The Ethereum Foundation, along with Aztec, Polygon, Scroll, Taiko, zkSync, announces the 25 winners of the collaborative ZK grant round. Each sponsor contributed 150,000 USD to the shared pool of 900,000 USD. The winners were selected through a rank-choice vote after thorough reviews.
The selected projects cover a range of approaches to advancing zero-knowledge proofs. These include developing security frameworks, analyzing cryptographic schemes, creating benchmarking tools for performance and scalability, and integrating advanced cryptographic models into practical applications which will benefit the whole ZK ecosystem. The projects aim to enhance the efficiency, security, and applicability of zero-knowledge proofs across different domains.
The grantees include researchers and developers from various organizations and universities, working on both theoretical advancements and practical implementations to address key challenges in the field. We look forward to the contributions of these projects, anticipating advancements that will benefit the Ethereum ecosystem and the field of cryptography.
Name | Organization | Project | Description |
---|---|---|---|
Amit Kumar | New York University | Proof Carrying Data from folding GKR with protostar | Current Interactive Verifiable Computation (IVC) schemes face challenges with the Witness-Multi-Scalar Multiplication (Witness-MSM) barrier, limiting efficiency. We propose leveraging the Goldwasser-Kalai-Rothblum (GKR) accumulation scheme to significantly reduce the witness size, overcoming these limitations. Utilizing the Protostar compiler, we will fold the GKR protocol, enhancing computational efficiency. Furthermore, we aim to extend IVC into a Proof Carrying Data framework, facilitating parallel folding in a tree structure to streamline verification processes and improve scalability. |
Pratyush Mishra | University of Pennsylvania and Stanford University | Zippel: A language and compiler for building proof systems | We propose Zippel, a new language and compiler for building correct and efficient succinct proof systems. Zippel allows the developer to express the protocol in a high-level language that is close to its mathematical description, and then automatically manages low-level details like parallelism, memory management, use of custom hardware, etc. Zippel's compiler also has powerful and fast static analyses that can help developers catch protocol soundness and zero-knowledge bugs. Our hope is that Zippel will make it easier for developers to implement and experiment with new proof systems without sacrificing performance. |
Julian Sutherland | Nethermind | Lean Extraction of Circuit Constraints from Halo2 | The Halo2 library is a widely used ZK infrastructure library that provides a means to develop prover/verifier pairs in a high-level domain specific language embedded in Rust. To formally verify circuits in this language, and thus ensure the highest level of security, we are aiming to develop a formal verification harness to seamlessly extract the constraints from a Halo2 circuit and reason about them in the Lean 4 proof assistant. We already have significant progress towards and wish to extend it to support the full gamut of Halo2 features. |
Jordan Coppard | Independent | ZK Benchmarks | Performance benchmarking (prover time, verifier time, proof gate size) for different types of proving systems as well as the prover/verifier implementations of those proving systems over various computer architectures (x86_64, ARM). To create an understandable (i.e. not just a dump of test data) and accessible repository of benchmarks surrounding the ZK ecosystem such that developers, project managers, and the general public can make informed decisions regarding their requirements, or simply learn more about the current landscape (e.g. performance going up/down, new proving systems etc). |
Stanislav Marycev | zkFold | ZKFold Symbolic: a Zero-Knowledge Smart Contract Language | zkFold Symbolic is the programming language for writing zero-knowledge smart contracts. It is a high-level functional language, a subset of Haskell. Smart contracts written in zkFold Symbolic are compiled directly into arithmetic circuits that can be utilized by various zero-knowledge protocols. Being a high-level language, it dramatically reduces the barrier to entry as the developers do not need to be experts in ZK cryptography. Providing smart contract developers with a proper tool to tap into the power of zero-knowledge protocols enables them to create zk-apps and smart contracts that are on another level in terms of efficiency and user experience. Moreover, with more developers adopting this approach, we are reducing the on-chain data and computation footprint, effectively scaling Ethereum and EVM chains. |
Jordan Coppard | Independent | ZK Treesitter | Agnostic treesitter grammars for major zero-knowledge circuits languages Noir (Aztec) and Cairo (Starkware) which are maintained over time. To improve developer tooling as well as provide broader access to tools such that developers can pick what is best for them. - Editor-agnostic treesitter grammars for Noir and Cairo. - Maintenance of these grammars as said languages evolve over time. - Complete and easy to understand documentation such that anyone can contribute to these grammars when they are released; or use them as well-structured bases for other treesitter grammars. |
