Epicenter - Learn about Crypto, Blockchain, Ethereum, Bitcoin and Distributed Technologies - Anna Rose & Kobi Gurkan: Zero Knowledge Proofs – State of the ZK Ecosystem - Part 2
Episode Date: January 5, 2023While Part 1 (#476) focused more on the general landscape of the ZK ecosystem, covering team updates and developments, in this episode, we take a closer look at specific use cases for ZK proofs and if... the focus has shifted from privacy to blockchain scalability. Moreover, as the dusk of 2022 introduced chatGPT to the world, it seems only fitting to explore ZKP integrations in machine learning (ML).In Part 2 of this 2-part episode, we were joined by Anna Rose, host of Zero Knowledge Podcast and founder of ZK Summit, ZK Validator and ZK Hack, and Kobi Gurkan, Head of Research at Geometry, to discuss current applications for ZK proofs and what narratives are going to shape 2023 for the ZK ecosystem.Topics covered in this episode:Applications and use cases for ZK proofsZK bridgesAudits and ZK securityZKML (Machine Learning)Succinctness vs. Privacy2023 predictions for the ZK ecosystemPrivacy - human right or concern?Episode links: Zero Knowledge Podcast on TwitterZero Knowledge Podcast on YouTubeAnna Rose on TwitterKobi Gurkan on TwitterSponsors: Tally Ho: Tally Ho is a new wallet for Web3 and DeFi that sees the wallet as a public good. Think of it like a community-owned alternative to MetaMask. - https://epicenter.rocks/tallycashThis episode is hosted by Friederike Ernst. Show notes and listening options: epicenter.tv/477
Transcript
Discussion (0)
This is the second part of a two-part series on the state of the ZK ecosystem.
And we're speaking with Anna Rose, the founder of ZK Podcast, ZK Summit, ZK Validator, ZK Hack,
and probably a bunch of other ZKs, as well as Kobe.
Kobe Gurkin, who is the head of research at Geometry and works with Anna at ZK Validator and ZKHack,
and is also a cryptography advisor at C Lab.
If you've missed the first part of this double episode,
go back to last weeks and maybe start with that one
because it'll segue quite nicely from there.
Without much further ado, let me tell you about our sponsors this week.
Our sponsor this week is Teleho.
Teleho is an open-source wallet redefining the wallet as a public good.
With Teddy Ho, you can safely connect to Defy and
web 3 plus a lot more. You can view your NFTs in the wallet across Ethereum, Polygon,
optimism and Arbitrum. They have ledger support. You can swap between assets and view all of your
account balances across in their portfolio tab. Currently, they're running a layer 2 adventure
that rewards users for exploring the Arbitrum ecosystem with TeleO. You can get a space stock
and be entered into a giveaway for another NFD. Head over to tally.cash and check it out.
And with that, let's head over to the second part of the interview with Kobe and Anna.
So I think it might be a perfect time to start talking applications because I think that was where
you wanted, you wanted to sort of hear some of these like novel, cool ideas, right?
Absolutely. That's what I'm here for.
Nice. All right. So yeah, we did before this interview, we compiled a bit of a list. And a lot of these
are coming, by the way, from these interviews that we've done recently and, like, trying to
pull together, like, what, you know, what, Dan, for example, this interview we did with Dan Bonnet,
it was episode 56, like four weeks ago.
It's a wrong number, yeah.
It's a good number.
But, yeah, it was, we, in that, he went through a bunch of examples.
So we can definitely share those.
I also know in the interview I did with Matt Green, I learned about some new ideas.
And generally, I mean, look, if you look at what zero X park,
releases in their videos when they do showcases, that's like an amazing space to find out about
like new ideas. And not, the truth is not all of them are feasible at this moment, I think,
but still like set the goal, like put the, you know, flag in the sand in the future and then
let's build those tools so we can actually make these things possible. I'm curious if you've been
keeping up to date on this. Kobe, have you been paying attention to like Constitution Dowd too?
Just a bit.
So I like
I like the concept of
this
anonymous
multisigs. So that's kind
of what the nuclear team
is doing. So
they're using
privacy technology
to
like one of the things that they're doing is to hide
who exactly participate in the multisig.
But in constitution doubt they're using it to
and hide the total amount that you would bid.
