classic of startups. And the setups you worked on before crypto.

They're actually pretty interesting as well. So maybe let's give give those like a minute of a time. So the ones that I found one of them was acquired by Urban sports club and the other one was a chem parental startup. Tell us what, what Drew you to these these subjects because they're quite they're quite different from one another know. This is true. So, well as a software engineer,

I must be honest. That we initially, I was looking into the technical issues and I was not caring so much about the business nature. So, it looked like a very interesting idea. So the first product was called so much more, and the idea was that you can get a Best to. It was essentially a copy of glass pass an American start up, where you could purchase a monthly best to All Sports, and Holistic activities in your city, which I found very appealing because like this idea of flat rate.

It feels like like Community communism. It's, it's um, in some sorting like, like Spotify and Netflix, you just like, pavers, small amount per month and you get unlimited access to everything like full abundance. The future is here, so itself the same way, but it was not

very technological. So then with both camper the Kappa sharing platform that was Very appealing to me because we could build something really interesting with with complex sophisticated search engine and optimization for scampers in the booking system. And there was a lot of accounting involved Paul Kemper was the the company. I'm really, really proud of the team.

We could build. It was remote first, the IT team, the, the business team was based in Berlin, but the A-Team was completely remote from day one and it's, it's highly successful. It's the largest campus sharing platform in Europe, right? Paul campus present in Germany, UK Switzerland Austria, I think even more countries by now, but I decided to leave it after only one half years because I felt like I'm maxed out. Like I have done as a CG.

Oh, I've done everything I could do there and the rest does not depend on me. Like the process is going to detecting was working fine and the were no not so many challenges to solve whereas in the Crypt. A world that gives etherium started to get traction.

And actually when I was in so much more, ample camber, I try to integrate Bitcoin. I had this idea of like making Bitcoin payments to the accepted and then I realized I can't justify that you just didn't make sense because no there were no no people using Bitcoin and it could be a nice PR move but probably not for this new startups. We had more consumer-oriented in Europe and I realized if I think this way and I am Kind of very Pro Bitcoin, very excited about

this technology. This is how everyone is going to think about it, but now so it's just doesn't make sense. But with etherium it was entirely different all of a sudden the city of smart contracts and open Financial system. And alternative Financial system would stable points with all sorts of interesting things with with potential for improved usability was there. And I figured, like I can just my opportunity cost of not going into this. Is enormous.

So I have to switch now. So what I did is I went to Hong Kong and I was working as a consultant in a research in an R&D startup. And we were just going to all the different conferences and meeting people and talking and making research and trying to figure out what, what what are the problems. The crypto space is facing material space, specifically, and I came to conclusion, that there are a couple things that once.

So, We'll bring etherium to two masses and everyone is just going to jump on it and the problems that had to be solved or the user experience in combination with security. It's kind of like it's two sides of the same coin and scalability and while the security in you Acts were kind of clear how to fix. Like we could just apply principles from the web to world everything we knew from traditional startups, from mobile apps. It was clear what to do and they were actually Build, we got

Madam asked with that. Argent got Dharma, got all this wallets with social recovery with the ease of not having to to care about your secret phrases, like Zengo and what was based on, you know, some combination of secret sharing and using your email as login and so on and all the other things were also been built from traditional Finance, which we now know is D Phi but scalability really caught my eye

because it Very technological. Like, it felt like a fundamental problem, which cannot be easy to solve, and unless we have some breakthrough, the were a couple of attempts. There was the city of plasma that was introduced around that time. And I remember I met metallic for the first time in Shanghai at a conference where he first spoke about plasma. I was very excited but after half a year, or a year or so, it was clear that plasma is facing

a lot of hidden problems. And that they appear to be of kind of fundamental nature. Like we just, we just can solve them in, you know, like just tinkering around so we need something, something more solid. And then I learned about your knowledge. Proofs first about the zero-knowledge aspect of their knowledge proofs so that you can use them for privacy. And later. I learned about the succinctness property.

There's some of them have specifically snarks that you can prove Integrity of very large computations and they are Much cheaper to verify than actually doing all this competitions. Naivety and my third first thought was when I heard about that. Oh, you can apply that to plasma and make plasma a lot like solve a lot of problems involving of that. And if you do that, that that's actually a cover all up. So I kept lying zero, knowledge proof to plasma gives you a valium.

And then if you put the data on chain, this is the Z key roll up. And I met very white hat was working. Who built it, built the first working group, working on Ziggy Roll-Ups, and we met some other guys. We had discussions and we published the famous blog post on each research particular laps. And then I met my co-founder Alex, lots of in at def Con in Prague. I think it was Defcon four or three. He was coming to the same idea from a different angle. He was actually working on plasma.

He what? He was building a plasma implementation. And he learn about their knowledge proves and he was very deep into cryptography. Having a PhD in high energy physics from McGill University in Canada. He was really good. I immediately realized that this guy's it's genius and we should do something together, and we immediately jumped into discussion of how things should be built, technologically. We built the first prototype presentative, and this is how

education can was born. Let's get your sponsor Solana. Now. This is a special, and for me to read because I've been deep supporter of this project since meaningless. Lana, team back in 2018. I invest personally in the project and my company course, one is super deeply involved in the Solana ecosystem, including running the biggest validator. So, what's so cool about Solana. Well, we all know that scalability is the single most important issue facing the blockchain industry today.