Sergey Kaunov | Independent | Wasm PLUME | This project aims to make the secure/cryptographic PLUME scheme implementation more accessible in environments outside of the Rust ecosystem. The primary objective is to increase the adoption of the scheme by minimizing the divergence of the Wasm release from the default target and providing a downstream-friendly API. The project's successful adoption will lead to enhanced privacy, simplified identity management, anonymous moderation, proof of solvency, versatile applications, and encouragement of user adoption in the Ethereum ecosystem. |
Lako Nema | Independent | Onboard users to verifiable KYC | We want to bring developers to ZK by showcasing how the usual tools interplay. ZK enthusiasts want to answer two questions before building an app: what problem can we solve with it? and how to build such an app? Our project aims at answering both questions by creating an open-source end-to-end app on verifiable KYC. We think that private KYC is a requirement for a widespread adoption of blockchains. And we want to show how ZK can bring this. We want to build a simple yet powerful boilerplate for verifiable KYC, based on Noir language. We plan to build an end-to-end app, with proving, verifying on-chain and on the client side. We want to allow any new developer to launch the app with one command. We’ll call it a success if the project is forked and edited by developers willing to learn more about ZK. We plan to write blog posts and onboarding guides to widen the exposure of the project. |
Albert Garreta | Nethermind | LatticeFold implementation and folding schemes for FRI-based SNARKs | This grant proposal aims to develop and implement a Proof of Concept (PoC) for the LatticeFold folding scheme [BC24], benchmarking it against existing schemes like HyperNova. Additionally, we aim to research methodologies to create a "STARK-friendly" folding scheme based on LatticeFold. This would allow to use folding techniques in the context of FRI-based SNARKs (e.g., ethSTARK, Plonky2/3, Risc Zero, Boojum, etc.) Prof. Dan Boneh and Prof. Binyi Chen, authors of the LatticeFold paper, have agreed to assist our team for the project's duration. |
Albert Garreta | Nethermind | SNARKs for non-prime arithmetics | This grant proposal seeks to develop a SNARK tailored for proving statements over rings of the form Z/nZ, for Z the ring of integers and n an arbitrary integer. This deviates from the usual setting where statements are expressed over a prime field F_p=Z/pZ for p a prime. We aim to focus on the cases where n is a power of 2 or a product of two large primes. This would enable to natively prove statements involving computations such as: RSA-based cryptography operations, CPU operations, floating point arithmetic (required for, e.g., machine learning), non-algebraic hash functions, etc. Here, by “natively,” we mean that each of these computations is arithmetized overZ/nZ, for n an appropriate integer, rather than over a finite field. It is known that the latter “non-native” arithmetization can create overheads of an order of magnitude in the circuit/R1CS/AIR size. |
Stefanos Chaliasos | Independent | Reproducible ZK Vulnerabilities to Improve Ecosystem’s Security | Zero-knowledge proofs (ZKPs), particularly SNARKs (Succinct Non-Interactive Argument of Knowledge), have transitioned from theoretical constructs to practical, real-world applications, offering privacy and verifiability. However, the complexity of designing and implementing ZKP applications introduces a myriad of vulnerabilities. Recent analyses have shed light on the unique challenges and vulnerabilities at both the circuit level and integration level within the SNARK stack, posing significant threats to ZK systems. Despite advancements in automated security defenses, their effectiveness remains largely untested on extensive, real-world datasets. Moreover, the scarcity of reproducible examples lessens practitioners’ and researchers' ability to understand and mitigate ZK vulnerabilities effectively. This project aims to extend our previous work on ZK security by developing a comprehensive dataset and framework featuring reproducible ZK exploits. This resource will serve as both an educational tool for newcomers and a detailed study base for experts. Additionally, we will evaluate the effectiveness of existing security tools against this dataset to pinpoint areas needing improvement, ultimately aiding in the development of more robust detection tools. |
Stefanos Chaliasos | Independent | Detecting Private Information Leakage in Zero-Knowledge Applications | Practical Zero-Knowledge proofs became possible due to the advancement of privacy-preserving projects such as Zcash. Notably, in the last few years, most SNARK-enabled projects have focused on verifiable computation, with zk-rollups being a notable application. Historically, crafting ZKP applications has been a challenging task, necessitating expertise in libsnark and low-level programming. The emergence of more accessible DSLs like Circom and arkworks, while mitigating some complexity, still leaves room for critical bugs, such as under-constrained vulnerabilities [3]. Recent advancements in ZK programming languages, such as Noir and Leo, aim to simplify ZK application development and reduce potential vulnerabilities, attracting a broader developer base potentially unfamiliar with cryptographic fundamentals. A prevalent issue in these high-level languages, which is also common in lower-level languages, is the leakage of private variable information. For instance, such a leakage happens when a ZK program publicly outputs the sum (z ) of a private and a public variable (x and y, respectively). Knowing the public input x and the public output z enables the deduction of the value of the private variable y. Conversely, hashing the sum of x and y into a public variable z does not leak the value of the private variable y, assuming the hash function's security. This project proposes the design and implementation of a static analysis approach enhanced with taint tracking, input generation, and SMT solving to identify and validate instances of private variable information leakage. Our approach generates (1) warnings for potential leaks, (2) errors for confirmed leaks, and (3) visual graphs tracing private value propagation to public outputs for debugging purposes. Our plan is to apply our approach to Noir, and subsequently to other ZK DSLs like Leo. |
