- Daniel Finley
How zkBridges create a secure multichain future for Web3
Everyone is aware that 2022 was a tough year for the crypto industry, but many don’t realize how big a role bridges hacks played in the crash.
Though many readily remember the Terra/Luna meltdown, by August of 2022, bridge hacks accounted for around 69% of all losses to that point in the year. By the end of the year, over $1.6 billion would be lost in bridge hacks. $650 million of ETH were stolen in the Ronin bridge hack alone. The Horizon Bridge hack knocked Harmony down from a top 30 ranked-chain to a rank now in the low 100s.
The size of the losses shows how vulnerable bridges can be, but it also how necessary blockchain bridges are as infrastructure. Bridges commanded large amounts of liquidity because the Web3 community puts a huge premium on the vision of a multichain future. The truth is different blockchains have different strengths, and they will need to be able to communicate with each other to build a new, distributed version of the web.
So what can be done to make bridges secure, ready for a multichain future? The answer lies with zkBridges.
Stay up to date
See how Findora is building ZK in the Web3 space by signing up for our newsletter
The Basics of Blockchain Bridges and Zero-Knowledge Proofs
First, it’s necessary to touch on the basics of zero-knowledge proofs and blockchain bridges.
Blockchain Bridge Basics
A blockchain bridge allows for data to be transferred from one chain to another. Whether it is a transaction or a simple message, bridges facilitate translating data from one blockchain to another in a trusted fashion.
The typical way to transfer tokens is through a lock/unlock system or a burn/mint system. When transferring tokens from Ethereum to BNB Chain, for instance, assets will be locked (or burned) on one side and an equal amount unlocked or minted on the other.
Image of basic blockchain bridge infrastructure from MakerDAO
However, the process isn’t easy. Relayers on a sending chain must be appointed to validate transactions and update state data. Relayers on the receiving chain must be constantly listening for messages from the sending relayers, verify those transactions, and use the data to update the state on the receiving chain. Burn wallets or vaults are controlled by multisig wallets whose signers are often core contributors. In other words, bridges are computationally expensive, centralized, and rely on trusting the good intentions of a small number of actors.
Given that bridges fail to follow some central principles of Web3 — like atomicity, consistent state change, and decentralization — it’s no wonder they have been such tempting targets for hackers. They are complex and have large attack surfaces. Fortunately, the nature of zero knowledge proofs (ZKPs) can mitigate many of these issues.
Basics of Zero-Knowledge Proofs
By contrast, zero-knowledge proofs tend to fulfill the spirit of Web3 by relying more on code than trust.
ZKPs are a way to verify that certain data are true while revealing “zero knowledge” about the data itself. The proofs work by running verifications through specialized zk-circuits whose paths are designed to validate data.
The classic example is a circular cave with a door at the far end that can only be opened with a secret code. Bob wants to prove to his friend Alice that he knows the code without revealing the code itself. How can he do that?
Bob enters the cave without Alice looking and heads a little way down one of the two legs. He then tells Alice to call out which leg she wants him to exit from. After doing this 20 times, it is mathematically impossible that Bob didn’t have to, at some point, use the password to exit from Side B after entering Side A or vice versa.
In this example, the cave acts like a zk-circuit, an environment set up to prove certain data are true without revealing the data themselves. No trust is needed, no data is revealed, and there is no room to doubt the truth or validity of the data.
What is a zkBridge?
A zkBridge applies zero-knowledge proofs to blockchain bridges. It uses light clients and zkSNARKS to create a secure, trustless, and decentralized bridging system that is much more in line with the spirit of Web3 than current bridge implementations
Instead of using relayers to communicate state data, a zkBridge sends transaction data using light clients. Light clients are bits of software that verify proofs and communicate with full nodes to update state data. When a transaction is sent over a zkBridge, a certain type of proof, called “zkSNARK,” is included in the header of the transaction that can be verified by zk-circuits in the light client.
What is a zkSNARK? “SNARK” stands for a “Succint Non-interactive ARgument of Knowledge,” a specific type of ZKP that is great for scalability and that uses a trustless setup. They’re called “succinct” because they compress complex data into a single proof, making them a much more efficient way to validate large amounts of data.
By using light clients and zkSNARKs, zkBridges can become more decentralized, trustless, and secure. Let’s dive into the details of how ZKPs improve blockchain bridges.
A zkBridge design created by researchers at Berkeley
What Can Zk Do for Bridges?
