►
Description
We are excited to co-stream again with C4 as we bring Part 2 of the ZKP 101 session. We bring the experts on Zero Knowledge Proofs to discuss the core concepts, technical limitations, and case studies.
Ping Samrat Kishor for an invite to the live audience.
A
B
Special
episode,
which
is
a
second
episode
of
zero
knowledge,
proof,
101
Basics,
with
improvisation,
with
C4,
and
we
are
also
post
streaming
on
their
channels
as
as
always
I
would
encourage
you
to
read
more
about
Baseline
protocol.
It's
a
protocol
which
is
in
that
trading
a
secure
and
private
way
for
organizations
to
sync
up
data
points
amongst
different
systems
of
record
organizations
can
communicate
collaborate
on
shared
business
processors,
for
example,
supply
chain
and
financial
reporting.
B
So
with
me,
I
have
today
some
very
special
guests.
We
have
Josh
from
C4,
we
have
Andreas
who's
going
to
be.
Our
speaker
today
he's
also
the
co-chair
of
protocol
along
with
me,
and
we
also
have
Mark
Adel
and
Mark
ramsar
hi
hi.
Everyone
thank
you
for
making
it
to
Today's
Show
I
know
the
festival
has
kicked
in
and
and
you've
taken
time
out
and
doing
this,
so
I
hope
people
who
are
watching
us
and
people
who
will
watch
us
in
future
do
spend
some
time
in
learning.
B
B
He
is
going
to
be
contributing
to
Today's
Show,
one
of
our
he's,
one
of
our
very.
A
B
Established
code
devs,
we
are
also
looking
forward
to
hosting
Jessica
sometime
soon
from
from
C4,
but
I
would
like
to
now
invite
Josh
to
go
ahead
and
introduce
E4.
A
Hey
everyone
thanks
for
having
us
again
we're
excited
to
do
these
co-live
streams,
pretty
great
C4
or
the
cryptocurrency
certification.
Consortium
is
a
non-profit,
that's
been
in
the
space
since
2014
and
our
focus
is
on
helping
standardize,
the
space
to
kind
of
add
consistency
across
all
the
different,
wonderful
services
and
and
and
software
that
are
out
there,
as
well
as
focusing
on
educating
people
making
sure
that
all
these
different
kind
of
weird
technical
sounding
terrifying
topics
are
laid
out
and
and
help
people
to
you
know
kind
of
excel
in
this
space.
A
With
with
this
type
of
knowledge,
so
I'm,
one
of
the
co-founders
of
C4
and
we've
got
our
executive
director
Jessica
on
with
us
as
well.
Jessica
welcome
and
we're
looking
forward
to
talk
about
some
some
zks.
B
Excellent
excellent,
thank
you
so
much
and
we
really
appreciate
what
you're
doing
and
and
yeah
with
with
that,
let's
Deep
dive
a
little.
Let's
read
dive
into
CK
things
last
time:
okay,
hi
John!
Thank
you
very
much
for
for
watching
us
live
so
so.
Last
time
we
had
some
technical.
So
what
we're
going
to
do
is
we're
going
to
do
a
quick
recap
of
what
we
were
covering
last
time
and
then
we're
going
to
Deep
dive
into
into
newer
topics
for
for
today,
so
I
pass
it.
C
B
Andrea's
go
ahead.
C
Yes,
so
thank
you,
Josh
Jessica,
from
C4
and
summer,
my
co-conspirator
at
the
Baseline
protocol,
as
well
as
Mark
hallo,
the
the
effervescent
Outreach
TSC
Guru,
and
mark
the
primary
r
d
on
all
things:
Baseline
and
business
process.
Automation.
So
thank
you
and
shout
out
to
to
to
the
the
omnipresent
it
seems
John
walpert
who's
watching
the
the
stream.
C
So
just
a
quick
reminder.
So
last
time
we
we
we
talked
about.
Why
do
we
need
is
their
knowledge
proofs
right.
In
fact,
we
we
have.
We,
the
Baseline
protocol,
published
a
Blog
around
the
the
digital
business
trialama.
C
C
There's
our
knowledge,
where
you
know
is
there
a
trust
is,
is
really
important.
Why?
Because
zero
trust
is
the
is,
is
the
new
it
word
in
cyber
security,
because,
if
you
want
to,
if
you
want
to
do
dealings
with
the
government,
you
must
now
Implement
zero
trust,
which
means
you
every
single
interaction
is
assumed
to
be
untrusted.
C
So
you
have
to
establish
trust
every
single
time
you
interact
with
with
someone
with
everything
with
everything,
so
that
that's,
and
the
only
way
to
do
that
is
in
the
end
through
their
knowledge,
because
that
that
allows
to
to
to
establish
also
zero
trust.
So
again,
really
brief.
C
So
again
for
those
of
you
who
are
who
who
weren't
there
last
time
really
zero
knowledge
is
basically
just
being
able
to
prove
something
to
someone
without
revealing
what
that
something
is
right,
like
the
password
to
alibaba's
Cave
I,
walk
into
the
cave,
open,
open,
one
way,
open
the
door,
not
revealing
the
the
password
to
anyone,
obviously
and
walking
out
the
other
side.
So
I
have
proven
that
I
know
the
password
to
alibaba's
Cave
by
walking
in
one
side
coming
out
the
other,
but
I
haven't
revealed
anything.