Patrick Stiles | Independent | Metal Backend for Icicle MSM | Supporting Apple's M series GPU in Icicle by creating a Metal Shader Language backend for Icicle MSM using would expose gpu performance benefits to all developers in the zk ecosystem that have an Apple device with a M series chip. Developers with only a Macbook would receive similar gpu performance benefits without needing access to Nvidia GPU devices. These performance benefits would also have a high impact on projects whose data is airgapped or cannot leave the host device such as client side proving applications. |
Gaylord Warner | ZK Hack | ZK Whiteboard Sessions Season 2 | ZK Whiteboard Sessions is a series of educational videos focused on the building blocks of ZK. It takes the form of a mini course, followed by video interviews with top zk-practitioners, learning together and sharing their knowledge on a whiteboard. Season 1 was released in 2022, produced by ZK Hack in collaboration with Polygon. It consists of 19 videos and featured speakers such as Dan Boneh from Stanford University, Justin Drake, Mary Maller, Barry Whitehat from Ethereum Foundation, and many more. The hosts were Brendan Farmer from Polygon Zero and Bobbin Threadbare from Polygon Miden. ZK Whiteboard Sessions Season 2 will cover more of the building blocks of ZK, providing up-to-date foundational knowledge for researchers and builders new to ZK with 8 new modules, produced by ZK Hack once again. |
Wenhao Wang | Yale University | Cirrus: Performant and Robust Distributed SNARK Generation via Computation Delegation | We propose to design and develop Cirrus, a new protocol for performant and robust distributed SNARK proof generation exploiting the idea of computation delegation. The applications are ubiquitous, including ZK-Rollups, zkVMs, and any ZK applications involving large circuits. While existing distributed SNARK proof generation schemes improve efficiency and scalability by distributing the work- load across multiple machines, they have non-optimal prover time, communication costs, proof size, and verifier time. They are also not attack-proof when malicious nodes exist in the distributed SNARK generation process. Our protocol will achieve significant improvement, with linear prover time, constant communication cost per prover, and robustness to malicious provers, addressing the current bottleneck in existing systems. |
Sergio Chouhy | Eryx & Manas | Plonky2 backend for ACIR | We will expand the Arithmetic Circuit Intermediate Representation (ACIR) ecosystem by building an open-source Arithmetic Circuit Virtual Machine (ACVM) backend for the Plonky2 prover. This will enable users of ACIR-compatible DSLs to leverage Plonky2 advantages; and it will allow Plonky2 circuit builders to enjoy DSLs abstraction & tooling (eg: Noir debugger). We envision that during development, valuable insights regarding ACIR suitability as a widespread standard - and even potential improvements to it - will arise. |
Paul Yu | Independent | Lookups comparison table (speed, memory, preprocessing): univariate + multilinear | We aim to develop a comprehensive comparison table that focuses on the performance (including speed, memory usage, and preprocessing requirements) of various lookup arguments like pylookup, Caulk, Baloo, CQ, Lasso, and LogUP+GKR. This table will compare both univariate and multilinear polynomial commitment-based lookup arguments. The project's primary objective is to benchmark these lookup arguments to assist developers in choosing the most suitable solutions for production environments. This entails implementing the lookup arguments mentioned, creating a benchmark table, and writing a detailed blog post highlighting the key distinctions and performance metrics of these lookup arguments. The outcomes of this project are significant for the Ethereum ecosystem. It will enhance decision-making for Layer 2 solutions by providing detailed comparisons of lookup arguments, facilitate the translation of theoretical protocols into production-level code, and serve as an educational resource for new researchers. The project team comprises Harry Liu, Yu-Ming Hsu, Jing-Jie Wang, and Paul Yu, each contributing significant hours per month to the project. The project will be conducted in phases, with the methodology including the implementation of lookup arguments using Python, optimization of these arguments according to the original papers, and benchmarking their speed and memory usage. The team will publish a table and diagram to compare these metrics accurately across consistent hardware settings. Polynomial commitment schemes will be implemented as described in the original papers or based on educational assumptions in cases where the original research lacks detailed protocol specifications. |
