1. What is a zero-knowledge proof?
A zero-knowledge proof is a cryptographic protocol that allows one party (the proving party) to confirm the truth of a statement to the other party (the verifier) without revealing any additional information about it (neither the content nor the source from which the proving party learned about the truth). This definition was first proposed by researchers at the Massachusetts Institute of Technology (MIT) Shafi Goldwasser, Silvio Micali, and Charles Rakoff in a scientific paper entitled “The Complexity of Evidence in Interactive Systems” (1985).
2. How does it work?
Imagine that you are in a room with a person who has been blindfolded. On the table in front of you there are two balls, a white one and a black one. You need to prove to the second person (the verifier) that the balls are really different colors, without revealing which ones. To do this, you must ask him to hide both balls under the table. After that ask him to take out only one so you can see it. Then the balloon is hidden again and the next time the verifier may again show either white or black. However, you will be able to prove the claim because you know exactly whether he changed them under the table.
Nevertheless the verifier will not be completely sure in the truth of the fact, because luck or deception could have taken place. This problem is solved by repeating the experiment n number of times. With each round the chance to be right by chance will halve: after five repetitions the probability to be right is 1 in 32, after 10 rounds it is 1 in 1024, and after 20 rounds – about 1 in 1 000 000.
Repetitions make it possible to achieve the desired level of proof reliability, but absolute certainty cannot be achieved.
3. What is zero-disclosure proof used for?
One of the obvious uses of zero-disclosure proof in cryptocurrencies is to verify that a user has the funds for a transaction, without revealing to the network participants who the user is and how much money they have in their account.
This protocol can also be used in areas where data (e.g., personal information) or a financial transaction needs to be secured.
Zero-disclosure proof can play the role of a tool that provides data and user verification, granting privileged access, and establishing trusted connections.
4. What types of zero-disclosure proofs are there?
- Interactive (the verifier independently interrogates the proving person in real time);
- Non-interactive (requires no direct communication between the verifier and the proving person; the former can verify the authenticity of the assertion ex post facto).
Zero-disclosure proofs can also be divided into two groups based on the presence or absence of the authentication phase of the assertion by several verifiers – the so-called trusted setup using a Boolean function.
For some protocols, such as zk-SNARKs (Zero-Knowledge Succinct Non-Interactive ARgument of Knowledge), this is a necessary condition. Verifiers generate a special secret that is destroyed immediately after a trusted installation. If the secret continues to exist, the data on the network can be spoofed, thereby negating the benefits of using the protocol.
There are protocols that do not require trusted installation (e.g., zk-STARK (Zero-Knowledge Scalable Transparent ARguments of Knowledge).
5. What are the benefits of zero-disclosure proofs?
- Increasing user privacy in public blockchains and other networks;
- Strengthening information security by replacing inefficient authentication and verification methods; increasing blockchain throughput and improving scalability.
6. What are the disadvantages of zero-disclosure proofs?
- require significant computing power;
- Potential for compromise in a trusted installation;
- potential vulnerability to quantum computing.
7. Which projects use zero-disclosure proofs?
ZCash, a cryptocurrency focused on increased user privacy, uses a modified zk-SNARKs protocol. The same protocol was partially implemented in the Ethereum network as part of the Byzantium hardfork. At the moment, ethereum developers are considering additional uses for this technology.
The startup QEDIT has developed an SDK (Software Development Kit) that allows zero-disclosure proofs to be implemented in already existing blockchains to increase the privacy of transactions while still allowing them to be validated by nodes. Note that the project has already been awarded the European Commission’s Seal of Excellence, and its partners include well-known companies such as VMWare, Ant Financial and Deloitte.
StarkWare has created solutions based on the zk-STARKs protocol, which can also be implemented in existing networks. The project has already attracted funding from Vitalik Buterin, Pantera Capital, Intel Capital, Sequoia Capital and other investors.
Dutch bank ING has released a modified version of Zero-Knowledge Range Proof (ZKRP). This protocol can prove that a customer has wages in the range required to qualify for a mortgage loan without disclosing the amount itself.