C
So
that's
the
that's
the
that's
a
short,
the
short
summary
of
of
where
we
left
off
last
time.
So
what
I
want
to
do
now
is
talk.
A
little
bit
go,
go
a
little
bit
deeper
and
talk
about
actual
application.
C
You
actually
are
to
to
to
support
and
execute
actual
actual
use
cases.
So
let
me
do
that
I'm
actually
not
going
to
share
my
screen.
I
uploaded
the
presentation,
so
you
just
need
to
see
whether
you
need
to
tell
me
whether
you
you're
able
to
see
that
presentation.
C
There
we
go,
looks
like
we,
so
we,
let's
talk
about
zero
knowledge.
B
C
C
I
have
I've
I,
don't
know
of
any
instance
where
either
ethereum
or
Bitcoin
have
ever
been
successfully
compromised.
C
If
you
do,
let
me
know
I
haven't
and
given
that
it's
it's
always
open
and
accessible
by
anyone.
That
is
quite
an
accomplishment.
No
other
no
other
computer
systems
and
the
history
of
humanity
can
claim
that
in
fact,
even
non-computer
systems
they
always
have
been
have
been,
have
been
compromised.
So
this
is
a.
This
is
a
first
in
in
in
human
history.
Really,
however,
public
blockchains
are
as
the
as
as
John
walpert
and
so
aptly
coined
or
or
public
data
nudist
colonies.
C
C
Obviously,
control
also
increases
because
up
here
everything
is
centralized
down
here.
It's
decentralized,
which
means
less
control
for
the
individual
at
the
bottom,
more
control
on
top,
so
our
three
top
layers
are
really
what
you
would
call
the
traditional
Enterprise
stack,
and
then
we
have
our
magic
layer
of
privacy
and
speed
the
processing
layer
in
the
middle
that
is
then
sitting
on
on
on
top
of
a
public
public
blockchain.
C
If
that
looks
familiar
to
some
yeah,
it's
it's
not
really!
It's
not
really.
We.
We
have
seen
these
type
of
of
multi-layer
architectures
in
many
instances
before,
or
this
is
the
first
time
where
we're
sort
of
like
mirroring
centralization
and
decentralization
in
an
effective
way
so
moving
on.
So
we
just
saw
that
last
time
too
now
we're
going
here
reminder
what
is
so
magic
about
the
magic
layer.
Well,
we
have
privacy,
so
we
have
zero
knowledge
proofs
of
transactions.
We
have
strong
encryption.
C
We
are
using
the
latest
cryptography
techniques,
even
though
when
you
speak
to
Microsoft
research
guys
and
they
say
what
it's
less
than
30
years
old.
That's
not
good,
but
apart
from
from
from
from
from
our
our
very
conservative
cyber
security
friends,
we
then
also
have
the
security
aspect,
because
it
inherits
the
security
assurances
from
the
public
chain,
which
is
which
is
which
is
important.
C
And
asset
data,
or
any
data,
is
directly
available
on
the
public
chain
to
be
used,
which
is
important.
However,
at
the
same
time,
it
doesn't
reveal
anything
so
that
that's
the
that's
the
apparent
Paradox
that
we're
we're
we're
resolving
using
zero
knowledge
proofs
and
because
we
are
now
we
have
this
centralized
stack
on
on.
On
top,
we
can
increase
speed,
which
means
we
can
roll
up
all
the
trans
transactions
that
we're
doing
on
the
centralized
part
and
then
anchor
it
on
the
public
chain.
C
That
means
less
cost
than
if
we're,
if
we're
doing
every
single
transaction
on
the
Chain,
the
good
thing
would
be
a
verifiability.
Why?
Because
all
the
all
those
zero
knowledge
proofs
of
all
the
transactions
that
are
happening
on
on
our
layers
above
can
be
verified
in
zero
knowledge
on
the
public
chain,
which
means
you
can
actually
prove
that
no
one
cheated
on
that
on
that
on
those
layers,
above
might
not
like
them,
but
they,
but
you
can
prove
that
they
that
they
didn't
cheat.
Everything
was
done
correctly.
C
Therefore,
our
magic
layer
has
again
the
same
security
as
our
assurances
as
a
public
chains
that
we
like.
It's
a
hundred
two
thousand
times
more
scalable,
which
is
what
we
what
we
love.
You
have
guaranteed
data
availability
on
the
on
the
Chain,
which
is
which
is
awesome,
which
is
allows
you
to
have
the
same
security
properties.
You
have
privacy
preserved
at
all
times,
it's
much
less
transaction
fees,
verifiability
of
all
proofs,
and
that
also
because
it's
the
top
part
of
centralized
you
can
do
kyc
and
AML.
C
Well,
that
looks
sounds
like
you
know:
it's
it's!
You
got
the
cake
and
eat
it
too,
right,
not
quite
because
it's
definitely
not
transparent,
which
is
not
supposed
to
be,
and
it's
not
necessarily
censorship
resistant.
C
So
that
is.
That
is
also
that's
also.
Okay,
because
you
know
we're
we're
we're
and
when
we're
talking
about
Enterprises
We,
Trust,
The
Operators
and
by
the
way
most
layer
twos
actually
are
they're
they're,
not
decentralized,
they're
they're.
They
have
centralized
sequencers,
centralized
provers.
So
it's
like
no
one,
no
one!
