Right now they're immature, but I'm hopeful that advancements in ZK-tech will allow practical ZK-rollups. ZKSync already has a zk-evm testnet running (which I believe is based on zk-llvm), so we're close. Currently all the big rollups have master keys which can be used to steal all the money deposited by them, but there's no reason in principle they have to have this. Polygon has permissionless rollups, so I'm quite hopeful that they'll be a viable trustless permissionless scaling solution soon.
The crypto(graphy) is rarely the weakness in these situations, so declaring faith in (insert new tech buzzword here) is almost certainly not going to be the answer. It comes down to operational and human factors, like poorly written code. (new tech buzzword) will involve lots of new code, and why do people think this time the new code will be error-free?
In this case, the weakness was that the keys that controlled the bridge were somehow stored insecurely. When attackers gained access to the keys, they were able to steal from the bridge. In a properly-implemented rollup, there are no keys to secure, so this attack vector is ruled out.
But more broadly, there is really nothing else with the same security properties as a smart-contract-enabled cryptocurrency. Paypal will delete your account any time they want, Visa and Mastercard will blacklist whatever industries they feel like blacklisting, etc. If you want a system that's decentralized and where these attacks aren't possible, you have no alternative. The problem is that current blockchain-based systems can only handle a certain number of operations/second while remaining decentralized. The appeal of scaling solutions like ZK-rollups is that they give us the same security properties as the main chain without any security compromises (relative to the main chain). That's all conditional on their code being correct, but given that there's such a large payout to hacking e.g. bitcoin or ethereum or zksync and it still hasn't happened, we can guess that the coders have done their jobs well and such problems are at least very difficult to find.
You are misinformed. With most cryptocurrencies (except Monero) it is very easy to blacklist wallets, and since tx history is public you can't just move your coins to a new address to get around it either. You don't actually even need decentralized systems for private transactions, digicash with blind signatures would be private and vastly more efficient.
I think "very easy" is relative. How do you get the whole world to agree to participate in the blacklist (or even to be aware of it)? If you don't, then obviously it will remain possible to tumble/launder the coins.
By comparison, if PayPal decides to freeze your account, that's it, the end, those funds are frozen unless and until you successfully run the corporate supplication gauntlet.
You don't need the whole world, just the exchanges. And and some ERC20 tokens can have addresses frozen by a central authority (ex. USDC and Circle, USDT and Tether, etc) which is why the attacker immediately sold the USDC for ETH on 1inch and Uniswap.
I think what gp means is to tell all the exchanges (and maybe merchants) to blacklist your wallet. Not as simple and bullet proof as PayPal freezing your account but similar.
The community has had a fix for all of these problems just over the horizon for a decade. It just isn't coming.
The real issue is that most of the crypto being held is held by people who don't care about using it as currency or for anonymity, they're using it as an "investment". That's why when coins that work better as cash or privacy or whatever come out, nobody cares, they just keep trucking on with bitcoin. All they care about is that the value of bitcoin goes up.
Anyone can make anything which supposedly “works better as cash”.
How will they create confidence in the money, though?
In addition, please bear in mind aluminium and copper are more _generally useful_ than gold.
We cannot state, therefore, a money’s usefulness is more important than the hardness of the money: i.e. its scarcity and resistance to fundamental change.
This is likely why most competing currencies these days claim to be “decentralized”. It’s really just their way of claiming hardness without openly admitting to such.
The nice thing about zkrollups is that users have a cryptographic guarantee of being able to withdraw their money. The rolled-up transactions are posted on chain in compressed form, and a contract on chain verifies a concise proof that all the rules were followed, including that all transactions had valid signatures.
So if this is done correctly, any master keys shouldn't be able to steal user funds. The key holders would be the ones authorized to post the data, but the worst they could do is censor transactions.
Right. It's possible to conceive of a rollup, particularly a zk-rollup, without anything like a master key. But current rollups do have those keys. ZK-sync for example has two, one used mostly used for upgrading the smart contract that has a 14-day withdrawal delay (or something like that) and one for use in case of emergency that has no withdrawal delay. If the second were compromised, it would lead to all the money stored in the rollup being stolen. But there's no reason in principle that either of these are necessary.
ZK-rollups are awesome because they don't introduce any trust assumptions (except for the master key issue, which is just an implementation detail). The only risk is current zk-rollup designs is that they could censor certain transactions by never including them in a "batch" (the rollup equivalent of a block), but with unpermissioned rollups like the one I think Polygon has even this issue is mitigated
This has been the difficult bit for the ecosystem, and I think grasps at what GP is saying. For every competent dev/cryptographer in the space, there are 10(0) who are not because there’s so much money floating around. Those 10(0) may implement zk-class protocols incorrectly and end up in the same situation we see today. There is promise in but a ton of validation/maturation to do for zkrollups in the wild.
