Aleph Zero Blog
Privacy

Understanding zkOS: Client-Side vs. Server-Side ZK

Aug 2, 2024

AI Summary

Here's your AI summary of Understanding zkOS: Client-Side vs. Server-Side ZK on Aleph Zero blog

Top 10 key takeaways:

  1. Client-Side ZK Privacy: zkOS offers client-side zero-knowledge (ZK) privacy, allowing users to maintain control over their data and stay private.

  2. User-Friendly Web3 Privacy: zkOS aims to make web3 on-chain privacy infrastructure accessible, user-friendly, and affordable.

  3. Developer-Centric Framework: The privacy framework is designed by developers for developers, enabling seamless integration of confidentiality features into decentralized applications (dapps).

  4. Performance Benchmarks: Initial benchmarks show that ZK proofs can be performed in 600-800 ms on consumer-grade devices like MacBooks with M1–M3 processors or PCs with Intel Core i7-i9, using standard browsers.

  5. Client-Side vs. Server-Side ZK: Client-side ZK involves computations on the user's device, offering extensive data protection, while server-side ZK involves computations by an external party, useful for layer 2 scaling solutions like ZK rollups.

  6. Applications of SNARKs: SNARKs (Succinct Non-Interactive Arguments of Knowledge) are used for privacy (e.g., shielded asset pools, private voting) and provable computation (e.g., blockchain rollups, smart contract coprocessors).

  7. Merkle Tree Inclusion: Clients usually prove Merkle tree inclusion, a data structure that enables zero-knowledge proofs of membership, ensuring decentralized knowledge of the account state.

  8. State Transition Functions: Servers use Ethereum Virtual Machine (EVM) for state transition functions, crucial for rollups that help offload work from Layer 1 blockchains, increasing scalability.

  9. Optimizing Client-Side Proving: To improve client-side proving, design protocols for users, fully utilize modern device resources, and choose the right proving system (e.g., elliptic curve SNARKs, hash-based STARKs).

  10. Enhancing Server-Side Proving: Improve server-side proving by designing protocols for powerful machines, researching different proving systems, and using advanced hardware like SNARK FPGAs for better performance.

zkOS aims to achieve universal privacy for all users with seamless operation and is set to release its initial deployment to the Testnet in early Q4 2024.

AI Summary

zkOS offers client-side ZK privacy which enables you to stay private and keep control over your data. But let’s put the tech into the broader landscape–what’s so different about it?

With zkOS, we’re making web3 on-chain privacy infrastructure accessible, user-friendly, and affordable.

Our research has resulted in the creation of the privacy framework that is fast, and designed by developers, for developers, allowing them to integrate confidentiality features into dapps seamlessly.

The initial benchmarks indicate that on consumer-grade devices, such as MacBooks equipped with M1–M3 processors or PCs with Intel Core i7-i9, ZK Proofs can be performed in just 600-800 ms using standard browsers. This is a major milestone for us, and for the broader web3 space.

As a client-side ZK system, it offers users extensive protection of their data thanks to the added privacy–but ZK technology is used in multiple contexts.

Let’s then equip you with the knowledge on how zkOS is different for other use cases of ZK, mainly the server-side ZK.

The starting point

Blockchains achieve privacy and scalability with zero-knowledge proofs (ZKP or simply ZK).

ZK means that some entity can verify particular data properties without explicitly revealing the sensitive data to this entity. In the context of blockchains, it means that ZK allows on-chain verification of properties of off-chain data.

zk-SNARK (or SNARK) is the modern way to achieve ZK on the blockchain. SNARK development has been extensive in recent years; however, the underlying cryptography is complicated and resource-intensive, which creates many limitations for developers and users.

Client-side and Server-side

As we have previously observed, there are private and non-private cases of SNARKs, although both can be used to achieve privacy, albeit in different ways.

Shielding token pools with client-side proving

Client-side proving is computation done on the protocol user’s device. The client does not share their secrets with anyone else. In web development, the term ‘client side’ pertains to all elements of a web application that are visible or occur on the end user’s device. This encompasses the user interface, including text, images, and other visual components, as well as any interactions executed by the application within the user’s web browser and the device itself. Client-side solutions are useful when designing shielded token pools, among other use cases.

Achieving layer 2 scaling with server-side proving

Server-side proving involves computations done by an external party. The server offloads computations from users. The data for such computations should be public, although achieving full privacy on the server side requires the communication between the device and the server to be fully encrypted. With locally generated proofs, that’s not the case. The issue with hosting these processes on the server side is that every request linked to it needs to travel from the client to the server every time. This results in latency, which limits scalability. Server-side solutions are required for ZK rollups (a layer-2 scaling solution that moves computation and state off-chain into off-chain networks), although there are other use cases in which they might be used.