No
one
should
get
their
their
underwear
in
a
bunch.
C
So,
let's,
let's,
let's
move
on
so
what
type
of
ZK
proves
do
we
need
for
the
magic
layers
right?
So
proofs
must
be
efficient,
succinct
and
farifiable
on
a
public
chain
efficient
and
succinct.
Why
you
don't
want
proofs
to
be
kilobytes
or
long,
because
that
costs
a
lot
a
lot
of
money
to
store
and
if
the,
if
the,
if
the
proofs
verification
take
long,
that
means
a
lot
of
compute
cycles
and
compute
Cycles,
as
we
all
know,
cost
also
money
on
the
on
the
on
the
public
chain.
C
So,
therefore,
if
you
want,
you
know,
if
you
want
to
be
able
to
verify
proofs
fast,
they
must
be
fast
and
they
must
be
short
such
that
you
know
we're
not
paying
an
arm
for
like
because
otherwise
it
wouldn't
really
be
worth
our
our
while,
if
we're
not
gaining
anything
right,
proofs
need
to
be
recursive
right,
we'll
see
in
a
second.
C
Why,
basically,
you
need
to
be
able
to
prove
a
zero
knowledge
proof
into
another
zero
knowledge
proof,
because
in,
for
example,
a
supply
chain,
as
as
our
our
lovely
friend,
Mark
cattle,
will
tell
you.
No
one
wants
to
share
any
data,
but
they
need
to
prove
everything,
so
that
leads
to
sometimes
really
not
only
awkward
but
really
bizarre
circumstances.
C
So
that
is
that's!
That's
that
proof
generation
needs
to
be
fast,
because
otherwise
you
can't
get
really
that
that
much
speed
in
in
our
in
our
logic,
magic
layer.
So
we
need
to
figure
something
out
where
proof
generation
is
fast
and
then
we
should
ideally
have
no
or
limited
number
of
trusted.
Setups
right,
so
trusted
setup
is,
is
basically
generating
some
cryptographic
toxic
waste
that
you
need
for
your
prover
system
to
work,
but
that
allows
you
to
to
typically
have
very
efficient
and
succinct
proofs.
C
But
if
you,
if
you
don't
have
that,
then
your
proofs
are
are,
are
larger,
they're
faster
to
generate
but
they're,
larger
and
they're
Therefore.
Your
verification
time
is
longer
and
costs
more
money,
so
they're
all
kinds
of
trade-offs.
So
that's.
Why
can
we
limit
our
numbers
of
of
trusted
setups
that
we
could
that
that
we,
that
that
we
can
use
or
even
get
rid
of
them?
So
those
are
our
criteria
that
we
need
to.
C
Thank
you
fulfill
in
order
to
be
able
to
be
fast
and
cheap
and
secure
right.
We're
definitely
cool
because
we're
using
DK.
So
that's
that's
by
definition.
Zk
is
the
New
Meme.
It's
like
I'm,
I
I
said
anybody
know
of
of
of
a
ZK
coin.
Yet
that's
like
any
any
mean
coin
that
has
taken
off
yet
I.
Don't
think
so.
C
But
if
you,
if
you,
if
you
know,
let
me
know
or
launch
it
yourself
right,
there's
there's
there's
there
are
enough
gullible
people
out
out
in
the
world
that
you
can
you
can
you
can
get
away
with
that?
It's
meme
coins,
that's
it's
it's
all
there
is
Z
cash
is
a
is
a
is,
is,
is
a
native
protocol
talk
token
right
so
that
that's
a
that's!
That's
required!
C
That's
not!
That's!
That's
a
a
necessary
requirement
for
the
system
to
to
to
work
so
protocol
tokens
are
not
meme.
Tokens
meme
tokens
are,
is,
is
I,
don't
know,
Sushi
swap
tokens
yeah.
C
We
have
no
idea
what
it
does.
That
is
exactly
right.
Sona
I
think
that's
brilliant!
It's
like
the
value
that
is.
That
is
that
that
is
what
is
it?
I,
don't
know
we're
not
we're
not
telling
you
what
is
it
useful
for
we
don't
know
it's
their
knowledge,
brilliant,
all
right,
so
yeah,
I,
I,
I,
think
the
world's
ready
for
for
for,
for
a
ZK
token.
So
now
that
we
have
our
requirements,
we
know
we
want
this
this
this
the
stack
because
it
does
all
the
nice
things.
C
So
how
do
we
actually
get
there?
So
what's
a
way
available,
do
not
you
know,
Common
ZK
prover
systems
do
not
fulfill
all
four
requirements.
More
advanced
CK
prover
system
mostly
fulfill
all
four
requirements,
except
for
one
little
thing,
but
important
detail:
public
blockchains
support
of
the
crypto
used.
C
That
is
a
that's
a
a
very
limiting
criteria.
Why
is
because,
in
order
to
prove
to
verify
proofs
on
chain,
you
need
to
do
these
cryptographic
operations
and
if
you
do
them
like
in
a
smart
contract,
they
are
take
a
whole
lot
of
cycles
and
they're
very
expensive.
So
back
in
2017,
when
or
2016
2017,
when
Z
cash
started
up,
Zuko
and
and
and
and
and
and
cohorts,
and
so
Zuko
vitalik
and
Christian
they
were,
they
were
like
we
got
it
in
case
you
don't
know
they're
like
oh.
