# Comparing Nescience to Privacy zkVMs In this document we compile a list of ecosystems and integration of the privacy zkVMs from the list of zkVMs. Spec --- ifically, we examine: RISC Zero, Aleo, zkMips and zkWASMs. At the end of this document, we compare and contrast these zkVMs to Nescience's design goals. ## RISC Zero ### Status zkVM 1.0 launched [June 17th, 2024](https://www.risczero.com/blog/hello-zkvm-1-0). ### Appeal RISC Zero's progress and use of RISC-V for ISA appears to be appealing to many projects and developers. ### Ecosystem RISC-0 provides [examples using Ethereum](https://dev.risczero.com/api/blockchain-integration/bonsai-on-eth). Along with Ethereum, RISC-0 provides an open-sourced tool [Bonsai Pay](https://www.risczero.com/blog/bonsai-pay) which allows the user to outsource the proof generation to different hardware. **Bonsai Pay's repo is still up, but RISC-0 no longer provides the service itself.** RISC0 has a [specialized version](https://github.com/risc0/risc0-ethereum) that works with any chain that uses the EVM. RISC-0 has created a [large ecosystem](https://www.risczero.com/ecosystem) of its own consisting of apps and integrations. ### ISA RISC0 uses RISC-V. Specifically, RISC-0 emulates a RISC-V computer. The languages that the SDK (currently) support are C++/C and Rust. ### Compatibility with Nomos WIP ## Aleo (snarkVM) ### Status Testnet Beta. [Announcement](https://aleo.org/post/announcing-testnet-beta-prover-incentives/), [Getting Ready for Testnet Beta](https://developer.aleo.org/leo/testnetbeta/) and [Explorer](https://explorer.aleo.org/) ### Appeal If you're on the Aleo blockchain. ### Ecosystem snarkVM appears to be only compatible with Aleo's blockchain. There is a [list of applications](https://aleo.org/ecosystems/) built on Aleo. This list consists of 3 projects: one for each of the following identity, gaming and Zefi (Aleo's wallet). ### ISA Aleo Instructions **Note:** Contracts are written in Aleo's [Leo language](https://www.leo-lang.org/). This language is similar syntax to Rust, and share some similiaries with Javascript and Scala. ### Execution Types Transactions in Aleo are (default) private. Specifically, there are no public transactions. By extension, there are no deshielding or shielding transactions. Since every transaction is private, then the user's privacy is maintained. **For regulatory reasons, a viewing key for each account exists that can decrypt an account's entire transaction history.** ### Compatibility with Nomos WIP ## zkMips ### Status [Alpha Testnet](https://www.zkm.io/blog/zkm-launches-alpha-testnet) launched February 20th, 2024. ### Appeal Developers can use their language of choice that compiles to MIPS. Alternatively, as other zkVMs can be ran on zkMIPs, enabling compatibility across any smart contract language. ### Ecosystem zkMips has an [Entangled Rollup Network](https://www.zkm.io/entangled-rollup) that bridges Optimism, Polygon, Avalanche, BNB Chain, Fantom, Solana, Arbitrum and Metis. This allows for multi-chain applications and protocols. zkMips is designed to have other zkVMs run on it. Thus, increasing it's compatibility. ### ISA MIPS (Microprocessor without Interlocked Pipeline Stages) instruction set. Note that MIPS has been opensourced since 2018. **Why MIPS instead of RISC?** "MIPS offers greater stability and compatibility with higher-level languages." The longetivity of the MIPS instruction set without being altered offers the stability that zkM team desired; EVM instruction set and RISC both have changed numerous times. Developers can compile Golang into MIPS instructions. **zkMips does not presently support other languages.** ### Compatibility with Nomos WIP ## zkWasm ### Status [roadmap](https://delphinuslab.com/zk-wasm/) 2024 - Working on development SDK 2025 - Decentralized chain that can be used as a bridge between multiple blockchains. ### Appeal A toolset for traditional web2 developers to use web3 in their applications. ### Ecosystem Presently, (Delphinus Lab's) zkWASM does not appear to have a built in ecosystem with other blockchains. However, zkWASM's capability with multiple web2 languages (listed below in ISA) will greatly influence it's adoption upon release. Delphinus Lab has a [zkWASM Task Explorer](https://explorer.zkwasmhub.com/). At the time of compiling list: 670 applications, 29478 proofs generated, average proof time 40 seconds. (Delphinus Lab's) zkWASM is supported by zkCross' [Golang SDK](https://github.com/zkcrossteam/zkWasm-service-helper) **Disclaimer: the original REPO linked in [zkcross' medium article](https://blog.zkcross.org/introducing-the-zkwasm-service-helper-go-sdk-55a78938b7c1) does not exist anymore.** The SDK allows users to communicate between zkwasm's backend and a smart contract. **Notes:** - Polygon Labs and Near [announced zkWASM](https://explorer.zkwasmhub.com/) are adding zkWASM as a useable feature of Polygon CDK (Chain Development Kit). **Disclaimer: As far as I can tell, this is the same zkWASM and not a 'new' zkWASM. However, the references I have found so far do not confirm this.