Yeah, exactly.
They're using this to hide the amount that you would bid
because we don't know what happened
with the first constitution, though,
where it's just because the amount was public,
it was just outbid.
And so yeah, I think they're using this
in a very cool way to hide this.
But yeah, that's the extent that they know it.
So yeah, this was the private DAO's.
One of the reasons for this was
was like, and this is what we talked about in that episode with Dan was, you know,
yeah, when you're doing betting, when you're actually in an auction and you can see what
other people have as their max, then it's pretty easy to win the auction. And I think that's
kind of what happened. So yeah, this is a cool. So this is a really cool use case for this.
We do have Penumbra, which is like a privacy preserving decks. So that's like, and there's
been a lot like Manta also had proposed something like this. There's a lot of different like
ways to think about what in a decks should be private. And
what can be private and what maybe can't be private.
And so that's just been an interesting conversation space
and development space to define that.
I think Penumbra's solution is really cool.
And just in terms of status, though,
like they are still test nets and like there's a lot to build
before you can actually use these things.
Maybe we can mention like some cool experiments
that we've seen from Zerox Park, right?
So I think one thing that was really cool was this,
Hey Anon experiment.
So maybe you've seen that on Twitter,
but they've been taking these groups that maybe have some relation amongst the people.
So for example, all the people that participated in the DAO and got hacked, you know,
so now all of these people can send a message as a participant or as a member in that group.
without revealing who you are.
So this is something that they've published, which is really nice.
Like you can do that.
Some other cool thing that I think technically it's very advanced.
That's called ETH DOS.
Actually, I don't remember what the...
Okay, it's degree of separation.
That's the acronym.
So it allows you to prove who you know and like who that person knows and so on.
So how far in terms of the chain of people are you form of Vitalik?
That was the demo that they did.
So it uses actually like recursive proofs and extremely complex machinery inside Snarks to make that happen.
Just to prove this degree of separation.
So that's something unique.
And another cool experiment that they did was Kabbal, which allowed you to create these Discord channels or Telegram channels that have pseudonyms that are derived from, again, a group of people that you know beforehand.
but when they joined the channel,
then nobody knows who they were from that group.
So those are some cool experiments that we've seen.
And I think we could also mention some of Dan's experiments, right?
Yeah, so Dan told us about this project where they're trying to almost do
like image provenance even after it's been cropped or changed.
So trying to prove that like, and I think the exact
or the use case here is like newspapers that will crop an image, but you want to know that it actually is from an original physically or a digital file or digital image. And so there's a ZKP to like prove that it's actually from that original one. And I know on our show we talked about maybe even extending this to music or to film and like being able to prove like if you edit film that it's connected to an earlier version of that video footage, which is pretty exciting. This is.
This is like one of these non-block chain ones.
There is another non-block chain one to mention.
This is mentioned on the episode I did with Matt Green, where apparently, and I don't know
any real details on this, but apparently Google is looking to use ZKPs to like comply with
GDPR rules, but still use private data.
So it's almost like to go around some of the privacy rules, like using it to like, oh,
we can make it private with ZKPs, but like actually doing things that normally they wouldn't,
they shouldn't be doing.
I don't know.
I actually don't know enough about this to cash that much shade.
But yeah, I do.
I want to mention also like a project that is live, which uses it.
And that's Sismo.
So we actually had them present at ZKHack and actually create these attestation badges.
It's pretty cool.
Like it's, I don't know.
Kobe, do you want to go through how it works?
I can help.
Yeah, sure.
Actually, it's interesting because when they started out,
I was talking to the Sismo founders.
And actually, I think this is when I was looking into Starknet.
So I was doing a project based on blind signatures
that allow you to get an attestation from some issuer.
But after you get this attestation,
the issuer cannot track you anymore
because you're blinded in the process.
So it was a construction that I learned from privacy paths,
which is a project from Cloudflare from a few years ago.
But I think nobody really deployed it in this context.
So that was fun.
And the Sismo people also created something of that sort when they started out.
And that's what allowed them to create these badges,
which are privacy preserving.
So you have some issuers that maybe you trust or put some trust in, but nobody can track you, not even them after you do that.
But they have since developed much more, and they're using Zikaa and membership proofs like the ones that others like Zcash and the projects from Lithium Foundation are using.