C
C
So-
and
you
know
low
on
and
and
behold
in
order
to
make
it
cheap,
Christian
wrote,
wrote,
wrote
the
pre-compiles
that
are
that
are
currently
there
for
for
for
parent-friendly
Curves,
because
zcash
wasn't
so
is
using
CK's
arcs,
which
require
what's
called
bilinear
pairings
of
of
elliptic
curves.
That's
something
for
the
crypto
nerds
out
there,
the
cryptography
nerds,
not
the
token
nerds
and
yeah.
So
guess
what
those
pre-compiles
were
implemented.
Try
that
to
do
now
right!
No,
no
chance!
D
C
It's
like
it's
like
yeah,
the
the
the
the
the
core
developers
will
will
show
you
the
middle
finger
nowadays,
but
back
then
you
know
it
was.
It
was
still
it
was
it
was.
It
was
still
a
less
less
structured,
more
free
for
all
so,
but
if
those
pre-compiles
hadn't
been
written
with
a
particular
curve
in
mind,
because
it
was
used
that
the
curve
was
used
by
by
Z
cash
back,
then
we
wouldn't
have
ZK
Roll-Ups
at
all.
C
How
we
probably
only
have
optimistic
rollups-
and
we
wouldn't
talk-
we
wouldn't
be
talking
about
this
this.
This
Enterprise
ZK
stack
wouldn't
be
possible
because
we
would
not
have
a
public
blockchain
that
is
able
to
verify
their
knowledge
proofs
in
a
decentralized
manner.
So
sometimes
the
fever
dreams
over
over
over
beer
and
vodka
actually
lead
to
something
something
beautiful,
not
always,
but
sometimes
so.
Let
me
let
me
move
on
here.
D
C
Let's,
let's
give
an
example
of
the
of
the
with
John
validity:
proofs
are
the
the
are
the
proofs
that
are
being
put
on
on
chain.
C
Those
are
validity,
proofs
they're,
not
fraud,
proofs,
that's
what
the
optimistic
Roll-Ups
do
and
that's
why
it
takes
so
long
ability.
Proofs
are
directly,
are
directly
proven
on
chain
and
and
and
finalized.
So
you
have
immediate
data
availability.
That's
why
so,
but
now
really
really
really
really.
There
are
zero
knowledge.
The
validity
proofs
aren't
zero
knowledge,
but
that's
why
I'm
talking
about
ZK
ZK,
roll-ups
John.
You
know
that
so
because
we
want
privacy
and
and
speed.
C
C
Ones
for
ZK
is
the
is,
is
the
question
it's
it's
it's
so
you
know
it's
like
CK
EVMS
I'll
talk
about
that
are
are
coming
out
right
now
and
there's
great
work
in
in
optimizations
going
going
on
there
right
now,
but
let's,
let's
focus
on
this
this
little
piece
here.
So
how
do
they
work
so
we
need
to
be
able
to
to
to
obfuscate
everything.
So
what
do
we
need?
We
need
two
trees.
C
Actually
three,
but
let's
start
with
two:
we
need
one
tree
that
shows
you
what
what
the
state
of
your
asset
is
right.
That's
why
it's
called
the
note
tree,
because
every
node
is
is
represents
an
asset
that
can
be
spent
and
that
is
actually
fully
encrypted
and
only
the
asset
owner
can
decrypt
that
and
then
there's
a
nullifier
tree
right,
because
you're,
adding
you're
adding
leaves
to
the
to
the
to
the
no
trees,
and
then
you
need
to
when
that
leaf
is
no
longer
valid.
A
C
Is
so
how
does
that
work?
So
the
asset
is
valid
and
then
is
there's
a
there's,
a
you're
spending
it
so
there's
an
old
Leaf
now
you're
creating
a
new
Leaf.
C
When
you
create
the
new
Leaf,
you
need
to
create
a
nullifier
leaf
to
nullify
the
old
leaf
and
because
you
you
have
when
the
asset
is
sold,
you
need
to
to
to
to
to
destroy
a
token
that
is
that
is,
is
is
associated
with
the
that
you
would
CH
that
that
you
exchange
the
asset
for
and
therefore
you
need
to
destroy
a
token
here,
because
in
this
case
the
the
the
the
token
represents
some
some
some
fiat
currency.
So
you
need
to
destroy
that.
C
Which
means
you
need
to
create
a
new
leaf
and
if
you
destroy
something
or
if
you
sell
something,
you
create
something,
you
need
a
you
need
a
nullifier
when
you
change
something
here.
You
need
another
fire
leaf
here,
so
you
have
are
no
tree
and
the
nullified
tree.
So
when
new
trees
new
leaves
grow
here,
new
leaves
have
to
grow
here
as
as
well.
There
are
some
details
in
here:
I'm
not
going
to
go.
Go
into,
but
that's
basically
basically.
D
C
C
There
are
actually
three
trees
right,
so
when
you're,
when
you're
when
you're
and
you
need-
because
you
need
to
to
keep
track
of
the
state
of
all
trees
right
there,
because
because
when
you
have
a
when
you
add
a
leave
to
the
tree,
it's
no
longer
the
same
tree
right
so.
But
you
need
to
know
that
you
know
your
old
trees
were
all
basically
done
in
the
right
order
right
they
have
to
make
you
have
to
maintain
the
state
history
right
of
all
of
your.
