Fully Trustless Evolution for Stateful Multiple User Applications

# Fully Trustless Evolution for Web3 Applications ## 1. Background: a dilemma As the blockchain industry develops, Web3 applications face a dilemma. On one hand, building applications on centralized servers contradicts the decentralized spirit of blockchain. A typical Web2 practice often allows centralized servers to control user data, disregarding user privacy, data sovereignty and immutability. This creates risks of data breaches, centralized manipulation, and malicious actions by project operators. On the other hand, due to the limited throughput of current mainstream blockchains, running Web3 applications entirely on-chain is impractical. A Web3 game running entirely on the blockchain would inevitably lead to a situation where transaction fees are high, gameplay is not smooth, and the user experience is poor. This raises the question: How can we achieve a fully trustless evolution for blockchain applications, striking a balance between decentralization and user experience? ## 2. Think out of the box: off-chain execution and on-chain proof Since the on-chain execution speed is too slow and off-chain execution lacks trustlessness, we might as well think out of the box and consider: is there a way to leverage the speed of off-chain execution while ensuring its credibility? Thanks to the technology of Zero-Knowledge Proof (ZKP), we do have a solution to achieve this goal. The key recipe is **off-chain execution** and **on-chain proof**. Applications can place non-core logic and global states off-chain, while core application data including rules, user accounts and global state root are stored on-chain. The actions and operations within the application are run in a Zero-Knowledge Virtual Machine (ZKVM), which can generate zero-knowledge proofs to prove that the execution results are correct. The off-chain state change along with the proof can then be submitted to the blockchain, where a verifier is able to prove its correctness. Afterwards, the core on-chain data will be updated and the settlement callback will be performed. This approach ensures user experience by executing off-chain; simultaneously, since each step of execution can be verified on-chain, trustlessness is not compromised. Here is a schematic diagram below showing the model of off-chain execution and on-chain proof. ![ZKWASM off-chain execution on-chain proof Overview](./img/OEOP.png) Adopting this model, applications can maintain trustless characteristics and avoid the risks of centralization, while still providing a smooth and fast user experience. But is there any room for improvement in this model? Yes, as you can see in the diagram, a new type of ZKVM called ZKWASM has been applied to this model. ## 3. The powerful tool: ZKWASM There have been many types of ZKVMs currently available on the market, but they are all built on top of the Ethereum Virtual Machine (EVM), commonly facing issues with execution speed, flexibility, and interoperability. We introduce ZKWASM, an emerging technology, which can offer a better solution. Before elaborating further, here are some concepts that need to be explained first. * **ZKVM** Zero-knowledge Proof (ZKP) is a cryptographic technique that allows one party to prove to another that a given statement is true, without conveying any information beyond the mere fact of the statement's truth. ZKP enables privacy and efficiency in verification, as anyone can verify the correctness of an execution result without needing to know the details of the execution. A Zero-knowledge Virtual Machine (ZKVM) is a virtual execution environment that can run programs and generate zero-knowledge proofs for each step of a program to ensure its correctness. * **WASM** WebAssembly (WASM) is a binary code format designed for fast execution, matching the performance of native applications, especially in web browsers. It serves as an effective compilation target for languages like C and Rust, focusing on speed, efficiency, and security. WASM notably enhances web performance and expands web functionalities. WASM can bring powerful computing capabilities to web pages, such as image processing or gaming. With WASM, it's possible to create a web version of Photoshop that runs well, or a 3D game that runs in the browser at 60 frames per second or even higher. WASM has the ability to run games efficiently on the browser, opening up possibilities to excel in many other applications. As early as 2018, discussions began within the Ethereum ecosystem about using a WASM VM for smart contract virtual machines, as it was considered to have better performance than EVM. WASM VM can eliminate the dependence on precompiled contracts, offer faster execution speed than EVM, and is expected to significantly increase transaction throughput, as well as greatly reduce the costs of contract deployment and transactions. Additionally, WASM VM can expand the range of languages available to smart contract developers, supporting the use of any high-level language compatible with WASM, such as Rust, C++, and JavaScript, for developing and writing complex logic. * **ZKWASM** In short, ZKWASM is a ZKVM that supports WASM. This is an emerging technology, and its inventor, Delphinus Labs, has open-sourced the code for ZKWASM. The entire WASM virtual machine is embedded into ZK circuits, allowing existing WASM applications to run on ZKWASM with few modifications. ZKWASM allows developers to verify the correctness of computations without having to re-execute them. By leveraging ZKWASM, developers can flexibly use various programming languages to build ZKP applications that can execute seamlessly in web browsers; cloud service providers can prove to any user that computations are