And basically everyone that does privacy preserving transfers.
and they're now doing other kinds of attestations that have even less trust in them,
but still preserve this unlinkability properties.
They seem to emerge, like people kind of treat them like poaps,
but they have a much more interesting, yeah, like something private and detached underneath,
which is cool.
Yeah, no, it's just one of the projects we've put.
meaning to have one for a while.
So yeah.
Nice.
Yeah.
Other like so there's some there's some projects that have been around for a while like
semaphore or CLR fund.
CLR funds like allowing you to do get coin um type donations but privately as far as I remember.
Yeah. And then I'm trying to think like that there's two areas like well actually before
I do that Kobe, is there any other use cases that come to mind? I think we've covered our list.
So yeah, I think like maybe there's worth to mention that there is a big group in the Ethereum Foundation that's called like PSE, like privacy scaling explorations.
They're doing a lot of projects that push the boundaries in ZK.
So semaphore was in there, which allows for anonymous messaging or signaling more correctly.
CILAR fund is based on Macy, which is kind of a project that doesn't fit in the,
box exactly of privacy or scalability because it uses snarks to prevent collusion between
people. And so it creates a more secure environment for voting. So that's that's really compelling.
And there's there's a bunch of other projects that are being worked there. So for example,
there is a ZK Oprah, which combines private transactions with an optimistic roll-up
kind of construction and generally they're doing like cool things.
And but I know what was the question?
No, I think was there any other use cases?
I think what you're saying is like if you want to find the good use cases,
head to those places.
I think like yeah, I think keep keep watch.
Yeah, actually as you're saying this, I was just thinking about like,
so every project that does ZK, like any network, they're going to have like a
ZK education arm and they're going to want, you know, like they're creating a lot of content and
ideas for their network. But there are like these three groups. And I think we count ZK. Hack in that.
It's like ZK. Hack, XRX Park and PSE. Because like in that case, I guess PSE is still very
Ethereum. And actually, XRX Parks very in Ethereum. But like generally there's a little bit
more of like a neutrality for where and how you could deploy these things. So they're just like
ideas and libraries, like things you can probably recreate in other places.
And so yeah, it's definitely like my source for use cases.
So there are two big, there are two big topics we haven't covered.
And that's ZK Bridges and ZKML, which is like the new, very exciting feel people are jumping
into.
Yeah.
So maybe we can talk.
Audits is also something that I really want to talk about.
about for a bit. Cool. But ZK bridges sounds good. So there's the succinct bridge. It also came out of ZeroX Park. In a way, it's a little bit, it's a piece of infrastructure that most people didn't really expect, right? Yeah. Can you talk about how it works?
Yeah, happy to.
So usually when you want to get a bridge, like if you want the Holy Grail in some sense,
or at least something very, very good, you want something which is a light client bridge
so that you can verify the light client protocol of another chain inside your chain.
And that allows you to get really high guarantees because you don't trust, let's say,
like a multi-seag bridge, of small committee, of signers,
or in an optimistic bridge, which is like very secure,
but there is this synchrony assumption or at least.
And it's also game theoretically secure and not like mathematically secure, right?
Yeah, and like there is like network dependency on like latency and stuff of that sort.
So yeah, exactly.
It's like different kind of security properties.
But a light climb bridge allows you to overcome a lot of these difficulties,
especially in chains that have a deterministic finality,
where you can be certain that after a few blocks, things will not change,
which is true, for example, for Ethereum 2.0, but not true for Ethereum 1.
And ZK bridges make it possible for chains that have, let's say, incompatible light clients,
communicate with each other.
So when you want to verify the Ethereum 2.0 consensus, then you have to verify a lot of BLS signatures.
And you have to do it on a very specific elliptic curve.
And that's pretty hard.
And it's pretty compute-intensive in the context of a blockchain.
So with the Zika Bridge, you just run that whole protocol inside the SNARC.
And then you just verify the proof, which is like we mentioned before, a lot of L-1s already support
primitives for proof verification. So you can do that, but you cannot do the light client directly.
So Zika bridges give you that. So for example, it's just a way of kind of getting the state of
the other chain trustlessly onto the chain that you're coming from, right? Yeah, exactly. So now that
you know, you can verify the light client, you now know what is the latest state. So from there,
you can start making queries and check balances and check transfer messages or things like that.