** - Expected launch in 2024. - Would be used by NEAR layer 1 Provers. - Not to be confused with the zkWASM [Layer 2](https://medium.com/@altan0870/fluent-513a3b32996d) for Ethereum called Fluent. - Appears to be different zkWASM from [hyperspaceZK](https://hyperspacezk.com/docs/zkwasm/quickstart). - Outside of Delphinus Lab's zkWASM, zkWASM appears to be used as a generic term for wasm in web3. Whether zk stands for zero-knowledge or succinct. ### ISA WASM **Note: C/C++ Rust, AssemblyScript are supported by WebAssembly. That is, these languages can be compiled to WASM. There are experimental support for Python, Ruby, PHP and Go.** WASM language support makes zkWASM accessible for many teams without the need to upskill. ### Compatibility with Nomos WIP ## Comparison to Nescience Nescience is a privacy focused zkVM designed with the flexibility for users to a variety of execution types. An user can select fully public transactions or fully private transactions that exist in separate states. Further, the user can choose to perform executions between these states. Further, Nescience is designed to be compatible with any blockchain. The other privacy zkVMs that we have examined do not have separate states. RISC-Zero, zkMips and zkWasm are designed to interact with any blockchain. This limits the level of privacy that they can offer to users. Specifically, the masking of user addresses is not a feature that is offered by these privacy zkVMs. On the other hand, Aleo only has a private state which limits its ability to interact with other blockchains. | zkVM | ISA | EVM <br> compatible | non-EVM <br> compatible | |----|----|----|----| |Nescience| - | :heavy_check_mark:| :heavy_check_mark:| |RISC-Zero| RISC-V| :heavy_check_mark:|:heavy_check_mark:| |Aleo(snarkVM)| Aleo | :x: | Aleo only| |zkMips| MIPS | :heavy_check_mark: | :x:\*| |zkWasm| WASM |:heavy_check_mark:| :x:\*| \*: zkMips does not specify that it is not compatible with non-EVM chains, but all of the chains in its ecosystem are EVM compatible. | zkVM | Data <br> Confidentiality | Data <br> Integrity | User <br> Anonymity | Transaction <br> Privacy | Access <br> Control | |---|---|---|---|---|---| |Nescience| :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark:\*\*| :heavy_check_mark:| |RISC-Zero|:heavy_check_mark:|:heavy_check_mark:|:x:|:heavy_check_mark:\*\*\*|:x:| |Aleo(snarkVM)|:heavy_check_mark:|:heavy_check_mark:| :heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| |zkMips|:heavy_check_mark:|:heavy_check_mark:|:x:|:heavy_check_mark:\*\*\*|:x:| |zkWasm|:heavy_check_mark:|:heavy_check_mark:|:x:|:heavy_check_mark:\*\*\*|:x:| \*\*: Nescience offers flexibility in transactions due to the availability of public, private, sheilded and deshielded transactions. \*\*\*: zkWasm, zkMips and RISC-Zero offer privacy of the confidential data in a given transaction. Nescience's use of separate states enables Nescience to add complete privacy to non-privacy chains. Specifically, a user can use a shielded transaction to switch to the private state. While within the private state, the user can produce proofs that are not associated to their public address. This is not something possible with RISC-Zero, zkMips or zkWASM. In the case of RISC-Zero, the projects in [its ecosystem](https://www.risczero.com/ecosystem) do not appear to offer full privacy as Nescience does. Additionally, this is not possible for Aleo since Aleo exists within its own ecosystem. RISC-Zero's and zkWASM's choice of ISA provide developers with the ability to develop for those zkVMs without learning a specialized language. zkMips offers this to a slightly lesser extent, but does promise to offer additional support. Nescience would do well to adopt a zkVM framework that streamlines the development process of applications to encourage adoption. zkMips' choice of MIPs as its ISA offers long term stability. MIPs was first introduced nearly 40 years ago, and last updated 2014. RISC-V was first introduced in 2014, and (appears) to be last modified in 2019. Finally, WASM was first introduced in 2017. This led the zkMips team to opt for an ISA that is not likely to change to minimize upsets in the longetivity of their zkVM. While the concern that the foundational ISA may be updated in the future resulting in incompatibilities, for Nescience this is outweighed by the benefits that RISC-V offers developers. zkWasm and Aleo both have a block explorer. An interesting inclusion of zkwasm's block explorer is the inclusion of the average proof time. This provides a realistic view of how 'efficient' a given zkVM is. This is currently not in Nescience's design. Nescience's support for garble circuits and MPC protocols offer additional security and efficiency by allowing for distributed computations. The only privacy zkVM that we've examined to use MPC is Aleo. However, as Aleo only benefits users in the Aleo ecosystem, this restrict the impact that MPC can offer. This is a critical advantage that Nescience can offer for any blockchain.