“Prover” “Verifier” “Without revealing” “Data” “Authenticity” “Transactions”
Bet you see these terms scattered all over the internet in your search for “what is zero knowledge tech?” to the point you get déjà vu over and over again.
It is what it is. Zero-knowledge is what they say it is. A technique that allows one party (the prover) to cryptographically prove the fact or truth of a data (say a transaction) without revealing the content of the data, while another party (the verifier) verifies the authenticity of the data.
“But can I get an easier explanation?”
“Explain to me like I’m sixteen”
Alright, here we go.
Zero Knowledge Like You’re Sixteen
Say I go to the shopping mall to shop for items. Excitedly, I waltz into the mall, card in my back pocket, ready to spend some money. Wheeling the shopping cart, I begin selecting items to purchase. Filling my cart with the necessary items and goodies (of course), I head over to the checkout counter and wait my turn. Finally, my turn. I take out all the items I shopped and place them on the counter. After being scanned and prices summed up, I take out the card and give the attendant. She does the swiping thing and gives me two receipts along with my card.
The first receipt contains just the debited amount from the card. The second receipt contains a proper list of all the items I purchased along with the prices and finally, the total amount debited.
Supposing 10 minutes later, a friend asks me to borrow her some money, all of which I had just spent a few minutes ago. I tell her that I’m out of money and I have just spent my last one. To prove to my friend that I’m not telling lies, I show her just the first receipt which contains the amount I’ve just spent but NOT the second receipt which contains details of the items I purchased with that amount.
In this case:
Me ↔️ The prover because I’m trying to prove a claim
My friend ↔️ The verifier
The data ↔️ The transaction made in the mall
The proof ↔️ The first receipt
The fact/truth of the data ↔️ The fact that I had just spent all my money
The content/details of the data ↔️ The items I purchased (shown in the second receipt)
Verifying the authenticity ↔️ My friend checked the date and time the debit was made through the receipt
This story is, no doubt, lacking in its entirety but it gives a basic idea of what zero-knowledge tech and proofs are. How so? My friend has zero knowledge of what I spent my money on and I didn’t have to show her the details either but I’ve proven (or so I hope) that I indeed spent my money on something.
For a more adequate explanation, you can check out the analogy used in the well-known story - The Ali Baba Cave, published by Jean-Jacques Quisquater and some others in 1990. The paper is titled “How to Explain Zero-Knowledge Protocols to Your Children.”
What is Zero-Knowledge Tech?
It is a privacy mechanism and a cryptographic technique of verifying transactions between two parties whereby one party proves the authenticity of the data without disclosing details of the data, while the other party verifies the authenticity of the data. The prover provides the verifier with nothing more than a cryptographic proof of the authenticity of the data but makes sure not to reveal the content of the data. The proof provided is what we call “zero-knowledge proof” or “ZKP” for short.
What are Zero-Knowledge Proofs (ZKPs)?
Source: Chainslab
Zero-knowledge proofs are cryptographic primitives generated by the prover to send to the verifier to prove the correctness of a statement. The verifier ensures the accuracy of these proofs and verifies them.
Verifiers validate claims in different ways which could include challenging the prover to perform a task that shows that he truly knows the content of the statement as he claims. Zero-knowledge protocols depend on algorithms that take in some data as input and provide "true" or "false" as output. This makes it possible for claims to be attested even without the full information present.
Criteria that a Zero-Knowledge Protocol Must Satisfy
A zero-knowledge protocol is a set of rules that the prover and verifier must adhere to during communication. The protocol is in place to ensure the accuracy of a statement without any private information being shared between the two parties. In essence, the protocol will ask a prover to prove they have the right data, even if they don't physically present it to the verifier.
A zero-knowledge protocol must satisfy these three criteria to perform this role:
Completeness: If the statement or claim made by the prover is true, the verifier will accept and verify the proof presented, assuming both the prover and the verifier are honest and adhere to the rules of the protocol.
Soundness: If the statement or claim made by the prover is false (a dishonest prover), the verifier cannot accept the proof provided. The zero-knowledge protocol cannot be tricked, so the prover cannot fool the verifier into believing or accepting an invalid claim.
Zero-knowledge: Except whether a statement is true or false, the verifier learns nothing about the content (secret) of the claim. In other words, the verifier has “zero knowledge” of the statement in question.
General Applications of Zero-Knowledge Tech
Over the years, zero-knowledge tech has found usage in various sectors even beyond blockchain. Below are some of the industries in which zero-knowledge tech can be applied:
Identity verification and data privacy
Finance
E-voting
Education
Machine learning
Supply chain: you can learn more about the roles of zero-knowledge proofs in this article
Compliance
Healthcare
Cybersecurity and many other industries
Different Types of Zero-Knowledge Proofs
Different types of zero-knowledge proofs vary in either the extent of communication, or other factors. Let’s extensively take a look at two popular types of ZKPs: interactive and non-interactive ZKPs.
Interactive Zero-Knowledge Proofs (IZKPs)
As the name implies, this type of ZKP involves a series of interactions between the parties involved (the prover and the verifier). It is the first kind of zero-knowledge proof that was utilized. To ascertain that the prover isn’t “bluffing” and that he knows the content of the claim made, the verifier can challenge the prover to a task. The prover, in return, fixes the challenge and sends it back to the verifier. The verifier, if not yet convinced, sets another challenge which the prover answers. Thus, back-and-forth communication takes place. In all of these, the prover is careful not to share the secret (content) of the statement/claim.
Source: "Towards Data Science” Medium Publication
Three elements make up IZKPs and they are witness, challenge, and response:
Witness: the secret or details of the statement that only the prover has knowledge of but cannot share with the verifier is termed the “witness.” In practice, the prover is responsible for starting the proving process. He does this by picking a question he feels proves that he has knowledge of the witness as he claims, solving it, and sending it to the verifier along with the proof.
