The first killer application of blockchain was Bitcoin – a digital cryptocurrency that makes peer-to-peer transactions possible. Banking was forever changed.
Another technology built on top of blockchain is the use of Zero-Knowledge Proofs (ZKPs). It’s a compelling solution to many of today's challenges in data privacy and security. Not only useful in cryptocurrencies, ZKPs provide a stepping stone to a new digital world where we have more control over our personal data and true privacy, not just in blockchain, but in finance, our personal data, and all our interactions online.
Imagine that there are no more data breaches because the data doesn’t need to be revealed to be verified.
That’s the promise of Zero-Knowledge Proofs.
What are Zero-Knowledge Proofs?
Zero-knowledge proofs are a cryptographic method that allows one party to prove to another that a given statement is true, without revealing any information about the statement itself. In other words, you can confirm you know something without revealing what it is you know. Imagine you are checking an ID at a bar. The ZKP would mean you don’t actually have to see their birthday, but you would know for certain they are over the age to enter.
No longer would corporations own our credentials, but we would own our own data and lend it through ZKPs without revealing the information.
There are three properties that any ZKP has:
- Soundness: The verifier will only accept a true statement.
- Completeness: If the statement is true, the honest verifier will be convinced of this fact by an honest prover.
- Zero-Knowledge: If the statement is true, the verifier learns nothing other than the fact that the statement is true, which means the prover has privacy.
History of Zero-Knowledge Proofs
While we’ve seen the rise of more ZKP applications in the last five years, the concept of Zero-Knowledge Proofs was introduced in 1985 by Shafi Goldwasser, Silvio Micali, and Charles Rackoff. These computer scientists laid the mathematical groundwork for ZKPs.
In the 1990s and early 2000s, there were additional research breakthroughs that expanded the use cases of ZKPs, creating variations such as zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge) and zk-STARKs (Zero-Knowledge Scalable Transparent Argument of Knowledge), which are practical implementations of ZKPs. Researchers have continually worked to expand efficiency, smaller proof sizes, and harden cryptographic assumptions behind ZKPs to make them useful and practical for real-world applications.
Today, ZKPs have found impactful use in cryptocurrencies and identity management, and are being explored in industries like voting and government systems.
How Zero-Knowledge Proofs Work
In ZKPs, there is a 'prover' algorithm that constructs the proof and a 'verifier' algorithm that checks the proof. Zero-knowledge proofs come in two flavors: interactive and non-interactive. Interactive proofs require a back-and-forth exchange between the prover and verifier, while non-interactive proofs allow the prover to generate a single, verifiable piece of evidence.
The process of a zero-knowledge proof can be broken down into five essential steps:
- Setup Phase: Both parties agree on the parameters of the problem. For example, let’s say you want to prove you have access to a file, but don’t want to reveal its contents. In this case, the parameter could be a cryptographic hash of the file in question.
- Commitment: The prover generates a piece of evidence related to the statement in question but does so without revealing any specific details. This evidence is then sent to the verifier. The file owner says, "I have a file that matches this commitment, but I won't reveal the file's contents."
- Challenge: The verifier responds by sending a random challenge to the prover. This could be a request to commit to a specific portion of the file. The challenge ensures that the process cannot be precomputed or faked.
- Response: The prover uses the challenge and their initial evidence to generate a response. This could be another commitment for the portion of the file. This response is then sent back to the verifier.
- Verification: Finally, the verifier uses this response to determine whether the original statement is true or false. The verifier gains no additional information about the file itself, such as its contents.
It’s a long process, and the proof needs to be sound, complete, and not reveal anything about the underlying data. However, new research in ZKPs has made it easier to implement in the real world.
Types of Zero-Knowledge Proofs
A real-world concern is balancing scalability with security and speed. There are several types of Zero-Knowledge Proofs, each with its own set of applications and technical tradeoffs:
- zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge): These are efficient and require minimal interaction between the prover and verifier but rely on a trusted setup. This is similar to symmetric key encryption and doesn’t require as much back and forth as interactive proofs.
- zk-STARKs (Zero-Knowledge Scalable Transparent Argument of Knowledge): Unlike zk-SNARKs, zk-STARKs don't require a trusted setup and are considered more secure against quantum attacks, but they produce larger proof sizes. In zk-STARKs, proof sizes can range from a few hundred kilobytes to several megabytes. The difference in size is significant; a zk-STARK proof can be up to 1000 times larger than a zk-SNARK proof. This is more similar to public key encryption today.
- Bulletproofs: Used mostly for confidential transactions and are more efficient in proof size than zk-STARKs, but aren’t versatile enough to use for broader applications. Suitable for lightweight and specific use cases.
While zk-STARKs offer more security, they produce larger proof sizes, which can be a bottleneck. This has implications for storage and network transmission. For example, if a system needs to store one million zk-STARK proofs, and each proof is 1 megabyte, that would require approximately 1 terabyte of storage space. The same number of zk-SNARK proofs might only require around 1 gigabyte.
The larger proof sizes in zk-STARKs can also impact network performance. Transmitting a 1-megabyte zk-STARK proof across a network takes significantly more time and bandwidth than a 200-byte zk-SNARK proof. In a network with a bandwidth of 100 Mbps, transmitting a single zk-STARK proof could take around 80 milliseconds, while a zk-SNARK proof would take less than a millisecond. We know that the speed of browsing and connection is critical to success on the web! Going backward in speed, even for higher security, will frustrate the end-user.
On the other hand, zk-SNARKs offer speed and scalability but at the potential risk of quantum vulnerability. While quantum computers are not yet breaking encryption, Blockchain's open digital ledger makes it a target for future quantum attacks. As quantum computing technology advances, the security of zk-SNARKs could be compromised. This makes the discussion on upgrading Blockchains to be quantum-resistant crucial for long-term security. For a deeper dive into the strategies and processes to upgrade Blockchains to be quantum-resistant, read more here.
What’s Next for Zero-Knowledge Proofs?
The applications of zero-knowledge proofs are more diverse than it seems. With their first major use in cryptocurrencies like Zcash for anonymous transactions, these proofs are finding applications in many other fields. They can be used in secure voting systems to validate the legitimacy of a vote without revealing the voter's choice, in online banking to verify transactions without exposing sensitive details, and even in age verification systems where one needs to prove they are above a certain age without revealing their exact age.
There's a joke in the academic community that there's no application of Blockchain that can't be solved better with a simple SQL database (except for Bitcoin). But Zero-Knowledge Proofs are not like that. They are increasingly important in an era where data breaches and unauthorized access to sensitive information are not just inconveniences. Breaches are serious threats that are hurting our wallets, our businesses, and even impacting national security. Think about Worldcoin storing your biometric data. What happens when your iris is breached? The unique capabilities of Zero-Knowledge Proofs pave a new standard for enhancing privacy and security.