Dialogue with NEBRA founder: Reducing the cost of Ethereum L2 expansion through zero-knowledge proof aggregation | ETHcc2024 Rollup Day Special

Author: Sunny, Xiaobai Navigation Coderworld

Guest: Shumo, Founder and CEO of NEBRA

Scaling Ethereum is one of the major advances in the Web3 industry in 2024. Generally, scaling solutions are divided into two categories: L1 scaling and L2 extensions, each demonstrating its strengths in different areas of development.

L2 Scaling can be done using optimistic (op) roll-ups or zk-rollups. Op roll-ups assume transactions are valid by default and only verify them when challenged, while zk-rollupsXiaobai Navigationollups useZero knowledge proofAll transactions are verified off-chain before being submitted to the main chain.In this field, Base takes the lead in the use of op roll-ups, while Scroll is one of the leaders in zk-rollups.

Earlier this year, Ethereum founder Vitalik ButerinExpress on TwitterHe expressed his high expectations that zk-rollups will become the ultimate solution for Ethereum expansion in the next decade.

To further clarify the definition of zk-rollups and their mechanisms, we can point out that they involve the data availability layer (DA), the settlement layer and their corresponding proofs - state proof and consensus proof. Since zk-rollups need to verify the validity of all transaction data, the state transition of transactions and the final state of transactions need to be stored on the chain, which gives rise to the aforementioned two layers.

Before achieving the “ultimate goal” of scaling, Vitalik also emphasized: “To get to this point, a lot of infrastructure and optimized provers are required…”

因此，今天的讨论目标是从一个名为 NEBRA 的 L2 扩展初创公司获取洞见，了解 NEBRA 致力于解决的问题，以及如何整合 zk-rollups 基础设施来实现这一“最终目标”。

The current cost of generating a zk proof is $50, which is clearly far from the ultimate goal. NEBRAShumo, founder ofZero knowledge proofAggregation to solve cost issues.

The interview dives into Shumo’s journey to founding NEBRA, his philosophy on decentralization drawn from years of industry experience, and how NEBRA differentiates itself from competing solutions like EigenLayer and Polygon’s aggregation layer through a focus on cryptography and mathematical expertise.

Highlights

1. BlockchainThe ultimate value of blockchain is that it can promote coordination among people from different countries around the world and eliminate barriers between individuals.A fundamental understanding is that coordination is inherently costly.

2. Scaling through zk-rollupsBlockchainIt can be boiled down to two main functions: data availability (or publication) and settlement.

• Where state proofs are required, data availability is critical to verifying state transitions - it ensures that the data required to verify state changes is always available.

• Where proof of consensus is required, settlement involves reaching consensus on the state of data after a transaction occurs.

• Zero knowledge proofAnd verifiable computation allows us to verify the correctness of state transitions without re-executing expensive state transition functions.

3. We firmly believe that zero-knowledge proof-based settlement will become the mainstream method within the next decade.

4. We believe that the settlement certificate isBlockchainOne of the most pressing challenges we face is addressing the data availability (DA) problem. Our strategy includesRecursive generation of zero-knowledge proofs — whether Fourier proofs or aggregating thousands of proofs.This enables all of these proofs to be combined into a single submission on Ethereum. As a result, the cost of proof settlement could be reduced by a factor of ten or more. This is the core of what NEBRA is developing.

5. Unlike platforms that may rely on economic games (such as EigenLayer),Our approach is based on pure mathematics and cryptography.

6. Although EigenLayer provides important value, it is also an important strategy to avoid coordination as much as possible and rely entirely on cryptographic solutions without introducing unnecessary trust assumptions.

7. The idea of NEBRA is to leverage the mature infrastructure that Ethereum already has.CommunityThe result of many years of hard work and development - to enhanceSafetyand functionality, without creating unnecessary layers of coordination.

8. Launching your own Layer 1 chain primarily provides the advantage of capturing sorter revenue or miner extractable value (MEV), which will directly increase your protocol revenue.

Philosophical thinking behind the creation of NEBRA

coderworld: Can you briefly introduce yourself? What is your experience like from starting as an academic to joining Algorand and now focusing on expanding Ethereum’s infrastructure?

