What is a Zero-Knowledge Proof?
The future of coordination relies heavily on the successful verification of information — and zero-knowledge proofs have a significant role to play here. This article explores what zero-knowledge proofs are, how they work, and why they are so important to privacy-preserving technology.
What is a zero-knowledge proof?
For the future of coordination, the verification of information will play a central role. This process is simple enough when the two parties involved in an exchange trust one another — such as when we complete a purchase using cash, or when a shop attendant asks for I.D. in order to verify someone’s age when selling alcohol.
However, in our increasingly complex and distributed world, with the large majority of transactions taking place digitally and between parties who don’t know one another, this level of trust is harder to come by.
So how do two parties, who don't necessarily trust one another, verify the truth of the information involved in an exchange while preserving their individual privacy? The answer: by using zero-knowledge proofs (ZKPs).
This Anoma Basics article explores what a ZKP is, why they are important to the future of coordination, and how they are used.
What is a zero-knowledge proof?
Zero-knowledge proofs, sometimes known as zero-knowledge protocols, are a mathematical technique for the verification of the knowledge of information with specific properties. They were developed by researchers at MIT in the middle 1980s, and have found new applications in the field of blockchain privacy.
For example, on blockchains such as Bitcoin or Ethereum, the transparency of information enables public verification — such as whether a participant has enough currency in their wallet to settle a transaction. However, this transparency creates serious privacy concerns as it could lead to the deanonymization of those involved — and once a wallet is connected to an individual, all of their transaction data would be known.
ZKPs help introduce more robust privacy to blockchains, and through zero-knowledge cryptographic methods, chains are still able to verify the validity of information without the need for the levels of public transparency previously mentioned. They enable the verification of the exact properties of information (e.g. somebody being over the age of 18) without any other information being learned. This means that no extra metadata is leaked and there is no consequent loss of privacy.
How do zero-knowledge proofs work?
The best way to explain how ZKPs work is through examples, and thankfully there are a number of them. Let's consider one of the most famous: The Colorblind Friend.
Imagine you have a red-green colorblind friend, you are not colorblind, and you have two balls that are identical apart from their colors — one is red and the other is green. To your friend, these two balls appear completely identical, and he doesn't believe that the two balls are in fact different in color.
In this case, the proof system works as follows:
- Your friend (the "verifier") takes the two balls, one in each hand, and puts them behind his back.
- He then displays to you (the “prover”) one of the balls, and returns it behind his back.
- Next, he chooses to show you another ball at random.
- He then asks you "Did I switch the ball?"
- The process can be repeated as often as needed.
As you are not red-green colorblind, you can easily see (with certainty) whether the balls are switched. However, if they were in fact the same color, you could never guess with a probability of higher than 50%. With this probability in mind, the probability of having succeeded at all switch/non-switches approaches zero. In ZK math, this is called "soundness.”
If you repeated the "proof" multiple times (20, for example) then your friend should become convinced that the two balls are different colors, which in ZK math is called "completeness". This example is "zero-knowledge" because your friend never learns which ball is red and which is green.
Therefore, the properties of a ZKP are as follows:
- Completeness: If the information given by the prover is true, the ZKP method must enable the verifier to verify the information given by the prover.
- Soundness: If the information given by the prover is false, the ZKP method must enable the verifier to verify that it is false.
- Zero-knowledge: The method must not reveal anything to the verifier besides whether the prover is telling the truth or not.
How are ZKPs used?
The theory here — while abstract — is reasonably straightforward to understand, however the applications of ZKPs can grow complex very quickly. One prominent use of ZKPs are in authentication systems, where security and privacy are important.
For example, ZKPs can be used to verify identities or credentials without the need to divulge them directly. In this way, they can be used to verify that an individual has a password to a computer system, without the need to share the password itself. In fact, this is one of the key pillars of Namada — the first fractal instance of Anoma — and the multi-asset shielded pool (MASP), both of which provide ways of preserving privacy for digital assets.
Combining ZKPs with blockchain technology creates a powerful proposition for privacy, creating the potential for complex data to be encrypted and enabling users to control the visibility of the information contained within blocks — electing to reveal information to some users and not to others.
ZKPs: The gateway to a privacy-preserving future
ZKPs have a huge role to play in the future of coordination.
After all, enabling individuals to share information in a way that doesn't compromise their privacy is fundamental to a self-sovereign future.
The sooner that we are able to reject the systems that don't view privacy as a fundamental human right, the better, and ZKPs will be pivotal in doing exactly this.
For a deeper dive into how ZKPs are used on Anoma, read about Plonkup