And to Solana, blockchain is an amazing solution for it. The networks. It's thousands of transactions per second with 400 Milli second block times and over 500 validators. The special thing about Solana is also that it's not a sharded blockchain. It's a single Block Chain hyper optimized for performance. So that makes it really easy to maintain composability between all of the apps on Solana. So that they work together

seamlessly now and forever. There's a lot of ecosystem is growing at a rapid pace and it's a great place to build your project or just getting Both with the community. So go to salon.com epicenter to learn more. We've done a number of episodes on the topic of scalability and a few episodes where we talk specifically about ZK relatives, but let's maybe get a little refresh. You know, how does this EK roll-up work in a nutshell? What are the main components? And like what is it trying to

achieve? Zeki roll-up is a scaling solution that works on top of square one. So it's a layer to scaling solution which is supposed to derive its security from from layer 1 and it works the following way. Maybe we should recap first, how plasma works because it's going to be easier to explain. So, with plasma, imagine that you have a single contract on layer. One that instead of holding all the balances of the users, only holds all the funds.

Together in a single pot and it holds a root hash of a of the state which is held off chain, which contains all the balances. So I only keep one hash. So this this hash been a Mercury root serves as a cryptographic fingerprint of our state whenever change something in the state to change the the the root hairs will change completely. Now when we we want this users to transact, we want to see users to send funds to each. Her, which will modify the state.

So whenever we have multiple transactions, maybe a block of, like, let's say 1,000 transactions. We would modify the state applying each of them sequentially through the state, which will modify all the balances. And then we will compute the new root hash of the state and will send this new root hash to the smart contract on where one and replace it. And this way we actually made only one small.

Action on layer 1, but we enacted many transfer of thousands of transfers of thousands of transactions, which happened on layer 2. So, the in plasma you would suppose to monitor what's going on in the state and try to catch the. So, like, anyone would be able to submit the new root hash, and if something goes wrong and this new root, hash contains invalid transactions, or some invalid State, you would have to somehow prevent. And this new root hash from being finalized on layer 1 and

this is difficult. So it with plasma and Zeki Roll-Ups rely on so-called throat proofs, where someone has to monitor it and then provide the proof that the news new state is not valid with Ezekiel Roll-Ups. We do something very elegant. We provide a zero, knowledge proof, or like 16, zero knowledge proof of snark of validity of all the transactions that happened that produce this new root. Hash. And the snark is verified by the smart contract itself.

So what it means is, it's been verified on all the full nodes of the Syria. And only if the stock is valid, then we change the the knurled hash on the smart contract. And this way we can guarantee that. No, invalid transaction is ever included in, in our roadblock. So just to recap, the the phrases differently in a, in an optimistic roll-up, you have a verification of the different hashes in the Merkle tree and the root hash that has to be verified by some like some third-party process.

And one of the ways that we've come to do that is to have this front fraud proof system, but that introduces a whole bunch of complexities. Whereas with a ZK roll up, you simply have a snark that proves that all of the state in the All the transactions in the state that sent to the smart contract is indeed valid. This is correct. Yes. So this way we can only prove the validity. However, we also have a problem

of data availability. So we need to make sure that everyone knows what the new route State. What's the new state is completely? Not only the route has and would roll ups. What we do is, we publish some data on chain that makes everyone able to reconstruct the changes in the state to get the final State somehow. Like if we hope it has the previous state. The block you should be able to get the new state completely in your local database after the block. So you can do it in multiple

ways. You can either publish the inputs of all the transactions. This is, you can do it, the Z key, roll up, and you can do it with optimistic, roll-up, or you can publish just the final State like, actually, like the state Delta, what would change in the state, the final state of every account, which was attached in this block and this Is only possible with Z key role and this is very interesting because it reduces additional succinctness.

If you have, let's say one account or like two accounts, making many transactions between each other. At the end. We will only need to publish to to updates of the state like the final balance of the first account in the final balance of the second count and not all the hundreds of transactions with that took place in Islam. This place is of floor at how much a transaction can be reduced by right to. Basically if you if you have an operator and use it's a optimistic roll up.

You can compress the data much more said correct because a you don't need to submit it. Unchain such that someone can reconstruct the entire thing. Yep, that there are multiple factors that that make Ezekiel UPS cheaper in terms of unchain data, but fundamentally, maybe we should first answer the question. Why does this work? As a scaling solution at all? If we still put this data on through, on the theory of network, right?

So the the difference from just using the putting this data in, you know, like using the theorem on layer 1 normally is that we don't use storage. We only use the bandwidth. Of the network, but we do not require the etherium full nodes to store it in the ethereum active State and we do not require them to verify and like access storage of different contracts to verify transactions and that part random access to the storage is actually the bottleneck right now in Syria.

This is this is the most expensive thing because you cannot like we use ssds and we cannot read the data. Really from ssds, which would be really fast. Instead. We have to go to like jump to random locations in this memory and this introduces the delays and you have to do it sequentially. After it one thing, then you have to read the other thing and then because you're working on a global state, right?

So that's why, that's why you have to do it sequentially because you're working on the global State and you work with Merkel proof Merkel proof. So you, you have to retrieve Merkel path for all the accounts and when you modify You have to actually go and like modify all the intermediate nodes on the Merkle tree. And this is where you get this delays because this latency is just add up. So what we do with Ezekiel up, we only publish the blog as a

one big chunk of data. We do not use storage. It doesn't need to touch storage. It just goes through the network interface and the bandwidth is a lot cheaper than storage and a lot faster than storage access to. This gives us. Is roughly a hundred X improvement with Ezekiel up with optimistic grow up. You can get the kind of the same

scalability factor. If you optimize the optimistic roll-up really strongly for, like, what do we need to do is you will have to aggregate the signatures because you still have to publish the signatures on through this network in the roll-up, which you don't have to do in a secure lab. Because the signatures are verified by the Stark.

