StarkWare explained: Layer 2 solution provider of dYdX and iMMUTABLE
msfew@Foresight Ventures(This article is written by Forsight Venture)
Overview of StarkWare
StarkWare mainly solves the scalability and privacy of the blockchain. StarkWare has developed a complete solution that uses STARK technology to form Volition through zk-Rollups and Validium modes to generate and verify the proof of computational integrity. StarkWare’s cryptography proof can achieve zero-knowledge, simplicity, transparency and post-quantum security. The main products developed by StarkWare are: StarkNet, StarkEx, Cairo.
StarkWare allows blockchains to be massively expanded by relying on encrypted proofs generated by off-chain cloud-based provers in the cloud, and then verified through on-chain smart contracts.
zk-STARK proofs will not disclose the private information entered. Combined with other encryption tools, zk-STARK can completely and provably protect user data.
- User experience
Through the cases of iMMUTABLE and dYdX, we can experience the extremely strong expansion capabilities of the solution provided by StarkWare. DiversiFi’s payment TPS can reach 18k, iMMUTABLE’s NFT casting fee only costs 0.2 cents, and dYdX’s transaction costs are reduced to 1/50 . Second confirmation, the rate is almost 0, which brings an excellent user experience.
2018: STARK white paper released, Ethereum Foundation Grant
2019: First Demo released (expanding Ethereum efficiency by 200 times), StarkEx testnet Alpha released, second Demo released (expanding Ethereum efficiency by 700 times)
2020: DeversiFi (StarkEx 1.0) released on mainnet, VeeDo (Stark-based VDF) released on mainnet, StarkEx Rollup released on mainnet, ethSTARK released, Cairo (Turing complete language for STARK) and its PlayGround released, Ziggy STARK (Post Quantum security security signature) released, StarkEx 2.0 released on mainnet
2021: StarkNet announced, dYdX and Immutable X (both are StarkWare’s customers) launched on mainnet
iMMUTABLE with StarkWare
iMMUTABLE is the first Layer 2 NFT trading platform. Tik Tok cooperated with iMMUTABLE in September and released a series of NFTs.
Since the local throughput limit of Ethereum is 4 transactions/sec, it limits any DApp that wants to expand. For NFT, the throughput bottleneck is even larger than ordinary token: With NFT, one thousand tokens actually consume thousands times more of resources of the blockchain. iMMUTABLE hopes to use the native solution of Ethereum to get the security, development tools and networks of Ethereum, so it adopts the solution provided by StarkWare.
One of the unique features of the solution provided by StarkWare is that it can be deployed in multiple data availability modes: zk-Rollups or Validium. Both are based on proof of validity, but in zk-Rollups, all data is on the chain, while in Validium, the data is stored off-chain, and only submissions of the latest state and on-chain submissions that prove the validity of the state are submitted. iMMUTABLE starts in Validium mode and provides a lower gas fee. Due to policies and regulations, it is stipulated by the Data Availability Committee (DAC) that users should always have access to their data. So iMMUTABLE has switched to Volition’s new data availability mode, which allows users to select the data availability mode on a single transaction granularity. At the same time, this approach also maximizes performance expansion.
In the blog post about Tik Tok’s cooperation with iMMUTABLE, Tik Tok specifically mentioned that StarkWare is the first carbon-neutral L2 expansion solution. From the perspective of traditional tech companies, environmental protection is very important, and not concerning about environmental protection may be attacked by the public, so L2’s high-performance and resource-saving features can also attract the attention of traditional tech companies, paving the way for them to enter the crypto industry.
The solution StarkWare provided to iMMUTABLE finally made Tik Tok, the most popular company at present, reach iMMUTABLE for cooperation. The two deployment modes provided by StarkWare give customers flexibility in data availibility methods, which not only comply with regulations, but also improve performance. More importantly, the expansion of performance has also solved the controversial energy consumption problem of Ethereum. In the future, we will definitely see more traditional enterprises choose Ethereum and StarkWare to enter the blockchain industry.
Why StarkWare application so fast?
StarkWare’s Prover has various mathematical optimizations and some optimization algorithms proposed by StarkWare. At the same time, the Cairo language used for development has specialized mathematical optimizations. In addition, before the interactive data is sent to Prover, the StarkEx engine will be used to coordinate the data to be proven and batch processing. The entire operation process has been optimized for full coverage. The specific details will be discussed in detail later.
How decentralized is StarkWare application?
