Zero Knowledge Blockchain Bridge

Victor Yeo
3 min readMay 23, 2023

--

A blockchain bridge is a cross chain application sitting between blockchain C1 and C2, proving to applications on C2 that certain events took place on C1, and vice versa. The events can be asset transfer events, message passing events, etc.

First approach of designing cross chain bridge for POW or POS blockchain is to keep track of block headers of C1 and C2, and verify the transactions with Merkle proofs. This approach incurs significant computation and storage overhead.

Second approach is to use an external committee of nodes to validate and verify the state in C1 and C2 blockchain. This approach relies on honest nodes. If the nodes are compromised, bridge security becomes a question.

With the application of zero knowledge proof, one can design a zero knowledge bridge to do cross chain transfer, with cheap computation and storage cost, and without trusting external committee of nodes.

The zero knowledge bridge approach leverages zk-snark (Succinct Non-interactive ARguments of Knowledge). A prover on blockchain C1 uses zk-snark to convince verifier on C2 that a certain event took place on C1.

The advantages of zero knowledge bridge are:

  1. use the security of the underlying blockchain
  2. verify event of C1 efficiently on C2
  3. separate blockchain bridging from application specific logic

The approach proposes two ways to expedite proof and verification efficiently. The zero knowledge proof generation is the most computationally demanding part of zkbridge. This approach calls for proof design computation using arithmetic circuit. The circuit uses parallel processing of data to reduce proof generation time. The essence is about using N copies of identical circuits to generate proof in parallel.

Furthermore, it uses constant size proofs (such as EdDSA signature) that are fast to verify on-chain by smart contract.

zkbridge architecture

The above diagram shows high level architecture of zero knowledge bridge (zkbridge). The zkbridge contains two smart contracts, the relayer contract and updater contract. The relayer contract gets the block header from sender chain, generates ZK proof of the block header through off-chain computation. The ZK proof is passed to updater smart contract. The updater contract verifies the ZK proof on-chain, and if it is verified successfully, updates the block header on receiver chain.

Zero knowledge bridge can be used in several use cases. In cross chain assets transfer, users stake a certain amount of token A on the sender chain, and get the same value of Token B on the receiver chain.

In the application of NFT transfer, users will need to deploy a lock contract on C1 and mint contract on C2. The smart contract will lock the NFT on the sender chain. The zkbridge will generate the proof of inclusion of lock transaction. Based on the information, another smart contract will verify and mint NFT on the receiver chain.

zkbridge with NFT transfer app

The above diagram shows zkbridge with a separate NFT transfer application. The NFT transfer application uses zkbridge to achieve secure cross chain transfer.

Definition:

Non-interactive zero-knowledge (NIZK) proofs are a particular type of zero-knowledge proofs in which the prover can generate the proof without interaction with the verifier.

Zk-snark (Zero Knowledge-Succinct ARguments of Knowledge) is the most preferable NIZK. It is a set of non-interactive zero-knowledge protocols that have succinct proof size and sub-linear verification time.

EdDSA: Edwards Digital Signature Algorithm, the signature scheme used by zk-snark. It is base on twisted Edwards curves.

Twisted Edwards curves: a model of elliptic curve. It is named after mathematician Harold M. Edwards.

twisted Edwards curve

The zkbridge can support bridging from Cosmos to Ethereum. It can also support from Ethereum to other evm chains.

References:

--

--