Since the advent of Bitcoin, the “Scalability Trilema” problem has plagued the industry in our attempts to create a distributed ledger which does not compromise between decentralization, security and scalability. The old design paradigm for blockchains was monolithic where data availability, smart contract execution and consensus are all handled by the same layer and network participants (miners and nodes). The problem with this approach is that by requiring all network participants to contribute to all levels of blockchain production & maintenance, it prevents the process of optimization through specialization.
The current shift in blockchain design can be analogized to the concept of division of labor introduced during the industrial revolution where tasks in production were separated between highly specialized workers and equipment. Such is the new model of modular blockchains. Modular blockchains differ from monolithic ones in that instead of requiring all network participants to contribute to smart contract execution, data availability, and consensus, network participants are able to specialize in their niche, optimizing & improving all individual niches, and thereby the blockchain as a whole.
Blockchain itself is a game of consensus, where disparate actors independent of each other collaborate towards a common aim of reaching agreement of a set of transactions and current state of a system. From Nakamoto consensus to Ouroboros, much thought and experimentation has occurred in finding practical and efficient ways at scale for consensus to be reached in a fully decentralized manner. Security comes into play in ensuring resistance to bugs and attacks and is an interplay between core aspects of computer science, software development, economics and game theory. As the blockchain grows in data and number of nodes, practical limits in network communication come into play in how quickly consensus can be reached for any given state. The number of transactions that can be processed at any given time reaching bottlenecks that are only surmountable by compromising on decentralization and security.
For blockchain to reach true mass adoption and support a global financial system of applications and services, solutions for scaling throughput are necessary. Allowing specialized networks to focus primarily on smart contract execution removes the need to compromise on decentralization and security of the greater network. This is an approach which rollups are taking.
What is a “zk-SNARK rollup”?
ZK-Rollups are a mechanism by which transactions are processed off-chain and the results (proofs) are bundled (rolled up) and submitted on-chain. In a layer 1 blockchain, all transactions, smart contracts and state data are stored on the blockchain. In a ZK rollup, this code and data gets stored off-chain, and the chain stores proof that this information exists. The zk-SNARKs stored on chain prove that for some set of inputs and some set of outputs, there exists a set of transactions which were signed by the relevant parties and which followed the rules of the relevant smart contracts. Those transactions never need to be recorded on the chain; we need only record the inputs, the outputs, and the proof that those outputs lawfully (according to the rules of the blockchain) resulted from the inputs.
A zk-SNARK is a Zero Knowledge Succinct Non-interactive ARgument of Knowledge. In this definition, “argument of knowledge” means “proof”. It has the characteristics of being zero knowledge (it does not prove anything more than the statement to be proven), succinct (the proof can be represented in a small number of bytes) and non-interactive (the proof can be represented as a single message, as opposed to a multi-step interaction between the proving entity and proof-checking entity).
Zero-knowledge rollups are superior to other rollup solutions in their speed, both in terms of rollup generation time & in terms of deposit/withdrawal times, in their scalability (ZKRs can scale linearly using recursive proofs), and in that they provide mathematical guarantees that make it possible to decentralize the network which generate the rollup.
Orbis is the first zk-rollup layer 2 solution for Cardano built to support decentralized finance (DeFi) applications and a thriving blockchain ecosystem. Orbis offers the level of scalability and transaction throughput necessary for blockchain to realize its aim to become a truly global financial system. Transactions occur off-chain on the Orbis layer 2 and are bundled together into a single ZK (zero-knowledge) proof which is submitted on-chain to the Cardano layer 1 and verified. This proof provides a mathematical and unfalsifiable proof that the transactions have happened on Orbis.
Orbis has two main components : the Prover and the Verifier.
The Prover is an off-chain system and its purpose is to construct zkSNARK proofs verifying the occurrence of transactions. The Prover has an API similar to a blockchain node which allows users to inspect the state of the rollup and post transactions. The Verifier is an on-chain smart contract. Its function is to settle transactions happening on-rollup on Cardano. The Verifier contract accepts on-chain asset inputs, locking them up in the contract so they can be used on the rollup without the risk that they will be double-spent. The Verifier contract additionally validates transactions created by the Prover which contain outputs from the rollup and proof that those transactions have resulted from a set of valid transactions based on inputs provided to the Verifier contract.
Orbis provides an off-chain context in which smart contract validator code can run. Instead of being run to create transactions on the Cardano layer 1, in this context a validator code is run to create transactions on the layer 2 rollup. Orbis will enable PlutusTx smart contracts to be easily ported over. In addition, Orbis will support new programming languages called Pluto and Plutarch. Pluto and Plutarch are alternatives to PlutusTx for writing on-chain scripts. They optimize for efficient on-chain deployment by using zero-cost abstractions over Plutus Core. Pluto is simple and easy to learn. Plutarch is a Haskell-embedded domain specific language, which means all the facilities of Haskell are available to assist in writing Plutarch programs.
Orbis is built using the Halo 2 ZK proving system developed by Electric Coin Co.(Zcash). It allows us to make a much more efficient system due to it being highly multithreaded allowing for both fast verification and proving times. It is completely trustless and supports recursive proofs where we can trivially prove execution of Plutus smart contracts in such a way that the time complexity of proving is the same as the time complexity of executing it normally. We can have a more decentralized system due to the recursive nature, meaning that aggregations of proofs can be aggregated.
Utilizing Halo 2 recursive ZK proofs, Orbis will support the development of application specific rollups for specific use cases such as DeFi, NFTs, supply chains and micropayments. We expect the general user and developer community on Cardano to find a familiar environment on the Orbis layer 2 with more niche applications building their own bespoke rollup solutions which remain composable with other rollups and the underlying layer 2 Orbis. A thriving DeFi ecosystem built on Orbis can seamlessly interoperate between various rollups and the main chain.
Initially, Orbis will launch with a single prover operated by Orbis Labs. Orbis will transition into a fully decentralized, distributed stack whereby network participants will exist in an open, permissionless network. Full decentralization of the prover means that there is no computer, individual or trusted entity which is a single point of failure. Full decentralization of the prover is not in scope of the initial release but is an eventual goal and commitment of the project.
Cardano is in need of a scaling solution which makes minimal compromises to achieve maximum results and Hydra will not solve every scaling problem. We propose Orbis as the best possible scaling solution as it maintains all the core design principles of the Cardano blockchain while having the ability to scale the network to where it can safely host RealFi and DeFi applications at mass scale. The potential of ZK technology to transform the world in general and blockchains specifically cannot be understated. Orbis will enable all dApps on Cardano to achieve true mass adoption.
- ZK-Rollups allow computation and verification of transactions and smart contract functions to be performed on a specialized off-chain network.
- Orbis will enable dApps to enjoy much greater throughput without compromising on Cardano’s layer 1 security guarantees.
- Orbis will be decentralized like the underlying Cardano blockchain, thus preserving the censorship resistant, fault-tolerant nature of decentralized systems.