The consensus on StarkWare’s StarkNet is zk-STARK. zk-Rollups is not necessarily decentralized and not definitely has no access restrictions. However, the zk-STARK used by StarkWare has no access restrictions, just like Ethereum and other public chains. In some endpoints of the application made by StarkWare, there will be some centralized servers to provide services. But this is necessary and cannot be removed in the development of a complete application. Just like uniswap must have a centralized domain name and front-end page. So StarkWare’s dYdX, StarkNet, etc. are still decentralized.
zkSync vs StarkWare
At present, StarkWare is ahead of zkSync in terms of performance and current operating conditions. The biggest difference between zkSync and StarkWare is the design philosophy. The zkSync project is open source, and the team says it doesn’t matter if it’s replaced, as long as it can boost the development of the community and Ethereum. StarkWare is a toB centralized company. The STARK prover can only be used by StarkWare at present, and the language of Cairo is actually not so beneficial to the Ethereum ecosystem (a developers-friendly approach should be the same as zkSync or Optimistic to do EVM compatibility).
zk-Rollups and STARK proof
- The technology used by StarkWare includes zk-Rollups and zk-STARK. The two are not the same thing. STARK is zk-STARK, which is a kind of zero-knowledge proof.
- StarkWare tends to call its solution Validity Rollups, because zk-Rollups is not necessarily used in the solution. Validity Rollups includes Validium and zk-Rollups. The difference between the two is whether user data is on the chain.
STARK improves scalability by allowing developers to move operations and storage out of the chain. Off-chain services will be able to generate STARK proofs to prove the integrity of off-chain operations. Then, these proofs are put back on the chain for anyone to verify operations. Use STARK to move most of the operations work out of the chain, allowing the existing blockchain infrastructure to expand exponentially while maintaining computational integrity.
The general process of Ethereum data on-chain: 1000 transactions are sent to each node of Ethereum → each node gets 1000 transactions → node updates 1000 transactions
zk-STARK data on-chain process: 1000 transactions are sent to zk-STARK → zk-STARK as the prover, 1 proof is generated (*generation stage) → the node as the verifier reads the proof and updates
*generation stage: Usually zk-STARK proofs requires the following process to generate the certification. The verification process of the verifier is divided into two steps: The first step is to calculate the completeness statement after the operations, and the algebraic intermediate representation is generated after the operations, and the second step is after the test and generate FRI (the optimization method of proof in the paper written by StarkWare Co-Founder in 2017), and then output an expandable open and transparent knowledge argument (that is, STARK) after the encryption algorithm. In short, it is through a safe and trusted environment and the optimization algorithm generates a credible and high-performance proof.
zk-Rollups vs other L2 solutions
- According to the strict definition, the vocabulary zk-Rollups used in many StarkWare documents does not necessarily adopt zero-knowledge proof. The correct description is Validity Proofs (including zk-Rollups and Validium, because StarkWare provides two modes). In order to avoid terminology changes to affect understanding. This article describes the related expressions as zk-Rollups in accordance with StarkWare’s documents.
- Side-chain (Polygon or xDai)
Pros: Even if users conduct a large number of transactions, only two occur on the main chain, namely deposits and withdrawals. Since the transaction cost on the side chain is lower than Ethereum itself, scalability can be obtained.
Cons: Granting the power to create new blocks will bring the power to stop the production of blocks. The side chain can have the power to prevent users from withdrawing funds.
- State channel
Pros: An example of a state channel is the Lightning Network. The state channel is very useful when participants will exchange a large number of state updates over a long period of time. It has strong privacy, because the state between the channels only occurs within the channel. It has instantaneous finality, as long as interaction ends, it ends immediately.’
Cons: State channels are very dependent on effectiveness, and are more suitable for applications that have a set of certain participants.
Pros: Plasma is very suitable for handling NFTs, because each NFT has a unique ID. One of the problems with the side-chain is that the consensus mechanism can stop generating blocks or even lock user funds; Plasma users can call block root, so if the consensus mechanism stops creating Block, users can still request funds from Ethereum.
Cons: If many users exit their Plasma chain at the same time, they may flood the root chain and congest the network. Things such as fraudulent activities or cyber attacks may cause such a large-scale outflow. Another disadvantage is the lack of complexity, users cannot perform the same types of complex operations as on the sidechain, and cannot simulate the complete Ethereum environment.
Pros: The cost per transfer is very low. Faster than Plasma and Optimistic Rollups. Less data volume leads to higher throughput and scalability.