C
Transactions
since
everything's
obfuscated
to
everyone
else,
except
you
know
the
the
parties
and
the
transactions
we
need
to
make
sure
that
that
we
keep
track
of
everything.
So
that's
why
we
have
these
trees,
these
Merkel
trees.
So
you
have
the
old
tree.
The
old
no
tree
becomes
a
new
node
tree
and
then
you
need
to
register
your
you
need.
You
have
the
that
in
the
old
root
tree
and
then
you
have
the
old
nullifier
tree.
C
That's
a
new
Leaf
added
to
the
old
root
tree
so
and
that
is
that
that
tracks,
the
history
of
all
the
nodes
and
nullifier
trees
and
because
everything's
encrypted,
except
at
the
time
of
transaction,
when
two
parties
interact
with
one
another
boom,
you
have
full.
You
have
full
anonymity.
Now.
How
does
that?
Now?
That
is
again
that's
happening
in
our
magic
layer
of
of
privacy
and
speed
right,
that's
where
the
trees
live,
but
how
do
they
get
on
onto
onto
the
blockchain
right?
C
We're
we're
doing
batching
right,
so
we
have
we,
we
have
a
CK
State
machine.
We
have
our
circuits
for
each
transaction,
that's
actually
done
on
the
user
side
and
all
those
transactions
those
are.
They
can
actually
be
computed
in
your
browser,
whoa
whoa
row
row
row
or
in
your
in
your
mobile
app
they're,
sent
to
you
in
into
the
magic
layer
of
of
into
the
processing
layer
where
you're,
batching
them
up
and
you're
batching
into
into
and
transactions
are
put
into
a
batch
for
processing
reasons.
C
So
you
can
parallelize
the
whole
thing
wonderful
and
then
you
take
those
those
K
batches
and
you
batch
them
up
again,
and
all
of
that
is
then
generating
one
final
transaction
that
is
posted
on
Shane.
So
it
is
actually
full.
So
you
have
you
have
a
digest
of
their
knowledge.
Proofs
very
short
that
are
that,
are
then
all
rolled
up.
There's
some
recursiveness
happening
here
as
we're
we're
we're
proving
that
all
those
ZK
proofs
here
were
actually
done
correctly.
C
So
I'm
proving
every
single,
every
single
proof
here
in
the
batch
and
then
the
batch
generates
the
zero
knowledge
proof
that
is
proofed.
Also
recursively.
Here
in
that
final
batch,
so
we
have,
we
have
a
multiple
recursive
Pros
put
together
and
that
is
put
as
one
proof
and
one
proof
only
onto
the
public
chain
and
voila.
You
have
full
anonymity
of
of
transactions
on
the
Chain.
Now
the
king
Observer
has
probably
figured
out
while
we're
talking
only
about
assets
and
asset
States.
C
So
yes,
this
is
what
you
would
call
a
utxo
model,
an
unspent
transaction
output
model
that
we
know
from
our
Bitcoin
days
so
doing
that
so
doing
that
as
a
general
purpose
computation.
That
is
a
lot
more
tricky
right.
So,
let's
see
how
that
where
we
are
with
that-
and
let
me
let
me
run
through
that
really
quickly
and
then
we
we
can
take
some
take
some
questions,
so
this
is
done
in
what's
called
a
zkevm
right.
C
So
what's
the
what's
the
what's
the
ZK
evm,
it's
just
like
a
normal
Layer,
Two
ZK
roll
up.
However,
it
now
allows
you
to
use
solidity
contracts
and
deploy
them
on
an
evm,
and
it
takes
the
byte
code.
C
It
that
you
that
you
of
the
solidity
contract-
and
you
know
just
like
normal
compiler-
does
and
translates
it
into
opcodes
in
those
OP
codes
you
can
find
in
in
in
in
Gavin's,
yellow,
yellow
paper
and
a
few
ones
have
been
have
been,
have
been
added,
and
these
these
op
codes
are
then
with
the
inputs
and
outputs
are
atomistically
proven
with
zero
knowledge
proofs.
How
that
works.
One
second,
really
important
thing
here
is
you
can
use
your
existing
tool
chains
right,
so
nothing
changes.
C
You
want
to
to
run
unit
swap
V3
on
a
on
a
ZK
evm
go
ahead,
deploy
your
your
unit,
swap
V
V3,
smart
contract
system
and
run
it.
You
want
to
bridge
Assets
Now
from
from
from
optimism
to
to
to
optimism
unit
swap
V3
over
to
to
your
ZK
evm,
not
a
problem
user
user
use
the
known
bridge
and
you're
you're
you're
your
onto
the
races
right.
So
that's
actually
pretty
cool.
C
So
now,
I
have
general
purpose
compute
in
a
in
a
in
a
with
my
my
smart
contracts
in
azk
environment.
So
how
does
that
work?
If
all
your
transactions
that
are
that
are
that
are
sent
to
to
to
your
to
your
Layer
Two,
where
they
can
actually
in
parallel,
be
processed
and
then
batched
up
and
put
as
a
roll-up
block
onto
the
public
onto
the
public
chain,
just
like
any
ZK
roll-up
would
work
if
we're
looking
a
little
bit
under
the
hood.
C
What
do
we
see?
Let's?