Shumo Chu:

I received my Ph.D. from the University of Washington. My research areas are formal methods and database systems. This includes theoretical research on programming languages and practical applications in distributed systems and database systems.BlockchainI became interested because I read the Bitcoin white paper, and later I organized a conference on Bitcoin andcryptocurrencyseminar, that was in 2018.

After graduating with a Ph.D., although I didn’t have a clear plan for my future career, I was sure that I didn’t want to work for a big company like Microsoft, Google, or Facebook. So I chose to join Algorand, a company with a high reputation in the academic community.cryptocurrencyAlgorand was founded by Turing Award winner and MIT professor Silvio Micali. Although the team was excellent, I soon discovered that the company’s culture andIt doesn’t quite fit with the grassroots, slightly rebellious spirit that I imagined cryptocurrency to be.Algorand chose to cooperate with big banks, which is somewhat contrary to my understanding of the spirit of cryptocurrency.

After working at Algorand for a while, I returned to academia as a teaching assistant professor at UC Santa Barbara, and my research direction turned to cryptography, specifically zero-knowledge machine learning (ZKML). I co-authored an early paper on ZKML, which was a new starting point for my academic career. But my passion for entrepreneurship led me to co-found Manta Network, an initial project focused on privacy-preserving blockchains that later evolved into a more user-friendly tool, Manta.

Last July, I left Manta and founded NEBRA.This is a research and development organization focused on advancing the future of zero-knowledge technologyThis experience, from academia to entrepreneurship, is a summary of my journey in the field of blockchain and cryptography.

On the passion for embodying the spirit of anarchism

coderworld: You mentioned the anarchist movement and felt that Algorand lacked the grassroots spirit of Ethereum. Can you elaborate on why Ethereum is more in line with the spirit of social movements? Is it because it has a greater network effect than Algorand?

Shumo Chu:

Our project is not just about technology, but more importantly, it is about cultivating aCommunity, to realize the founder's vision. Look at Vitalik Buterin's experience. Although he studied cryptography in depth during college and worked with top Canadian cryptographers, he was ultimately attracted to Bitcoin. He not only deeply involved in BitcoinCommunity, and as the editor of Bitcoin Magazine, he put a lot of effort into it and really practiced it. But when he realized that Bitcoin could not fully realize his ideals, he founded Ethereum.

This highlights a key principle: cryptocurrencies are about more than just maintaining the status quo.It is actually a profound recognition of individual freedom that challenges traditional ways of money creation and government intervention. Throughout my career, I have witnessed various blockchain crazes, including IBM’s Hyperledger. But these permissioned blockchains eventually fell into obscurity, illustrating a point:Blockchain technology is inherently opposed to central government control. It represents a social movement that advocates maintaining individual freedoms without government intervention.

Blockchain founders like Vitalik have also discussed this aspect publicly, emphasizing that blockchain is rooted inCyberpunk ideology and is a tool for social change.Although central bank digital currencies (CBDCs) are technically feasible, they ignore the potential of blockchain as aThe basic spirit of resisting government power.

It is this critical misunderstanding that prevents Algorand and similar projects from truly capturing the essence of the cryptocurrency movement.

Building the Ethereum Ecosystem: Coordination as the Ultimate Goal

coderworld: Before we talked about NEBRA, you mentioned the goal of building a peer-to-peer cash system that can resist the government, which seems to be the hope for a future with governance rather than government control.contractEthereum is valued for enabling decentralized applications, while Bitcoin is considered "digital gold" due to its decentralized nature, but its transaction speed is slow. Considering Ethereum's role in shaping the next generation of the Internet and finance, can you share your thoughts on both systems? Also, why did you choose to focus on Ethereum after leaving Algorand despite having many other networks to choose from?

Shumo Chu:

I agree with the points you made. It is true that Bitcoin exists as a store of value, but it does not have the ability to establish a coordination system.The real value of blockchain lies in its ability to help people from all over the world work together, removing friction between individuals in different countries.To do this, a powerful smartcontractThe platform is essential.TokenTransferring is not enough. Ethereum does this very well, and it embodies the most fundamental value of this industry: decentralization.

