With the recent spike in interest around the zk-stack, I wanted to share a few thoughts on its current state, and how @extendedapp is already benefiting from it. Plus what this means for us going forward. In simplified terms, the ZK stack allows an external observer to verify that the output of a computation is correct without seeing the output itself, simply by knowing: - the public inputs to the computation, and - the verification logic (the program / circuit being proven) A simple example would be verifying the result of a lottery (where the result itself can remain private) by knowing only: - the bets that were placed, and - the algorithm used to select the winner. All teams building in the ZK space are essentially solving two problems: 1. The ability to verify arbitrary business logic (= ability to prove correctness for any computation or program, not just a narrowly pre-defined operations like shielded transfers or matching) 2. Proving time (how fast a proof can be generated) In general, the simpler or more constrained the business logic is, the faster the proving time and vice versa. Besides the above, two additional critical dimensions for evaluating the robustness of a ZK stack are: 1. How centralized the prover and verifier are, specifically, who controls the proving system and who controls the verifier contract. This matters because if a single party controls the prover and the verifier, they could, in practice, alter or bypass the logic being proven. 2. Scalability, i.e., how many transactions / constraints the system can process efficiently. From a purely technical perspective @Starknet is significantly ahead across all four dimensions. This is why we selected it as the settlement layer for Extended: 1. It can handle general business logic 2. It can process millions of transactions per day 3. Current proving times are 6 hours (expected to drop to ~1 hour next year) 4. It has a decentralised prover and verifier contract runs on the decentralised Ethereum networк The important caveat is that Starknet’s outputs are public. This is not a limitation of the STARK technology itself (the same tech stack can support private outputs). It is a design choice by Starknet in order to inherit Ethereum’s security. Ethereum must see Starknet’s state transitions in order to verify them. A common misunderstanding is that privacy is the main benefit of ZK. The real benefit for us is running massive computations with no need for users to trust us, while producing a tiny proof that sharply reduces costs. The other key benefit is that Starknet’s ability to process generic business logic enables our product roadmap (vault tokenisation, unified margin, etc.) without changing any security or trust assumptions, and without requiring us or @StarkWareLtd to upgrade zk-circuits, which would be a massive lift.