So that connects them in a very nice way.
Yeah.
And like if you look, I did an episode while back on like different kinds of bridges and different security for different kinds of bridges.
And these cryptographic bridges tend to do best on the security front.
And that's where like IBC is like that.
But I, it's funny because I thought for a long time people were just like, you can't do that on Ethereum.
You just can't.
That was the way.
Yeah.
It was a paradigm shift, right?
I mean, so basically just putting everything in the ZK second.
I mean, it's, it's kind of, it's a trick, but it's a trick that works.
Yeah.
And it wasn't practical like two years ago, right?
Like now things have become much faster and much more advanced and people have become better at doing this.
And now it's practical.
It wasn't practical two years ago.
So it's cool.
Yeah.
And there are, so there's the Sysync Labs there.
We actually did for like for ZKV, we do these events sometimes focused on specific
networks.
So we did one on EVMOS and actually talked about ZK Bridges.
So there was like we were able to find a few other teams doing something similar.
There is like a ZK IBC.
There is a team called ZK Bridge.
So yeah, that's maybe that's also over on the YouTube channel.
So if you do share a link to them, I can find it there.
You have Neil Foundation that also did this with Mina and Ethereum.
Yeah, status also has one now, ZK Bridge, and there's a team coming out of Berkeley as well,
called I think Specula.
So, yeah, there's quite a few teams now.
And in a way, this is something that we had no.
So basically, the first deployment of the succinct bridge was between the Nosis test and, and, you know,
and Gurley, the Ethereum test that.
So in a way, we've kind of, we've been tracking this very closely.
Yeah.
And but the thing is, and this kind of leads me to my next topic.
Auditing this is so difficult because basically with a bridge,
and I mean, with the number of bridge hacks we've seen this year, let's hope,
that's how we've seen the last of them for this year at least.
But, um,
and this is,
there are more days.
Yeah,
there eight more days.
So could be a couple of hundred million.
Whatever.
But yeah,
so basically,
uh,
with the number of bridge hacks and the number of funds that are typically in bridges,
um,
kind of security is obviously of the utmost concern.
I mean,
obviously it sucks.
Um,
with vulnerabilities and more or less anything.
But basically,
if it's,
um,
if it's,
uh,
if it's a game or something, obviously it's not, you know, the consequences aren't that large.
But how do you audit these ZK circuits?
How do you make sure that the ZK circuit?
Because, I mean, the bytecode itself is not exactly human readable.
So how do you go about this?
So first of all, can I just give a depressing thought about the security of like ZK deployments?
and bridges in general?
Yes, but I will counteract your thought afterwards,
but go for it. Go for it.
Okay, let's try.
So the depressing thought that a lot of the hacks that we've seen
have happened on, let's say, the integration layers.
So you have this complex solutions like the circuits and all that
and let's say the optimistic protocols and that part.
But a lot of the hacks happen on the integration part, let's say on the smart contracts and so on,
where you find a bug that happens after you verify the complex part.
And I think that's a lot, that's the part that where hackers put a lot of effort in.
And kind of something that is concerning me is that when they start looking at the more complex parts,
maybe they'll find more holes.
So we'll see.
Ooh.
Oh, you're saying like maybe, yeah.
Okay.
So like the hackers haven't even,
they didn't even need to go that deep.
The hacks happen.
Exactly.
I mean, I'm totally with you.
I mean,
so basically the possibility space for making,
for introducing vulnerabilities in Comtech systems is so large.
And I mean,
even if you look at,
if you look like the recent Binance,
bridge hack and so on,
it was actually pretty sophisticated.
indicated already. So basically the, yeah. So how we actually thought about this. So obviously,
we thought about this for a long time because I mean, I mean, we're German engineers, right? So we like
thinking about security implications. Yeah, and audit. So this is why audits, yeah, but so far,
no major hacks. So I mean, so far, you know, for a project that's been in the space for so long,
no success had very few like vulnerabilities. I think.
That's good.
Yeah, I mean,
in terms of ZK,
I mean, when you talk about audits of ZK systems,
we do, I mean, just so you know,
what ZK hack,
when we introduce these puzzles,
they're often based on historic failures.