While Bitcoin may be better than Ethereum in terms of decentralization, from a practical point of view, Ethereum is the first choice for developing meaningful projects. Its combination of decentralization and widespread adoption is unmatched by any other blockchain.

We should not only focus on technical indicators such as transaction speed or network latency. Ethereum focuses more on decentralization, which is in line with the core values of the entire industry. In addition, the community is actively improving Ethereum through second-layer solutions and exploring how to expand the system without changing the underlying protocol, such as using modular data layers like Celestia.

At NEBRA, our main focus is developing the settlement layer. Essentially,Blockchain technology mainly includes two functions: data publishing (or data availability) and settlementOur focus on improving Ethereum’s settlement capabilities is very much aligned with our goals and a natural extension of our involvement.

What is NEBRA? How does NEBRA scale Ethereum?

NEBRA: The difference between settlement and data availability

coderworld: Can you explain the difference between "settlement" and "data release" in Ethereum? It seems that data release may be the temporary storage of data, while settlement is the confirmation and recording of transaction status. What is the difference between these two processes and what is their respective importance in the Ethereum ecosystem?

Shumo Chu:

Indeed, you already understand the core concept and no further explanation is needed.Data availability is critical to proving state changes - it ensures that the data needed to verify the state change is always accessible.

Settlement, on the other hand, focuses on the process of reaching consensus on the state of data after a transaction occurs.

Imagine starting from a specific state "A", and the smart contract specifies how the state should change. The question then becomes: how do we verify that a transaction is correct? The ultimate solution lies inZero-knowledge proofs and verifiable computation techniques. These techniques allow us to prove the correctness of state transitions without re-executing those expensive state transition functions.

The computing power of Ethereum can be compared to a fifth grade calculator. This metaphor reveals the limitations we are dealing with. Our goal is to scale Ethereum in a way that preserves its decentralized and trustless nature while keeping the underlyingSafetyThis is the main focus of our current efforts.

Coderworld: How does NEBRA balance decentralization, scalability andSafetySexual?

Shumo Chu:

At the core of our approach is the use of zero-knowledge proofs. We verify state conditions without having to re-execute them. To understand the significance of NEBRA’s approach, it is important to first understand concepts like ZK-EVM and ZK second-layer solutions — which use Ethereum as a settlement layer for zero-knowledge proofs.We firmly believe that zero-knowledge proof-based settlements will become mainstream in the next decade, mainly because of their many advantages.They both maintainSafetyFor example, one of our major clients, Worldcoin, uses our technology to provide privacy protection for its users’ identities.

We believe that proof of settlement will be one of the biggest challenges facing blockchain after solving the data availability problem. Our strategy includesRecursively generate zero-knowledge proofs — either Fourier proofs or aggregating thousands of proofsThis allows all of these proofs to be aggregated into a single submission on Ethereum. As a result, the proof cost of settlement could be reduced by a factor of ten or more. This is exactly what NEBRA is developing.

Recursive zero-knowledge proof generation and proof aggregation: what do they mean for supporting ZK-EVM and ZK layer-2?

coderworld: Can you simplify the concept of "proof aggregation" for the less technically savvy? Also, please explain at which layer NEBRA operates?

Shumo Chu:

The specific concept of "proof aggregation" is not the point. The key is to understand thisWhat the proof is: It can be a simple signature or a small piece of encrypted data that proves the validity of the state transition functionThe benefit of this proof is that it is very short. However, the process of verifying a proof is still expensive, and it currently costs up to $50 to verify a proof on Ethereum. At NEBRA, our goal is to reduce this cost to $5 in the short term and further to 0.5 cents in the long term. This reduction in cost is our core value proposition and the main reason why our service is so important.

We reduce costs without sacrificing trust. Unlike some platforms that may rely on economic games (such as the Eigen layer),Our approach is based entirely on mathematics and cryptography.

Is Eigen Layer a competitor to NEBRA?

coderworld: Do you think the Eigen layer is a competitor to NEBRA?