And also you would have there are some other nuances and optimistic, Rob say the most compressed version would only work with Mount around throat, proofs something, like our bedroom and it would be much harder to build with a single round sloped roofs, which optimism is uses is using. But in any case you still have like you only get a linear scalability boost. Let's get to our sponsor.

Exodus Exodus is Is a fantastic crypto currency wallet, that strikes the right balance between ease-of-use security and great features. You can get Exodus on the iPhone desktop app. Web app, Android, whatever platform you use. It's a non-custodial wallet. That is so critical. Because what's the point of

crypto? If you don't control your own assets with Exodus, you always do, they're old school and they've been around since 2015 over 1.2 million users rely on Exodus. So, you know that If stood the test of time, they have support for over 100 different crypto acids and remove in Exodus. You can easily change one

different asset to the order. They also allow you to buy group 2 with Fiat and they even have a great offer where you can buy up to $500 worth of crypto through the IOS app and Pages $1 in feet. So go to Exodus.com epicenter and check out their wallet. We want to thank Exodus for their amazing support of epicenter. So let's talk about the aggregated, block of transaction

data. So who actually Aggregates that and basically, if I want to transaction include included in a ZK, sink block, how do I go about that? So you normally have someone called sequencer collecting the transactions from the users and packing them in the block and Computing, the new root hash of this block. The sequencer can be centralized can be a single party with the server, which accepts the transactions through rest API.

It can also be decentralized, some consensus algorithm multiple validators collecting the transactions through peer-to-peer Network and the just agree on. What's the the new block is going to be Then selecting the leader, who will submit it to ethereal or maybe anyone from from this vital task and submitted to the theory with all the Roll-Ups right. Now.

As far as I'm aware. Everyone is currently using centralized sequences because with Roll-Ups, you do not rely for the sequencer on the sequencer for security, but they could send some of you. Right? They could sounds. Are you but only in L2, they cannot censor you and l 1. So if you feel censored, you can Is called aleurone and retrieve your funds through some additional mechanisms, in our case.

It's called priority queue and we have something called Exodus mode or emergency exit mode where you can exit without asking anyone for permission. And this is very important aspect of the protocol. But if you, if you are being censored by operators by the operator by the sequencer in L2. Yeah, it's just not going to use this service.

It's not as bad. What are the trade-offs of having a centralized service and perhaps a decentralized service to ensure that like censorship resistant aspect? It just allowed us to to, to launch the busy kissing earlier and we was a kissing booth for the philosophy of progressive decentralization. We start with the minimum viable product, which is Central at which does not rely on us or

anyone for security. So, we derive security directly from etherium and it's just much faster to build and to have a full-fledged flash consensus, which We are building and this is very important. As you can see, we don't want the casing to rely on is single party long term or even midterm. We wanted to be decentralized protocol governed by the community and having multiple validators that are selected by

the community. So that we also don't have any censorship potential, you know, to long-term. Actually. We have some more ideas on how to solve censorship and we will rely on even more advanced cryptography because And if you are even in aetherium with multiple miners, there is still a chance that the they will conclude. It's not impossible that the miners, or validators will conclude and we will prevent users from the mentioned transactions.

And this is actually a one big attack Vector on optimistic Roll-Ups or on other protocols that rely on throat. Proofs that the miners willingly or being cursed. We'll Just prevent the front proofs from being mined on the theorem for a relatively short time of one or two weeks. And then the attacker would be able to seize all the funds from the optimistic roll up. This has been a controversial

topic. Like obviously I am a z key role of maximalist and you can say I'm biased because of that and we had some clashes with people from who are optimistic roll-up proponents and they would argue that the community can always step in and intervene. Banish the validators who do such a thing and rely eventually on social consensus for storing for, for the ultimate censorship resistance, but I disagree that that you can like you should not be building protocols that rely

on such weak assumptions. This also might be valid for for the time once we transition to proof of stake and it like maybe there will be some like clearly written rules how the community should behave. We get some signaling from everyone in the community that they actually going to follow this rules and we have clear mechanisms how such a situation can be cleared up without incurring a lot of mass.

Because the imagine if that happens and we have a lot of defy transactions going on, that are all intertwined, you know, like you put something into uni Swap and then other people put stuff in and the price moves and some other oracle's around this price and so on. And so on like it's going to be very very difficult to sort it out.

After the fact. So you actually need this mechanisms to prevent some of the ship in place before, but that would only work once we have proof of stake with proof of work. There is no mitigation. Like if if the proof of work miners decide to attack an optimistic roll up, they can do it. This is very real and they can they can collude, they can be bribed with. There might be some automated bribery mechanisms through some smart contracts. They distribute the rewards from this attack.

And actually, the closer we come to the moment of transition proof proof of work to proof of stake. The last proof-of-work miners have at stake. But with a less they have to lose like in the last days before transition. It's very, very likely with this attack can happen. Yeah, so that's why in the long term. We want to rely on something more fundamental for preventing censorship.

Such as, for example, time-locked encryption, where the users will be able to put put their transactions in some encrypted envelopes and submit them to buy the debtors to include in the block before the validators can learn what's inside cool. Yeah, that makes total sense. So maybe let's do a walk-through of how it works step by step because so far it's been pretty abstract. So let's say I have I have an address with one ether on Nao one. How do I get it onto the ZK?

