by Nuno Menezes
Zero-knowledge (ZK) proofs already demonstrated that it solves a difficult puzzle when it comes to privacy. Cryptographers have been working with zero-knowledge/interactive proofs for years, but only now the protocols are being used along with “private” blockchain platforms as financial companies look to harness its potential.
A couple of companies are already openly embracing ZK. In October, JPMorgan’s Quorum (the Company’s Ethereum-derived permissioned blockchain platform) introduced the first integration of a zero-knowledge security layer (ZSL) into its enterprise blockchain. In November 2017, the multinational banking and financial services corporation ING announced the development of its own zero-knowledge range proof (ZKRP), claiming it to be a lot more efficient than other options on the Ethereum network.
What is a Zero-knowledge Proof?
The notion of ‘zero-knowledge’ was first proposed in the 1980s by MIT researchers Shafi Goldwasser, Silvio Micali and Charles Rackoff. According to these researchers, a zero-knowledge protocol is a method by which one party (the prover) can prove to another party (the verifier) that a something is true, without revealing any information apart from the fact that this certain something is in fact true. To put it in another way; interactive zero-knowledge proofs require interaction between the individual and a computer system proving their knowledge and the individual validating the proof.
Let’s use the Where’s Waldo, game to provide an example; Maria and John are playing “Where’s Waldo?” If John finds Waldo, how can he prove this to Maria without revealing Waldo’s location? How can he convince Maria he is not lying without actually showing her where Waldo is? The solution would be using a large piece of cardboard with a small rectangle cut out of it. Out of Maria’s sight, John positions the page behind the cardboard so that only Waldo’s picture is showing through the rectangle, then calls Maria over to show her.
As the cardboard is much larger than the book, Maria has no idea where on the page Waldo is located — no other images on the page are exposed — but she can see that John has, indeed, discovered him. John can further validate his claim by covering the rectangle with one hand and carefully sliding the book out from beneath the cardboard with the other to reveal the entire page and prove to Maria that the Waldo seen in the rectangle was indeed located on the page under consideration.
Zero-knowledge proofs are probabilistic since there is always some slight chance a crafty cheater will find a way to fool an honest verifier, but the concept does provide a pretty solid verification mechanism for an assertion while shielding all ancillary information related to that assertion. ZK proofs let you validate the truth of something without revealing how you know that truth.
Similar “interactive” proof mechanisms can be embedded programmatically in digital systems. To qualify as zero-knowledge, these protocols must satisfy three requirements:
Completeness: If the statement is true, an honest verifier will be convinced by an honest prover.
Soundness: If the statement is false, no cheating prover can convince an honest verifier that it is true.
Zero-knowledge: If the statement is true, no cheating verifier learns anything other than the fact that the statement is true.
ZK Proofs on the Blockchain
Bitcoin transactions are publicly visible by all network participants, and information such as the sender, recipient, amount, etc. is are open to scrutiny, or at least the addresses are publicly traceable. Much like the Bitcoin blockchain, in the Ethereum’s blockchain model, all details about a smart contract are also public, and all transactions and code are visible to anyone who goes through the blockchain.
Regulatory requirements may also stipulate that confidential information not be “exposed” on a network. This lack of privacy and confidentiality is the cause of issues in use cases related to finance or those that involve the transfer of tokenized assets. In the Ethereum blockchain, these issues are being addressed in its Byzantium upgrade via the zero-knowledge protocol in zk-SNARKs, as explained by Ethereum’s Christian Reitwiessner; SNARKs are short for succinct non-interactive arguments of knowledge. The specific parts of the acronym have the following meaning:
Succinct: The sizes of the messages are tiny in comparison to the length of the actual computation.
Non-interactive: There is no or only little interaction. For zk-SNARKs, there is usually a setup phase and after that a single message from the prover to the verifier. Furthermore, SNARKs often have the so-called “public verifier” property, meaning anyone can verify without interacting anew, which is vital for blockchains.
ARguments: The verifier is only protected against computationally limited provers. Provers with enough computational power can create proofs/arguments about wrong statements (note that with enough computational power, any public-key encryption can be broken). This is also called “computational soundness” as opposed to “perfect soundness.”
Of Knowledge: It is not possible for the prover to provide a proof/argument without knowing a certain so-called witness. If you add the zero-knowledge prefix, you also require the property that during the interaction, the verifier learns nothing apart from the validity of a specific statement.
Other cryptocurrency platforms and blockchain-based systems also incorporate zero-knowledge proofs into their solutions to allow for transactions to be verified while protecting user/transaction privacy. ZK protocols provide the ability to transfer assets across a distributed, peer-to-peer blockchain network with secrecy. The identity and amount being spent can remain hidden, and issues like “front-running” can be avoided.
However, Zero-knowledge proofs have their own challenges. One reason ING’s ZKRP is so interesting is that it purports to improve efficiency. Further, chain participants still have to be confident that the cryptography and the underlying code is efficient enough to prevent hacks, as recent cryptocurrency platform attacks have launched some concerns.
In this sense, ZK proofs use a way of enforcing “honest” behavior and ensuring that a transaction is valid without revealing the actual purpose of the transaction or other sensitive details, zero-knowledge proofs offers amazing options. Since it provides a mechanism for legitimate exchange while safeguarding privacy, Zero-knowledge proofs may have even more uses apart from the blockchain.