Zero-knowledge proofs are generating plenty of excitement lately due to their potential to increase privacy and security in blockchain applications. The concept itself is not new, as cryptographers have been working with zero-knowledge proofs for years, but the technique is only just now set to redefine the concept of online privacy.
In this piece we are explaining the basic principles of zero-knowledge proofs and how they can be applied in the context of blockchains.
What Exactly is Zero-knowledge Proof?
The notion of zero-knowledge was first proposed in 1985 by MIT researchers Silvio Micali , Shafi Goldwasser, and Charles Rackoff in their paper “The knowledge complexity of interactive proof systems”:
A zero-knowledge protocol is a method by which one party (the “prover”) can prove to another party (the “verifier”) that something is true – without revealing any information apart from the fact that this specific statement is true.
In other words; zero-knowledge proofs let you validate the truth of something without revealing how you know that truth or sharing the content of this truth with the verifier.
This principle is based on an algorithm that takes some data as input and returns either ‘true’ or ‘false’.
There are three requirements that must be met by any zero-knowledge application:
- Privacy: The input can’t be obtained by any other party
- Completeness: If the input is true, the zero-knowledge proof always returns ‘true’
- Soundness: If the input is false, it isn’t possible to trick the zero-knowledge proof to return ‘true’
How Does Zero-knowledge Proof Work?
The best way to explain the process of zero-knowledge proofs is with a non-digital example which is far from the complexity of zero-knowledge proofs but very well explains how they work.
Let us assume there is a blind person and two balls; one black and one white.
You then would like to prove to the blind person that these balls are indeed of differing colors without revealing the individual colors of each individual ball.
Obviously, the other person might think that you were just lucky and is not yet completely convinced that both balls have indeed different colors. Zero-knowledge proofs solve this conundrum by repeating the experiment over and over again.
After every round, your chance of being consistently right by pure luck goes down by half. So with five rounds, you have a one in thirty-two chance of successfully faking. With ten rounds, it is 1 in 1024, and with twenty rounds, it is about one in a million. This way one can reach any probabilistic level of proof that is desired, although an absolute certainty can never be achieved.
Actual zero-knowledge proofs do not deal with balls, of course, but proof the validity of any kind of data. This includes financial data (transactions) or personal data (names, passwords, etc.).
What are zk-Snarks?
You might already have stumbled upon the term ‘zk-Snarks’. The term was introduced in 2012 by Ran Canetti, Nir Bitansky, Alessandro Chiesa & Eran Tromer and describes a special variation of the zero-knowledge technique. zk-SNARKs introduce a number of innovations that render them usable in blockchains. Most importantly, zk-SNARKs reduce the size of the proofs and the computational effort required to verify them.
Zero-knowledge Proofs in Blockchains
Zero-knowledge protocols enable the transfer of assets across a distributed, p2p blockchain network with complete privacy.
In regular blockchain transactions, when an asset is sent from one party to another the details of that transaction are visible to every other party in the network.
By comparison, in a zero knowledge transaction, the others only know that a valid transaction has taken place, however nothing about the sender, recipient, the asset class and quantity. The identity as well as amount being spent can remain hidden, and problems such as “front-running” can be avoided.
The most prominent blockchain-based system using zero-knowledge proofs is ZCash, which was also the first cryptocurrency to implement zk-SNARKs.
Other blockchain-based systems have since also incorporate zero-knowledge proofs into their solutions to allow for transactions to be verified while protecting user and transaction privacy. The best known of which is Ethereum, which implemented zk-SNARKS as part of the Byzantium upgrade.