Shumo Chu:

Our relationship with other teams in this space is not about competition, it's more about how to scale Ethereum in different ways and help developers build protocols. There are layers to this topic. I don't think of us as competitors. In fact, there are areas where we can collaborate.While these teams are working to scale Ethereum by adding additional economic assumptions, it remains to be seen whether these strategies will be effective.

在 NEBRA，我们的做法是独一无二的。我们的目标是利用以太坊本身的安全功能，使开发者在没有任何附加条件的情况下能做更多事情。我们相信，从长远来看，这种策略是最可持续的。

coderworld: Given your deep background in mathematics and zero-knowledge proof research, and Eigen Layer’s focus on settlement coordination, how do you think your development paths will intersect in the future?

Shumo Chu:

Discussing how to scale and enhance blockchain technology is a complex topic.A fundamental insight is that coordination itself is costly.Sometimes consensus mechanisms, economic security, or other forms of coordination are necessary, despite the high costs. The appeal of blockchain is that it facilitates trustless transactions and reduces the friction usually associated with coordination. For example, when transferring Bitcoin, you don’t need to worry about whether the government is stable;Even without governments, Bitcoin remains resilient, which demonstrates the far-reaching advantages of this technology.

Eigen Layer is developing a coordination layer, which I think is very valuable. However, we must admit that not all problems can be solved by zero-knowledge cryptography alone, such as the double-spending problem.

Ideally,In scenarios where zero-knowledge cryptography is applicable, minimize the use of coordination mechanisms. The cost of coordination is high. Take the reinvestment mechanism of Eigen Layer as an example: participants reinvest their ETH to earn returns. But we have to think about the source of these returns, which come from the income of the protocol deployed on Eigen Layer. As the investment amount increases to billions, the required returns will also increase, and if this is not sustainable, participants may withdraw their investment. Therefore, if a protocol must use a coordination mechanism, it should only be used when absolutely necessary.

If more efficient techniques, such as zero-knowledge techniques, can be used, then this approach should be given priority. This is a very in-depth discussion.The Eigen Layer provides great value, but it is also important to have a strategy that avoids coordination as much as possible and relies entirely on cryptographic solutions.

coderworld: Now I understand, it seems that we need to use both coordination and cryptographic proofs. Can you elaborate on this?

Shumo Chu:

Systems should avoid using coordination as much as possible; we should try not to introduce additional layers of coordination.

NEBRA has a wide range of users: zero-knowledge rollups, zero-knowledge applications, data availability layers, zero-knowledge coprocessors

coderworld: Can you elaborate on the scenarios where zero-knowledge proofs are used and who are the potential customers of NEBRA, and how they can simplify operations without the coordination process?

Shumo Chu:

To put it bluntly, our potential customer base is very broad. Specifically:

First, ZK rollups. We can significantly reduce the proof storage cost for them, by about an order of magnitude.

Second, ZK applications, such as Worldcoin, and especially those working on building privacy-preserving digital identities, will benefit greatly.

The third category is various infrastructure projects, such as the data availability (DA) layer. Such projects often need to publish proofs on Ethereum, and we can help them reduce the related costs.

The fourth category is the so-called ZK coprocessor. Among our current partners, ZK coprocessors such as Lagrange and Brabus are listed. In the future, the use of ZK coprocessors and ZK virtual machines may become more widespread.

We see ourselves as a general purpose protocol for anyone looking to do settlement on a ZK-proof based chain, which makes NEBRA an even more ideal choice.

We expect that over the next three to five years, there will be increasing optimization of on-chain operations.

coderworld: NEBRA aims to create a universal settlement layer using ZK proofs. But you mentioned that Eigen Layer is used in scenarios that require coordination, and this cost is reasonable. Can you clarify when a project may only need ZK proofs and not Eigen Layer, and when both may be necessary?

Shumo Chu:

This topic touches on the subtleties of computer science, specifically regarding the concept of “primitiveness” in computational frameworks.The basic principle is that if a process can be fully described in mathematical language, then zero-knowledge proofs apply.However, certain problems, such as double spending, fundamentally require consensus mechanisms, which are a form of coordination.

