In this digital era, cybersecurity has become one of the biggest areas of development and innovation. As blockchain technology advances, we continue to face the problem of establishing trust among users and maintaining privacy. Nowadays, due to concurrent innovations in hacking, a password or private key may not be able to identify an individual with complete certainty if their information has been compromised.
As researchers look for methods to keep data private and transactions secure, one older piece of technology has recently regained relevancy in the world of crypto: Zero-Knowledge Proofs. Noticing this tool’s ability to verify users without sharing their private information, many blockchain developers have begun implementing zero-knowledge proofs to increase trust and privacy in cryptocurrency transactions.
What is a Zero-Knowledge Proof?
Zero-knowledge proofs (ZKPs) use mathematical formulas to verify the validity of information without revealing the information itself. If one individual wishes to prove to another party that they possess a certain piece of private data, they can use a ZKP and avoid explicitly sharing the data with the other party.
Unlike other cryptography approaches that examine, encrypt, and transfer the entire piece of data, ZKPs analyze unlinked and insignificant segments of information to mathematically prove that the existence of the complete set of data is highly probable. By only requiring the transfer of small, irrelevant pieces of information, ZKPs prevent malicious third parties from intercepting anything of value.
How does a Zero-Knowledge Proof work?
A popular story told to illustrate how zero-knowledge proofs work is the Alibaba Cave story. In this scenario, there is a ring-shaped cave with an entrance on the left and right sides and a door blocking the passage between them. One person, Peggy, knows the secret code to open the door, and she wants to prove this to her friend Victor. However, Peggy wants to keep the code a secret, so she devises a plan to convince Victor that she knows the code without explicitly telling him it.
Peggy asks Victor to come to the entrance of the cave, and Peggy enters one side of the ring. Then, Peggy asks Victor to pick a side of the ring she should exit from. Because Peggy has the code to the door, she can exit on whatever side she chooses. So, if Victor tells her to leave the cave through the left side and she does, he can be 50% certain that she has the secret code. If he repeats this test enough times and Peggy always passes, Victor’s level of certainty will increase until he can reasonably trust that Peggy indeed has the secret code.
The two characters in this story represent the two parties in ZKP applications, the prover (Peggy) and the verifier (Victor). In digital implementations, the prover offers a set of commitments to the verifier, such as knowing a secret code. Then, the verifier challenges the commitments. If the prover completes the challenges, the verifier can trust the prover’s statement.
The Alibaba cave story also resembles a simple login system. If a website wishes to verify a user’s credentials without sending their password to a server and risking interception, they can use ZKPs and prove the user’s identity the same way Victor proves that Peggy knows the secret code.
Properties of Zero-Knowledge Proofs
ZKPs require the fulfillment of three conditions:
- Completeness: The verifier must be able to prove the existence of the complete set of information the prover claims to possess.
- Soundness: The challenges with which the verifier validates the prover’s claims cannot be completed without the required information.
- Zero-Knowledge: None of the actual private information may be shared between the prover and the verifier.
The illustration below explains these conditions in more detail, as well as lists some ZKP applications:
Types of Zero-Knowledge Proofs
ZKPs can use one of two different types of protocols, depending on the interaction required between the prover and the verifier. The two types of ZKPs are described below:
Interactive ZKPs require the prover to complete challenges issued by the verifier to gain the verifier’s trust in the existence and validity of the prover’s private information. The verification process involves exchanging information between the two parties until the prover satisfies the conditions of the proof.
In non-interactive ZKPs, the prover must complete challenges offered by a simulated verifier based on the prover’s commitments. Non-interactive ZKPs differ from interactive ZKPs because an automated system verifies the prover’s claims instead of another person. Thus, these ZKPs require additional software and processing power. Cryptocurrency applications often use non-interactive ZKPs to allow users to complete transactions without direct interaction between the parties involved.
Applications of Zero-Knowledge Proofs
Although MIT researchers originally developed the ZKP framework in the 1980s, its usage has been rather limited. However, developers have begun implementing ZKPs to reduce the information exposed on the blockchain and, thereby, improve the security and privacy of cryptocurrency transactions.
One organization, the ZKProof initiative, has even formed a global community of developers hoping to promote mainstream use and standardization of ZKP technology. Below, we will discuss a few examples of how organizations have begun implementing zero-knowledge proofs.
ZCash and zk-SNARKs
The cryptocurrency ZCash uses ZKPs to confirm transactions without revealing the source of the actual money or any other sensitive data, such as how much money was sent or the identity of the final recipient. Using zk-SNARKs (“Zero-Knowledge Succinct Non-Interactive Argument of Knowledge”), ZCash allows users to prove they meet the conditions to complete a transaction without any interaction between the prover and verifier. Thus, ZCash transactions remain completely confidential and secure.
Ethereum 2.0 and zk-Rollups
Developed to increase transaction speed and reduce fees, zk-Rollups allow users to confirm Ethereum transactions in layer2—using zero-knowledge proofs—and publish the PoV (Proof of Validity) onto layer1. More details about how Rollups work in Ethereum 2.0 can be found here.
Zero-knowledge proofs can also be used to verify people’s identities. For example, if a two-factor authentication (2FA) system requires both a social security number and a driver’s license number, a ZKP algorithm can take certain segments of the two, link them together, and statistically determine the probability that the individual is indeed who they claim to be. With this method, the individual can confirm their identity to the system and keep their complete social security and driver’s license numbers hidden.
Advantages & Disadvantages of Zero-Knowledge Proofs
Compared to other cryptography practices, ZKPs, of course, have their advantages and disadvantages, outlined in the table below:
|ZKPs use simple mathematical algorithms.||As of right now, ZKPs’ reliance on mathematical algorithms means they can only verify numerical data. Verifying categorical data requires conversion into a numerical format.|
|Keeping personal and secret information hidden, ZKPs offer excellent privacy.||To establish a statistically significant probability of trust, approximately 2000+ computations have to occur. Thus, ZKPs require more resources than other cryptography methods to process every transaction.|
|The ZKP can effectively replace much older and less reliable authentication methods.||If any bits of data are deleted or lost during the transaction, the entire validation process has to begin again.|
|Its greatest use will be on the blockchain and in virtual currencies. Though, many commercial applications can also employ ZKPs to improve security.||Although many developers deem ZKPs very secure, they too can be vulnerable to security breaches.|
Zero-knowledge proofs offer a secure method to validate information needed to complete cryptocurrency transactions and verify users’ identities while keeping private data hidden. Compared to other cryptography solutions, ZKPs use simple algorithms and require no interaction between the parties involved in transactions.
As blockchain developers recognize ZKPs for their potential to increase trust and confidentiality in the world of cryptography, we will likely see the adoption of ZKPs increase and become essential in blockchain technologies.