Under the concept of “play-to-earn”, players want to earn while enjoying the game. However, GameFi is limited by the high cost of GAS and the imperfect blockchain game development ecosystem, and its security and transparency are difficult to be recognized by players. This takes GameFi to the other extreme – constantly optimizing the economic model and earnings, and the revenue cycle is constantly shortening, which eventually leads to a stampede. In the new cycle, the popularity of L2, omni-chain game engines, and ZK technology will bring users on-chain privacy and more complex on-chain game mechanics. This simultaneously solves the issues of performance, privacy, and trustworthiness, shifting the focus away from Ponzi games and toward more trusted and complex on-chain games. Using application-layer ZK technology, game developers can easily build on-chain strategy games with clear requirements for interactive privacy scenarios, which also brings new hope to more complex trusted (on-chain) game scenarios. In this article, Salus will explore how the new application layer ZK technology can help games complete scene innovation.
Technical background: The emergence of recursive zkSNARKs
zk-SNARKs are a cryptographic proof system in which a prover can prove that he or she has certain information without revealing that information and without any interaction between the prover and the verifier.
Recursive zkSNARKs mean that developers can validate another zkSNARK proof inside the zkSNARK proof and generate a statement of the zkSNARK proof. Recursion allows zkSNARK provers to squeeze more knowledge into their proofs while remaining concise and the recursive verification process does not slow down significantly.
Compared to zkSNARKs in general, recursive zkSNARKs provide enhanced scalability and efficiency by allowing multiple proofs to be compressed into a single proof. This recursive combination reduces the computational load and proof size of complex or multi-step processes, making them particularly beneficial for applications such as blockchain games where a large number of interactions and transactions occur. This will result in higher performance and lower costs for users and developers.
Recursive SNARKs unlock new application-level properties
compress
Recursive zkSNARKs allow provers to put “more knowledge” into proofs while ensuring that these proofs can still be verified by validators over a constant or multilogarithmic time. Using a recursive zkSNARK as a “rollup” of information, it is possible to independently “roll up” more computations than the largest (non-recursive) circuit.
Composability
With recursive zkSNARKs, it is possible to create a chain of proofs, and at each step, the proofs are passed to a new participant, each of whom adds their own claims of knowledge, but without the need to know the details of the other parts of the chain.
Implementation of recursive SNARKs
In general, there are two ways to achieve a fully recursive zkSNARK: one is to use a loop of pair-friendly elliptic curves, where efficient recursion is achieved by finding two pair-friendly curves such that the order of one curve is equal to the field size of the other curve, and the second is to force it through and simply implement the elliptic curve operation of a single pair-friendly curve in the proof system itself.
Although many researchers are still exploring the first method, the cyclic of pair-friendly elliptic curves, it is still difficult to achieve curves that satisfy both the characteristics of pair-friendly and cyclical. The following defines what a pair-friendly elliptic curve loop is.
Definition 1: A loop of elliptic curves is a list of elliptic curves defined on a finite domain, where the number of points on one curve is cyclically equal to the size of the definition domain of the next curve.
The m-cycle of elliptic curves is broken by m different elliptic curves ZK technology “Play to Earn”, where ZK technology breakthrough “Play to Earn” is a prime number, so that the number of points on these curves satisfies the formula:
Efficient zkSNARK schemes are typically constructed from pair-friendly elliptic curves, and the cyclic conditions in the equation allow for recursive combinability between them and avoid the costly modulo operations that occur across finite domains of different features.
Definition 2: A pairing-friendly m-loop of an elliptic curve is an m-loop that satisfies the fact that each elliptic curve in the loop is the basis and has a small degree of embedding.
The second method is to force it through and simply implement the elliptic curve operation of a single pair of friendly curves in the proof system itself). You can port the pairing circuit onto the BN 254 curve and assemble a growth verifier in Circom.
In the case of the groth 16 proof system, the groth 16 has a two-stage trusted setup, with the second stage being circuit-specific. This means that when you validate a proof inside an SNARK, it will need a trusted setup that is independent of the outer SNARK.