We need to distinguish between specific coordination mechanisms, such as the Eigen Layer approach, and other approaches to consensus. For example, shared sequence protocols such as Espresso or Astra, or custom consensus algorithms developed by Celestia, are alternatives to the Eigen Layer. When discussing data availability, the Eigen Layer provides a solution, but platforms like Celestia pursue their own unique consensus-based strategies.

The discussion should not just be about NEBRA vs. Eigen Layer. Rather, it should focus on when coordination is needed and when it can be avoided. Coordination through consensus mechanisms is critical to preventing double spending, ensuring strong proof guarantees, and maintaining censorship resistance. The definition of censorship resistance is inherently subjective and involves whether information can be included or excluded.

Given that Ethereum already provides a strong consensus layer, I advocate leveraging Ethereum to handle coordination tasks. By adding ZK proofs on top of Ethereum, we can create a more efficient system.The idea behind NEBRA is to leverage Ethereum’s existing infrastructure — the result of years of community effort and development — to enhance security and functionality, rather than creating a redundant coordination layer.Our goal is to innovate within Ethereum’s existing framework and build more complex systems using ZK proofs without the need for additional coordination mechanisms.

The Challenges of Zero-Knowledge Proofs as a Scaling Solution

coderworld: What are the main challenges in reducing the settlement costs of zero-knowledge proofs tenfold or even a hundredfold in the future?

Shumo Chu:

The challenges of reducing costs are many, but they can be mainly divided into several aspects.

1. First, there are challenges in cryptography. Zero-knowledge proofs are relatively expensive, and although we have made great progress in technology over the past decade, the development of zero-knowledge is still in its early stages. We still have a lot of work to do and a lot of room for improvement.

2. Second, from the perspective of application developers and users, adopting zero-knowledge technology is more complicated than not adopting it. You can see that platforms like Arbitrum and Optimism are able to build and deploy optimistic rollups faster than teams doing ZK rollups. However, I firmly believe that the adoption of zero-knowledge technology will accelerate, which will increase the speed of development. I believe that in the future, it will be simpler to build with zero-knowledge than with traditional technology, even though our proof system is inherently difficult to design. This is the second major challenge.

3. The third challenge is market education. Since we are still very early in the zero-knowledge space, many people do not understand the benefits of using zero-knowledge. For example, users may not initially care about what the underlying technology is. It is critical to educate developers about zero-knowledge technology and tell them why this technology exists and why they should use it to bring more scalable solutions to Ethereum and other blockchains. These are the three major challenges in my opinion.

coderworld: Given the research, adoption, and engineering challenges, how do you tackle them all simultaneously? Beyond your competitors, you emphasize that NEBRA focuses on pure technology and mathematics, while others focus on consensus. What entities in the industry are doing work similar to NEBRA?

Shumo Chu:

We have no direct competitors, but the closest thing to our work is Polygon's aggregation layer (AG layer). We are both working on perfecting aggregation technology, and although we take different perspectives, there are some similarities in the use of mathematical aggregation proofs and scaling blockchain technology. However, there are also some key differences between us.

First of all, Polygon's AG layer mainly serves the Polygon ecosystem, but the application of zero-knowledge technology goes far beyond that. There are many ZK rollups and ZK virtual machines outside the Polygon ecosystem, such as Score, Caseync, Stackware, Zero, and Sync SP. Our goal is to create a unified layer, which may also include cooperation with Polygon's AG layer. This allows us to work from a more neutral position, and because of our neutrality and independence from Polygon, we are able to work with a wider range of partners. This is one of our main differences.

The second difference is our focus. Polygon's AG layer focuses on ZK rollups, while our focus extends beyond ZK rollups to ZK applications. We already have some large ZK applications as our customers, such as Worldcoin, which shows that we have a wider range of applications than Polygon's AG layer.

While there are some other minor differences in technology and performance metrics like speed and ubiquity, those distinctions may become less important in the big picture. Fundamentally, it is our broader scope and neutral stance that sets us apart.

coderworld: What are the advantages of your multi-layer zero-knowledge settlement solution compared to existing cross-chain bridge solutions?

