Table of Contents:
In this article, we’ll open the door for you to explore what a zero-knowledge proof is in varying complexity levels using plenty of zero-knowledge proof examples. However, let’s first look at why they’re important.
As our world becomes increasingly fueled by technology, the use cases and the need for tools that allow us to interact with total strangers increase. Accountability is key to this as, when something happens, someone needs to answer for it. There is a high demand for sources of truth and verified information online.
Accountability is somewhat simple to achieve. However, what’s difficult is to do so when dealing with strangers online. Let’s go through a simple example;
When you pay for a pair of sneakers using your credit or debit card, your bank statement will show how much you spent, when, and what merchant you made the transaction with. Anyone who sees the credit card or bank statement (whether it’s your government in your tax declaration, the shop when you’re issuing a return, or a friend) can confirm what you did —you are accountable.
Now, do you want to share the information about your transaction with others (for a decent enough incentive)? Maybe. Do you want everyone to know everything about the product you bought, your transaction number, and all the info in your bank statement? Maybe not. However, if you wanted to prove you made the purchase, the only way you could fully prove its legitimacy would be through a full statement.
ZKPs are all about reliably achieving accountability on your own terms. In this article, we’ll look at the concept of ZK-proofs, how to understand them in a simple language, and their applications.
Understanding what is a zero-knowledge proof through examples
Zero-knowledge proofs are protocols in cryptography that allow one party (the prover) to prove to another party (the verifier) that something is true without giving you any other secret information beyond what you want to prove. We can illustrate how zero knowledge proofs work through a couple of single analogies:
Example N°1: How to explain zero-knowledge proofs to a kid
A zero-knowledge proof example that’s easy to gasp even to an 8-year-old is the following:
If you have a closed combination lock, you could simply prove to someone that you hold the right password by unlocking it without revealing the password. By doing this, you have certified that you know certain information without disclosing it.
Example N°2: How to explain zero-knowledge proofs to an adult
Let’s now jump to a slightly more mature explanation that’s closer to the context ZK-proofs are commonly used.
Returning to our earlier zero-knowledge proof example, ZKPs could be like bank statements that only answer to yes/no questions. This question could be tailored to specific use cases, such as “does your account contain more than $400?” or “are you over 25 AND purchased a pair of XMODEL Nike shoes?”
The ZKP does not detail how, where, or when you bought your sneakers. If you were to be in possession of such proof, you would be able to show it to anyone you chose to, even link it to your crypto wallet for anyone to verify at will or post it online.
Attributes of a zero-knowledge proof
Apart from ensuring no knowledge is transferred between the two parties, ZKPs need to fulfill two conditions:
- Completeness: If a statement is true, an honest verifier (that is, one following the protocol properly) will be convinced of this fact by an honest prover. This means that the system works to verify a true proof every time.
- Soundness: If the statement is false, no cheating prover can convince an honest verifier that it is true. In our analogy, soundness means you can only prove you bought a product, if and only if, it is true. This characteristic reflects on the system used to mint zero-knowledge proofs, which needs to be decentralized (i.e. no one can influence it) and reliable (it works as expected every time).
The invention of the zero-knowledge proof
ZKPs were invented In 1985 by Shafi Goldwasser, Silvio Micali, and Charles Rackoff. The trio wrote a paper titled "The Knowledge Complexity of Interactive Proof-Systems," which helped lay a solid foundation for the growth of ZKPs. In their quest for finding efficient methods of communicating proof, GMR (Goldwasser, Micali, & Rackoff) devised this concept – which could be used to prove that a theorem ‘T’ is true without conveying any additional information.
People have used several examples to describe ZKPs since they were created, with one of the most popular ones being the following:
There are two friends, Mike (the prover) and Carlos (the verifier). Carlos is color-blind and cannot tell the difference between two otherwise identic balls of different colors, red and green. When Carlos picks up two balls, Mike tells him he is holding two balls of different colors (green in his left hand and red in his right). Carlos does not believe Mike, and now he needs something besides Mike's words to convince him.
Carlos then devices a zero-knowledge way for Mike to prove his statement, as Carlos cannot gain the ability to see color.
- Carlos first holds two balls in front of Mike, who can see which ball is in which hand. Carlos is holding a green ball in his left hand and a red ball in his right.
- Then, behind his back, Carlos shuffles the balls. Now he knows which ball is in which hand, but Mike doesn’t, since he cannot see them.
- Carlos goes on to present the balls to Mike again, asking Mike whether he switched the balls or not. Since Mike can tell both balls apart due to their color, he answers the question easily.
- Carlos is not convinced because there are only two balls, which gives Mike a 50% chance of guessing whether he switched the balls or not. Also, both balls could be of the same color, so after one verification, Carlos still doubts the outcome is correct.
- However, if Carlos repeats the procedure, the probability for Mike to guess if he switched the balls or not eventually becomes low enough for convincing the verifier (Carlos). With many consecutive correct answers from Mike, Carlos learns that Mike can actually tell the difference between the two balls. He, however, has not gained the ability to tell apart green objects from red ones.
Another very popular zero-knowledge proof example would be Alice and Bob's Strange Cave of Ali Baba. Can you spot the resemblance to our previous example?
