# A blockchain dedicated to verifying SNARKs The most straightforward way to store zkSNARKs/signatures when building privacy dApps or signature-based dapps is to upload them on Filecoin, Arweave, etc. Although, storage networks are for storing data and not for “executing” it. Such diremption in the problem and the solution leads to a vulnerability against **really cheap** DoS attacks. On the other hand, storing and verifying proofs on Ethereum is too expensive for non-financial dApps. As more dApps that don’t involve monetary transfers come into existence, more variety of infrastructure will be in need. In this write-up, I briefly describe a public blockchain dedicated to verifying zkSNARKs, that could aid dApp developers in the coming years. ## Anatomy of invalid proofs denial-of-service attack Let’s say we store the zkSNARK proofs on Arweave (a decentralized storage network). We define the parameters as follows: - Proof size 1KB - A Groth16 proof is 131 bytes, but we set the proof size larger (as of different proof systems) here to make the DoS attack a little harder - Proof verification time - 50ms Storing 1GB of data on Arweave costs [approximately $3](https://ar-fees.arweave.dev/). Therefore, an attacker can store 1 million invalid proofs for $3. And a million invalid proofs will take 0.05 * 1,000,000 = 5000s ~ 1.4hours to go through… And with Filecoin it’s even cheaper! ([$<1/year for 1 TiB!](https://largedata.filecoin.io/#pricing)) The reason for such DoS vulnerability is simple: Storage networks only charge for the storage, and not for the proof verification. The cost of verification comes down to whoever cares about the proof. The above simulation is done with zkSNARKs, but we can make a similar estimation of the cost of a DoS attack on signature-based dApps like [Snapshot](https://docs.snapshot.org/). ## Some solutions (that don't work) - Require the Arweave account (something equivalent to an EOA in Ethereum) that stores the proofs to be registered somewhere. - This would be a semi-centralized solution where someone/some DAO needs to decide who’s allowed to submit proofs. And the eligibility requirements should be really high since the cost of a DoS attack is pretty low! - Require to store some pre-defined dummy data along with the proof, to reflect the cost of verification to the cost of storage. - This could work, but obviously, it will unnecessarily clog the storage network. If we want to require to pay $0.1 to store a single proof, with a million proofs, in Arweave the overall data would be 300TB in size…just for the proofs. That could become the new Proof of Work that unnecessarily consumes a large amount of resources. Ethereum is too expensive, and decentralized storage networks are too cheap. We need to settle on the middle ground. ## A solution that could work We can imagine a public blockchain that is dedicated to verifying zkSNARKs at scale, that compromises in decentralization and consensus speed compared to Ethereum to gain scale. Such blockchain will fit in the category of purpose-build blockchains/p2p-networks, such as - The Graph - The nodes index data from various sources. (mainly Ethereum) - Arweave - Miners store whatever data they are presented. - MUD - EVM, but a lot more centralized compared to Ethereum, and the ecosystem/libraries are dedicated to game dev. All of the examples above compromise either decentralization/consensus speed to store more data for some particular use case. With reasonable design, a public blockchain for zkSNARKs verifications could suffice the requirements for non-financial dApps at scale.