performed honestly, without revealing any private information. ZKWASM offers a variety of use cases, such as enabling ZK proofs of some operations within browsers to be put on-chain, making web operations verifiable on the blockchain. Other applications include oracles, gaming and social applications. As adoption increases, ZKWASM will expand the possibilities of Web3 and bring Web2 developers into this transformative landscape. Through the ZKWASM implementation by Delphinus Lab, developers can harness the power of ZK proofs to enhance the security and privacy of their applications, paving the way for a more trustless and decentralized blockchain framework. ## 4. Our approach: ZKCross Development Kit Summarizing the previous discussion, we advocate for a fully trustless model based on ZKWASM that features off-chain execution and on-chain proof. In order to realize this model, we introduce ZKCross Development Kit. This toolkit includes ZKCross SDK, ZKCross Node, ZKCross State Service, and some other facilities. By configuring the SDK and starting the node, developers can build a ZK rollup easily from scratch. * **ZKCross SDK** ZKCross SDK is a client-side SDK that includes implementations in multiple languages such as JavaScript, Go, C, and Rust. As a comprehensive hub of various APIs and toolsets, it is designed to help developers quickly develop blockchain applications using common languages. ZKCross SDK offers standardized interfaces for integration with various Web3 services, including data availability, settlement, and state management. It also provides common API functions like Jubjub signatures, Poseidon hashing, and random number generation, enabling WebAssembly dApps to leverage these capabilities efficiently. * **ZKCross Node** The ZKCross node serves multiple roles, including sequencer, WASM executor and prover. Its primary function is to execute WASM binary code and process batches of ZK proofs created by the ZK prover network, subsequently posting them to the settlement layer for future verification and settlement. Additionally, it stores transaction data in data availability services. The node also bridges the gap between dApps and other necessary services, simplifying integration for developers. The ZKCross node can assist blockchain applications in multiple functions such as generating proofs, ordering transactions, and packaging blocks. The node also enables dApps to interact with different blockchain modules, providing a unified adapter layer where services such as settlement, data availability, and Verifiable Random Function (VRF) can be easily integrated. As a result, developers only need to integrate the ZKCross SDK to access these functionalities. Here is a flow diagram of how the ZKCross node works: ![ZKCross Node](./img/zkcross-node.png) * **ZKCross State Service** ZKCross State Service provides a key-value pair database (kvDB) service compatible with ZKWASM that can be accessed by the prover to generate ZK proofs in conjunction with your application. This ensures your stateful app is end-to-end verifiable through ZK technology. ZKCross State Service holds the responsibility of maintaining user session states and recording information about previous requests and interactions, which is very important for dApps to support a broader range of user cases. * **ZKCross dApp Templates** ZKCross dApp templates offer a foundational framework that is crucial for developers to start new projects. These templates provide standardized boilerplate code and configurations essential for constructing, loading, and running WASM binaries, as well as establishing communication channels between them and users. Furthermore, the templates include pre-built models for ZK proof generation and submission, Web3 account integration, smart contract invoking, and settlement triggering. ## 5. ZKCross: advantages ZKCross's solution based on ZKWASM has several advantages: modularity, cost control, end-to-end trustlessness, statefulness, and support for high-level languages. These advantages will be discussed in detail below. ### 5.1 Modularity and Cost Control ZKCross's modular design supports various blockchain protocols, enabling dApps to operate across different networks without being limited to a single ecosystem. This interoperability is crucial for developers looking to reach a broader audience and for users seeking seamless interaction across platforms. Moreover, developers can choose which components to implement based on their specific needs, which allows for a high degree of customization. Whether it’s optimizing for faster transaction speeds or enhancing data privacy, ZKCross’s modularity enables a tailored approach that can adapt to the diverse requirements of different dApps. Additionally, ZKCross also has advantages in cost control. The costs of this system primarily stem from the following areas: sequencing services, data storage, proof generation, on-chain verification, WASM contract execution, and so forth. Due to ZKCross's modular design, developers can always choose the most cost-effective components, thereby reducing development costs. ### 5.2 Trustlessness and Statefulness ZKCross operates application servers within ZKWASM. It generates ZK proofs to verify to the blockchain that the execution result of the state data is correct. As a result, the server cannot manipulate the data it sends to the blockchain. Moreover, the communication channel between the application and the on-chain protocol is secured via zero-knowledge proof. Therefore, the end-to-end trustlessness within this setup is guaranteed. Unlike stateless applications, which treat each request independently without retaining session data, applications based on ZKCross keep data from previous interactions, allowing