We are excited to announce zkBridge, the first trustless, permissionless, extensible, and efficient cross-chain bridge. With succinct proofs, zkBridge guarantees strong security without external assumptions. The paper will appear in ACM CCS 2022: zkbridge.org. (1/18)
Bridges are critical for web3 interoperability in a multi-chain future. However, most bridges today require trust on an external committee, have limited extensibility, and yield poor decentralization. Over $1.5 billion has been stolen through exploits on bridges to date. (2/18)
Compared with existing cross-chain bridges, the overall advantages of zkBridge can be summarized in 5 aspects: trustless and secure, permissionless and decentralized, extensible, universal, and efficient. Weβll expand on each aspect as follows. (3/18)
Trustless and Secure: The validity of block headers on remote chains is proven by zk-SNARKs, thus requiring no external trust. Indeed, as long as the connected chains and light-client protocols are secure, and there is one honest relayer, zkBridge is secure and live. (4/18)
Permissionless and Decentralized: Any node can freely join the network to relay block headers, generate proofs, and claim rewards. The elimination of the commonly-used central or PoS-style committee for block header validation offers zkBridge better decentralization. (5/18)
Extensible: zkBridge allows maximum extensibility by separating the bridge from application-specific logic, thus making it easy for developers to build applications on top of the bridge. With verified block headers, broad functionalities are enabled for wider usage. (6/18)
Universal: The block header relay network and the underlying proof scheme in zkBridge can be adapted to support a broad spectrum of blockchains, as long as they support a light client protocol to verify the block headers of the blockchain. (7/18)
Efficient: With our highly optimized recursive proof scheme, block headers can be relayed within a short time, and quickly finalized as soon as the proof passes on-chain verification, thus supporting fast and flexible processing of information of remote blockchains. (8/18)
Now, letβs take a look at the design and workflow of zkBridge. Concretely, zkBridge consists of an off-chain block header relay network and an on-chain updater contract. (9/18)
In the block header relay network, relayers retrieve the block headers from the sender chain C1, generate validity proofs, and send the headers along with the proofs to the updater contract which is set up on the receiver chain C2. (10/18)
The updater contract on C2 maintains a list of block headers and the light-client state of C1. Once a new block header is relayed and the associated proof is verified, the contract stores the header, changes the light-client state, and updates the current main chain of C1.(11/18)
The updater contract also exposes an API through which an application on C2 can obtain the block header of a given height on C1, with which the application can build application-level logic (e.g., checking inclusion of a specific transaction). (12/18)
zkBridge leverages a highly optimized zk-SNARK scheme for block header relay, which helps achieve cryptographic security assurance without any external trust assumptions such as a central or PoS committee, and significantly reduces on-chain verification cost. (13/18)
To make the underlying zk-SNARK system efficient for on-chain usage, both fast proof generation and low on-chain proof verification cost are required. We use a novel 2-layer distributed recursive proof system to satisfy both properties when proof circuit is large. (14/18)
In the first layer, we present deVirgo, a distributed version of the Virgo proof system. It achieves optimal parallelism by making both sumcheck and polynomial commitment phases distributed. The proof generation is accelerated by orders of magnitude for zkBridge workload. (15/18)
Furthermore, to reduce on-chain verification cost, we use recursive proof in the second layer. We apply Groth16 in the second layer to prove that the previously generated proof by deVirgo indeed proves the validity of the corresponding block headers. (16/18)
The addition of the second layer significantly reduces the on-chain verification gas cost from ~80M to less than 230K. Through the 2-layer recursive proof scheme, we perfectly achieve fast proof generation and low verification cost at the same time. (17/18)
Loading suggestions...