Do we need blockchain at all?

Sylve studies a steam engine from Ancient Rome and discusses the future of zero-knowledge proofs. He asks: do we need blockchain at all?

Do we need blockchain at all?

Fifteen years ago, the Bitcoin whitepaper was published, opening the blockchain era. Today, blockchain is a wonderful and mature tool with a devoted community. But in Internet terms, fifteen years is an eternity, and it’s time to look toward what comes next.

The fundamental characteristics of blockchain

The advantages of blockchain

Blockchain has two main advantages:

  • Trustlessness: when something works onchain, it generally means it’s irrevocably true
  • Decentralization: while different conditions may apply depending on the blockchain, anyone can join the network and contribute their computing power

The original use cases

The Ethereum whitepaper imagines future applications running on blockchain, such as:

  • token systems
  • financial derivatives and stable-value currencies
  • identity and reputation systems
  • decentralized file storage
  • decentralized autonomous organizations

Most uses for blockchain mentioned in the Ethereum whitepaper have been put into practice.

What makes a blockchain a blockchain?

Polynya identifies three main characteristics of blockchain, and says blockchain is only useful if you need all three:

  1. Peer-to-peer: that exists outside of the blockchain, with many applications, such as how Peertube distributes video hosting load.
  2. Strict global consensus is the only thing the blockchain can do. Whatever is on the blockchain is considered to be true.
  3. Strict objectivity: this is a caveat to the strict global consensus: smart contracts only understand what is inside the blockchain. 

Blockchains are great for internet-native value!

All the value ascribed to the Internet a few decades ago came from regular banking systems: your credit card and checking account were not an integral part of the Internet. It was a massive headache to pay over the Internet. This is what made PayPal and Stripe so valuable to their customers decades later, and it’s interesting to note that we still haven’t evolved past entering a credit card number when paying online!

Interestingly, cypher-punks of the early 1990s were incredibly excited about « crypto-commerce ». But at the time, they said: «We have asymmetric encryption, we have RSA… we can do a bunch of private stuff! » and money was just a footnote − « we’ll solve that later ». In practice, it took a few decades to get there, with the Bitcoin whitepaper.

But they’re only interesting for internet-native value.

In the real world, contracts are great because you can change them. You can incorporate more things, correct information, or add an amendment. Because blockchains require strict objectivity, they can’t do that: they can only parse whatever is happening inside their system.

That’s why I go as far as to say that the blockchain is only interesting for internet-native value.

Otherwise, my thesis is that you do not need a strictly coherent system with peer-to-peer operations and a strict global consensus. You may just be better off with a centralized database!

Cryptocurrencies, NFTs, and onchain games have internet-native value. They don’t need to be linked to your regular bank account; they don’t live outside of the blockchain. And they’re what has really taken off in the crypto world.

Trustlessness without decentralization: zero-knowledge proofs

Do you actually need trustlessness and decentralization?

As I said at the beginning of this post, trustlessness and decentralization together make the blockchain interesting.

We’ve had blockchain for 15 years now − and to the blockchain hammer, everything looks like a nail. Every time we want trustlessness, we think «Yep, that goes onchain ». We take what we’ve been doing for hundreds of years and throw it onchain.

But what if you only want trustlessness? What if censorship resistance is not absolutely essential to you, and you’re happy with something centralized, as long as you can ensure your operations have been properly handled?

Trustlessness with zero-knowledge proofs

Validity proofs and zero-knowledge proofs in general may be the answer. They give us trustlessness without decentralization. I can prove that I’ve made a banking transfer, and I don’t need strict global consensus to make this information true: I can just run a verifier.

Zero-knowledge proofs bring the ability to not think about decentralization as a source of trustlessness.

Back in the day, Satoshi said of zero-knowledge proofs:

This is a very interesting topic. If a solution was found, a much better, easier, more convenient implementation of Bitcoin would be possible.
Originally, a coin could be just a chain of signatures. With a timestamp service, the old ones could be dropped eventually before there's too much backtrace fan-out, or coins could be kept individually or in denominations. It's the need to check for the absence of double spending that requires global knowledge of all transactions.
The challenge is, how do you prove that no other spends exist? It seems a node must know about all transactions to be able to verify that. If it only knows the hash of the in/outpoints, it can't check the signatures to see if an outpoint has been spent before. Do you have any ideas on this?
It's hard to think of how to apply zero-knowledge-proofs in this case.
We're trying to prove the absence of something, which seems to require knowing about all and checking that the something isn't included.
Satoshi, August 11, 2010

He argued at the time that it was much better, easier, and more convenient than any implementation of Bitcoin could ever be… but he went on to say that this didn’t solve double-spend issues: to Satoshi, we need censorship resistance, because this is how you get internet-native money.