Sync, layer 2. As with any layer 2, you will have to make a transaction on layer 1 to move this funds from layer, 1 to layer 2. Alternatively, you could just get the busy from someone who already has it in layer 2. So for example, if you're in normal user and you just want to move your feet yet to wear to, you will probably just go to an exchange and withdrawal directly to decreasing from there. We're kind of working on down better go.

Asians. The address that I have on layer 2 is exactly the way the same that I can also have one day. I won. So there's no confusion possible. Is that right in ZK sink? This is how we designed it. So it was very important to us to keep the a very, very high degree of usability. And yes, you have the same address in flirt. Oh, that sounds super nice because I mean, as someone who builds decentralised projects and products. I mean, we have all seen how often it happens.

Happens that people send funds to the same address on a different network. Be it a test Network or a day or two. Absolutely. So that's super nice weather. The weather technological challenges inherent to this. I want to also say that indeed many people do this, many people would do transfers instead of

withdrawals or deposits. They just sent funds to, to the same like to this address and think, for example, we have a lot of users who would send funds inside the casing to some address and expected to appear on where one without knowing that they actually have to do withdrawal and sometimes they would send it to some address which cannot register in the casing because it's a smart contract or it's just some Change address and they the funds would get stuck there.

So we had to develop a special mechanism to force the funds out for new addresses that have not been used yet which where the owner cannot control it in there too. So we have a special mechanism just like withdraw automatically and the studio trustless. It's enforced by the protocol. It's a part of the start so it can always be done. So you like you never are in a risk. Of losing any funds, like, no matter what you do, like, unless you send it to address 0, like any normal mistakes are

tolerated. Cuz that that's super nice on the usability side. So now I have say slightly less than an ether on layer 2. How much, how much would it cost me in gas to actually transfer one ether from layer 1 to day or two? It cost is slightly more than a normal is a transfer. Okay, that's that's not so bad. And then I, I now have say slightly less than an ether on there, too. How do I send it to someone else? Do I need a special wallet or

can I do it from Madam asked? Well, how do I go about it? Currently you need a special wallet. What you can use is our web-based wallet, which you you can control with metal mask or any world connect enable wallet, which will derive a signing key for zika sink and store it in your browser memory. And then you can use it to send transactions. Although, you will always have to co-sign this transaction by Madame Masque as well. So we have a kind of two-factor protection.

We require Irma, Thomas signature, which is verified by our service. This is version one in version. 2, you will be able to just sign it with Madam asked directly. We will support the theorems of interest natively in dkc2. Is it dangerous? That part of the signature is stored in browser? Because that sounds like a bad idea. Well, whether that of course, it's not that it's not ideal. That would be the case.

If you use our web-based wallet, if you use any wallet that natively supports the key sink such as Argent or hobby wallet, or I am talking then, of course, you don't have to see the situation. You can just pick you, you will use it, the inside, the wallet and the private key will never

leave the wallet. So when you're looking for a flight, You go through a flight, aggregator to see all the different places where you can buy the fly to get all the options and make sure you get the best price for your travel plans. And when you're making a defy swap, just do the same and use para swap. It beats the market prices across all the major indexes, because it Aggregates them and thanks to their network of professional market makers. You get zero slippage on your

trades. So they just push the huge update. That's even faster. More liquid. Thanks to a brand new. Algorithm / swap is now multi chain and has expanded polygon and bind and smart chain. So go and check it out. Give para swap at try at Periscope dot IO, / epicenter. We talked about moving East into ZK sink. Can you move tokens natively in to seek a sink or do you have to first move? Ethan then somehow like convert them there or how does that work?

No, it can natively deposit, your seat, many tokens. And we also need the support network transactions, inside the casing. So you don't need if or anything, or at like Zeke is in talking to some transactions. You can deposit die and then pay your fees and diet. So the what it said, support, ZK think they natively. Send the transactions to the sequencer. Then this is crap. The sequencer. This is currently one centralized party, which I

assume is somehow affiliated. It with you guys, but will be sequentially decentralized. Yes. That's correct. It's the sequencer. The operator in a sense, OSS separate operator. You can go with the operator. Sits block producer. It's someone who collects the transactions and just puts them in the block. Okay, but this there are also validators, right? The validators are the general term for when you have a consensus driven by proof of stake. This is what we plan.

To have so that then they will be called validators. Okay. So basically currently the sequencer replaces the validators and who will then be the block producers? Well, the validators will act as a collective sequencer. I would put this way. How do I withdraw funds to layer 1 and what's the time scale for this? Because this is one of the Achilles years of optimism, right?

So basically there because you have to you have the entire thing around prop grooves and so on, you actually have super long with drier periods. This is true to throw from optimistic. Roll-Ups. You natively, need? One week, which can be mitigated. If you have liquidity providers, who will pour you, some funds on where one? But this is going to be expensive. We seek a Roll-Ups in the casing specifically.

What you do is you submit a transaction to the sequencer, asking them to withdraw, the funds for you, on their one, and they will include in the block and the moment. The block is completed and verified any Theory. Mmm, you will automatically get the funds on. Um, to the address, which you wished. So this is one way, this is the normal way.

In this scenario. Your transaction could be censured and then you can also go and you have a second option, which is the priority queue I mentioned before we make a transaction on layer one and you put a record on the Queue, which must be processed by the sequencer in within some, some time frame, but it wasn't one day or something.