In it, Bob wants to prove to Alice that he knows the secret to a magic door linking two paths inside a cave. While Alice waits outside the cave, Bob goes through path A and gets out through B. By repeating this feat several times, he proves that he knows the secret, even though she couldn’t observe how he does it.
Types of zero-knowledge proofs
In the cryptography world, there are two main types of ZKPs:
Interactive zero-knowledge proofs
From the Carlos and Mike zero-knowledge proof example, we can see that both of them continued to speak to each other throughout the exercise. The back and forth conversation helped Mike prove the truth of his claims until Carlos was convinced. This is called an interactive ZKP and it is similar to how the first-ever ZKPs operated.
An interactive ZKP involves steady communication between prover and verifier until the former can provide convincing replies to the latter's challenges.
Non-interactive zero-knowledge proofs
Non-interactive ZK-proofs do not necessarily need established communication between the prover and verifier beyond a single iteration. When the prover presents proof of knowledge, for instance, the verifier confirms its genuineness within one exchange. This is closer to showing a verifier a bank statement, for instance.
Since non-interactive ZK-proofs require only one information exchange, they demand more computing power to produce than their interactive counterparts.
However, due to their convenience, non-interactive ZK-proofs have gained popularity. zkSNARKs (an acronym for Zero-Knowledge Succinct Non-Interactive Argument of Knowledge), for instance, are a non-interactive zero-knowledge proof example.
Possible and existing applications of a zero-knowledge proof
Identity verification exercises are commonplace in today's world, and most institutions in several sectors require you to present documents to verify your identity for KYC and AML purposes. Currently, ID verification exercises are slow, sometimes requiring days to process. There are also concerns about having to submit personal documents repeatedly on different occasions and data safety.
Through decentralized identifiers built on ZK-proofs and the blockchain, you canf store identification documents and materials and decide how much you are willing to share with third parties. Zero-knowledge identity proofs allows you to pass KYC verification just once and then be able to indefinitely confirm that you meet requirements without revealing your personal information. With decentralized identity you also retain control over your data.
Scalability is a huge challenge for blockchain technology, especially as more people begin using the network. Network congestion often results in increased transaction fees, difficulting the mass adoption of Web3 protocols. ZKPs can help solve the scalability problem on public blockchain networks such as the Ethereum mainnet through rollups.
Zero-knowledge rollups (ZK-rollups) are Layer-2 scaling solutions that increase throughput on the Ethereum Mainnet, and are managed by on-chain Ethereum smart contracts. By completing computations and state-storage off-chain, ZK-rollups help Layer-1 blockchains process more transactions at reduced fees. Yet, there's more.
ZK-rollups usually batch-process several thousands of transactions. As most public blockchains require proof of transactions for every on-chain action, ZK-rollups only post minimal summary data on-chain. In this summary data, the ZK-rollup defines the changes that should be made to the blockchain and provides zero-knowledge proof that the changes are correct. Most zero-knowledge rollups use Succinct Non-interactive Arguments of Knowledge and Scalable Transparent Arguments of Knowledge protocols (SNARKs and STARKs, respectively). One of their main differences is that SNARKs need a trusted setup, while STARKs don’t, but are typically less efficient.
ZK-proofs power several privacy protocols today, mostly due to their non-disclosure feature. With ZK-proofs, users can currently transact on privacy-enabled blockchains and post proofs that confirm that their transactions are valid, but nothing more.
Popular privacy coin, Zcash, uses zk-SNARK cryptography to restore blockchain anonymity for its users and give them control over their transaction information. For instance, when a Zcash user sends coins to another Zcash user, the only available proof of their privacy-enabled transaction comes with zero knowledge. A third-party observer cannot find any additional secret information about the nature of the transaction, nor the parties and amounts involved.
Panther, on the other hand, aims to create a ZK-SNARK-powered ecosystem in which users can retain full control over their data while being able to use DeFi with default privacy.
Conclusion: What’s in zero-knowledge proofs’ future?
Several technological innovations have shaped the current landscape of the world's economy. Blockchain technology, the internet, and public key cryptography have all made waves globally, defining change across fields and, most importantly, helping create a global digital permissionless payments system.
Zero-knowledge proofs as a solution are just starting to emerge and we can see them eventually generalized for the benefit of all. In the past couple of years, the interest in ZK-technology has been popping up from various sectors along with a rise in funding for their research and development. The massive upsides and possibilities of use-cases of ZK-technology have everyone excited.
ZK-proofs can count among cryptographic innovations making giant strides in the industry. Powering privacy on the blockchain, ZK-proofs also aid Layer-2 blockchain scaling solutions and decentralized identifiers. With these solutions and more, ZK-proofs will play a critical role in shaping the world in the future, even as the emergence of decentralized economies looms.
Panther is a decentralized protocol that enables interoperable privacy in DeFi using zero-knowledge proofs.
Users can mint fully-collateralized, composable tokens called zAssets, which can be used to execute private, trusted DeFi transactions across multiple blockchains.
Panther helps investors protect their personal financial data and trading strategies, and provides financial institutions with a clear path to compliantly participate in DeFi.