Challenge: the verifier, if not satisfied, sets his challenge and throws it to the prover.
Response: the prover solves the challenge and relates it to the verifier. The process goes on and on until the verifier is indeed certain, beyond unreasonable doubt, that the prover knows the secret (witness) like he claims to. The prover engages with these but doesn’t disclose the witness in any instance.
ZK Set Membership (ZKSM)
Zero-Knowledge Set Membership (ZKSM) was released in 2018 by ING, a Dutch-based banking and financial group. It was launched to be used mainly in the banking sector.
Zero-Knowledge Set Membership (ZKSM) is a variation of proof that is used to prove that a data value (could be alphanumeric) is a member of a determined set, hence the term “set membership”. This allows for secret data in a range to be validated even while in the dataset without revealing the data in question.
ZKSM is, in fact, natively interactive but can be made non-interactive using the Fiat-Shamir heuristic because it is preferable to avoid back-and-forth communication, especially in blockchain and generally DLT applications.
Zero-Knowledge Range Proofs (ZKRPs)
This is a subclass of ZKSM and it is used to prove a number or integer within a specified range or dataset of integers. This type of proof can only be used for numerical datasets.
For instance, an employee looking to apply for a loan can prove to the bank that her salary is above $45,000 per annum but doesn’t need to reveal the exact value.
Both ZKSM and ZKRPs are termed specific ZKPs because they are used in proving specific data types.
Limitations of Interactive ZKPs
The constant communication requires the prover and verifier to be online at the same time which can be difficult to achieve.
The back-and-forth communication makes the process of proving slow and thus, not very scalable.
Non-Interactive Zero-Knowledge Proofs (NIZKPs)
Unlike with IZKPs, non-interactive zero-knowledge proofs don’t require constant communication between the prover and verifier. The prover computes a problem and sends the output to the verifier who can verify it in one step and be convinced that the prover indeed knows the witness without the need for the back-and-forth interaction. There is no challenge and response in non-interactive zero-knowledge proofs. With NIZKPs, there can be many verifiers and any one of them can check to confirm the output. This is suitable for open-source blockchain infrastructures where many parties are acting as verifiers. ZK-SNARK is classified under non-interactive zero-knowledge proofs.
ZK-SNARK
ZK-SNARK stands for 'Zero-Knowledge Succinct Non-interactive ARgument of Knowledge'. This refers to a kind of ZKP where a prover can prove knowledge of the secret (the witness) to the verifier without revealing it and also without the need for a series of communications between the parties involved.
ZK stands for Zero-Knowledge.
S stands for Succinct and it refers to the fact that the zero-knowledge proof size is small (even smaller than the secret) and doesn’t need much computation or time to prove.
N stands for Non-interactive and it implies the lack of any series of actual communication between both parties (prover and verifier).
ARK stands for ARgument of Knowledge and it implies that a fake prover can hardly cheat the system because there will be an argument about his supposed knowledge of the secret. The argument in this case refers to the computation the prover sends along with the proof as it is typically meant to be sufficient in proving knowledge of the information without the need for extra communication. However, there is a tiny chance that a bad actor with unlimited computational power can fake knowledge of a claim and thus provide malicious proof.
Zk-SNARK, first widely applied by Zcash, is employed by blockchains that utilize shielded transactions, and private smart contracts because it allows those transactions to be validated without revealing the addresses or other shielded info, which, otherwise, will contrast the whole idea of shielding. For instance, Aleph Zero’s DEX, Common implements shielded pools to enhance privacy and this feature is protected because Aleph Zero, as a blockchain, utilizes private smart contracts, hence the use of zk-SNARKs is paramount. Zcash also utilized zk-SNARK proofs.
ZK-SNARKs are mostly utilized by blockchains that aim to solve the issue of lack of blockchain privacy.
ZK-STARK
ZK-STARK stands for 'Zero-Knowledge Scalable Transparent ARgument of Knowledge'. Like with zk-SNARKs, zk-STARKs refers to zero-knowledge proofs where a prover proves knowledge of a secret without disclosing the secret to the other party. Unlike zk-SNARKs, the proof size is much bigger.
ZK stands for Zero-Knowledge.
S stands for Scalable which describes its ability to increase blockchain scalability. With zk-STARKs, transactions can be computed and verified faster off the main chain and sent back to be added to the blocks of the main chain. This is especially useful for blockchains that process a small number of transactions per second.
T stands for Transparent and it implies the suitability for public (open) blockchains, hence, eliminating the exigency of a trusted setup.
ARK stands for ARgument of Knowledge and it suggests that it is impossible to generate a zero-knowledge proof without having access to the witness, or hidden information.
ZK-STARKs were first created by Eli-Ben Sasson, a professor and the co-founder of StarkWare, a company that utilizes ZKPs to solve two major problems that blockchains face which are scalability and privacy.
ZK-STARKs are mostly utilized by blockchains that aim to solve blockchain scalability rather than privacy.
Bulletproofs
Bulletproofs are non-interactive zero-knowledge proofs that don’t require a trusted setup and can be used to convince a verifier that an encrypted value is located within a given range without decrypting it or revealing any other info about the value. Bulletproofs are even smaller in size than zk-SNARKs, however, they are more difficult and time-consuming to verify.
Bulletproofs, zk-SNARKs, and zk-STARKs are termed generic zero-knowledge proofs because they can be applied in various ways and for general data types.
Many publications classify Multi-Party Computation (MPC) as a type of Zero-Knowledge Proof. However, it’s best described as a more advanced form of proving because it involves more than two parties solving a computational problem but none of them revealing their secrets to one another.
Comments