zkVM Takes Center Stage of the Blockchain World

After software revolutionized the world, ZK is now transforming everything in the blockchain realm. ZK is a universal mechanism that verifies any given data without disclosing the data itself. Meanwhile, Turing-complete virtual machines like the EVM (Ethereum Virtual Machine) theoretically have the potential to compute anything. ZKVM, a virtual machine system built on top of ZK, now holds limitless possibilities.

A World of Difference with Just One Letter

The primary debate surrounding ZKVM revolves around its differences and competition with ZKEVM. Some developers view ZKVM as a complement to ZKEVM, particularly in cases where ZKEVM cannot be implemented.

ZKVM (Zero-Knowledge Virtual Machine) is a verifiable computer based on the RISC-V microarchitecture. It functions similarly to an embedded RISC-V microprocessor, allowing programmers to write zero-knowledge proofs (ZK proofs) as they would any other code.

It is mainly based on zk-STARKs technology, with notable projects like RISC Zero. RISC Zero implements a zero-knowledge virtual machine (zkVM) instead of a zkEVM. The key difference lies in “VM” (representing “Virtual Machine”) being more general than EVM. A zkVM can run nearly any software that can run on a computer, not just software that can run on Ethereum.

ZKVM aims to provide an efficient and secure way to build decentralized applications (DApps) for Web3 development while protecting privacy.

ZKEVM (Zero-Knowledge Ethereum Virtual Machine) is a concept within the Ethereum ecosystem, designed to develop zero-knowledge proof systems compatible with the Ethereum Virtual Machine (EVM). Using zero-knowledge proofs, ZKEVM can bundle multiple transactions, validate them off-chain, and then submit a single proof to the Ethereum mainnet. It significantly reduces Ethereum’s computational load and enhances its scalability.

Currently, emerging ZK Rollup projects like zkSync Era are rapidly developing. Their total value locked (TVL) has reached $668 million, marking a 660% increase since April 2023.

In summary, ZKVM achieves Ethereum compatibility through a more modular and embedded approach. Modularity means ZKVM can support the Ethereum Virtual Machine in any language and IDE, while continuously updating and maintaining compatibility with Ethereum. Embedded refers to ZKVM implementing compatibility externally and interfacing with the Ethereum Virtual Machine rather than implementing it at the EVM layer.

Throughout its development, ZKVM has garnered support and recognition from top VCs and Rollup projects like a16z and Scroll. a16z has even developed its own ZKVM library to facilitate developer use.

Project Overview and Future Prospects

As previously mentioned, ZKVMs are more versatile compared to ZKEVMs. However, achieving high Ethereum compatibility while maintaining efficiency is no easy task.

a16z has developed a ZKVM solution called Jolt with ZK-SNARK. They explored the relationship between virtual machines (VMs) and SNARKs (Succinct Non-Interactive Arguments of Knowledge).

Structurally, a ZKVM is made possible by VM and ZK technology. A virtual machine is an abstraction for computer program execution, encompassing a set of primitive instructions (ISA) and supported register and memory types. SNARKs are used to prove the correct execution of computer programs.

Typically, SNARKs consist of a front end and a back end. The front end of snarks is the part of the system that allows users to write programs or statements that can be compiled into snark circuits. while the back end allows the prover to demonstrate knowledge of the circuit’s assignment. VMs can leverage existing compiler infrastructure and toolchains, enabling developers to directly translate high-level language programs into VM assembly code, benefiting from prior audits and verification efforts of these compilers.

However, circuit implementations of VMs are generally larger than those without VMs, leading to slower SNARK proof generation. Additionally, to offer developers high-level programming languages, a VM needs a compiler to convert high-level programs into VM assembly code, increasing the workload. Thus, VM design must balance simplicity and SNARK-friendliness.

Jolt addresses these issues by reordering execution traces to enhance efficiency. Specifically, Jolt employs a technique called vRAM, which reorders execution traces and groups them by executed instructions. This method eliminates redundant circuits needed for previously executed but unnecessary instructions. The reordered execution trace can be verified using standard random permutation checking.

After reordering, Jolt applies Lasso to the execution trace to verify the correctness of each instruction. Batch processing ensures that this does not increase verification costs compared to a single Lasso call.

Lasso is a new lookup argument method designed for indexed and non-indexed lookups. In Jolt, Lasso is used to verify the correctness of each instruction. Specifically, Lasso stores a complete evaluation table for each instruction in a pre-determined table, replacing execution steps with a single lookup operation. The table contains evaluation results for each instruction on all input pairs (x, y). Using Lasso, Jolt verifies whether each instruction executes correctly.

Jolt also employs permutation-invariant fingerprints to improve memory check efficiency. It concatenates each instruction’s evaluation table into a decomposable table. This allows Jolt to input evaluation table results into Lasso for verification without validating all possible inputs. This technique avoids increasing costs as table size grows.

Additionally, Jolt uses permutation-invariant fingerprints to ensure irrelevant sub-table query results are ignored, further enhancing memory check efficiency. In summary, Jolt improves efficiency through reordered execution traces and permutation-invariant fingerprint technology.

Beyond VC’s efforts, Scroll is at the forefront of the zkVM with its zero-knowledge virtual machine (zkVM) framework called Ceno, which leverages succinct, non-interactive zero-knowledge proofs for verifiable computation of any code.

Ceno’s framework divides program execution proof into two stages. In the first stage, the process splits program execution into segments, identifying and grouping similar parts. Data-parallel circuits prove these segments, accommodating varying numbers of duplications. In the subsequent stage, the verifier reconstructs the program’s control and data flow based on segment repetitions and the original program. The second stage can be further verified through unified recursive proof.

Ceno introduces two concepts for execution efficiency, involving segmentation and parallelization at two levels: opcode and basic block. Both designs aim to minimize control flow impact on circuit size and support dynamic replication, ensuring computation costs align with executed code — users only pay for what they use.

In particular, the parallelization design proposes an innovative data flow reconstruction technique in the second stage, significantly reducing stack operations compared to the original program execution. It’s important to note these designs are complementary, not mutually exclusive. Integrating both methods within a single zkVM can unlock greater potential, catering to diverse program needs.

Conclusion

ZKVMs have entered a rapid development phase in 2024. On one hand, Ethereum needs to maintain its cutting-edge technology against competitors like Solana and TON. On the other hand, large-scale zkVM applications will truly commercialize ZK technology, creating more economic value.