How Are SNARKs Used in Practice?

Applications using SNARKs benefit the following:

  1. Privacy
  2. Provable computation

These infographics spell out the differences between both of these dimensions.  

Privacy

It comes from the “zk-” in the term “zk-SNARK”

Someone can provide proof of knowledge of some data without revealing it.

This allows us to create:

  • Shielded asset pools
  • Private voting

Of course, this doesn’t spell the end of possibilities for this technology, as much more can be done! 

Provable Computation

Comes from the “S” (Succinct) in the term “zk-SNARK.”

Someone can provide proof of correct computation without repeating the whole computation. However, the data for such computation is not necessarily private.

This allows us to create:

  • Blockchain rollups
  • Smart contract coprocessors
  • Much more can be done thanks to this technology! 

Why Do We Distinguish Client vs Server?

SNARKs are a complex piece of technology that involve a lot of computational resources. However:

  • Clients usually prove Merkle tree inclusion.
    • To clarify, a Merkle tree is a data structure that, when visually expressed, looks like a tree that stores hashes. These hashes play a crucial role in enabling the creation of zero-knowledge proofs of membership. The tree itself is publicly stored on the chain. However, it is practically infeasible for a third party to learn anything about the account state from a leaf hash due to the one-way nature of hashing. Only the entity with knowledge of the account state can generate a hash. Consequently, the complete state represented by the tree is unknown to anyone – the knowledge is decentralized.
  • Servers usually use EVM for state transition functions. This verification is crucial for rollups, a code that is executed on the blockchain sequencer, which defines how to transfer from a previous state (block) to a new one. The inputs to the state transition function are the current state of the rollup and tell which transactions to include. Output is a new state of the rollup. Rollups help offload work from Layer 1 blockchains, which increases their scalability. 

These are very different computations, the latter being much heavier. And even if the underlying math is similar, the hardware and cryptographic requirements tend to differ. This allows us to optimize them independently.

Ways to Improve Client-Side Proving?

One of the most crucial aspects is ensuring your apps provide users with good UX. Also, private protocols should be accessible to everyone, so:

Design Protocols for Users

SNARKs that the users will prove should be as small as possible because smaller SNARKs imply faster proving times, which improves overall app UX. 

Fully Utilize Resources

Fortunately, modern PCs and mobile phones are very powerful. Though, in theory, it can be hard to run cryptography on them, Aleph Zero is proud to have achieved sub-second proving times of Plonk* on web browsers. 

*PLONK is a member of the SNARK group and serves as a zero-knowledge proving system that offers benefits such as a universal trusted setup. PLONK allows for the reuse of the same setup across different circuits. The term ‘updatable’ indicates the capability for anyone to introduce randomness to the setup, enhancing trust in its reliability. One drawback of PLONK is its tendency to result in larger proof sizes compared to  groth16 (another proof system), which can impact gas costs, although these differences are quite marginal. 

Explore Different Proving Systems

Choose the right proving system for your use case, for example: 

  • Elliptic curve SNARKs provide lighter proofs but longer proving times. Lighter proofs imply fewer bytes in a proof, which results in a smaller gas cost of on-chain verification. 
  • Hash-based STARKs have shorter proving times but larger proofs since they are usually heavier byte-wise, meaning on-chain verification might be more costly.

It is also possible to generate STARK proofs on the client side and complete aggregation on the server side.

How to Make Server-Side Proving Better?

There are several methods upon which we can embark to explore and improve more fully upon server-side proving. 

Design Protocols for Powerful Machines

It is not a secret that rollups don’t run on laptops but on powerful clusters, which we can define as a set of chains that communicate with each other. Protocols should be designed to leverage this potential.

Research Different Proving Systems

Similarly as on the client side, the underlying math can seriously impact the performance. Different approaches toward balancing proof production and proving times may dramatically affect the scalability of our product and its potential for adoption. 

Produce or Buy Better Machines

SNARK FPGAs are developing rapidly, and they are already showing performance improvements. Field Programmable Gate Arrays (FPGAs) are novel semiconductor devices that are based around a matrix of configurable logic blocks and have the potential to radically improve upon the technology. 

The key takeaway

zkOS uses ZK to achieve universal privacy for all the users–and does it in the most seamless way thanks to its speed of operation. While both use ZK, zkOS is a whole different offering than server-side systems which are mostly used for layer 2 scaling.

Stay tuned as we gear towards releasing the initial deployment of zkOS to the Testnet in early Q4 2024!