Cons: The initial setting is not decentralized (there is no initial setting in STARK), quantum computing may pose a threat to hackers in the future (STARK can resist quantum computers)
After comparing the various L2 solutions, we can find that zk-Rollups may be the perfect solution that is closest to the blockchain upgrade and expansion. At the same time, the few shortcomings of zk-Rollup will be fixed in the zk-STARK by StarkWare.
STARK vs other ZK
There are three main types of ZK proofs: SNARK, STARK, and Bulletproof. Bulletproofs and STARK do not require trusted settings. STARK uses publicly verifiable randomness to create an untrusted verifiable computing system. Compared with the other two, STARK’ s proof size is very large, but it has great advantages in the calculation size and proof speed. At the same time, STARK is more secure and can resist quantum attacks.
The picture above is a picture released by StarkWare’s Co-Founder during the presentation. The STARK they used in their tests proved that they were running with the server configuration in the picture, which was much higher than the performance of several other algorithms including SNARK.
- StarkNet Alpha will be launched on the Ethereum mainnet in November.
Blockchain explorer: https://voyager.online/txns
StarkNet is a decentralized L2 zk-Rollups that can be entered without permission and is resistant to censorship. It supports general computing on Ethereum. It is based on Turing’s complete Cairo language. Developers can build applications to implement App business logic and deploy on StarkNet; users can send transactions to StarkNet in the same way as normal Ethereum transactions for execution. StarkNet nodes and participants will be economically motivated to ensure the efficient and fair operation of the network.
All StarkNet transactions will be batch-processed on a regular basis, and the transactions will be proven in the STARK proof, and finally verified on Ethereum. Since the computational effort required to verify the STARK proof is exponentially smaller than that of the Ethereum proof, Therefore StarkNet can expand Ethereum by several orders of magnitude. Since all StarkNet state transitions will be verified by STARK, Ethereum only accepts the final valid state transition.
Main features: performance scalability, convenient development, and composability for the Ethereum ecosystem.
- Programming language Cairo: Cairo is a Turing complete high-level programming language and framework that can be used to generate STARK proofs. Developers can use Cairo to define any business logic and send transactions to Shared Prover Service to verify the logic off-chain and verify on the chain. Cairo is suitable for production project development on the mainnet and is available for developers to use.
- Off-chain verification service (Shared Prover Service): Before the transaction is put on the chain, the transaction will be sent to SHARP for verification, to determine the integrity of the application execution, and to calculate the gas cost for the shared proof verification.
- Open source prover ethSTARK: ethSTARK provides zero-knowledge and post-quantum security signatures. ethSTARK processed 300,000 transactions in a proof on the mainnet, and the TPS reached 3000. The Rollup gas efficiency also broke the world record and reached 315 gas/tx, which is way much cheaper than performing transactions on Ethereum L1. This technology is the cornerstone of StarkNet’s decentralized proof layer.
- Third-party projects: At present, the main third-party library is StarkNet.js. The role of StarkNet.js is similar to Web3.js, which is used when obtaining contract content on the front-end. The Ethereum client team is working on the full node implementation of StarkNet. At the same time, the current StarkNet network audit software includes CryptoExperts and LEAN proof.
- DeversiFi: Transaction TPS 9k, payment TPS 18k.
- iMMUTABLE: NFT minting gas 0.2 cents, daily L2 transaction> weekly L1 transaction.
- dYdX: Each transaction fee is reduced by 50 times.
- StarkEx is similar to a low-level engine that composes components to support applications that use STARK.
StarkEx is an L2 scalability engine that can be used in production environments and has been deployed on the Ethereum mainnet since June 2020. StarkEx uses STARK technology to provide scalable self-hosted transactions for applications such as DeFi and games. StarkEx supports a wide range of use cases: spot trading, perpetual trading, and NFT minting and transactions. Before the mainnet deployment, more than 50 million StarkEx transactions were settled on the public and private Ethereum testnets.
StarkEx currently supports ETH tokens, ERC-20, ERC-721 tokens and synthetic assets. In addition, it can support tokens on other EVM-compatible blockchains.
- Scalability and computational integrity Applications can rely on StarkEx and the underlying STARK infrastructure to expand, while StarkEx ensures computational integrity. Through SHARP (Shared Proof) technology, gas costs are amortized equally in all StarkEx-based applications.