So actually, like,
if you look at the puzzle page on the ZK hack site,
it's basically meant to show you,
here's how, like, a bug can happen.
Here's how vulnerability did happen.
But I think, so, I mean,
the Zcash bug, for example,
could have been horrific.
That could have been very bad.
Which they don't believe it has been.
I did hear, I saw a tweet.
But they can't prove because it would have basically,
you would have gotten more in the fielded push, right?
So basically you wouldn't have known after it.
So in their particular system, there was a way to kind of prove that it didn't happen
because of when they did the upgrade and the number of tokens, like at some point.
Like you have to move.
Yeah.
Yeah. Not what everyone has, but like just a total.
And so like had there been.
this exploit which just could like mint infinity tokens you would have seen it but that's like a
specific case where like there was only like five people in the world who understood what was
happening anyways and like they all worked there so like that's i think why that didn't get exploited
yeah yeah but yeah but cobi how how we were thinking about this this kind of security
It's kind of strength in numbers.
Basically, it's like you need to add redundancy.
So basically, you put like a sieve and a sieve and a sieve.
And then basically you have something that is not very sieve-like anymore.
So basically our idea and basically how we're going to,
because you don't want to test anything in production, right?
So basically how we are going to kind of move this to production without
endangering
client funds
or user funds
is by actually creating a
multi-sick of bridges.
So basically you have the old
Omni bridge, which is basically a multi-sick-based
bridge, and you put it in a
multi-sick with the new ZK Lightclan bridge.
And basically, if they agree on a payout,
payout happens. If they don't agree, payout doesn't happen.
And then basically you have to,
you have to, in order to compromise,
that, you have to find a vulnerability in the ZK Light Line Bridge, but at the same time,
you actually have to compromise a majority of the sinus for the multi-zig bridge.
So basically that will make it like at least, you know, an order of magnitude more difficult
to kind of break it. And we're also working with other ZK Light Line Bridge teams. So basically
that in the future we will have two or three independent implementations of ZK.
like client bridges. And basically, there will be an and rule. So basically, if these agree,
payout happens. If these don't agree, nothing happens. And basically, in that way, you can reduce
your exposure significantly, enormously, because not only, you don't have to find just one vulnerability
in one bridge. You actually have to find vulnerabilities in three different implementations
of ZK client bridges.
Obviously, that could happen if there's like,
if you have like ZK, like one of those bugs where there's a, you know,
bug in a paper, for instance, like what happened with Zcash at the time.
But it becomes a lot less likely that everything kind of has the same breaking point.
Yeah.
No, I think I think it's very responsible.
I think it's a good approach like to add security in depth.
a very big fan of security in depth in general.
So for example, you know, sometimes even people don't like things like SGX, right?
I don't like SGX.
Yeah.
It's a black box.
It's really difficult to trust.
Yeah.
But if you add it as another, yeah, exactly.
Like if you add it as another component as security in depth, it is something that might add security.
So here, if you do like at a multi-sick bridge and, you know,
Maybe it's easy to bribe all of them.
There are some rich people that can bribe all of these signers,
but it adds some measure of security.
So it is nice.
And I think that's a very responsible way to approach it.
So, but yeah, like if we're talking about like auditing the circuits themselves,
I think it's still a pretty hard task.
I remember like I was doing some of this like when I was in cadet,
we also like audited sapling.
like the Zikash upgrade before it came out.
And it seems to me that's still the most successful
or the most elaborate audits happen when people do manual reviews.
And they see a specification in front of them,
and they vet the specification first,
and then they see that the code matches the specification and so on.
And I think the Zikash team has been spectacular in writing good specifications.
And that was something that, in my opinion, makes them system.
Like, I have a high confidence in their system because of that.
But today we still do a lot of manual audits.
There are some companies that try to improve on that.
Like there has been work where the Castrell
people that now are part of
Elio, I think, that they've done some
formal verification. Yeah, exactly.
And Veridias is also
doing, developing a bunch
of tooling around that, but
still not yet
widely used.
