Author: Frank, PANews
On April 10, a16z Crypto released a zkEVM solution called Jolt, which aims to accelerate and simplify blockchain expansion operations. Jolt integrates SNARK zero-knowledge proofs and provides a framework for EVM-compatible Rollups, which can help developers create SNARK-based L2 solutions. The team said that compared with the current zkVM, Jolt is "twice as fast."
Since the technical principles of Jolt are relatively complex, the following is a brief explanation of the relationships between several technical terms that may be involved:
zkSNARK is a powerful zero-knowledge proof primitive that is the basis for building zkVM and zkEVM
zkVM is a general zero-knowledge virtual machine concept that supports any instruction set
zkEVM is a special case of zkVM, specifically designed to be compatible with EVM
ZK Rollup uses zkVM or zkEVM to improve Ethereum’s scalability while maintaining privacy
What is Jolt?
Jolt is a new type of SNARK solution that provides a simpler and more efficient solution to build zkVM (zero-knowledge virtual machine). In fact, as early as August 2023, a16z crypto had already proposed concepts called Lasso and Jolt. These two technologies were proposed against the backdrop of the slow and high cost of SNARK technology.
Among them, Lasso, is a new lookup parameter that can significantly reduce prover costs; Jolt, using Lasso, provides a new framework for designing SNARKs for so-called zkVM and wider front-ends. Together they improve the performance, developer experience, and auditability of SNARK designs, which in turn improves builds in web3. This will enhance the use of zero-knowledge proofs in the blockchain field.
Before understanding Jolt, you may need to understand zkVM and zkEVM first.
zkVM is a general concept, referring to a zero-knowledge virtual machine. Similar to zkEVM, zkVM allows programs to be written in high-level languages such as C++ or Rust, and then the virtual machine compiles the program into some intermediate representation (such as circuits or arithmetic constraints), and then uses proof systems such as zkSNARK to prove the execution process of the intermediate representation. Compared to zkEVM, zkVM is not limited to compatibility with EVM, but supports any instruction set. Jolt is a high-performance zkVM implementation for the RISC-V instruction set.
We can think of zkVM as a special "black box" that can prove to the outside world that it has indeed performed calculations according to the predetermined program while protecting privacy. However, traditional zkVM requires a lot of tedious calculations in the process of generating this proof, resulting in very low performance.
Jolt's core innovation is to find a more efficient mathematical method to generate this proof:
First, Jolt cleverly transforms the computation to be proved into a special polynomial, which we call a "computational polynomial". The characteristic of this polynomial is that its value will be equal to zero only when the black box actually performs the computation correctly.
In order to prove that the value of the "computational polynomial" is equal to zero, Jolt uses an interactive protocol called "sumcheck". This protocol can convince the verifier that the polynomial value is zero in a short time without actually calculating the entire polynomial. This is a bit like a teacher checking only a few questions of a student to determine whether the entire test paper is correct.
Jolt's technical advantages
The technical principle of Jolt is very complicated. In the development of blockchain networks, zkVM is a key technology that improves the scalability of blockchain networks and can provide effective proof while ensuring privacy. Vitalik gave a detailed discussion on zkSNARK technology in his keynote speech at the recent Hong Kong Web3 Carnival. Vitalik said: "Finding ZKSNARKS is very useful in terms of privacy and scalability."
However, the speed and computational overhead of proof generation have always been a major challenge for the practical application of zkSNARK technology, and have also been the focus of research in academia and industry in recent years. Traditional zkSNARK solutions, such as Pinocchio and Groth16, may take several hours or even days to generate proofs when proving more complex computational logic, and require a large amount of memory and storage resources. This performance bottleneck has severely restricted the application of zkSNARK in many practical scenarios.
If we want to realize large-scale application of blockchain and achieve real-time verification, improving the performance of zkSNARK is a critical step.
Specifically, the proof generation process of zkSNARK involves complex cryptographic algorithms, such as elliptic curve pairing, polynomial interpolation, etc. These operations consume a lot of computing resources. Especially when the scale of the computing circuit to be proved is large, the computational complexity of proof generation will increase exponentially.
According to a16z Crypto, on CPUs, the initial Jolt implementation is about 6 times faster than RISC Zero and 2 times faster than the recently released SP1, with plans to increase Jolt speeds by about 1.5 times in the coming weeks.
Jolt is currently more than 2 times faster than the existing zkVM, but there is still a lot of room for optimization.
Jolt also cleverly exploits certain algebraic properties of polynomials to implement a more efficient polynomial commitment scheme, which further reduces the size of proofs and the time to verify.
Possible changes brought by Jolt
From an engineering perspective, Jolt uses a series of optimization methods, such as more compact circuit design, more efficient pipelines, more complete parallelization, etc., to maximize the computing power of the hardware.
Suppose you are a Web3 developer who wants to deploy an on-chain poker game on Ethereum. This game requires shuffling, dealing, and comparing cards on the chain, and each operation needs to go through the zkVM circuit to achieve privacy protection and verifiability.
If you use existing zkVM solutions such as ZoKrates or bellman, it may take hours or even days to build such a circuit. Because the current zkVM performance is still relatively low, generating zero-knowledge proofs for complex circuits requires a lot of computing resources and time. This means that the development and testing cycle will be very long.
And if you use Jolt to build the same circuit, the situation changes significantly. According to tests by the Jolt team, the current Jolt implementation is already 2-5 times faster than the mainstream zkVM solution in generating proofs. This means that if it originally took 10 hours to generate a proof, it may now only take 2-5 hours.
In general, the 2-5 times performance improvement brought by Jolt means that the usability and ease of use of zkVM technology have been greatly improved. This will significantly lower the threshold for Web3 developers, shorten the application development cycle, and bring a better experience to end users. In the longer term, Jolt is expected to accelerate the large-scale application of zkVM technology, allowing more privacy protection and verifiable computing capabilities to benefit every Web3 user.
Of course, Jolt is still in the early stages of development, and a 2-5x performance improvement is just the beginning. With the continuous iteration and optimization of Jolt technology, the performance of zkVM will be further improved, ultimately paving the way for large-scale application of Web3.