Let's
do
a
a
little
bit
of
a
of
a
of
a
life
cycle:
walkthrough
the
user
submits
transactions
using,
for
example,
metamask
right,
it's
a
regular
smart
contract,
so
the
usual
Json
RPC
interfaces
all
work
and
we
have
yes,
we
do
have
a
mempool,
and
then
we
have
something
which
is
unique
to
layer
twos.
We
have
a
sequencer
and
a
sequencer,
basically
orders
your
transactions
based
on
some
rules
into
a
sequence
and
submits
a
digest
of
those
transactions
on
the
public
chain.
That's
a
commitment.
C
The
aggregators
are
that
have
that
have
been
lurking
in
the
in
the
background
or
watching
the
the
the
the
the
chain
and
are
grabbing
the
oh
there's
a
digest.
Oh
okay,
where
do
we
have
all
of
that
detailed
information?
While
it's
in
it's
in
our
our
our
data
store?
Why
is
it?
Is
it
in
the
data
store?
C
Because
you,
you
know,
the
sequencers
have
have
exchanged
that
have
put
it
there
and
the
synchronizers
have
made
sure
that
the
that
that
that
the
data
that's
on
chain
and
in
the
store
stays
in
in
sync,
so
the
aggregators
when
they
grab
it.
C
They
know
that
that
that
digest
that
it
was
posted
here
corresponds
to
a
specific
set
of
transactions
here
which
they're
grabbing
and
then
they
are
hitting
the
prover
that
prover
we'll
talk
about
that
in
a
second
generates,
all
those
lovely
zero
knowledge
proofs
for
for
a
transaction,
because
a
transaction
is
not
now
not
just
one
zero
knowledge
proof,
but
a
whole
bunch,
because
one
smart
contract
transaction
might
execute
a
few
hundred
a
few
hundred
op
codes.
C
So
you
have
a
few
hundred
zero
knowledge
proofs
that
you
need
to
batch
and
roll
up
and
and
and
and
and
post
on
chain.
That
sounds
like
a
lot,
and
it
actually
is,
but
there's
a
trick
and
we'll
we'll
talk
about
that.
That
that
trick
in
a
in
a
second
but
once
the
the
the
that
final
xerne
knowledge
proof
is
posted
on
the
ethereum
Chain
for
the
digest
and
it's
finalized
there
by
by
validating
that
proof,
we're
all
done
right.
So,
let's
take
it.
C
Let's
take
it.
Take
a
one,
more
detailed,
look
under
the
hood:
what
do
we
do?
We
have
the
node,
which
is
here,
which
is
the
the
the
aggregator
that
grabs
the
data
which
is
organized
into
Merkle
tree
and
sends
the
input
to
the
CK
prover.
The
ZK
approver
takes
that
also
grabs
grabs
addition
more
data
here
generates
the
proofs
and
sends
it
back
to
the
to
the
to
to
the
node
great
come
on
so
then
what
happens
then?
You
have
that
ZK
approver
is
just
like
the
evm.
C
It
is
a
virtual
State
machine,
and
what
they're
doing
is
that
in
order
to
get
this
in
any
way,
shape
or
form
manageable,
you
have
multiple
State
machines
that
are
that
are
doing
doing
specific
things,
so
you
have
a
a
main
Processing
Manager,
so
to
speak.
C
That
is,
that
is
basically
divvying
up
the
work
to
very
specific
State
machines.
State
machines
that
are
generating
their
knowledge
proofs
for
very
specific
things,
like
arithmetic
operations,
binary
operations,
memory
operations,
Computing
Computing,
the
kekchat
hash,
there's
some
there's
storage
and
then
there's
some
auxiliary
state
machines
that
are
sort
of
like
helper
State
machines
that
are
called
by
these
secondary
State
machines.
So
the
if
this
looks
like
a
microprocessor
architecture
to
you
you're
a
hundred
percent
right.
C
It
is
it's
actually,
quite
quite
a
brilliant.
These
type,
the
this
type
of
architecture.
This
is
obviously
very
stylized
simplified.
This
is
actually
much
more
complicated,
but
as
micro
processors
are
right,
but
this
is
some
brilliant
architecture,
work
that
that
the
various
various
teams,
whether
that's
consensus,
software
ink
or
scroll
or
polygon,
Hermes
or
is
or
matter
lapse
with
ZK
sync
2.
C
to
that
whole
and
a
few
others
have
done
absolutely
brilliant
work
kudos
to
to
to
those
to
those
to
those
teams.
Brilliant
engineering
work.
So
how
does?
How
does
these
these?
These
things
work?
As
you
see,
there's
this
actually
microprocessor
architecture.
You
know
you
have
your
control
unit,
you
have
the
main
memory
and
the
ALU,
as
you
see,
that's
exactly
how
this,
how
this?
How
this
how
this
works
right,
so
the
the
way
that
I
described
it
just
like
a
regular
CPU
now
this
is
the
last
one.
C
This
is
specific
to
armies.
There
are
different
types
of
solutions,
others
are
taking
like
consensus
software
and
takes
the
actual
up
codes
and
and
does
not
change
anything.
So
that's
what
vitalik
would
call
a
type
2
ZK
CK
ebm
armies.
Does
it
slide?
Does
it
differently?
They
are
transpiling.
The
op
codes
into
a
z,
cave
into
ZK,
friendly
opcodes
and
are
are
then
taking
those
and
and
Computing
specific
commitment
polynomials.
