Introducing KZG Commitments

KZG Commitments allow users to succinctly commit to data and prove values at specific points, making it more efficient to validate smart contract transactions, helping to scale distributed systems.

SupraOracles Chief Research Officer Dr. Aniket Kate

The ideal blockchain reaches consensus securely, distributes tokens fairly, and has an immutable ledger. However, accomplishing these qualities in the most efficient way is the key to widespread adoption, as the scalability of decentralized ledger technology remains the most significant roadblock facing Web3 today. These issues are thus at the forefront of Supra’s research as we endeavor to bring to bear the most robust set of decentralized products the world has ever seen.

Have you met the Chief Research Officer at Supra? His name is Dr. Aniket Kate, and he is leading the way for a new generation of distributed protocols to interoperate securely, fairly, and with adequate protections for user privacy. Dr. Kate is a respected researcher and academic in the field of cryptography, with a specific track record of impactful research on the topic of secure, multi-party computation. One of the ways his research has been applied to blockchains is how parties can prove bits of data within a larger data set in order to more efficiently validate transactions.

Dr. Kate’s primary research contributions pertain to secure cryptography, distributed systems, multi-party computation, privacy-preservation, and accountability-enhancing protocols. His research on polynomial commitments as a means to scale blockchain consensus algorithms has been popularized in the Ethereum community as they explore Layer 2 solutions, as well as in privacy blockchains using zero knowledge proofs.

The name KZG, or Kate, Zaverucha, and Goldberg Commitments, was coined in honor of the researchers who proposed the novel concepts. In this article, we’ll introduce KZG Commitments and how they’re being used to scale decentralized consensus mcehanisms and strike a balance between on-chain efficiency, privacy, and transparency.

Succinct Verification Using KZG Commitments

Polynomial Commitment Schemes are basically mathematical “scaffolds” which allow crypto developers to communicate large packets of data while fitting them into scalable and cost-effective sizes into points along simple curves. KZG Commitments are a type of polynomial commitment scheme that enables efficient and verifiable secret-sharing schemes, and cryptographic accumulators.

KZG commitments can be used to build and scale accountability in blockchain systems, where participants need to prove that they followed a specific protocol with fidelity to the shared ledger. Node participants and validators need to provide evidence of their actions more efficiently by using abbreviated data sets. It is not entirely different in concept from Merkle Trees in that they both allow for the batched verification of larger data sets and allow nodes to efficiently prove the inclusion or non-inclusion of specific data points.

KZG Commitments offer some really attractive properties for scaling blockchains. First of all, succinctness. That is, KZG Commitments allow for short and efficient proofs with fixed sizes. Succinctness is a critical property for scaling blockchain consensus models because it allows for the efficient representation, storage, transmission, and verification of data. 

The size of the commitments and the proofs do not depend on the degree of the polynomial, meaning they will not require increasingly more memory over time. This reduces the bandwidth consumption of on-chain verification and consensus, the time it takes to verify transactions, and even the storage/hardware requirements needed to run nodes. 

Furthermore, KZG Commitments are homomorphic, meaning that they support arithmetic operations (addition and multiplication) directly on the commitments without revealing the underlying values. This property is beneficial for constructing advanced Zero Knowledge Proof (ZKP) protocols that require arithmetic operations on hidden values. Let’s consider why homomorphic operations are so groundbreaking when it comes to scaling blockchain networks.

Performing operations on hidden values is what’s called homomorphic operations. Consider the following analogy using magical boxes to represent KZG Commitments that allow you to perform computations on encrypted data without decrypting it first. Now, imagine these magical boxes which can lock things inside, representing batched data sets like wallet balances and the history of previous block data.

When you put things in the box and lock them, the contents become in-part hidden from everyone, even from yourself. However, we can still commit to our own knowledge of the box’s contents to help perform operations on the hidden contents without actually opening it or revealing the contents in their entirety. We commit to a verifiable polynomial which sufficiently demonstrates our knowledge of relevant data.

Now, let’s pretend to place the numbers 3 and 5 in separate magic boxes before locking them. For our group to add a third box, the homomorphic property of the magic boxes means you can add the contents of the two boxes, ending up with a new magic box containing the sum of 8. So, 8 will become a part of how we identify the new box and the boxes which preceded its existence. However, we won’t know everything that’s inside the new box, but we know our part of it and that can be demonstrated succinctly thanks to KZG Commitments.