But one of
the things that I think
contributes
more practically to
security
and still don't
happen as much as I
would like is the creation of common components that you can reuse and that get audited and then
get deployed and have a bunch of stake in them in some sense because they're deployed in high
stakes places and that increases the confidence in the components themselves and then if you use this
as a major part in your application you can just piggyback on that exactly and they
think we've done some of this when we were developing semaphore so we audited this component
and some other people were using them and and i would like to see that more now in the new realms of
zK where we use blonk and other kinds of systems it's harder there because you also have a lot
of flexibility you can customize it a lot but if we
find as a community a plonk construction that we can line on maybe we can start developing
these components that people could reuse and that that makes a big difference yeah yeah i like that
yeah i think for that also um having uh some code of some sort of uh you know uh benchmarking tool
which tells you how much certain components have been used and what the amount riding on them has been.
I think that would be super useful.
That would be nice.
Yeah.
Yeah, there's a last point, right?
Yes.
But it's ZKML and I don't know anything really about that.
What is ZKML?
Oh, so that's an interesting topic.
I think it has become from zero to a hundred popular in some sense.
In like the last month.
Maybe, maybe one or two, something like that.
But it's a topic that become very popular.
So ZKML in general is proving that you evaluated a model,
that you got the results from evaluating machine learning model or a neural network,
and proving that you did it correct.
with the right model, with signed inputs, or so on.
And in that way, you can run these in different environments,
not necessarily the environment that consumes the result,
but enjoy, like, be confident that you got the correct result.
So one example would be for, like, phase liveliness detection,
where you would see if,
someone has, like you can do this for KWAC or things of that sort.
But you have other use cases.
You can think about, let's say, GPD3 today or chat GPD,
where you want to know that you're getting the results from the right model that was
at least claimed to have been trained on some specific or some set of inputs.
And you will then be sure that you get a result from that model and not something that someone else invented that didn't include all the history of some region in the world, let's say.
We recently had Jensen on.
Are you familiar with them?
Jensen.
Jensen, G-E-N-S-Y-N.
It was episode 471.
basically it's about deep learning compute and kind of distributing basically making that distributed
and basically there you also have this checkpointing problem that basically you have to people have
to prove that they actually did run your your the data through some sort of model and basically
how involved that was and yeah we also talked a bit about how difficult that it actually is to
proof because it's not deterministic. So it's, uh, yeah, uh, yeah. One other angle on this.
So like, I have not done a deep dive. So I only like really all I've understood though is
there's like two ways of thinking about it. One is the way that Kobe just described of like
a testing to the, the model. But I have heard it also describe like I've just I've heard the idea
of doing kind of like the model making, building the model on encrypted data or like and so it's not
so much ZK. I think people.
It's like homomorphic encryption.
Exactly.
It's probably going to be like FH or HE somehow.
But yeah, just like the topic of ZK also, it's often like super mixed up with all the other advanced
cryptography like MPC and FHE.
Which is great.
I think they should mix more.
Yeah.
I mean sometimes you're actually mixing them and sometimes just like in people's minds, they're like
very complicated cryptography over there.
Diffic.
Maths.
There does seem to be some really cool overlap between the ML, AI worlds and ZK now, which is cool.
I'm excited for the new year to meet some of these people building this stuff.
Yeah, some really good people working on ZKML.
So I'm excited to see where it goes.
Cool.
So it seems like while for the last.
three years or so, most of the progress has kind of hinged on the succinctness property of
CK proofs. It seems like it now ventures more into like the privacy preserving realm that obviously
it can also offer. Would you agree? Oh, I see Anna kind of wiggling her head.
I think there's been those two. I think the blockchain, the wanting to scale the blockchain
accelerated the succinctness for sure and like that idea of using it as validity instead of privacy.
I think those ideas were really awesome and they were like super easily kind of understood and then
used. But I do think like as what I've what has happened is like ZK connecting to blockchain
accelerated ZK development so much that now the ZK libraries are quite good and they're getting better.
they start to be able to be used even outside of blockchain.
And often in those cases, it is privacy.
That's the main part.
Can you give examples?
Well, I gave this one example that I don't know that much about.
The video thing?
Google, the video one, but like Google and GDPR.
I mean, there was years ago, Cloudflare used it in a non-blockchain context.
I mean, we've talked to people who did like password protection barely touching the
blockchain, but I think what I've understood is all the major, like tech companies,
web two companies have teams building ZK stuff outside of the blockchain context.