For
for
these.
C
For
these,
for
these
optimized
opcodes,
those
are
trade-offs.
There's
there's
you
know,
one
is
one
is
one
is
closer
to
the
actual
evm.
Then
then,
then,
the
other
each
have
their
advantages
and
disadvantages.
But
the
basic
thing
is
here:
is
your
your
you?
You
have
your.
You
have
the
compiler
output
that
is
put
into
the
ZK
executor
that
generates
Stark
proofs,
a
whole
bunch
of
CK
Starks,
which
are
like,
which
are
which
are
cousins
to
zkson
arcs.
C
They,
the
proof
generation
time
is
very
fast,
but
the
proofs
are
much
larger.
So
so
what
you?
What
do
you
do?
C
You
are
generating
all
of
these
snarks
from
all
of
these
op
codes
and
proofs
and
you're,
generating
a
witness,
the
witness
you
need
to
prove
completeness
which
you're,
which
you're
generating
from
the
from
the
proofs
and
the
public
inputs
and
you're
Computing
the
verification,
keys
and
everything,
and
that
Witness
Goes
then
into
for
all
these
snarks
right,
they're,
then
batched
and
their
proofs
generated
just
like
in
in
the
zkzk
roll
up
example,
which
is
by
the
way
at
stack,
love
at
stack.
Aztec
are
great
they're.
Doing
wonderful
work.
C
They
are,
they
are
going
and
saying
hey.
We
cannot
put
Starks
and
verify
Starks
on
chain,
because
that
would
be
really
too
expensive.
They
are
great
because
they
you
can
I,
can
compute
a
lot
of
proofs
really
fast.
C
C
So
with
that
last
sort
of
like
trick,
I'm
now
rolling
up
all
the
Starks
and
creating
approver
a
ZK
snark
proof
of
all
of
them
and
put
that
on
chain,
and
that
is
my
validity
proof
that
is
going
to
be
put
on
chain
now.
Did
I
tell
you
that
this
is
zkzk?
No,
it's
just
a
ZK
roll
up,
however.
C
The
digest
which
is
committed
by
the
sequencer
can
be
put
into
into
into
into
zero
knowledge.
So
this
digest
could
be
our
knowledge
proofs.
That's
the
next
step,
you're,
putting
zero
knowledge
proofs
into
the
digest,
and
then
you
verify
that
those
those
are
those
are
those
are,
those
are
correct,
like
you
just
need
asset
identifiers
and
then
you're
good.
C
D
C
When
you
pull
out
your
assets,
you
just
need
to
to
to
show
that
one
of
those
digest
proofs
is
actually
controlled
by
you
and
then
you're
you
can
you
can
pull
that
asset
out
based
on?
What's
on
the
information,
that's
on
on
the
on
the
on
the
layer
two
and
because
this
is
general
purpose,
this
brings
now
Us
full
circle
back
to
Baseline
the
ZK
evm.
If
you're
doing
some
privacy.
B
Thank
you
very
much
for
that
presentation.
I
think.
That's,
probably
the
the
best
presentation,
I've
seen
on
this
topic
and-
and
you
know
really
mind
blown
you
know.
For
example,
I
I
could
really
wrap
my
head
around
the
you
know.
The
work
which
always
is
doing,
for
example,
I
mean
that's
something
that's
something
new
and
I'm.
Just
okay,.
B
C
C
To
answer
to
answer
to
to
answer
to
answer
room
so
that
the
Starks
are
are:
are
quantum
compute,
safe,
snarks
or
not,
but
as
soon
as
you
as
you,
as
you
write,
pre-compiles
for
it
for
for
Stark
proofs,
then?
Yes,
that
whole
thing
on
chain
is
also
then
going
to
be
Quantum
secure.
C
If
your
chain
is
quantum
secure,
if
you're,
if
your
layer
one
is
so
it
it's,
that's
that's
going
to
be
an
interesting
transition,
but
before
we
get
to
that
point
where
you
can
do
256,
qubits,
computations,
on
cacchak
and
and
and
digital,
you
know
messages
on
on
on
yeah,
it's
like
that
will
take
a
little
while
few
decades.
C
Oh
yeah,
we
can,
we
can
do.
We
can
post
a
snark
on
on
on
on
ethereum
John.
D
C
C
So
now
you
can
actually
have
recursive
proofs
right
so
because
in
the
evm
I
can
prove
the
input
in
the
call
data,
which
is
the
ZK
proof
right
with
the
pre-compiles
so
and
then
I
have
proved
the
ZK
proof
in
the
evm
and
I
have
generated
proofs.
That
I
proved
that
it
was
that
that
proof
was
correct
and
then
on
chain
I
prove
that
everything
is
correct.
So,
yes,
I
can
I
can
then
start
building
building
proves
upon
proofs
upon
proofs.
If
I'm
structuring
my
smart
contracts
correctly.
C
So
that's
the
that's
the
one
but
I
think
there
was
one
more
question:
wasn't
there?
Is
it
possible
to
rep
contextual,
ZK
hashing
into
day
variables
within
a
Json
versus
an
entire
transaction?
C
Yes,
as
I
just
said
you
can
you
can
you
can
write,
you
can
write
a
smart
contract
functions
that
accepts
call
data
and
the
call
data
can
contain
your
your
your
witness.
