ZK Proof Aggregation: Building ZK Proofs on top of ZK Layer 2 Solutions

Efficiency and cost have always been significant challenges in blockchain technology. Generating a single ZK proof can cost around $50, which is unfriendly for on-chain ecosystems. This has led to the rise of ZK proof aggregation technology — a breakthrough that significantly enhances performance while reducing costs. By combining multiple ZK proofs into one, this technology minimizes overall proof size and verification time, which is crucial for blockchain scalability.

Types of ZK Proof Aggregation

ZK proof aggregation can be categorized into three dimensions: Recursive/Batch, Sequential/Parallel, and Algebraic/Arithmetic-based approaches. Today, several popular zk-SNARK aggregation methods are in use, including Halo, Plonky2, Nova, and SnarkPack, each with unique features:

• Halo: Halo uses a polynomial commitment scheme (KZG) to efficiently aggregate multiple proofs into one, improving verification efficiency and reducing proof size. It is particularly suitable for applications requiring recursive proofs and sequential processing.
• Plonky2: Plonky2 is a modular, recursive zk-SNARK aggregation algorithm that replaces traditional KZG proofs with FRI, combined with custom arithmetic gates and engineering optimizations to enable fast recursive proofs. It’s ideal for cases where multiple proofs need to be verified in a single batch.
• Nova: Nova is a recursive zk-SNARK aggregation method focused on incremental verification computation. By simplifying proof structures and using a modified R1CS arithmetic system, Nova allows provers to “fold” multiple computation steps into a single proof. While fast, its application is mainly limited to verifying repetitive computations.
• SnarkPack: SnarkPack is a parallel aggregation scheme that complements the Groth16 algorithm. It generates multiple proofs in parallel and efficiently aggregates them, making it suitable for scenarios requiring quick aggregation of a large number of independent proofs. A key advantage of SnarkPack is its ability to reuse the public parameters of the Groth16 system, enabling the aggregation of 8,192 proofs in 8.7 seconds, with verification completed in just 33 milliseconds.

Current Applications of ZK Proof Aggregation

ZK proof aggregation technology is currently being deployed in projects like Polygon Agglayer and NEBRA. These solutions share three key characteristics that define ZK proof aggregation:

1. Permissionless: Developers can freely deploy their ZKP verification smart contracts and submit proofs to the network without permission or authorization.
2. Security: The security of the ZK proof aggregation process is ensured by cryptographic principles rather than relying on third-party consensus mechanisms, making it a secure verification process.
3. Efficiency and Cost-Effectiveness: Aggregating multiple proofs significantly reduces the cost of verifying a single proof. As more proofs are aggregated, the gas fee savings increase accordingly.

Polygon Agglayer

Polygon aims to unify the entire Web3 ecosystem through its Aggregation Layer (AggLayer), similar to how the TCP/IP protocol unified the Web2 internet.

AggLayer’s unified bridging allows cross-chain transactions, combining the benefits of monolithic and modular designs. Developers can connect any L1 or L2 chain to AggLayer, creating a Web3 network that feels like a single chain, with unified liquidity and near-infinite scalability.

AggLayer marks a new revolutionary trend in blockchain design, moving from monolithic to modular, and now to aggregated architectures. It improves upon the popular monolithic and modular approaches by creating a seamless aggregated environment through ZK proofs. This allows near-instant atomic transactions, significantly enhancing user experience, even as each chain in the ecosystem remains independent.

Currently, the first essential components of AggLayer are live, with Polygon zkEVM as the only connected protocol. But this is just the beginning — AggLayer’s ultimate goal is to achieve cross-chain atomic transactions in under one second.

Polygon Labs developers are now focused on bringing the rest of AggLayer’s components online. The next iteration, expected later this year, will focus on increasing speed and synchronizer performance to facilitate near-instant interactions between chains.

NEBRA UPA (Universal Proof Aggregation)

NEBRA UPA is the first universal aggregation protocol for scaling and combining zero-knowledge proof verification on Ethereum/EVM chains. It can aggregate proofs from any chains, meaning it can aggregate proofs from different sources, such as zkEVMs, zkDIDs, and zkCoprocessors, within the same batch. This versatility offers NEBRA users flexibility of scale, effectively lowering the cost of generating large numbers of proofs. As an on-chain protocol, anyone can submit proofs to NEBRA without permission. Using NEBRA can reduce the cost of proof verification by fivefold or more, while inheriting Ethereum L1’s security through recursive zero-knowledge proofs. By using recursive SNARKs, it achieves security protected by Ethereum’s 1 million validators, without introducing new trust assumptions, such as hardware (e.g., TEE) or incentive assumptions (e.g. retaking). This provides the Ethereum ecosystem with an efficient, secure, and censorship-resistant way to scale zero-knowledge proof verification.

There are some differences between Polygon Agglayer and NEBRA. Firstly, Polygon’s AggLayer primarily serves the Polygon ecosystem, while NEBRA aims to build a more unified and neutral aggregation layer that could collaborate with Polygon’s AggLayer. NEBRA’s neutrality allows it to span different blockchain ecosystems and establish partnerships with a broader range of collaborators, setting it apart from Polygon AggLayer in terms of market positioning. Secondly, their focus differs. Polygon AggLayer is primarily centered on ZK rollups technology, while NEBRA extends to a broader range of ZK applications. NEBRA has already attracted several large ZK applications as clients, such as Worldcoin, indicating that NEBRA’s application scope is broader than that of Polygon AggLayer.

Although there may be some subtle differences in technical implementation and performance metrics, such as processing speed and scalability, these differences may not be decisive elements from a broader perspective.

Conclusion

ZK proof aggregation still faces some unresolved issues and challenges, such as how to effectively prove the correctness of polynomial computations and whether other polynomial solutions are suitable for recursive proofs. However, more heterogeneous proof aggregation schemes targeting different proof systems are expected to emerge in the future, providing developers with a more diverse set of tools to reduce proof costs and shorten verification times. Additionally, the emergence of Proof Aggregation as a Service platform will further simplify developers’ process of using proof aggregation.