Zero-knowledge proofs can work with internet-native value systems as a scaling method, but they can’t be at the core of what you’re building.

When is ZKP the right tool?

There are three moments when ZKP is the right tool for you:

  • Computing power imbalance: with my measly little Lenovo laptop, I can’t rerun AWS’s entire computation to ensure I trust them.
  • Adversarial environment: if I don’t trust the person I’m working with, we can verify each other’s results without sharing our methods.
  • Anonymity: I can prove that something has happened without revealing anything else.

Off-chain use cases of ZKP

What if we took all the tools we’ve built to scale blockchain, and just took them out of there to apply them to other types of use cases?

When I first looked around at whether anyone was using ZKP outside of blockchain or AI, I wasn’t the only one assuming there would be no results.

Screenshot of two tweets. In the first tweet, Sylve (@sylvechv) asks, on September 24, 2023: « Is anyone using zero knowledge proofs outside of blockchain or AI? ». In the reply, Eli Ben-Sasson (@EliBenSasson) replies, without punctuation, with a simple: « no ».

But that’s not true!

There's a whole class of problems that you can solve with zero-knowledge proof.

Here are some examples:

And here’s another one in more detail (and without a scientific paper… yet?).

What if the government gave us proof that it took all our revenue data into account for tax calculations? We wouldn’t need to calculate our tax returns; we could just check the proof.

If there’s an issue with the proof, and it’s not onchain, we can’t force the government to refund the extra tax money: there’s no censorship resistance. But we can prove there's been a mistake without recalculating everything the government did, and leverage the law to get a refund.

The claiming system is still centralized, but it’s much easier to deal with, and more fool-proof!

What comes next?

A brief look at ancient steam engines

We’ve applied zero knowledge to blockchain because that’s what we know. But what’s next for zero-knowledge proofs? And if they’re so incredible, why aren’t we using them everywhere?

To understand that, let’s dive into history and discover a weird little machine: the aeolipile.

Black and white drawing of an aeolipile, a steam machine where a turbine is set on a cauldron full of water. This cauldron is in turn put over a small wood fire. The steam created by the water makes the turbine turn.

It’s an extremely rudimentary steam engine, from ca. 30–20 BC. The fire underneath heats up the water, the steam leaves through two pipes, and that rotates the turbine.

Ancient Rome had a steam engine! Why would they rather rely on slave labor when they were already so close to the Industrial Revolution? History professor Bret Devereaux offers this explanation: « The first steam engines were nowhere near that powerful or efficient ». They simply didn’t do enough for people to believe they were worth iterating on.

We had to wait until the end of the 18th century for Thomas Newcomen to come up with a usable steam engine that had a clear use case − and was to be used in coal mines, meaning it had fuel right next to it. That was enough for researchers to want to improve it; the next iteration transformed the textile industry.

At that point, the virtuous circle missing in Ancient Rome was in full… steam (I’m a funny guy).

There was enough incentive that smaller and more efficient engines could be created and then applied to ships, cars, and trains.

Taking zero-knowledge proofs out of the mine

Zero-knowledge proofs are incredible. But right now, they’re still in the mines, to keep the aeolipile comparison.

Blockchain is the first real use case of zero-knowledge proof. Thanks to it, zero-knowledge proof has become much more effective than a few years ago, notably with the provable Cairo language. It’s building momentum.

Now, it’s time to take ZKP out of the mine.

The future lies beyond us, and our mission now is to see what we’ll do with zero-knowledge proofs. What can they be applied to? Where do they bring the most value?

That’s yet to be seen.

My belief is that the next big use of zero-knowledge proofs will be off-chain.


Let’s use zero-knowledge proofs for all our projects, let’s keep making them more and more efficient, and something will really click. In the meantime, remember: sometimes, you only need to prove it. That’s it.