Increased Security through Trustless Setups
A major weakness for bridges currently in Web3 is their trust in good intentions, not code. Many bridge hacks are the result of bridge relayers intentionally sending bad transactions, completing them, and quickly moving the funds. But zkBridges offer a way to trust math, not humans.
Because they use zkSNARKs to verify block headers sent by light clients, the bridge itself can tell if a transaction is valid or not, even if a majority of nodes lie about the validity. It only takes one honest node whose proof is verified to validate a transaction indisputably.
As researchers from Berkeley have written:
The correctness of block headers on remote blockchains is proven by zk-SNARKs, and thus no external trust assumptions are introduced. Indeed, as long as the connected blockchains and the underlying light-client protocols are secure, and there exists at least one honest node in the block header relay network, zkBridge is secure.
In other words, zkBridges make it much easier to prove a transaction is valid and, critically, make it easier to prove a transaction is invalid. This reduces the attack vectors and creates a more secure, trustless future.
Decentralization of Control
Decentralized chains where anyone can spin up a validator node are core to Web3. Users want apps and projects to be as decentralized as possible, but bridges, by nature, contradict that spirit.
Currently, bridges are highly centralized. Core members of bridge projects appoint relayers and control the multisig wallets that manage operations. Not surprisingly, this centralization has proven to be a huge liability.
ZkBridges are far more decentralized. Anyone can set up a node that submits transactions for validation. Validation isn’t tied to the consensus of the sending and receiving chains but to the light clients that anyone can deploy. This takes away control from a centralized group and allows anyone to use a bridge and spin up nodes to validate transactions.
Added Flexibility for dApp Developers
By relying on light clients, zkBridges simplify the communication process between two chains and between bridges and dApps. DApps only need to look at the verified block headers instead of directly integrating with the bridge’s operating logic. The end result is an easier process for developers to build dApps on top of bridges, giving them more flexibility.
Using light clients also makes interoperability easier. ZkSNARKs are “succinct,” meaning they can reduce the computational load necessary for bridging. This, in turn, can make it easier to bridge between two otherwise incompatible ecosystems. All it takes to make two chains talk is for each to support a light client.
For example, Electron Labs is working on a connection between Cosmos SDK projects and Ethereum. The idea is to turn the Inter Blockchain Communication protocol (IBC) into a "zkIBC" that will extend the compatibility of Cosmos dApps with Ethereum. They’ve also launched a bridge connecting Ethereum to Near.
ZkBridges could also have privacy built into their functionality. It is possible to build a bridge that would help break the link between sender and receiver while using zkSNARKs to prevent double-spending and maintain the integrity of the transactions.
ZkBridges and a Multichain Future
It can be tempting to see the damage done by bridge hacks and back away completely from the technology. This, however, is not an option.
No chain is currently able to handle all the needs and visions of Web3. An interconnected ecosystem is necessary for a decentralized, blockchain-based version of the web that is able to support real-world functions. Besides, the fact that almost every chain has bridges into and out of their platform shows how ingrained bridges have become.
The size of the hacks themselves show the value that Web3 community members put in bridges. The vast majority recognize that an interconnected, interoperable version of Web3 is necessary for the future.
That’s what makes zkBridges so important. Their trustless and decentralized nature makes them far more secure than existing bridge options. Because they rely more on math than human nature, they will be a critical component for a secure, multichain future.
They may not be the only solution for a secure multichain future. But they will no doubt play a big part, showing the way forward lies with more advanced cryptography, not more centralization.
To learn more about zkBridges and their potential:
- What are Blockchain Bridges and Why are They Important to DeFi - from MakerDAO
- Basics of ZK – Ethworks.io
- Trustless, Privacy-Preserving Blockchain Bridges - Drew Stone
- Bridging the Multichain Universe with Zero Knowledge Proofs - Ingonyama
- What Can ZK do for Web3 – The Findora Blog
Findora is a Layer-1 protocol delivering zero-knowledge solutions to Web3.
Findora integrates two ledgers into a single chain: an EVM ledger for interoperability and a UXTO ledger optimized for zk operations. This dual-layer architecture lets Findora encrypt blockchain data for programmable transparency and public use. By providing new use cases, Findora’s zk tech prepares Web3 for real-world adoption.
We appreciate our developers and would love to onboard you to the Findora ecosystem. Please reach out, and join our social channels for more.