Zero-knowledge technology firm =nil; Foundation has developed a new type-1 zero-knowledge Ethereum Virtual Machine (zkEVM) compiler to address security concerns identified in similar ZK-powered Ethereum scaling solutions.
Speaking exclusively to Cointelegraph, =nil; Foundation CEO and co-founder Misha Komarov says the technology prioritizes security and allows high-level programming code to be compiled automatically into Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (zk-SNARKS) circuits.
The firm’s zkEVM is designed to be compatible with evmone, which is a C++ version of Ethereum’s base execution environment. The key takeaway is that the code of applications is processed and rolled up as proofs submitted to Ethereum in the same format as its EVM.
The compatibility is touted to ensure better security and quicker implementation, given that the bytecode is the same and removes the need for lengthy and expensive code audits. The approach also provides transactions and smart contracts directly compatible with the Ethereum Virtual Machine.
Several high-profile zkEVMs have come to market in 2023. These layer-2 protocols aim to help Ethereum process large transaction loads and smart contract functions. Cointelegraph has covered these at length, with companies like Consensys, Polygon, StarkWare and Matter Labs releasing ZK-rollup solutions to provide high throughput, low fee capabilities to decentralized applications, services and network users.
As Komarov explains, =nil; Foundation’s solution hinges on an automated compiler contrasting the design of other zkEVMs, which manually define circuits. He describes existing approaches as “time-intensive” and “overly complex,” which also runs the risk of introducing human error.
These concerns were evident in discovering a soundness bug in the ZK-circuits used in Matter Labs’ zkSync Era mainnet. Security firm ChainLight received a 50,000 USD Coin (USDC) reward from the firm for identifying the vulnerability in Sept. 2023.
The bug would have allowed an attacker to produce proofs for invalidly executed blocks, which the smart contract verifier on Ethereum’s mainnet would have accepted. Matter Labs deployed a fix and awarded ChainLight a bug bounty, the first claimed for a ZK-circuit bug in the zkSync Era.
“Vitalik Buterin started talking about security concerns, like what if a circuit gets broken,” Komarov explains.
“We started digging into it. The problem became obvious that these circuits are written manually. People spent years building it, but it basically recreates the same logic that EVM does, manually in the circuit representation.”
Komarov adds that this method makes code auditing extremely hard. The zkSync bug is an example of the potential for error involved in manually defined circuits. =Nil; Foundation’s approach is to automate the compiler from Ethereum’s EVM using its circuit compiler developed over the past two years.
“That’s as close as we can get for the circuit to have the same security as Ethereum’s original implementation. If that’s broken, then the circuit is broken.”
The solution is also designed to be adaptable to EVM changes as Ethereum’s roadmap continues, providing a “future-proof” zkEVM compiler that does not require significant resources and time to upgrade, given its automated design. This allows the zkEVM to integrate the latest Ethereum Improvement Proposals as they take effect.
The foundation published its prototype code repository and specifications on Dec. 12.