Unmasking the Illusion: The Shortcomings of 'Zero-Knowledge' Rollups in Achieving Privacy

Exploring the privacy limitations of ZK-Rollups and why their name is misleading.

Talk given at RECSI 2024 (Reunión Española sobre Criptología y Seguridad de la Información) in León, October 24, 2024.

Abstract

The rise of Layer 2 solutions, including Payment Channel Networks, sidechains, and rollups, has aimed to tackle the scalability challenges of Layer 1 blockchains like Bitcoin and Ethereum. Among these, Zero-Knowledge Rollups (ZK-Rollups) have emerged as a compelling solution by utilising ZK-SNARKs to bundle multiple transactions, thereby enhancing throughput and reducing costs.

However, despite their technical sophistication, ZK-Rollups do not inherently provide transaction privacy — a common misconception given the “Zero-Knowledge” nomenclature. This paper explores the privacy limitations of ZK-Rollups, emphasising the need for privacy-preserving features that align with the expectations set by their name.

We also review the strategies being developed by various projects to address these limitations. Furthermore, we propose the community begin adapting other names for the technology, such as “Verifiable Rollup” (verRollup), “Incrementally Verifiable Computation Rollup” (ivcRollup), or “Succinct Rollup” (sucRollup) that better represent the current capabilities of rollups.

Authors

Adrià Torralba-Agell, Ghazaleh Keshavarzkalhori, Cristina Pérez-Solà, David Megías, and Jordi Herrera-Joancomartí.