Source: Wu says blockchain

In the public chain track, the route of zero-knowledge proof (ZKP) is already very clear. In the future, it is highly likely that Ethereum L1 will be used as the core to ensure security, and ZKP will be deployed on L2 to achieve privacy functions. In addition to L2, public chains that use ZKP include Aleo, Mina, and Filecoin.

As Ethereum ends POW, and ZKP requires a lot of computing power to maintain, ZKP will take on a lot of GPU computing power in the foreseeable future. Messari analyzed the feasibility of ZKP taking over Ethereum computing power in its June article “What Will Ethereum Miners do After The Merge?”

“As users seek more expressive, performant, and private computations, the complexity of using ZKPs will increase. This will result in slower proof generation, requiring specialized hardware to generate proofs in a timely manner. When Bitcoin was first launched, anyone with a standard CPU/GPU could mine Bitcoin. Eventually, specialized miners developed more efficient hardware (ASICs), which made CPU/GPU mining no longer profitable. ZK mining will likely follow a similar path, starting with standard GPU miners and then developing more efficient miners (ASICs or FPGAs). ZKPs are still in their infancy, but Paradigm predicts that the ZK miner/prover market could grow to be comparable in size to the PoW mining market in the future.”

Comparing FPGAs and GPUs, the hardware cost (leading process node, clock frequency, energy efficiency and memory bandwidth) of top-level FPGAs is only 1/3 of that of top-level GPUs, and the energy efficiency is 10 times higher than that of GPUs. Comparing FPGAs and ASICs, ASICs are one-time programming, while the code of ZKP is not as stable as Bitcoin, and the logic of different ZKPs is also different. Obviously, ASICs are not suitable for such a changeable business. FPGAs can modify the program by simply refreshing, which means that multiple sets of ZKP logic can be compatible.

Therefore, in the longer term, FPGA may dominate ZKP mining, but FPGA programming is difficult and the technology is not yet mature. In the short term, GPU will be the main equipment for ZKP mining. For those former Ethereum miners, compared to investing their computing power in abandoned public chains such as ETC or ETHW, they naturally have greater commercial motivation to support ZKP public chains.

L2 ZKP

The current ZK-Rollup Proof and Batch submission process is centralized, with a single Sequencer determining the order of submission. If the scale of miners is to be expanded, this process needs to be decentralized, that is, any miner can submit Proof to L1. Regarding how to achieve decentralization, Vitalik has made some suggestions, such as setting up a DAO to conduct regular auctions of Sequencer decision rights, or randomly assigning it to one of the nodes, and the probability of the node being selected is proportional to the amount of ETH it deposits in Rollup. However, no matter which method is essentially a POS mechanism, that is, the amount of income is determined by the amount of pledge, which is different from the traditional mining method (the income is determined by the amount of computing power).

Currently, the main L2s that adopt ZK-Rollup include zkSync and StarkNet.

The daily operation of zkSync depends on the computing service provider that generates zero-knowledge proofs for blocks, namely "Stichting ZK Sync", a non-profit Dutch foundation registered in Amsterdam. According to the development roadmap of the development team Matter Labs, zkSync plans to achieve decentralization in the future by introducing an independent consensus mechanism with two different roles: validators and Guardians. Validators are responsible for packaging transactions into blocks and generating zero-knowledge proofs for them. Their nodes must operate in a secure environment with good Internet bandwidth, which is what we usually understand as a large mining pool.

Guardians are zkSync token holders who nominate validators based on their token shares. Guardians’ nodes can run on regular computers or cloud servers, without the need for dedicated service providers, and are therefore less susceptible to censorship. Instead, Guardians can select uncensored validator nodes by monitoring transaction data.

StarkNet also needs to issue tokens on the road to decentralization. Currently, StarkNet fees are paid in ETH, and StarkNet native tokens may be used in the future, or both native tokens and ETH may be supported. In addition to paying fees, tokens can also be used to make voting decisions on transaction sorting, STARK proofs, etc. through staking, improving the integrity and anti-censorship of the network.