And if they fail to do this, then the system will enter emergency exit mode where you will be able to just prove ownership of your funds and withdraw them directly on their one. This has never happened before. I doubt this will ever happen because the, the validators, or the operator never has an incentive to, to censor users. Since they know this threat is, is valid and they will just like

lose credibility. But in normal circumstances, You only have to wait for the block to get filled and for the prove to be generated for this block and submit it to the theorem which with busy kissing. One takes approximately four, four hours right now. Like it depends on the group on the actual usage of the system. Like, the more blocks. We have, the faster they get generated and you also have an

option of fast exit. If you need some funds immediately you cannot Opt-in into paying the block verification overhead yourself. And then the book will be immediately closed and immediately submitted for verification. Yeah. You also have to wait for the prove to be generated for the start to be generated which which is not longer.

It only takes something like 20 minutes right now, and it will be even lower with version 2. Because we are building it in in the very parallel way recursively. It would go down to a few minutes. So that means that blocks the standard thing for Block is to be full, right, but then the, the block time can vary, is that correct? Yes, we expect the blocks to be full. So if you have, let's say 1,000 transactions per in 10 minutes than and the block size is 1000.

Then your book completeness time will be 10 minutes. I mean to basically then the sequencer submits this to to layer 1. And how do you then Gear with real works? Because this is also often a problem with layer tools. Right? So basically if layer 1 re Orcs, how do you make sure that when people have already cashed out based on?

I mean, how does this work? There is absolutely no problem with reworks fundamentally because if are York happens, then the cash outs will be reverted first so they will just be erased and never happen. So what we, how we, combine three works is we require a, I think ten blocks confirmed 10 confirmations after the deposit to appear in the casing. So whenever you do a deposit, we wait for ten blocks before you

see this. This amount on your balance before like did before the the the operator will actually process it and include in the next block. So this way we can prevent the Casual re Orcs which happen cerium with one or two blocks back because of fluctuations of uncles and this is only to prevent negative user experience because if the reorg happened on the deposit, then we would have to roll back. All the transactions that depend on this. Deposit.

And it can be a lot because they can you send it to some people? And then decided to further people in the spreads, but it would be grey or happens, which would go back more than 10 blocks. Then we will just roll back the database to the point where they're York correspond, where the the root hash of the database would correspond to the previous root hash recorded on the smart contract to the point of York, and we would also try to reapply the Transactions that

were collected. So if we work was non-essential, if it didn't actually modify a lot of balances and did not affect deposits, then we will be able to reconstruct all the transactions in layer to natively and users will not notice anything. If it affected deposits, then some of these transactions will fail because there is not enough funds and then they will cause other transactions to fail potentially because users would send funds further.

But as I said, It does not affect the Ezekiel up in anywhere from the security perspective. We're which is bound to aetherium for finality. You mentioned a while ago that it's possible for for someone to close the block by paying the entire like the fee. Basically. Like it does not introduce any denial of service attacks where one could just continuously. Just be like a pain to close blocked before. Anybody can get transactions in. Is that something that is

possible? No. No, it's more for you to understand the cost structure of Ezekiel roll up. Every transaction must include some fee to pay for the Unchained part of this transaction. Plus additionally an amortized cost of a proof. So you can, you could theoretically include approved for every blog even if the blocks are small, even if blocks contain just one transaction, but that would be super expensive.

That would be a in anti scaling solution because you would pay a lot more for a simple transaction than you were doing there one. So, the more transactions you include in the block, the The more the higher, the denominator, by which they prove cost is divided. It's kind of like going from flying commercial to Flying private and saying, I just can't wait the three hours for the next commercial. Plane to go from Berlin to say Moscow and I chartered a private plane by the in this analogy.

It would be a rather like you wait. So you have one passenger, two passengers, 10 passengers in this one, big boy, which has a fixed cost of flying from from one place to another. And, and at some point you say like, okay, I Want to wait for anyone else? Let's fly. Now. I'm going to play like the all the basic cost, and you just close the gate and that you've left by immediately without

waiting for other people. They will just catch connections next slide because the next flight will be immediately available after the first one to parks. That's what of the scenario in which I was thinking is, like, couldn't someone who wanted to to censor the network or to do a denial of service attack, just by. Like every time there's a new box just like by up the entire block, you know, if they had if have unlimited money.

No, because all the transactions that collected by the time he does, this will be just including in this block. So this person will be just subsidizing everyone at lower low latency. So just to summarize this. So when I do a transaction on ZK sink, I pay a small fee that is associated with the overhead of my transaction being included and a part of the overhead cost of the ZK sink proof of the verification of the verification cost of the proof.

That this is correct. Yes. So the verification Costco snarks for too long proof system, which we use is currently around half a million guests on a theorem. But that means because you're still dependent on the gas price on day one. The fee is on layer 2 will actually fluctuate with the fees or Nao and right. This is correct. Yes. Okay. So you currently do you currently have a token or do you

still plan on introducing one? We don't have a dock in now, but we will require a token for multiple reasons. One is decentralization of this sequencer to have multiple validators who decide on what's going in the blocks. And the other very important reason is Introduction of Ezekiel Porter, a all chain scaling solution, which will augment Zeki, roll up. It will serve as a is a extension of the Corolla. Tell us about CK Porter. Susie Q. Porter is, is a, is an

interesting idea. Where, in the casing 2.0, you will have two types of accounts. Zeki roll-up type of account, which will act and cost the same as what you expect from the Corolla. So you have the Ultimate Security from the theorem and you will have to pay a like you will, you will get a linear scalability boost. So you will always play around 100 of. Beware one cost, but then you will have an optional, Zeki Porter, account type, which you can choose the user.

