ZK-taskforce Meeting Minute - Feb 24 === :::info - **Location:** meet.google.com/pjb-zczn-mnp - **Date:** Feb 24, 2022 3:00 PM (CET) - **Agenda** 1. Walk through project goals 2. Team organization 3. Sprint planning - **Participants:** - Aida - Vassil - Vidal - Gal - Angelo - Wolf - ~~Billy~~ - Vlad ::: :dart: Project Goal --- We had a discussion about ZK proofs and what their role could be within IOTA. The main use cases would be for smart contract rollups (replacement for Assembly) and for supporting Tangle Trees. We don’t have enough in-depth insights into ZK proofs to judge the feasibility though so we need to form a taskforce around the research for this. The conclusions we came to based on our limited knowledge are: - ZK rollups could be very powerful and could potentially fully replace trust on L2 by trust on L1 - ZK rollups have not really proven themselves yet as a viable option for securing L2 chains due to complexity and the resource cost/time of generating proofs. They are not battle tested yet or have limited functionality. - It will likely be many years before ZK rollups have evolved enough to potentially secure smart contract chains in a performant way and it’s not a given this will happen despite all the active ongoing research - It might be easier for TangleTrees if there’s no scriptability in tangle, L1 scriptability might make this infinitly harder - We could add hard-coded support on L1 for a certain ZK proof verification if we need that We need the new taskforce to keep good track of the progress here but realistically we likely won't be able to practically use this in the next couple of years. Some questions the taskforce should be able to answer are: - Will L1 scriptability be in the way of implementing ZK proofs for TangleTrees? - If we want to support ZK proofs for smart contracts do we have to limit ourselves to just EVM and nothing else to make sure things don't get too complex/hard to compute? - Whats the current state of generating proofs for utilized EVM chains, as in how long does the proof generation and validation take? - How battle tested are ZK proofs and what exploits have been found so far if any. How likely is the chance that false positives can be created? - Added: does the performance/efficiency of ZK rollups, even in the future based on projected research, align with our requirements for participation in the protocol or will ZK proofs be to computationally expensive/prohibitive? - What are the common ZK-techniques? - For instance - Bulletproofs - Halo (1 & 2) - Snarks, snorks, and starks - Sonic and superSonic - Marlin - Plonk - Fri-starks - redShift - Verifiable encryption would possibly be a good place to start - What are their abilities? - What are their drawbacks? - What are the best ZK implementations? - What types of primitives do they require? - For example, do they require a zk-friendly hash function like Poseidon? - Committment schemes - Pedersen - ElGamal - (KZG) Kate - IPA - FRI - DARKS - KVaC - How fast are they? - Which one can be used in production ready code? - How do ZK rollups work? - What are the most promising ZK rollups out there? - E.g. zkSync - What are their disadvantages? - How do stateless DLTs (e.g. Mina) work? - How can we use ZK techniques to make light nodes? - We would like to focus on the recursive abilities of ZK techniques We should research this but we can't practically do ZK rollups anytime soon. ## :building_construction: Team Organization ideas - **Focus** - each topic must be addressed with respect to IOTA goals - Split topics into sprints of 1-2 weeks (we have between 8 to 16 sprints ~ 4 months) - Work in couple whenever possible - write-up - presentation? - QA/Feedback from other members - Report: markdown VS overleaf VS gdoc VS ... - Potential structure: - Taxonomy of ZK-techniques with respect to their use in DLTs, e.g., state verification, state compression, privacy, scalability etc. - Projects based on / using ZK-techniques - ZK techniques / building blocks ## :books: Sprint Planning - commitment schemes (Vassil - Vidal - Aida): - Pedersen - Elgamal - Kate - *maybe involve Evaldas and Vlad wrt what has been done with ISCP (verkle-trees, kate) - List of interesting projects (Angelo ) - Mina project (Gal -) ## Notes <!-- Other important details discussed during the meeting can be entered here. --> - Vlad to prepare a presentation for next week - Everyone to have a look more in general