Refer to a proposal by Ohad: add a BFT-based sequencer, where orderers choose a specific sequencer for each slot based on their stake. In this process, the network will add a slashing rule (similar to the Cosmos SDK) to couple incentives between sequencers and provers in the best possible way.

ALEO ZKP

Another popular project in ZKP mining this year is ALEO. ALEO is a privacy public chain. Currently, no public chain has been able to stand out in the privacy public chain track. Whether it is Oasis, Secret Network or Platon, there is no dapp that truly implements privacy functions. The same is true for ALEO. It has no practical value for the time being. However, unlike other privacy public chains, its consensus mechanism is similar to traditional PoW, and both require computing power to maintain. The difference is that the underlying calculation of ALEO mining is not an arbitrary hash function, but a proof of knowledge, so it can not only act as a PoW to ensure network consensus, but also provide verification of transactions included in a given block.

ALEO has a big advantage over L2's ZKP, which is that the mining algorithm is simpler. When verifying a block, the algorithm generates a random number. If the final result after ZK calculation is less than the target value, the calculation is correct, and the node that completes the calculation first has the right to generate a block. Each time a mining machine verifies a block, it only needs to generate a random number to start the calculation. This mining logic is not much different from Bitcoin in form.

This is not the case with L2's ZKP calculations. L2 deals with a batch of transactions, so when verifying, it needs to perform ZKP on each transaction, and finally package and upload them to L1. This process involves the problem of parallel computing, because even if a single CPU has extremely strong performance, it is impossible to verify thousands of transactions one by one, and it must be parallelized by devices with multiple computing units such as GPUs. However, although GPUs are currently the most suitable devices for ZKP mining, in order to adapt to L2 mining, further algorithm optimization is needed to achieve parallel computing. ALEO has a great advantage in this regard. It does not require parallel computing, so GPU mining machines can be almost seamlessly connected. Today, when both the privacy public chain and ZK L2 are immature, those idle ETH mining machines may be more motivated to connect their computing power to the ALEO mining pool.

However, all this is based on the premise that ZK L2 is not yet mature. Due to the prosperity of the ETH ecosystem, as long as L2 is online, dapps on L1 can be directly migrated. This is not the case with ALEO. Even if the privacy public chain technology is mature, the team still needs to invest a lot of money to build the entire ecosystem, which is obviously a major disadvantage of ALEO. We can call it the ecological moat of the ETH system: no matter what type of L2, as long as ZK can be added to the original underlying public chain technology, then there is a natural value capture capability. This is something that L1 such as ALEO does not have.

Summarize

As the demand for anti-censorship gradually expands, the privacy track will surely become a revolutionary application in the future. At present, the most feasible privacy proof is ZKP, which requires a lot of computing power to maintain, so ZKP mining is likely to become an industry with the same scale as ETH mining.

The most important issue to be solved in ZKP mining is decentralization. Currently, zkSync and StarkNet have released relevant roadmaps. Logically, issuing tokens is essential to achieve decentralization. Tokens are not only used to maintain consensus, but also to supervise mining nodes, which can improve censorship resistance to a certain extent.

Among mining equipment, FPGA has the best cost-effectiveness. However, considering that FPGA programming is extremely difficult and there are many idle GPU mining machines, GPU is more likely to dominate the industry in the short term.

In the public chain, ZKP mining can be adopted by any L2 of the ZK series, but L1 is currently only allowed by ALEO. In contrast, ALEO does not require parallel computing, so idle GPU mining machines can be seamlessly connected. L2 has more advantages in ecology, a larger user base, and less risk.

reference:

https://www.paradigm.xyz/2022/04/zk-hardware

https://messari.io/report/what-will-ethereum-miners-do-after-the-merge

https://docs.zksync.io/userdocs/decentralization/

https://community.starknet.io/t/starknet-decentralization-tendermint-based-suggestion/998