And if you transact with insecure Porter with you, only interact with others, you keep our accounts, you will pay a very small fees that are independent from the gas price and aetherium because the data will not be published through the appearing Network. The the states of those accounts will be only published. To the so-called Ezekiel Porter Guardians, who will keep the the data for you.

And they will confirm each block with the majority or supermajority of the weighted stake to guarantee that this data is available. Sorry, what's the secret Porter? Zebra has this new architecture. I'm just grabbing. We just so we it's it's an alternative account type in decreasing to you have zero up accounts and the Q Porter accounts in. You can freely choose as a user between the two. And if you, if you opt for Zeki Porter, you will have very, very low fees and also decrease

security. You will not get the same security as woodsy Kerala. That's why we recommend. We will encourage all the others to keep most of the funds most A fortune in the Z key role of accounts, but for some smaller spendings for micro transactions for trying out things, maybe for high frequency, high frequency trading, you can use Z key part accounts. And as long as the total value locked in Zeki, Porter accounts is lower than the steak of the keep order. It's actually economically.

Secure, doesn't make sense of the validator to try to attack the system. So, is it kind of like a POA layer 3 on layer 2? It's more like a side side chain. So it's an extension of Z key roll up into a side chain with a very interesting property from this side chain, you can seamlessly interoperate with any account in this icky, roll up. So you can have a single transaction that spans across multiple accounts involving both zero weapons. You keep our accounts.

So, for example, what this means is you can have a lot of you. Us, who are, who cannot afford to be on zucchero up, because they grow up eventually etherium gas prices, will go up a lot because we'll have a lot more users hundred times thousand times more users at its individual, that they will go up, even if we all use later Solutions, so, some users will just not be able to participate. It's just kind of too expensive for them, but they can stay on Zeki portents.

I'd pay very low fees, but still interact with Eunice swap compound. Bouncer curve all the protocols, defy particles on the Z, key roll up side, where all the whales are and all the, the other users everyone, but they will still pay a very small fees for that. It's crazy that we're already anticipating a time in a world in which there are two solutions, are also too expensive to use and so we need to move to other layers. This is what we observed with etherium.

The number of users over the past year Rose approximately 12, x 13 x, but the gas prices Rose square of that. So we can only it's only natural to expect that. The same thing will sooner rather than later happen to wear to because the this cold induced demand, once you have a lot more opportunities to trade and you in do anything, he's and do a lot of interesting things in there to more people will do it a lot more frequently and this will drive the prices up again.

So Alex, you kind of already alluded to this, but this also means that ZK sync is also smart contract compatible, right? Yes OC kissing to will have not just smart contracts but full evm compatibility or like if you have portability, you will be able to take existing smart, contracts, that are life on where one and easily Port them to zq sink and just deploy auto box. Most of them will just work. So that means you redeploy, essentially, as my contract,

that was deployed to aetherium. Does that does that imply, any ability for users of say like an arc, 20 token that was deployed on one? Contracts to interoperate we did. Can you move assets from one Contracting through the other? Or they what kind of interesting dynamics that might exist between those two layers. Absolutely. Sure. So you will have this our design of ZK e VM was to keep all the properties from etherium, including a possibility.

If you deploy multiple contracts, they will be able to interact with each other. Just the same way. It's kinda possible in aetherium in atomic transactions, that can can all execute or can revert partially like everything that will just look and feel exactly the same as any theorem layer 1.

Okay, so you could have essentially like a transaction where, you know, for example, like you're kind of building a complex transaction where you like mint died on the CDP and then you take that died and like I don't trade it on you and swap or something like, you know, you do some other action, you could do some sort of like cross-layer transactions, where you meant died on the CDP and then, that died gets sent immediately into say, like I am M or a decks on on zika.

Roll-up. Is that is that possible or is? They're like some extra complexity there. You mean like moving funds between layer 1 and layer 2. Yeah, like in a sing in sort of like a single in a single transaction. So the you can never have layer 1, layer 2 interaction in the single transaction.

It's always a synchronous because the blocks are only committed to etherium once in a while and anything can happen in between those blocks of you will have and a synchronous calls between layer 1 and layer 2, both ways. You can use, you can send and some message with some funds from layer 1 to layer 2, and it will eventually appear there, and will interact with the contract.

And you can do it the other way around, or you can have Atomic transactions within layer to that that happened inside once in transaction, but you can, you can't extend that to layer 1 to layer 2. Okay, so you can have Atomic transactions just as you do on their one, but there's no Atomic transactions like between R1 and R2, correct? So what are the applications that you would say ZK sink is particularly well suited to? Or do you think it's equally

well suited to all applications? I personally think that most applications within a year. We'll be on Decay roll up. Most of the theorem will migrate Izzy, Kerala by. I can't imagine any alternative. Like I just don't see a plausible alternative to that because Ezekiel up offers Superior properties to any other scaling solution. So I don't get me wrong. I'm really excited about is

getting Solutions launching. Now, it's really important that if you're in can scale today, Ev even if we have to take some trade-offs into account, but me to log term is e. Key. Roll-Ups are just better in every possible regard. I don't see any other any reason

not to be on the Z key role. So they are cheaper, even if you just compare the the Z key, the role of transactions, they cheaper than let's say optimistic Roll-Ups because you need to put this data on chain and you also can have some super linear scaling if multiple accounts if the Same accounts do multiple transactions in the same block, which is, for example, the case, if you if you do a lot of frequent Oracle updates because the Oracle updates only modify a single

variable on the contract. So you can do it like multiple times and then at the end, you will only have one single update of the state or as an optimistic grow up, you'll have to post every single Oracle updates every so they cheaper on the roll-up side. They have the option of these super cheap side. Like Zeki Porter still with much improved security compared to side chains because the validators, the Guardians Of Z q. Porter can never corrupt the state.