I think Apple probably is doing something, but obviously, like, I don't know because they
don't tell you stuff, but true private, very private.
Yeah, I don't know.
I think we're going to see a lot of non-blockchains, ZK use cases that you're.
use privacy in the near future.
I think like in some sense that this non-block chain use cases,
we see a lot of, let's say, very specific constructions for like a very optimized
protocol for the concrete use case, like you said, in Cloudflare and what others do.
And maybe sometimes people don't bundle them with ZK because we're used to Snarks,
which are general purpose,
but definitely a lot of advanced
and super interesting cryptography happen all around.
But, yeah, but actually about privacy, I think.
If we look at it,
we actually would see that the first deployments of ZK in blockchain
was about privacy, right?
Like, scalability came later in some sense.
That is true.
I mean, yeah.
Oh, I just.
remember a use case we forgot to mention, by the way, and one that's hyper-relevant today.
It is on-chain mostly, but it's proof of reserves and ZK.
Oh, yeah.
And it's actually, I would call it a, it's both.
It's attestation, but often the reason you're using ZK is also for privacy.
So like, so that you're not like just overtly showing everybody's bank account or crypto accounts,
you actually can retain some privacy.
Yeah, that's kind of a good hybrid example.
That is a good use case.
So what are you guys excited about for 2023?
I, well, I'm going to, ZKML is the place I want to explore.
It's already been declared on the last show we did of the year that Turin is like,
I predict that there will be more ZKML guests.
So I think we're going to start bringing on some more folks like that.
I think that's true.
I think that's one very interesting topic.
Like, I'm like, you want to go more?
No, you go ahead.
Go for it.
Okay.
So I'm generally excited to see the development or the, let's say, much like the tooling around ZK and just advanced cryptography mature.
Like one analogy that they had in my mind is that, you know, when you start out with electronics, you just connect like a layer,
an LED with a battery and then you have like it turn on.
It's very nice.
That's kind of where we were with the tooling like a year ago in ZK.
So now we're at the part of like maybe something that is more akin to an Arduino, which is still quite crude.
And then you put it on this board where you put the wires, but it's still quite messy.
So you have this component that you can connect.
But I think we're getting to a stage.
where it's become something that feels very real.
And you can design extremely complex things
that interact with each other
and you have efficient components that you can connect,
like transistors, like this is kind of an analogy
that they have in my mind.
So I'm excited to see this kind of tooling develop
and people mixing and matching these kind of things.
But generally,
also seeing other kinds of cryptography intermixing with those. So we've seen some of that,
also from Dan Bonnet's group, by the way, like this collaborative Snarks approach where you combine
MPC with Snarks, like use proven ZK, the correct execution of a multi-party computation.
So I would love to see more of that happening and I think it can unlock a bunch of interesting
use cases. Yeah, I think it's the use cases. Like this past year, like, I mean, a lot of what we
mentioned today are actually newer to us, too. Like, they've come up in the last year, not all of them,
but a number of those. I remember years ago having a really, like, kind of having just such a few
number of use cases, like trying to pick like, oh, yeah, and you can do payments, kind of, you can
scale. But, yeah, this time around, it's like, there's a real,
there's real list and I think it's going to keep growing.
Yeah, I think, I think, yeah, exactly.
And I think more, more, let's say, engineers that do not specialize in
cryptography would be able to access these technologies, which is not quite true today.
So I hope that will happen and that will spark more ideas and more use cases,
2020.
What about fears for
2023? What is something that we
absolutely must get right?
It's funny, my fear for 2021
had come true, actually,
which was like a large-scale
ZK project gets tied to
international crime, and it did.
I think, I mean, we didn't talk much
about Tornado, but I think it was a reckoning
for the ZK space, and it's pushed
teams towards compliance.
and some away. I think fears are that people use ZK for nefarious purposes that are
worse than Tornado. I don't know. That's what I would not want. Yeah. I actually
would say that what we must get right is how to get people to use privacy in a way that
doesn't hurt them. Because I think a lot of people today use privacy and
like these tools in general and maybe they don't think about the implications.
So yeah.
But there are technological ways in which kind of this could be addressed, right?
So for instance, for Tornado, there was the idea that you can have curated lists of addresses you don't want to be mixed with.
