*Rollups technology has gradually become popular in the blockchain with its application. To be more specific, it helps the system optimize security and reduce transaction costs by performing manipulation and compression at layer2.*

**What are Rollups?**

Rollups move computation (and state storage) off-chain but keep some data for each on-chain transaction. To improve the efficiency of this process, rollups use a series of compression tricks to replace data with computation whenever possible. That leads to a system where scalability is still limited by the data bandwidth of the underlying blockchain that, however, is at a very favorable rate: while transferring Ethereum base layer ERC20 tokens has a cost of ~ 45000 gas, transferring ERC20 tokens in one rollup takes up 16 bytes of space on the chain and costs less than 300 gas.

**How do the Rollups work?**

First of all, there is a smart-contract on-chain that maintains the state root: the Merkle root of the roll-up state (i.e., account balances, contract codes, etc., located "inside" the aggregate).

https://vitalik.ca/images/rollup-files/diag1.png

Anyone can publish a batch, a set of transactions in a highly compressed form, along with the previous state root and the new state root. The contract will check whether the batch's previous state root matches its current state root. If the proof is valid, it converts the original state to the new original state.

If someone can submit a batch with any roots after the status and still be recognized, they can simply transfer all the coins inside the pool to themselves. The question is how to know that the post-state roots in the plots are correct. This question is essential because there are two very different sets of solutions to the problem, which leads to two flavors of synthesis.

* Optimistic rollups *use fraud proofs: the rollup contract keeps track of its entire history of state roots and the hash of each batch. If anyone discovers that one batch had an incorrect post-state root, they can publish proof to the chain, proving that the batch was computed incorrectly. The contract then will verify the proof and reverts that batch and all batches after it.

** ZK rollups** use validity proofs: every batch includes a cryptographic proof called a ZK-SNARK or ZK-STANK, which proves that the post-state root is the correct result of executing the batch. No matter how large the computation, the proof can quickly be verified on-chain.

**Dig deeper into ZK-Rollups**

* Zero-Knowledge proof *is the method by which one party (the prover) can prove to another (the verifier) that a certain statement is true while the story avoids conveying any additional information beyond the fact that the statement is true.

The essence of zero-knowledge proof is that it is trivial to prove that one possesses knowledge of some piece of information just by disclosing it. The challenge is to prove that ownership without disclosing information or any additional information.

**There are main 3 features of Zero-Knowledge Proof: **

** Completeness**: if the claim is true, an honest verifier (that is, someone who followed the correct procedure) will be convinced of this fact by an honest maxim.

** Rationality**: if the claim is false, no cheat story can convince an honest verifier that it is true, except for some small probability.

* Zero-knowledge*: if the statement is true, no verifier learns anything other than the fact that the statement is true. In other words, just knowing the saying (not the secret) is enough to imagine a scenario where the proverb knows the secret. That is formalized by showing that every verifier has some kind of simulator that, making only proven claims (and having no access to proverbs), can generate a write “looks like” the interaction between the honest proverb and the verifier in question.

**The Example of Where's Waldo**

In a talk given last year, Elad Verbin very well explained the clueless evidence with an example using "Where's Waldo". In the children's book "Where's Waldo," the reader is asked to find Waldo (wearing glasses, a red and white sweater, blue jeans, and a beanie) in a crowd of illustrations doing various things.

Let's say that I (the writer) am the maxim and you (the reader) are the verifier. I claim there is an algorithm that can easily find Waldo, but I will only let you use it in exchange for a fee. You want the algorithm but don't want to pay before I can prove it works.

So, like many transactions, we want to collaborate, but we don't fully trust each other.

To demonstrate that I have a working algorithm, I put an illustration on the floor showing a large crowd. After asking you to cover your eyes, I cover the illustration with a large, flat piece of black cardboard (which has a much larger area than the illustration) with a small cut in it. The small cut allows us to see Waldo, but his position in the image or where the puzzle begins and ends. Then I ask you to close your eyes, and I take the board from the Where's Waldo puzzle.

I proved that I could find Waldo in the puzzle quickly without telling you where Waldo is in that image, how I found him so quickly, or anything else. about that illustration. The more times we repeat this exercise, the more likely it is that I have an efficient and fast algorithm.

Zero-knowledge rollups or zk-rollups is a Layer 2 scaling solution that allows blockchains to validate transactions faster while ensuring that gas fees remain minimal. Zk-rollups manage to perform better than traditional Layer 1 blockchains like Ethereum because they combine on-chain and off-chain processes.

Two of the most prominent zero-knowledge technologies on the market today are zk-STARK and zk-SNARK. Both are acronyms for the method by which the two parties prove their knowledge: ZK-STARKs stand for the zero-knowledge scalable transparent argument of knowledge, and zk-SNARK is the term ZK-SNARK represents the zero-knowledge succinct non-interactive argument of knowledge. About the core difference between these two different non-knowledge technologies, both from a cultural and a technical perspective. Furthermore, both of these zero-knowledge technologies are non-interactive in nature, meaning that the code can be deployed and operated independently.

**References**

*[1] Zero-Knowledge Proofs: STARKs vs. SNARKs, consensys.net, accessed 03 September 2022. *

*[2] Zero Knowledge Proofs, explained, thinkinclear.medium, accessed 03 September 2022. *