The only thing that can go wrong with the Z key partner, is that the state has frozen, which is unlikely, because then how you're going to exploit this? It can you would you would have to Blackmail user somehow, it's complicated. So a lot more complicated than in the side chain where you can just grab all the assets and move them.

Two different atoms. And you have really nice properties with user experience because the finality is fast, you can withdraw funds instantly from from the row up. You can withdraw any fifties instantly. You don't for entities. There is no mitigation for for any fraud, proof based system. You will have to wait exactly one week for your nft to go from layer to layer one, but even for fungible tokens if you want to move some small amount of fun.

Than the entire Chain Solutions, some State payment channels will help you. But if you want to move half of the value locked in some protocol, that's probably going to be problematic. It won't work as easily. So all of these problems are solved to secure our laps. So as soon as we can support fully VM compatibility and it in, and it's hip. It's been proven and everyone sees that it works on their one. We expect most protocols to just go to Ezekiel up. So, what's the blocker with the

evm compatibility? Because that's not live on Main net yet. Right? That's still untested. So, that's that, that's kind of built being built. So we just released our first test that with is e KD M. And there is no block or anymore. I can I can explain what was the blocker. Why it was only possible to build this here? Why it was not not considered before I gave a couple of talks on this. So essentially the first Hero ups were application-specific.

They could only do some very limited fixed functionality, for example, transfers or or mmm or decks, but it was limited to to one function, which could be repeated multiple times with smart contracts. The challenge was that users want to Define smart contracts themselves, and each smart contract can be different in terms of code. And in terms of Of the execution.

Length of this code execution Trace can vary depending on the data you provide us input and depending on the function call and what on What contract equality and this was very hard to wrap in zero knowledge proof, like zero-knowledge proofs require the programs for which we can construct socks and approve something visual statements to be converted

presentable. As arithmetic circuits you can Think of it, as a as they like, as a physical circuit, you have some inputs, and then it goes through some gates in like one one-way flow without without that loops. And then at the end, you get some results. So the other way to think about it is a is a just a function mathematical function. F from X is equal to a plus b times C value. I know.

It's a very complex expression but it's a single expression is no way to encode Loops in this expression. There is no way to encode conditionals, except for just like build, two, branches of this conditional statement separately and then combine them conditionally. Like, if we wanted to go to the left Branch, then take this result. If you want to go to the to drive Branch take this result, but that, that's some fixed structure which you cannot program.

So, how you add, Bility, so that was the big challenge there were multiple approaches that allow that one was called. Tiny Ram where you build a snark, which does not prove any particular program, but can prove any program by executing the opcodes of this program at every execution step.

It's a bit hard to explain in on the podcast without the visuals without going, like making some pictures, but you can imagine just like a mathematical function, that executes every possible, opcode at every possible step. Just one big Matrix and times M, where one side is the number of opcodes, which you have in your virtual machine and the other dimension is the number of steps. Would you have to go to up to the very maximum? If you do it naively? That would be very expensive.

That would give you a 1000 X over had over. What, what is possible to prove in snart's and snacks are already not cheap, you know, like we in our estimates, the transactions on Zeki sink 2.0 will cause something around one cent per transaction for most defy protocols. The one cent is okay, but if you if you did like thousand X, it will be hundred dollars for each Passage. Action, which would be a no go. So we needed some way to optimize that and it came with recursion.

So it I won't be able to explain it. Now, why like what, what how? Recursion gives us the ability to combine multiple contracts together, but I'll just say that recursion is one of the necessary components and we just did not have sufficient recursion only cerium before last year, the first implementation that was life on test net over aggressive snark was I met a lapse for the Reds getting charged which we deployed. It was August. It's now live on Ziggy sink 1.0

since January this year. So it took time for the solution to get mature. Now with recursive proves. The rest is is like more an engineering effort. Now, you can have all up codes that the evm also has plus the precompiled. We don't have the same opcodes

as evm. What we, what we have is a separate virtual machine, which is optimized for Starks with the separate opcode set, which we take this solidity programs, and we trans compile them into this new virtual machine into the opcodes for this new virtual machine. What did have helped you have for the bft signatures?

Had had already been shipped? It would help us if we had support, like, we could have implemented a question earlier, maybe two years ago if we had support for different elliptic curves on ethereum, but not BLS, not be less 12, rather. We would need something like being T curves which are much larger. They have something like 700 bits length as opposed to 256 5054 that we have four full BLS and the m256 curves which we currently use.

On Syria, but and we actually implemented a precompiled for that. It just never got accepted. Okay, so one question that I've wanted to ask for a while now, so we've talked about scalability for a long time now, but basically as you said in the very beginning is your knowledge is obviously lends itself really well to privacy as well. And this was how almost everyone initially approached this in 2017 when I kind of entered the scene. So do you plan on using this for privacy as well?

