Zero-knowledge proofs are an effective tool for improving the security and privacy of decentralised networks. A zero-knowledge proof is a mathematical technique that allows for one party (the prover) to prove to another party (the verifier) that they know the value of a specific piece of information without revealing the actual information.
The most well-known zero-knowledge proof is zk-SNARKS (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge), which was first developed by researchers in 1985 and first used within the blockchain industry by Zcash with its implementation in use on the Zcash blockchain. zk-SNARKS is a proof architecture which allows for the creation of zero-knowledge proofs that are non-interactive, efficient and short. This means the prover and verified do not need to communicate with each other during the proof process, which makes it efficient and scalable. Due to these properties, zk-SNARKS can be used for a wide range of applications, most notably within the blockchain industry where blockchains have been able to ensure transactions are encrypted and private. zk-SNARKS have allowed senders on blockchain networks to transfer funds without revealing information about the transaction whilst mathematically guaranteeing the sender has available funds to make the transaction.
Here is a simple explanation of how zk-SNARKS work:
- Alice wants to provide to Bob that she knows a certain secret number without revealing the actual value of the number.
- Alice first generated a public/private key pair using a special kind of mathematical function called an oracle. This ensures the generated private key is sufficiently random. The public key can be shared with anyone but the private key must be kept secret.
- Next, Alice creates a “proof” which demonstrates that she knows the value of the secret number using the private key and secret number. This “proof” is a short, efficient, and non-interactive piece of information which can be verified using the public key.
- Alice sends this proof to Bob along with her public key. Bob uses the public key to verify the proof, and if the proof is valid, Bob knows that Alice knows the value of the secret number without Alice ever revealing the actual value.
This is a very simple example of zk-SNARKS work but in practice they are more complex and have a more sophisticated implementation. We will look at a simple example of a zero-knowledge proof with numbers to demonstrate how this is possible later in the post.
Zero-knowledge range proofs are used within the Monero blockchain. Zero-knowledge range proofs allow the prover to prove a value is within a certain range without revealing information about the actual number. This can be used to improve the privacy of transactions within the Monero blockchain by allowing users to prove the validity of their transactions without revealing the details of the transaction.
Zero-knowledge set membership (ZKSM) are a type of zero-knowledge proof which allows the prover to prove a certain value is a member of a set without revealing the actual value.
Some notable examples of zero-knowledge proofs used within the blockchain industry:
- Zcash used zk-SNARKS to allow users to execute transactions on the blockchain without revealing the details of the transaction helping to improve privacy and security.
- Monero uses zero-knowledge range proofs to enable transactions on the blockchain which are confidential.
- Ethereum is working on implementing zero-knowledge proofs using zero-knowledge rollups (zk-Rollups) which will allow for the creation of private and scalable transactions on the blockchain.
- ChainLink is using zero-knowledge proofs to enable secure but private sharing of oracle data on its decentralised network.
- zk-Sync are using zk-Rollups to increase throughput on the Ethereum by bundling transactions into batches therefore reducing the amount of data that has to be posted to the blockchain. This is achieved by generating a zero-knowledge proof for the state-transition function (STF) which is responsible for determining how the state of the blockchain has changed since the last block.
Zero-knowledge proofs have several advantages over traditional cryptographic techniques for verifying the validity of transactions. First, zero-knowledge proofs allow for the verification of the validity of transactions without revealing the details of the transaction, which can improve the privacy and security of decentralized networks. Second, zero-knowledge proofs are efficient and scalable, which means that they can be used for a wide range of applications and transactions. Third, zero-knowledge proofs are non-interactive, which means that the prover and verifier do not need to communicate with each other during the proof process, which makes it efficient and scalable. Zero-knowledge proofs within decentralised networks allow for use cases such as anonymous transactions, identity protection, authentication and verifiable computation.
You may be wondering how this actually works. How is it possible for a prover to prove to a verifier that they possess some information without revealing the information?
Suppose Alice wants to prove to Bob that she knows the value of a secret number, x, without revealing what the value of x is. Alice can use a zero-knowledge proof to accomplish this. Lets walk through a very simple example of how this could work.
(Blue are items only Alice knows, Red are items only Bob knows and pink are items both parties know)
- Alice chooses two very large prime numbers, p and q and multiplies them to make n. The value of n is provided to Bob. In practice p and q are very large numbers exceeding 100 digits long but for the purposes of demonstration we will use smaller numbers.
- p = 6373
- q = 2297
- n = 14638781
- Alice chooses a very large number, x
- x = 755413
- Alice picks a random, r and computes x^2 mod n the result of which is provided to Bob
- r = 234
- x^2 mod n = 14478408
- Alice generates the proof which she computes as follows: (x^2)*(r^2)mod(n)
- proof = 1884612
- Bob can either ask for (r) or (xr mod n) which can be used to validate the proof
- In this scenario, Bob asks for the latter which Alice provides
- xr mod n = 1101270
- Bob can then validate this proof by squaring xr mod n (the result of which was provided by Alice) and ensuring the result matches the proof generated in step 4
- (1101270^2)mod(14638781) = 1884612
- Since Bob can see the result matches the proof, Bob is satisfied that Alice knows the random number R without Alice revealing the number
In the example above, Alice is able to prove to Bob that she knows the value of x without ever revealing the actual value of x. This is the essence of a zero-knowledge proof. The prover (Alice) can convince the verifier (Bob) that she knows something without revealing what that something is.
It is important to note, when using small numbers this proof can be reversed to find the secret value but in practice zero-knowledge proofs use extremely large numbers which makes it computationally infeasible to reverse the proof.
Zero-knowledge proofs are a very important innovation in the field of cryptography and have the potential to improve the security and privacy of decentralised networks. As decentralised networks grow and evolve, we can be sure to expect new developments of new zero-knowledge proof architectures helping to further scale and provide privacy for users.
- The Ethereum Foundation: https://ethereum.org/en/zero-knowledge-proofs/
- Interactive and Non-Interactive Proofs of Knowledge Université Paris: https://blazy.eu/Slides/slideRSA15.pdf
- zkEVM by Alex Gluchowski (zk-Sync): https://www.youtube.com/watch?v=6wLSkpIHXM8
- Eric Postpischil: Slides From a Talk: https://edp.org/work/ZeroKnowledgeProofs.pdf
- ZCash: https://z.cash/technology/zksnarks/
- Short Binance Article: https://academy.binance.com/en/glossary/zero-knowledge-proofs