The Aleo Advantage: Evolving from zkEVMs to the zkVM blockchain

Zero-knowledge proofs are a critical cryptographic solution to protecting user privacy on the web, particularly when scaling toward mass adoption on the blockchain, where they can also help solve computational issues. There are currently two major ways to do this: zkEVMs and zkVMs. This piece explores both, analyzing the pros and cons of each — but first, it’s important to understand what we are optimizing for, and why privacy matters.

Cryptographic evolution, like biological evolution, centers around the development of traits meant to optimize for a certain result. Bitcoin optimized for security over additional functionalities because, before decentralized digital currency could be accepted and adopted, it had to be provably secure. Ethereum similarly optimized for security, while adding another layer: programmability through smart contracts.

These crypto-evolutionary iterations tend to build upon each other, and each comes with their own set of tradeoffs. On Ethereum, every single node has to re-execute every single transaction, creating significant computational challenges that lead to high gas fees and low transaction speeds. The decision to deliver computation on the blockchain was intended to optimize security and transparency, but it also comes at a cost: namely, performance and privacy. 

Rollups emerged to help improve scalability by lowering the computation costs of working on Ethereum. But they only begin to address the performance issue, and privacy is not accounted for at all. That matters because privacy is now a prerequisite for apps that want to scale users, who are consistently asking for more control over their data and are increasingly skeptical of those who want unfettered access to it.

App developers recognize the trend toward privacy and the need for it, which is why they have increasingly explored ways to protect privacy using zero-knowledge proofs (ZKPs). These cryptographic protocols allow users or apps to verify something is true without having to reveal any additional information — for example, confirming a user is over 18 without revealing their exact age or date of birth.

As a16z notes in its 2023 State of Crypto report, further adoption of ZK-proof technology by developers is likely, particularly as the tech has seen an increase in academic publications and daily transactions verifying ZK proofs on Ethereum.

What are zkEVMs and zkVMs?

The majority of ZK solutions fall into two camps: those built on top of Ethereum (zkEVM) and those that are custom built (zkVM) and, thus, may choose to build with a different set of underlying tradeoffs and base parameters.

A zkEVM is an Ethereum Virtual Machine compatible and zero-knowledge proof-friendly virtual machine that guarantees the correctness of programs, operations, and inputs and outputs.

By being built on top of the Ethereum blockchain, the zkEVM model takes on Ethereum’s pros and cons. 

Because it optimizes for compatibility with the Ethereum network, it benefits from Ethereum’s large user base and it is easier for developers to build on (both because of the significant number of Solidity developers and its shared infrastructure, including execution clients).  However, that also means its ability to integrate zero-knowledge proofs and other privacy measures is limited to the built-in constraints of the Ethereum network.

The closer you get to a zkEVM model that fully emulates the Ethereum model, the more you pay a price in performance, because it takes a much longer time to generate proofs. While it can be positive for some applications that every transaction is completely public and transparent, since computation is all done on the blockchain, that lack of privacy is unreasonable or unsafe for others (for instance, apps that revolve around sensitive and personal financial information). 

A zkVM is a virtual machine that guarantees secure and verifiable trustworthiness by zero-knowledge proofs – the machine that you enter the old state and program, and it returns the new state in a trusted manner. It can optimize its environment to make integrating zero-knowledge proofs into on-chain transactions less expensive, more effective, and even easier. 

In essence, the right zkVM can give all its applications the ability to use zero-knowledge proofs in each of their transactions, relatively effortlessly. True zkVMs are built with ZK-first principles, integrating them into every piece of the tech stack.

What are we optimizing for?

When Lockheed Martin set out to build the F-35 as a do-it-all fighter jet, they hoped to replace the need for tailored air-to-air or air-to-ground fighters. Instead, it has underperformed on multiple fronts, falling a decade behind schedule, with many industry experts considering it the worst fighter jet ever created. 

The lesson? Anything created to do a specific task well is likely to do that task better than a solution trying to optimize for many other factors at the same time.

In Ethereum, you have a blockchain that was built to be completely public and transparent. If you are now trying to introduce privacy, it’s just not going to be as performant as something that was developed to support privacy from its very foundation. From an engineering perspective, this is difficult because developers have to encode programs that were not designed to operate over this type of field, which results in gigantic circuits. 

However, a purpose-built application layer for privacy can optimize for privacy while benefitting from a number of other positives created by zero-knowledge proofs, which we will lay out in the next section.

How Aleo takes zkVMs one critical step further

There are lots of zkVM solutions out there, but Aleo is doing more than just building a zero-knowledge virtual machine — it’s actually creating a privacy-focused layer 1 blockchain with a zkVM fully integrated into every transaction.

As such, Aleo solves the problem of efficiently translating between the world of ZK cryptography — where all group elements are defined over elliptic curves — into the world of computation, where it can be used more efficiently and effectively by applications and their users.

This model creates a number of key benefits, including:

Low complexity

Aleo abstracts the layer of complexity of developing applications with ZK. Previously, developers had to develop at the circuit level, which is extremely tedious and time consuming. With Aleo, ZK circuits are automatically generated based on your program, allowing any developer to leverage the power of ZKPs, which makes privacy more accessible.

Enhanced scalability through batch proving without gas fees

Aleo processes transactions off chain, then verifies the transactions through a ZKP on chain. This way, all the heavy-lifting is done off the blockchain, allowing Aleo to achieve a higher throughput. By batch proving executions through ZKs, Aleo is able to further reduce prove time, verifier time, and proof size, which makes costs sublineal — there is a greater than 4x reduction in prover time once you surpass 4 executions.  

Unlimited program runtime

Programs that run in zkCloud, a decentralized, trustless, off-chain computing environment, can take a second, a minute, a day; it doesn’t matter as long as the shielded transaction is submitted at the end of the computation. This opens up the door to a far greater variety of applications than are possible with an on-chain execution model like Ethereum, in which program runtime is limited by “gas.”

Maximized programmability and composability

Developers get more programmability to decide exactly what information and how much of it is or isn’t exposed with each transaction, giving them much more say in defining which parameters are public on the blockchain and which are protected with ZKPs. They also get more composability: While you can’t import a library or program logic from a registry in Solidity, you can in Aleo, for example. 

Private by default — for everyone

In other ZK solutions, privacy is opt-in. That leads to two classes of users: the non-private and the private, with the anonymity set representing just a tiny fraction of the users on Ethereum. The problem with that is that the smaller your anonymity set, the worst privacy is for the private users too. At Aleo, every transaction is private by default, so there is only one class of users: the protected set.

A ZK-solution for true privacy

In security, you are only as secure as your weakest link. In decentralization, only as decentralized as your most centralized link. The same is true for privacy. Ultimately, zkEVMs are only as private as the Ethereum network, which was built to maximize transparency on the blockchain, not privacy. 

Meanwhile, other ZK solutions, such as zkVMs, may solve some aspects of the privacy challenge, but don’t have the computation and programmability of a blockchain purpose-built for privacy.

On Aleo, developers can ensure privacy by default, giving people complete control over their online identities and private data while making it easier to create and use the best possible applications.

Want to go deeper? Jump into our developer docs.