Igor Gulamov | ZeroPool | Minimal fully recursive zkDA rollup with sharded storage | Current rollups publish blocks in their entirety on Layer 1, which is expensive, limits scalability, and prevents true recursion. Publishing a rollup's blocks on another rollup is not working, because anyway, the data will float up to Layer 1. We propose a novel rollup architecture that uses zero-knowledge proofs for data availability, sharded storage, and execution. All proofs are combined into a single succinct proof, enabling efficient verification and unlocking infinite recursion - rollups can be deployed on top of other rollups without limitations. This breakthrough design paves the way for transforming Web2 into Web3 and achieving the scalability endgame. Despite advantages in security and scalability, zk rollups currently lag behind optimistic rollups in adoption due to historical reasons. This approach is not available to optimistic rollups, as they cannot generate succinct universal proofs. Our approach allows ZK rollups to overtake their competitors. |
Artem Grigor | Independent | ZK-ML-IOS Integration | This project aims to enhance the existing iOS toolkit for Zero-Knowledge Proofs (ZKP) deevelopment. Specifically, the project aims to add support to the mopro library for an very common proving system - Halo2. Additionally, the project will use the achieved integration to port the state-of-the-art Zero-Knowledge Machine Learning (ZKML) library, EZKL, to iOS devices. These both integrations would benefit a wider community and unlock more sophisticated ZKML applications directly on mobile devices, thereby expanding the possibilities for data privacy and secure computing on edge devices. |
Chao Ma | Snarkify | Sirius | This project introduces CycleFold to Sirius the open-source Plonkish Folding Framework for Incrementally Verifiable Computation (IVC). CycleFold is a new approach to instantiate folding-scheme-based recursive arguments over a cycle of elliptic curves published in August 2023. CycleFold has the potential to enhance folding performance by around 3x through minimizing the responsibility of the secondary circuit and reducing the number of BigInt operations. In particular, Sirius previously defines its primary and secondary IVC circuits symmetrically; with CycleFold, the primary circuit bears the main functionality, while the ECC operations are delegated to the secondary circuit. |
Hanze Guo | DLT Science Foundation | Benchmarking ZK-circuits Across Multiple SNARKs/STARKs Development Frameworks | ZKPs, represented by ZK Layer 2 in modern cryptography applications, offer a rich technical stack, especially with SNARK and STARKs. However, due to the continuous emergence of new tools and libraries for development, along with the inherent diversity and complexity, proposing an intuitive and comprehensive benchmark framework for testing and evaluating various methods' pros and cons remains a challenge. Despite current research covering comprehensive benchmarks of multi-layered ZKP environments, including arithmetic, elliptic curve, and circuit levels, there are still deficiencies in two dimensions: (1) Inclusion of the latest and most comprehensive ZKP development frameworks (2) Rich, reusable, standard testing circuits. Therefore, we aim to: (1) comprehensively collect and organize the development tools used in popular ZK Layer 2 projects (2) modularly compile and integrate common algorithms in the cryptography domain, including various hash functions, digital signatures, etc., to construct testing circuits in different development environments (3) based on the aforementioned unit testing circuits, comprehensively evaluate popular ZKP development tools across different parameters such as curves, hardware, etc., including runtime, proof size, RAM (4) build integrated testing circuits to further estimate relevant metrics of complex systems and the estimated cost consumption for deployment on specific blockchain networks. |
Yu Guo | SECBIT Labs. and The Hong Kong Polytechnic University | Comparison of Multilinear Polynomial Commitment Schemes | A polynomial commitment scheme is a powerful cryptographic tool that enables a prover to commit a polynomial to a succinct value, and later allows a verifier to confirm claimed evaluations of the committed polynomial. Multilinear polynomial commitment schemes are critical in many applications such as SNARKs (succinct non-interactive argument of knowledge) and lookup arguments. There have been numerous constructions of multilinear polynomial commitments that exhibit excellent performance in various aspects. However, there is a lack of benchmark comparisons for these methods. In this project, we aim to provide a comprehensive comparison of different multilinear polynomial commitment schemes, including their efficiency, security assumptions, the cost of supporting zero-knowledge prosperity, batching performance, etc. Our findings can offer clear guidance for developers in selecting the appropriate multilinear polynomial commitment for different scenarios. |
Mirror Tang | Salus | A Security framework for zkSNARKs development and audit | This project aims to develop a comprehensive zkSNARKs security framework for the Ethereum community, culminating in a research paper. It focuses on analyzing zk security vulnerabilities, such as Layer 2 scaling and blockchain compression, with the goal of creating an open-source vulnerability database. The framework will provide developers with theoretical support and practical guidance, including circuit implementation, protocol design, and cryptographic primitives. Outcomes include the development of an open-source security framework, dissemination of technical documents and tutorials, and enhancements to the security infrastructure and applications of zkSNARK technology, ultimately contributing to the robustness and security standards of the Ethereum ecosystem. |