Because it seems like something that you would probably be able to get quite cheap, you know. Absolutely, you can actually get privacy out of box with the scan type of solution with Ezekiel UPS because for the transactions that contain some snarks for privacy, you don't have to publish the proofs on chain. It's sufficient to have them as a witness, or as input of the transaction, which you just omit in the final block, but you verify them in as a part of your blog proof.

So that means that you will be able To implement something like easy, cash protocol on top of the G string, and the transactions will show the transactions. In this protocol will cost almost the same as normal transfers just to slightly more expensive. That's really cool. So we don't intend to do it in metal ABS, but we guess we want to remain a neutral platform where everyone can build stuff and we don't want to intervene

and build our own applications. But we talked to a couple of projects who are, who have interest in quaint tending, to build privacy Solutions on top of Sikhism. You just talked about matter Labs. Just circling back to that. What's the what's the business model here with ZK? Saying? How do you intend to make money as a company with us? So as a company, we will there are multiple ways to approach this from the company's perspective.

So they will be talking involved and them, they might be some ways to monetize the token. There might be some Services, we will be building, but in general, is EK sink is going to be decentralized protocol, which is owned by the community, Not By Any Given company. And the, the will be, of course, a token, which can be used for staking. To become a validator and to become the kissing, Guardian. We're talking about the turcan earlier when with the token be

launched. We will have to launch it before Zeki or together with the casing 2.0, because we'll need it for this EK Porter. So, just kind of zooming a little bit. I mean, we did talk about this during the show to some extent and you were pretty confident that moves to the usage of etherium, would move to 2zk

sink. That seems like an incredibly huge feet, you know, to move like all the theorem applications and like, all of the liquidity and like all of the usage basically from the main net to a layer 2. And, you know, I'm sure that's like it's desirable, right? To have that extra transaction. Throughput We're going to need it. And like I think like ZK think is one of many solutions that can offer that but what's necessary for that to happen? Cuz it seems like a very chicken

and egg problem. If we have congestion on the theorem Network today. It's because most of the apps are being built there. That's because most people are using it. What is the sort of Black Swan event? That happens? That makes it such that, you know, this flow of usage and and tokens start moving into layer twos and specifically like into

Z guessing. So I just want to correct and say that, I believe that the most applications will be on Zeki Roll-Ups. So maybe not necessarily engine casing, but I believe that the very large part will be on the casing because we planted the only Ezekiel up with EDM compatibility. And from, from what we learned from Market is a lot of projects strongly prefer to have the same code base across layer 1 and layer 2.

And this is why they will. I believe they will Most likely launch and decreasing rather than others. You can roll ups, but there might be other projects who do not care about that and can Implement can work with different languages and maybe they will prefer other zika Roll-Ups, but it will be all 0 laughs. That's for sure. That there is no doubt about that long term. It's only secure laughs and why everyone will move from layer 1. It's very simple.

If the gas prices, will just go up back to where they were at the worst stance. And either price will likely to go up. Up. So the transaction costs will be just enormous it. Like it will just naturally push all the users from layer 1 to layer 2, even the whales. Eventually what it will take is first and foremost, the Linda - of where two solutions. So they must remain operational for a pretty long time for

everyone to get confidence. It's never enough to just publish something and say, oh we audited it and now you're you should Tuesday, this is the solution is totally safe. It's never the case. It always have to stand the test of time and the things might happen. There might be bugs. There might be some, some problematic situations. We are planning for that. We are actually just announced an introduction of Z kissing Security Council and the multi-factor approach to

security and we like it works. Roughly as we will have the validators who first validated transactions natively and only if they believe the transaction is valid then they will generate this, your knowledge Crooks for it. So that not everyone can generate your knowledge proofs in and immediately submit them to aetherium.

And if something goes wrong, we will have some people who are trusted by the community to intervene and read shorten the Grades up, great time for, for introducing some fixes because currently the zika sink upgraded, the casing is an upgradable protocol, but we have a long, notice period. Any change has to be announced in advance for the community and only after a couple of weeks passed and everyone who didn't like, it had a chance to opt out is the change in exit.

But like, coming back to the question, we believe that. That there must be some time for this particles to mature and get trust. Once this happens. We will see a gradual migration tool. Be not, like overnight, but more and more liquidity, and more, and more users will move from layer 1 to layer 2, until eventually it flattens where one itself, and like, most of to, it

happens all there too. Cool, where can people go to find out more about matter labs, and CK sink and all of the great research that you guys are doing. Zeki sync dot IO has a pretty comprehensive documentation. But for the end users we have some FAQ which are very structured. And for the developers with, with code Snippets with with getting started, guides development of mutation everything. Great, Alex. Thanks for joining us today.

It's been a pleasure Alex. Thank you guys and thanks to all the listeners. Thank you for joining us on this week's episode. We release new episodes every week. You can find And subscribe to the show on iTunes Spotify, YouTube SoundCloud or wherever you listen to podcast. And if you have a Google home or Alexa device, you can tell it to listen to the latest episode of

the epicenter podcast. Go to epicenter dot TV /, subscribe for a full list of places where you can watch and listen, while you're there, be sure to sign up for the newsletter. So you get new episodes in your inbox as they're released if you want to interact with us guests or other Pike, Cast listeners. You can follow us on Twitter, and please leave us a review on iTunes. It helps people find the show, and we're always happy to read

them. But thanks so much and we look forward to being back next week.

Transcript source: Provided by creator in RSS feed: download file
For the best experience, listen in Metacast app for iOS or Android