Therefore, the most suitable for recursive groth 16 SNARKs are those applications that recursively to themselves, i.e., the proof verified in the circuit is the proof of the same circuit itself. This means that we only need a trusted setting. The following diagram illustrates the idea of a self-recursive SNARK:
At each step, you have a circuit to prove the computation
ZK technology breaks the validity of “Play to Earn” ( may i is a public input to SNARK), and in the ith such proof you verify the validity of another proof of the validity of the calculation ZK technology “Play to Earn”. There’s also the step ZK technology to break the validity of “Play to Earn”, where your SNARK circuit will remain unchanged with each recursion. Taking Isokratia as an example, every ZK technology breakthrough “Play to Earn” is an ECDSA signature verification.
Overall, recursive zkSNARKs provide greater scalability: reducing the data and computation required for multi-step games or actions, making them more viable on-chain, ensuring that complex game logic and state transitions can be verified quickly and securely.
Case Study: ZK-Hunt and its impact
ZK Hunt is an RTS-like on-chain PvP game that explores the use of ZK technology to implement complex on-chain game mechanics and information asymmetry. ZK Hunt allows players to perform actions in complete privacy, and each action can be verified without revealing any underlying data.
Movement on the ZK Hunt Plains is public, and Player B can see Player A’s position update while moving. Entering the jungle is also public, but movement through the jungle is invisible, so Player A cannot determine Player B’s location in the jungle, but can only simulate a growing set of potential locations, which are shown with question marks. Leaving the jungle and returning to the plains will reveal the user’s location again, so this potential location collection disappears.
This information hiding behavior is the foundation of ZK Hunt, where units have a state (their position) that can go from public to private, and then back again depending on the in-game action. This enhances the strategic nature of the game.
As shown in the image, the status verification process of ZK Hunt consists of the following steps:
Local Update Private Status: From SI-1 to SI (from Public to Private or from Private to Public)
Generate proof of valid transition state: consume SI-1 and SI (and previous Committed CI-1, generate a new Committed CI)
Submit to on-chain verification of proofs (the contract provides a value for commitment CI-1 to ensure that proofs are generated correctly)
Update on-chain commitments (save CI so it can be used as CI-1 at the next transformation)
Commitment is a tool that ZK attestation can use to verify some private state that was previously “promised” by a referencing user without revealing that state to the validator. The user provides the promise C as a public input, the private state s as a private input, calculates the promise that s will result internally at the proof, and checks if it matches C:
Although the cost of ZK proof verification is considered constant (at least for some proof systems such as groth 16, etc.), in reality this verification cost increases depending on the number of public inputs, which can be important when doing on-chain verification. At the same time, ZK Hunt uses poseidon hash as a commitment scheme because it is much more efficient to compute within the circuit than other common hash functions, with fewer constraints per message bit. If the private state is a value randomly selected from a sufficiently large range (such as a private key or a random seed), then simply getting a hash of that value is enough as a commitment.
There are many other game innovation scenarios that can be achieved by similar ZK technology, such as asset hiding, decision privacy, and progress confidentiality.
Asset Concealment: In a collectible card game, players can use zero-knowledge proofs to hide their hands and display only the necessary information when playing.
Decision Privacy: In strategy games, players can secretly choose their next move or allocate resources, and these choices are only exposed at a specific point or triggered by game logic.
Progression secrecy: In an adventure or role-playing game, players may complete quests or earn achievements while others don’t know exactly what they’ve done, keeping the element of surprise or competitive secrecy.
By employing zero-knowledge proof technology, ZK Hunt allows players to operate the game while maintaining privacy. This is not only a technological innovation, but also a rule change for on-chain games. In this way, the game’s actions are verified without revealing sensitive data, enhancing the stealth of the strategy and enriching the game’s strategic depth and surprise elements.
If you are interested in integrating ZK technology into on-chain games to enhance privacy and scalability, as well as enable game innovation, Salus has related services and solutions. By partnering with Salus, you can explore the wide range of applications of ZK technology in gaming, providing players with a richer, safer, and more strategic gaming experience.