KZG Commitments Foundational for ZK Proofs

While the ledger data maintained on blockchains must be open, transparent, and immutable, users must still retain the right to some modicum of privacy. However, transparency can’t come at the cost of our human rights. This is particularly relevant for interacting with dApps, in which users engage directly with third parties without intermediaries to chaperone participants- but we still expect to behave in civilized and predictable ways.

For instance, many argue that users should be able to transfer money to one another without random onlookers identifying both parties by name and wallet address. Shouldn’t we be able to shield our transactions from those who wish to steal from us? Failure to protect the average user can lead to dangerous outcomes, particularly when large amounts of crypto are at stake. The rewards are high enough to draw out the worst in people, and the effect may be amplified by the impersonal and anonymous nature of the Internet.  

As mentioned, KZG commitments have been used to develop something called zero-knowledge proofs, a type of cryptographic primitive that allows for provers to convince verifiers that certain statements are true without revealing the full statement itself. ZKPs have various applications, such as authentication, privacy-preserving computation, and secure multi-party computation. Users “commit” to a value or set of values, which can be validated later with the use of a shared public key.  

Of course, the way that these keys are generated is an entire topic in and of itself. That is, there are what are called “trusted setups” in which the public key is generated in such a way that any secret knowledge of its private key (and therefore the ability to manipulate it in any way) is destroyed ceremonially. In the event that someone had knowledge of the corresponding private key for validating proofs, then they would be able to spoof proofs and could possibly steal assets not belonging to them.

Back to ZKPs, to prove knowledge, users submit a commitment which is verified and then written on-chain as ‘proof’ of the value’s fidelity to the shared ledger, hence the name. This is useful in a variety of applications requiring both public auditability and privacy at the same time. This makes them specifically suited for blockchains and related Web3 protocols. While privacy is a significant benefit of these blockchains, the decreased transparency can make it more challenging for external parties to audit the network or verify its integrity.

In fact, KZG commitments have been foundational to the development of a number of advanced zero-knowledge proof systems like Sonic. Sonic proofs are constant in size, and use a batch verification of ZK Proofs, lowering the marginal cost of verification and optimizing for succinctness in validating transactions. KZG commitments also formed the basis for Halo 2, another highly advanced zero knowledge proof mechanism which doesn’t even require a trusted setup.

Zcash was the first to successfully implement zero knowledge proofs into their design, but even Satoshi was interested in privacy protections during Bitcoin’s creation. Unfortunately, ZK Proofs never became a feature of Bitcoin’s core protocol since the technology was still too inefficient at the time, but that hasn’t stopped researchers from making ZKPs more efficient and secure, and thus opening up exciting opportunities for newcomers in the space.

KZG Commitments are also being applied to scale Ethereum’s zk-SNARKs. Polygon has also been very open about exploring ZKPs. Since the use of zk-SNARKs significantly reduces the volume of data that needs to be transmitted and verified on a given network, there is a reduction in computational requirements and therefore, cheaper and more transactions per second (TPS) may be achieved.

Unfortunately, privacy-focused blockchains can become havens for illicit activities. This, at best, attracts regulatory scrutiny or worse, ends with users wallets winding up on sanctions blacklists. If this happens, it’s likely that honest users could be caught in the crosshairs of financial regulators or law enforcement agencies looking to shut down such services, like in the case of Tornado Cash. 

It’s not unreasonable for users to seek privacy while it is also understandable that sacrifices are often made for the sake of combating lawlessness. The technology is surely important and worth pursuing, but there are nevertheless challenges external to technological breakthroughs that must be overcome. Of those, the political challenges are entirely predictable if operations could be construed by lawmakers as facilitating transactions without KYC measures in place with an auditable trail of asset custody.

Challenges to Overcome for ZK Developers and Privacy Preservation

KZG commitments have the potential to revolutionize privacy and security in the blockchain space as they allow us to not only scale blockchains, but potentially include privacy features as they are most applicable. As the technology continues to evolve, further research and collaboration among stakeholders will be critical in making blockchains more efficient.

To better determine the optimal role that blockchains will play within the broader financial and political systems of the world, we will need them to securely scale to new heights, and KZG commitments are one of the building blocks which underpin the efforts to do so. However, ZKP developers and privacy chains will have to face their own sets of challenges, both technical, regulatory, and geopolitical.