for personalized and context-aware experiences. Zero-knowledge proofs (ZKPs) play a big role in enhancing statefulness. They allow for the verification of data integrity and correctness without disclosing sensitive information. With ZKPs, stateful applications can transition from a traditional trust model to a trustless paradigm, where users can verify the validity of data and transaction without needing central authorities. ### 5.3 High-level Language Support Using high-level languages and tools rather than rewriting applications in current smart contract languages like Solidity has many advantages, including minimizing development effort, leveraging existing expertise, boosting productivity, and future-proofing applications. High-level languages are crucial for speeding up blockchain technology adoption and fostering innovation in decentralized application development. A key advantage of using high-level languages is the ability to use existing codebases and development expertise. Many traditional applications are written in widely understood languages like JavaScript, Python, or Java. These languages have substantial developer community support. By using languages that developers already know, organizations can shorten the learning curve and smooth the transition to blockchain platforms. Moreover, high-level languages usually offer advanced features, libraries, and frameworks that can boost developer productivity and speed up the development process. These languages are designed to simplify low-level complexities and provide intuitive syntax and semantics. This lets developers focus on solving business logic instead of wrestling with the intricacies of blockchain programming. Lastly, these languages usually have robust tooling support, including integrated development environments (IDEs), testing frameworks, and deployment pipelines. This assists with the entire software development lifecycle. ## 6. Example: building a game in ZKWASM To build a game application in ZKWASM, we can view the development of games from the perspective of the Model-View-Controller (MVC) pattern. The Model encapsulates the game's data and logic, encompassing the game state, such as scores, levels, and player statistics, along with game objects and the rules that dictate the dynamics of the game world. The View is responsible for displaying the game state to the player. It handles rendering graphics, playing sounds, and showing UI elements such as scores, health bars, and menus. And the Controller processes user input from keyboards, mice, gamepads, or other input devices and converts it into actions within the game. Since the game logic is separated from presentation, the Model becomes the only part that requires trustless execution. By integrating the Model into ZKWASM, the core mechanism of the game is naturally verified as the game progresses. Assuming the controller is linked to the Model through a set of model handlers, we can implement a command encoding/decoding layer between the controller and the handler in the following way: ``` struct GlobalState { ... // Define your game state here } enum ControllerTag { A, B, C } /// The controller in MVC fn controller_A (c) { let handler_cmd = encode(A, c); model.handle(handler_cmd) } fn controller_B (c) { let handler_cmd = encode(B, c); model.handle(handler_cmd) } fn controller_C (c) { let handler_cmd = encode(C, c); model.handle(handler_cmd) } /// The model in MVC fn handler(command) { match command { A => {}, B => {}, C => {}, } } /// View fn render(global_state: GlobalState) { // display your game UI based on global state } ``` We can view the gameplay as a sequence of calls from the controller to the handler. Therefore, the ZK proof of trustless execution for these gameplay elements is roughly equivalent to a ZK proof of the code below: ``` fn execution(cs: Vec<command>) { for command in cs { global_state = handler(command); } } ``` ## 7. What's next In addition to the achievements mentioned earlier, we are still developing new features to enhance our solution and better serve developers. The main areas of focus include: reducing costs, expanding functionality, enhancing compatibility, and strengthening decentralization. * **Reducing costs** We are planning to integrate a third-party service for batch packaging and uploading proofs. It will significantly reduce the cost of using services like data availability, settlement and verification on layer 1 blockchain. * **Expanding functionality** We are working on expanding ZKCross Node's functionality. WASM contract deployment and execution will be supported in coming versions of ZKCross Node. Powerful, stable, and secure nodes are the cornerstone of the ZKCross solution. * **Enhancing compatibility** Nowadays, most of the smart contracts run on blockchains are written in Solidity. To include these existing popular smart contracts into the ZKCross ecosystem, we have successfully done some preliminary tests on compiling Solidity contracts into WASM. * **Strengthening decentralization** Having a decentralized and robust sequencer network is key to maintaining trustlessness. We are committed to lowering the barriers for becoming a sequencer, allowing more people to take on this role and promoting the decentralization of the ZKCross sequencer network. ## 8. Summary In this article, we highlight the dilemma of blockchain applications and propose a solution of off-chain execution with on-chain proof. The entire scheme is based on the capabilities provided by ZKWASM, including fast execution, modularity, support for multiple languages, and trustlessness. Surrounding ZKWASM, ZKCross offers a range of infrastructure, including SDKs, nodes, and state services, paving the way for the development of Web3 applications.