And then you can prove that you weren't mixed with these addresses and so on.
And it can just be like an ad blocker where basically you subscribe to some service that kind of
tells you who not to play with.
And so I think there's actually technological solutions
for lots of things.
But what I'm worried about, sorry,
I'm hijacking my own question.
What I'm worried about is that privacy as a concept
somehow gets discredited.
That it kind of goes down the drain because people tired
to.
nefarious purposes or basically where it's been used in nefarious ways where I would kind of posit
it's a value right basically it's kind of like something that that kind of you have to you subscribe
to or you don't but I do believe that privacy should be a human right and I think kind of the erosion of
that. How do you feel about that? Well, I just, I was about to, I think actually,
tornado in a way and like a lot of things this year, if anything, right this, at this moment,
I actually think there's a renewed interest in having privacy. I actually think the last few years,
there's been more of like a laissez-faire. Oh, well. I actually, I think I feel more of like a
realization that it's not just like a fun, nice to have, but more of a pillar if you really want
the world you want. And I think, I don't know, I felt that at least the tone of discourse has
actually shifted in that way. So I'm hopeful. I'm hopeful that in the new year, it actually
continues to be relevant, if not more relevant. But we may go through another phase where we don't
care. That would, that's totally possible. I mean, I mean, I think there are also like levels of
privacy that have not been properly explored yet.
Like I want privacy from, let's say, I don't want this random person to see what I'm doing.
For example, in my bank account today, but I'm okay with, I don't know, the bank seeing this
or some other entities seeing it.
So this is a level of privacy that like, like it's not all or nothing.
Like it doesn't have to be tornado.
Yeah.
Yeah.
Permissions.
who you reveal it to or you want privacy from the public definitely. I think this is definitely
something that I would like to see. But there are levels to this. I also, I do think that the builders,
you know, they've made decisions, but I think another decision that's been made is to use exactly
what you described, Frederica, these like new architectures or like techniques to actually
avoid the bad behavior but still have these systems for good actors. I think a lot of teams are
thinking more about that. There had been this attitude of like, oh, well, we decentralized,
then we're not in trouble. Or we add a viewing key and then we're not in trouble. But actually,
like, the effectiveness of these are questionable. I think, like, there are some new techniques that
haven't been explored, haven't been used, and maybe there'll be more. And I think people thinking about
those techniques is really important.
Because I think we want, like you said, Kobe, I think we want a place where we can act
privately, but we also don't want just bad actors to come in and use those tools in ways
that just like hurt society.
Yeah.
I think these are really good last words, Anna.
Are you happy with these as last words?
Sure.
For the year.
Your last words.
Well, my last word for the year, let's say.
Cool. Thank you both for coming on. I learned a lot. I am still confused.
So am I.
Yeah. I think I think I would love some benchmarking. You know, just like some tables that tell you, this is good at that. This is performance for this, this solution, for this kind of set of problems.
To me, that would be shining a light where it needs to be shown.
So it's, yeah.
But I think the things have to come live.
They have to happen before and then we have to see.
And then like I think Kobe was saying.
Yeah.
Yeah.
It might be a best best team wins or there might be this really interesting multi L2 scenario with,
with awesome ZK bridges to L1s.
and they're all like they have their niche and their use cases that like fit for exactly their
architecture. Yeah, it's going to be exciting to see how it comes, how it goes.
Thank you both for coming on. Thank you for giving us so much of your time. And I wish you a
super happy holiday season and get into the new year very safely. Yeah, you too.
Happy holidays. Thanks for having us on. Thanks, Frederica. Thank you.
Thank you for joining us on this week's episode. We release new episodes every week.
You can find and subscribe to the show on iTunes, Spotify, YouTube, SoundCloud, or wherever you listen to podcasts.
And if you have a Google Home or Alexa device, you can tell it to listen to the latest episode of the Epicenter podcast.
Go to epicenter.tv slash subscribe for a full list of places where you can watch and listen.
And while you're there, be sure to sign up for the newsletter, so you get new episodes in your inbox as they're released.
If you want to interact with us, guests or other podcast listeners, you can follow us on Twitter.
and please leave us a review on iTunes.
It helps people find the show,
and we're always happy to read them.
So thanks so much,
and we look forward to being back next week.