- Diversified deployment modes StarkEx can deploy zk-Rollups mode (publishing data on the chain) or Validium mode (validating data availability through the side chain). There is also an upcoming mode: Volition, which allows users to choose the data availability mode for themselves.
- Wallet integration StarkWare provides local support through Ledger, Authereum and WalletConnect. StarkWare also provides MetaMask integration through Web3-compatible key generation (for many other existing wallets).
Architecture and business logic
- The application in the leftmost yellow box — — operate the entire application
This off-chain component receives user transactions and defines business logic and execution order. It passes the transactions to the StarkEx service.
This component is the centralized front end of the application, usually web or desktop client.
- StarkEx service in the light blue box — — batch processing and coordination
An off-chain component that is responsible for batch processing a set of operations and updating the system status according to the operation. For each batch, it will have this batch of operations (executed in the Cairo language, and first convert the bytecode of Solidity into a smart contract in the Cairo language , Run in the Cairo language environment) sent to SHARP to prove its validity. Once the proof is verified, it will publish a new state on the chain. The state is represented by a Merkel tree. The different structure and content of each Vault is based on The specific business logic implemented. The Merkel tree root represents the state to be submitted to the chain.
- SHARP — — Shared prover (specially customized by StarkWare for application)
SHARP is a shared proof service of the Cairo language. It receives proof requests from different applications and outputs proofs to prove the validity of the Cairo code execution. The output proofs can be shared among multiple proof requests.
The previous name of this component was Generic Prover Service. So the component is essentially a back-end server that contains some specific API services. It is presumed to be deployed on the centralized server of StarkWare.
- StarkEx contract (Verifier contract) — — status updates, deposits and withdrawals
The contract has two main functions. The first function is to update the state of the system after verifying that the validity conditions are met, and the second function is to manage deposits and withdrawals in and out of StarkEx in a non-custodial manner (in any case, users can withdraw Their funds).
This component is a smart contract on Ethereum.
The business logic of Starkswap is the following:
- Processing the request The StarkWare application in the light blue box processes customer requests, converts these transactions into provable statements, and sends these to the SHARP in the dark blue box. All requests are sent and processed through the first step in the figure API and the batch statement sending in the second step (a batch can compile multiple requests).
- SHARP proof The dark blue SHARP box constructs proof.
- Register the proofs SHARP transmits the proof to the on-chain verifier smart contract in the third step in the pink box.
- Registrated status transited In the fourth step, the StarkWare application performs application state transition on the Starkswap smart contract. In the fifth step, to ensure the validity of the conversion (SHARP verification), Starkswap’s smart contract confirms that the conversion statement has been registered in the Verifier smart contract.
Function and encryption algorithm
- Off-chain status:
Balance tree and sequence tree. Through the Merkel tree, the security and credibility of the fund status are guaranteed, and the double-spending problem is avoided.
- Flow Description:
On-chain accounts (The balance of the account is stored and managed off-chain, unless funds are moved in/out of the on-chain account. From the perspective of L1, the funds in these accounts are stored under the StarkEx smart contract.)
Off-chain accounts (all balance instructions arrive as L1 transactions. A special property of on-chain accounts is that it does not require a private key (stark’s private key), so the smart contract is the “owner” of this type of account. Therefore, L1 users And the application can be traded through StarkEx and matched with any pending order. The on-chain transaction mode realizes the interoperability between the StarkEx application and the L1 application, and can be used for DeFi Pooling or used by the liquidity aggregator).
- specific concepts for StarkEx:
There are many concepts in StarkEx that are different from Ethereum, so development requires additional learning.
In addition, StarkEx also has specific operations such as information encryption, batch lightning loans, DeFi pooling, etc.
- Encryption Algorithm:
STARK Elliptic Curve, Pedersen Hash Function, KDF. By using the above encryption algorithm and reference instances from https://github.com/authereum/starkware-monorepo/tree/starkex-3.0/packages/starkware-provider#walletconnect, third-party wallets can integrate StarkEx.
Cairo is the first production-level platform to generate STARK proofs. It is Turing complete and very efficient. To deploy high-performance and low-gas-cost Layer 2 application components on StarkNet, you need to use Cairo to write applications. Cairo language is not a specialized contract language, but it can and is mainly used to write contract-like content.
The current disadvantage of zk-Rollups is general computing: it is more challenging to migrate smart contract logic directly to rollups, so only limited functions are available, such as transfers and transactions. However, Cairo fills this gap and can directly transfer smart contract logic to have them ported to rollups. The approach of zkSync and Optimistic is to make rollups EVM compatible and EVM equivalency (more comprehensive and further EVM compatible).
