Zero-knowledge proofs are important elements in cryptography, thus in blockchain technology: they allow for higher security and privacy. In spite of possible disadvantages, it is crucial to know how zero-knowledge proof works and how blockchain-based projects can implement it.
What are zero-knowledge proofs?
Zero-knowledge proofs, often referred to as ZK proofs, are protocols that allow us to state something without revealing the information itself. This process involves two parties, the prover – that is, the one who tries to prove the statement, and the verifier – the one that verifies the validity of the statement.
This is, in simple terms, the definition of ZK proofs provided by the Society for Industrial and Applied Mathematics (SIAM) in The Knowledge Complexity of Interactive Proof Systems – whose one contributor is Silvio Micali, founder of Algorand.
The very functioning of these systems is pivotal to guaranteeing privacy and security, two pillars of crypto space.
Why do we need zero-knowledge proofs?
One of the main ideas behind cryptocurrencies is privacy. This new market was born to oppose a traditional system where people needed to communicate too much information, especially in cases of financial transactions and accounts. It requires a strong level of trust in companies and institutions.
So, it would be hard to conceive a crypto system where people need to share the same amount of information you’d need to share with a traditional bank.
Moreover, a high amount of data needs centralized systems to manage and store every piece of info. This might create security issues since centralized databases are easier to attack.
Zero-knowledge proofs solve both these issues.
How do zero-knowledge proofs work?
As mentioned, with ZK proofs, we can confirm the validity of the statement without knowing the content of the statement.
This is possible because we can produce proof of the validity of the statement directly from the statement itself. But how does this work?
The process is extremely intuitive: thanks to their algorithms, ZK protocols can consider the statement as input and just return ‘true’ or ‘false’ according to the validity of the statement.
The process goes as follows:
- From a set of questions whose answers can be known only by the prover, the prover picks one and answers,
- The output is sent to the verifier,
- The interaction is repeated to make sure that the prover is not just guessing.
To give you an example, think of the Ali Baba cave: there are two parties, Peggy (prover) and Victor (verifier). Peggy wants to prove that she knows the secret phrase that can open a door placed in a cave that has two entrances. The point is that Peggy doesn’t want to reveal the phrase, so she picks an entry and reaches the door. She opens the door, and to prove that she knows the phrase, she tells Victor to choose the exit through which she has to leave the cave.
Ali Baba’s cave by Abdullah Jaafar.
Despite the simplicity and usefulness of this kind of protocol, it was perfectionated to solve some drawbacks.
Non-interactive zero-knowledge proofs
A protocol like the one we mentioned needs constant interactions between the prover and the identifier, and no third party would be able to evaluate the proof.
That’s why a new type of ZK proof was proposed: the non-interactive ZK proof introduces the concept of a shared key. The key is a sort of token that anyone can use to check the validity of the statement. This implies that verifications don’t require a new proof from the verifier every time that a third party wants to check the validity of a statement.
Silvio Micali. Mainly known for being the founder of Algorand, he also contributed to creating fundamental documents about the complexity of interactive systems and theorizing non-interactive ZK proofs.
Types of zero-knowledge proofs
As you can see, there are different types of ZK proofs, but let’s dive into other different and more specific types you can find.
ZK-SNARKs
Zero-Knowledge Succinct Non-Interactive Argument of Knowledge protocols are succinct in the sense that the proof is smaller than the statement – that can also be defined as ‘witness,’ so it can be verified quickly. Moreover, this protocol is non-interactive and – of course – requires zero knowledge.
ZK-STARKs
Zero-Knowledge Scalable Transparent Argument of Knowledge protocols are similar to SNARKs. But differently from SNARKs, STARKs can be publicly verified – that’s why they are ‘transparent.’ Moreover, STARKs are scalable – witnesses can be verified more quickly, and the speed of verifications only slightly decreases as witnesses’ size increases.
Use-cases for zero-knowledge proofs
ZK proofs can be used in many cases, bringing their advantages to the industries that choose to benefit from them.
Let’s see the main use cases of ZK proofs.
Anonymous payments
Payments represent one of the most obvious use cases. When it comes to cryptocurrencies, we know that the main reason why Bitcoin was born, which is also one of the reasons why Bitcoin is considered so valuable, was to provide people with an alternative, peer-to-peer and anonymous means for financial transactions and investments. But it would be more accurate to talk about pseudonymity. In fact, crypto users are often connected to social media and platforms where they add their crypto wallets’ public addresses. A careful analysis of crypto explorers could link people to specific addresses. So, transactions are not always fully anonymous.
Protocols that use zero-knowledge proofs can guarantee full anonymity for on-chain transactions – even when they occur on public blockchains.
Identity protection
All those platforms using ZK proofs allow people to comply with identification processes without sharing their personal details. If you think about that, these kinds of proofs are extremely useful for finding a good compromise between identification processes and privacy in decentralized finance.
Authentication
For the same reasons, ZK proofs allow people to get access to all those platforms that require authentication without sharing personal information.
This is extremely useful for people – because of privacy, and for platforms – since they don’t need complex data storage and management systems.
Tornado Cash is an example of a decentralized protocol that uses ZK proofs to allow users to be fully anonymous. Unfortunately, this kind of activity is not appreciated by some regulators – that’s why the US sanctioned the protocol.
Verifiable computation
Verifiable computation can allow blockchain-based projects to outsource computational operations while maintaining the certainty that the outcomes are correct and reliable.
That’s why ZK proofs can help crypto projects to be more scalable and make transactions faster since they safely decongest their mainnets.
Drawbacks of using zero-knowledge proofs
Despite their usefulness and reliability, ZK proofs also have some drawbacks.
Hardware costs
The calculations involved in ZK proofs require specialized and expensive machines, which represent a huge cost for all those platforms that want to use them and that actually keep ZK proofs out of reach for most individuals.
Proof verification costs
Any transaction has a cost, and also verifications have one. That’s why verifications sensibly increase the expense of ZK proofs.
Trust assumptions
Another drawback is that when using ZK proofs, we can only assume that all participants act honestly, but there is no possibility to be sure of their honesty.
Quantum computing threats
The rise of quantum computing is due to its capability to solve problems that are too complex for normal computers. But this could result in a threat for all those protocols that don’t use collision-resistant hashes. Collision resistance refers to that property that makes it almost impossible to find two inputs that can link to the same output, no matter the power of the hardware you’re using for computational activity.
ZK-STARK uses collision-resistant hashes, so it seems that quantum computing doesn’t represent a threat to this type of proof. On the other hand, this rising technology may threaten ZK-SNARK.
Conclusion
Zero-knowledge proofs have many pros that make them perfectly suitable for the improvement of blockchain technology. On the other hand, they also present disadvantages that may prevent them from being largely adopted. But, as we know, blockchain technology is under constant development, and professional developers and cryptographers will likely find solutions in the short run.
Related
Stay tuned
Subscribe for weekly updates from our blog. Promise you will not get emails any more often.
Our authors
Most Popular
New Posts
Stay tuned
Subscribe for weekly updates from our blog. Promise you will not get emails any more often.
Our authors
