ZKEVM

zkEVM is to Ethereum a Layer 2 network and a scalability solution utilizing zero-knowledge technology to provide validation and fast finality of off-chain transactions.

zkEVM supports a majority of Ethereum EIPs, precompiles, and opcodes. Developers benefit from the seamless deployment of smart contracts, developer tools, and wallets that already work on Ethereum, but in an environment with significantly lower costs.

Security measures

zkEVM’s upgrades are on par with Ethereum’s security standards as they involve deployment of the following contracts:

• An admin multisig contract to avoid having one account controlling upgrades.

• A timelock contract to give users sufficient time delay to withdraw before execution.

• A transparent upgradeable proxy, from OpenZeppelin’s libraries of audited and battle-tested contracts.

The activation of the 10-day timelock for upgrading zkEVM’s smart contracts on Ethereum requires approval by the network’s Admin, a three-participant multisig that acts as a governance tool for the protocol. This is a Gnosis Safe with a ⅔ threshold.

In the event of an emergency that puts user funds at risk, the network’s Security Council may remove the 10-day timelock. In such an emergency, the network state stops advancing and bridge functionality is paused. The Security Council is an eight-participant multisig. This is a Gnosis Safe with a 6/8 threshold. Learn more about zkEVM upgradability.

Design characteristics

zkEVM was designed with security in mind. As an L2 solution, it inherits its security from Ethereum.

Smart contracts are deployed to ensure that everyone who executes state changes does so appropriately, creates a proof that attests to the validity of each state change, and makes validity proofs available on-chain for verification.

Development efforts aim at permissionless-ness, that is, allowing anyone with the zkEVM software to participate in the network.

For instance, the network allows anyone to circumvent any transaction-censorship by triggering the force batches mechanism, or to avoid denial of validity-proving by activating the force verification feature.

The ultimate aim is to ensure that there is no censorship and that no one party can control the network. Since data availability is most crucial for decentralization, zkEVM posts all transaction data and validity proofs on Ethereum. This means every zkEVM user has sufficient data needed to rebuild the full state of a rollup.

Efficienct and overall strategy

As a scalability solution, efficiency is key to zkEVM.

The network therefore utilizes several implementation strategies to maximize efficiency.

A few of these strategies are listed below:

1. Deployment of the consensus contract, which incentivizes the aggregator for participating in the proof generation process.

2. Carry out all computations off-chain while keeping only the necessary data and ZK-proofs on-chain.

3. Implementation of the bridge smart contract is made efficient by using only Merkle roots of exit trees.

4. Utilization of specialized cryptographic primitives within the proving component, zkProver, to speed up computations and minimize proof sizes.

   This is seen in:

   • Running a special zero-knowledge assembly language (zkASM) for interpretation of bytecode.

   • Using zero-knowledge technology such as zk-STARKs for proving purposes; these proofs are very fast though they are big in size.

   • Instead of publishing the sizeable zk-STARK proofs as validity proofs, a zk-SNARK is used to attest to the correctness of the zk-STARK proofs.

   • Publishing zk-SNARKs as the validity proofs to state changes.

These help in reducing gas costs from 5M to 350K (wei).

The zkEVM network is therefore secure, efficient, comes with verifiable block data, and cost-effective.