So
there
you
go.
B
A
Yeah
muted
now,
but
just
for
the
trick,
I'm
good,
although
we
did
get
a
question
on
the
C4
stream,
is
there
a
question
or
is
there
or
do
you
think
there
will
be
in
the
future
a
competitive
advantage
to
a
specific
ZK
protocol,
or
do
you
think
they'll
kind
of
hit
parity
in
the
long
run?
C
C
So
Jay
the
the
answer
to
to
that
is
no,
because
they
all
have
trade-offs
right.
You,
you
need
to
pick
the
prover
system.
That
is
that
that
is
best
suited
for
what
you're
trying
to
achieve
right.
If
you,
if
you,
if
you
want
specific
performance-
and
you
want
speed,
you're
then
build
you're
hand
crafting
your
circuits
because
they
will
be
definitely
faster
and
and
require
less
less
memory
Etc
than
CK
evm.
C
If
you,
if
you're
going
for
more
general
purpose,
stuff
and
you're
willing
to
to
incur
the
cost
of
of
of
compute
and
and
storage,
you
go,
you
go
ZK
evm
route,
so
it's
really
dependent
on
what
you're
trying
to
achieve,
which
is
by
the
way
true
for
any
technical
solution.
There
is
no
one
size
fit
all,
or
one
prover
system
will
rule
them
all.
No
prover
system
evolved
just
like
technology
evolves
are
getting
better
and
they
will
have
trade-offs.
C
Just
like
normal
technology
has,
and
you
have
to
you
have
to
decide
which
one
is
best
suited
for
you
there.
There
are
many
many
many
many
many
many
different
different
approver
approver
systems
out
there.
Each
build
for
very
specific
things,
right
I
mean
so
it
you
need
to
do
go
out.
Do
you
do
diligence
and
understand
and
ask
the
right
questions
when
you
of
the
teams
that
are
that
are
proposing
Solutions
and
let
them
know
what
the
trade-offs
are
you're
willing
to
take,
or
not.
C
So,
let's
take
a
normal
data
packet
and
ZK
all
the
things,
but
well
so
CK
is
a
proof
of
correctness
right.
So,
if
I,
if
I
take
data
right,
then
I
need
to
have
an
assertion
right
that
the
data
is
that
the
data
is
correct.
C
At
that
point,
I'm
back
to
my
root
of
trust,
problem
right
and
then
I
what,
however,
what
I
can
do
I
can
I
can
generate
a
circuit
that
that
verifies
the
signature
on
a
fair
Fable
credential
over
that
data,
where
a
known
entity
claims
that
that
data
is
correct,
that
is
doable,
let's
actually
relatively
straightforward
and
and
in
simple
circuits,
just
a
signature
for
verification
and
and
and
over
a
hash.
C
So
but
again
it's
a
proof
of
correct
execution.
It's
a
proof
of
correctness.
C
C
Oh,
maybe
I,
haven't
really
thought
about
it.
It's
like
that's.
That's
that's
too
much
for
for
me
to
to
to
to
to
to
a
process.
I
cannot
I
cannot
generate.
I
will
send
you
a
I
will
send
you
a
ZK
proof
later
on
that
on
that,
on
that.
C
Yeah,
it
will
just
say
it
is:
it
is
doable
right.
That's
that
that's
that's
like
the
old
joke.
With
with
with
the
the
engineer
the
physicist
and
the
mathematician
that
have
been
given,
given
a
a
can
of
food
and
they
had
they
had
to
open
it.
Otherwise
they
would
starve
right
and
and
the
engineer
and
the
survived,
because
they
were
practical,
and
you
know
the
the
the
they
open
up
the
cell
for
the
for
the
mathematicians
starve
to
death.
C
B
All
right
so
yeah
I,
think
I
think
we're
at
the
end
of
another
interesting
show
and
and
yeah
thanks
for
all
those
questions,
everybody
was
watching
us
and
and
engaging
in
real
time
and
yeah
there
was
book
labs
there
was
laughter
is
a
lot
of
emotions
that
you
take
back
from
today's,
but
but
very
importantly,
what
we
take
back
is
a
great
video
which
we
will
use
for
a
very
long
time
for
educating
people
and
people
on
on
the
subject
and
and
yeah
we
can.
B
We
can
continue,
you
know
as
as
we
just
posted,
so
we
can
continue
chatting
if
anybody
has
any
questions
in
future
as
well.
Do
find
us
on
our
slash
Channel
and
you
can
you
can
hit
up
Andreas
and
ask
any
any
questions.
B
Oh
yeah,
somebody
says
yeah
he's
hilarious,
yes,
San
Andreas
is
the
right
mixer
of
knowledge.
I
am
your
all.
A
B
Okay
and
we
also
print
one
message
which
was:
he
came
in
Block
coming,
so
that's
something
which
someone
said
and
yeah
I
totally
totally
agree
with
one
of
the
topics
which
we
will
pick
up
and
we'll
probably
publish
on
that
very,
very
soon,
okay,
so
with
that
wrap
for
today.
Thank
you,
everyone
who
tuned
in
and
see
you
next
week,
we
will
just
have
office
hours
next
week.
We
will
chat
a
bit
about
everything,
Baseline
and
we'll
just
say,
see
everybody
off
into
the
holiday
season,
and
then
we
will
meet
next
year.