Computational Complexity

One of the primary concerns with the implementation of ZKPs in blockchains is the computational complexity and costs associated with on-chain activity, particularly at large scales. Although strides have been made to optimize ZKPs, they still require a significant amount of computational power. This increased computational overhead can slow transaction settlement, which undermines the efficiency and scalability of the ZK Proof networks.

Furthermore, if computation, compliance, or costs become too burdensome on network participants, it would incentivize the network to become centralized around a few well-funded nodes. Consequently, the improper application of ZKPs would conflict with the ethos of decentralization which characterizes Web3 culture.

Centralized, Trusted Setups

ZKPs also introduce additional centralization risks due to the requirement for a trusted setups in systems like zk-SNARKs, for instance. As mentioned previously, these trusted setup phases require that participants ‘publicly generate’ and then ‘securely dispose of’ the initial parameters used for validating proofs. 

While there are workarounds to this through multi-party computation and other public ceremony techniques, the requirement for a trusted setup still constitutes a significant centralization risk. If these parameters are compromised, the integrity of the entire blockchain network would be at stake. This could be a non-starter for participants joining the network too long after the trusted setup ceremony.

In contrast, systems which avoid the need for a trusted setup like zk-STARKs make trade-offs between efficiency and succinctness, exacerbating the aforementioned computational complexity and scalability concerns. In other words, decentralization at the setup seems to compromise scalability down the road, though that should only be taken as an invitation for further innovation.

Obfuscation of Malicious Activities

By allowing users to transact and prove ownership without revealing transaction details, ZKPs make it inherently more challenging for law enforcement agencies and regulators to track and apprehend criminal suspects and illicit activities. Most commonly, this involves things like, money laundering, tax evasion, weapons or drug dealing, and funding organized criminal activity.

The improper application of ZKPs will undoubtedly exacerbate this issue, increasing the potential for misuse, and inviting regulatory crackdowns. This could lead to additional scrutiny on honest, retail digital asset holders, as well as the presence of heavy-handed regulation and other compliance requirements. While regulations are not unwelcome, they often favor large players while snuffing out smaller competitors.

Ecosystem Fragmentation

The adoption of ZK Proofs in blockchain networks is still just getting started, and the varying approaches to using ZKPs could result in too many fragmented, incompatible ecosystems. If disparate ledgers cannot trust one another and must rely on distinct standards for fidelity and an unknown verification process, they are unlikely to be interoperable.

Furthermore, the use of ZKPs is not guaranteed to be universally adopted outside of niche cases, leading to a divide between privacy-oriented networks and those prioritizing full transparency or some other parameters based on government compliance regulations. This division could hinder what is now a broad vision of a unified Web3 with cross-chain interoperability.

Conclusion

Currently, most blockchains face scalability issues, as their transaction processing capacity is limited. For example, Bitcoin handles around 5-7 transactions per second (TPS), and Ethereum can process just under 30 TPS. In comparison, Visa handles over 24,000 TPS. This discrepancy poses a significant challenge for blockchain adoption unless scaling solutions are found and successfully implemented. By allowing for the succinct and efficient verification of transactions, KZG Commitments offer a promising approach to addressing scalability issues.

References

1. Buterin, V. (2017, 14 Jan.). Exploring elliptic curve pairings. Vitalik.ca
2. Buterin, V. (2022, 14 Mar.). How do trusted setups work? Vitalik.ca
3. Feist, D. (2020, 16 June). KZG polynomial commitments. Dankradfeist.de.
4. Kate, A., Zaverucha, G.M., & Goldberg, I. (2010). Constant-size commitments to polynomials and their applications. International Conference on the Theory and Application of Cryptology and Information Security.

About Supra

SupraOracles aims to revolutionize data access, bridging the gap between the traditional world and DeFi to become the gold standard in scalable and secure oracle networks in the world. With SupraOracles, users experience seamless data feeds, lightning-fast query response times, and unparalleled security for the execution of their smart contracts. In addition Supra offers a highly advanced VRF service for the generation of entropy in a variety of on-chain applications. Led by Dr. Kate, Supra is making headway in the development of privacy-preservation utilizing ZK cryptography.

Visit Supra Docs and check out our collection of whitepapers to get the latest developments.

Read Next

• What are Zero-Knowledge Proofs?
• The Byzantine Generals Problem and Fault Tolerances in Blockchains
• Supra Intralayer: Plug-and-Play Microservices for a Cross-Chain Economy