- Computational completeness
Computational integrity means that the fairness of calculations can be guaranteed without supervision. There are five ways to ensure Computational Integrity: bank entrusted accountability (based on reputation, auditing, etc.), calculation replayability (such as bit Coins and other L1 public transactions), trusted execution environments (such as Intel’s SGX), fraud proofs (Optimistic rollups, between entrusted accountability and computational replayability), cryptographic proofs (zk-STARK). The Cairo language has been verified by multiple papers and mathematical proofs, and can safely and reliably generate zk-STARK proofs to ensure computational integrity.
- AIR (algebraic intermediate representation)
In the process of STARK proof, a lot of calculations and symbols are needed to be translated algebrically. Cairo will use a compiler to convert the code into Cairo byte codes, generate an AIR to contain all the mathematical proof steps, and finally generate the result. Cario language has a matching AIR visualization tool to view the details in the proof.
- Language design
The design of the Cario language follows the principle of Minimal Variable Language and is just right. At the same time, it achieves the expressiveness of the language (easy for developers to read) and the generation efficiency of the STARK proof. The design of the Cario language is not too complicated, with only three registers (PC, Assignment pointers, frame pointers), and concise instruction sets. The Cario language also supports some necessary features, including functions, recursion, conditions, if-else, etc. The design of the Cario language feels more in line with the logic of mathematical proofs, and is more integrated.
- Tool chain
Compiler (https://github.com/NethermindEth/warp) , Virtual machine, Code editor plugins (language support on VSCode https://github.com/ericglau/cairo-ls), code examples (https://github.com/starkware-libs/cairo-examples).
At present, the ecosystem of the Cairo language can be said to be very comprehensive but young. It has everything in terms of tool chains. According to the number of GitHub stars of these tools, it can be judged that it has not received much attention, but the developers of the repo are constantly updating, basically in one or two weeks there will be new updates. In the future, the Cairo language will be more open-source. After more developers are comfortable with Cairo language, writing Cairo code on the StarkEx engine is likely to be handed over from StarkWare to open source developers, which will help grow StarkWare applications. Decentralization of StarkWare will make a lot of sense.
More importantly, OpenZeppelin is working on the implementation of basic templates such as ERC-20 and ERC-721 in the Cairo language (https://github.com/OpenZeppelin/cairo-contracts). The meaning of this implementation is to facilitate developers to develop on the basis of this implementation, allowing developers to copy this implementation with confidence and boldness for rapid development and not worrying too much about security. From the repo’s commit, OpenZeppelin currently has an individual developer to support the Cairo language, which proves that OpenZeppelin attaches importance to the StarkWare ecosystem.
As a Layer 2 solution provider, StarkWare has made popular products such as dYdX and iMMUTABLE. Among various solutions, StarkWare’s zk-STARK technology supports the largest number of transactions on Layer 2. From prover’s mathematical optimization, The mathematical optimization of the Cairo language, to the proof coordination of the StarkEx engine, StarkNet, as a decentralized zk-STARK network, provides extremely high performance and optimizes the complete operation process. StarkWare uses cutting-edge technology and complete technical supports, reaching the huge transaction volume of Layer 2 applications. What’s more, StarkWare will definitely embrace open source in the future, achieve complete decentralization, and help the construction of Ethereum 2.0.
ZK: https://ethereum.stackexchange.com/questions/59145/zk-snarks-vs-zk-starks-vs-bulletproofs-updated/63778, https://consensys.net/blog/blockchain-explained/zero-knowledge-proofs-starks-vs-snarks/, https://medium.com/unitychain/reveal-mysterious-zk-starks-42d00679c05b
Cairo: https://medium.com/starkware/hello-cairo-3cb43b13b209, https://www.youtube.com/watch?v=QPNp8w9rx7o, https://arxiv.org/abs/2109.14534, https://medium.com/starkware/starknet-alpha-is-coming-to-mainnet-b825829eaf32
zkSync: https://www.reddit.com/r/ethereum/comments/q8q822/ama_were_matter_labs_the_team_behind_zksync_the/, https://members.delphidigital.io/reports/ethereum-layer-2-rollup-debate-optimism-starkware-arbitrum-and-zksync/, https://twitter.com/KyberNetwork/status/1372593913786109953, https://blog.kyber.network/research-trade-offs-in-rollup-solutions-a1084d2b444