Shumo Chu:

The core problem is that existing bridge solutions rely on insecure cryptographic primitives like multi-signature, which basically puts all your funds in the hands of five people you know nothing about. If they decide to collude, you could lose everything. So the fundamental problem with bridges is that their security assumptions are highly questionable.

In the long term, our goal is to introduce trustless bridging technology to the industry. However, this is not our current focus. Currently, we are mainly focused on the settlement side. Bridging is just one way to transfer funds, and our goal is to achieve cost-free interoperability and effectively reduce settlement costs.

NEBRA and Roll-up-as-a-Service

Coderworld: As more and more applications launch their own chains, you, as an expert focused on expansion, must have unique insights into this development. Can you share the benefits and considerations of launching a chain specifically for an application?

Shumo Chu:

This is a very good question and I would love to share my thoughts.

When considering whether to launch a blockchain for your application, it is critical to understand the associated trade-offs.The main advantage of launching your own chain is the ability to earn serialized revenue or miner extractable value (MEV), which directly generates revenue for your protocol.For example, if I launch a DeFi application on my own blockchain, all MEV will become the income of the protocol. This income can be distributed to the founding team,TokenHolders, etc., significantly promote the development of the project. This is a very direct choice.

On the other hand, launching an application can provide composability, which greatly improves the user experience. If you are not on your own chain, users will have difficulty interacting with other applications or using DeFi components.Usually you need to use a bridge——This, as I mentioned before, is because the security issue makes me very uneasy, and it will eventuallyMake the user experience worse.

This is a fundamental trade-off. But with the development of shared settlement layers like NEBRA, this may change, making the bridging experience much smoother. While it may not be as seamless as operating on a single chain, it represents a significant improvement.

In the past, most people chose to develop applications due to the complexity of launching a blockchain. But with the emergence of service providers like AltLayer, Gelato, Kadera, and Conduit making the process easier, we may see more people choose to launch their own chains. By the end of this year, I would not be surprised if there are thousands of ZK rollups.

As NEBRA, our mission is toSupporting this transition by making it easier and more cost-effective to launch your own chain, with the goal of increasing interoperability and efficiency.

Additional discussion on scaling solutions: Is sharding obsolete?

coderworld: You mentioned that with the emergence of numerous Layer 2 solutions, Ethereum may face an existential crisis, which may affect the composability of the network. Some people support sharding rather than Layer 2. What do you think about this?

Shumo Chu:

The argument that the blockchain ecosystem has become too fragmented due to the launch of multiple Layer 2 solutions is not entirely correct, but there is some truth in it.It is true that the ecosystem has become more diverse as more Layer 2 solutions are introduced. But through technologies like NEBRA, we can expect to achieve almost the same level of interoperability in the long run.

A key point of contention is the effectiveness of sharding. Early on, people like Vitalik Buterin and Carl Beekhuizen, now co-founder of Optimism, proposed a sharding solution called Plasma. Despite high expectations, Plasma ultimately failed to work as expected, prompting the community to look for other scaling solutions, especially rollups. While rollups have their challenges, I firmly believe they are the right way forward.We should focus on developing better protocols to integrate Layer 2 solutions rather than redesigning sharding mechanisms that have not been successful in the past.

Take, for example, Polkadot’s approach to sharding. Observing the current state of Polkadot can provide some valuable insights. While criticisms of Layer 2 solutions may have some merit, dismissing them outright ignores the fact that we are unlikely to find more efficient alternatives.

More reading:

1. https://www.nebra.one/

2. https://gelato.network/blog/what-are-zero-knowledge-zk-evms

3. https://lu.ma/ovsa2xjy?pk=g-z28jvuqWEZn3Ft4

The article comes from the Internet:Dialogue with NEBRA founder: Reducing the cost of Ethereum L2 expansion through zero-knowledge proof aggregation | ETHcc2024 Rollup Day Special

Related recommendation: SlowMist: Chrome malicious extensionstealGet a million dollars to solve the problem

While considering the user experience, the platform should also pay attention to protecting the security of user accounts and assets. Written by: 23pds@SlowMist Security Team Background On June 3, 2024, Twitter user @CryptoNakamao posted a post about how he lost $1 million due to downloading the malicious Chrome extension Aggr, which caused…