# Introduction to Zero-Knowledge Proofs đź”Ź

--

A zero-knowledge proof (ZKP) is a cryptographic method which allows one person (the prover) to prove to another person (the verifier) that they have the possession of some information without revealing the information to the verifier.

In other words, ZKP allows conveying the assurance that the information is in hand without revealing the information itself.

# Origins

Zero-knowledge proofs were first conceived in 1985 by Shafi Goldwasser, Silvio Micali, and Charles Rackoff in their paper â€śThe Knowledge Complexity of Interactive Proof-Systemsâ€ť.

Hereâ€™s a newspaper clipping of The New York Timeâ€™s issue from 1980â€™s which covers these proofs. Zero-Knowledge proofs have sprung back into relevance recently due to their use in cryptocurrency ZCash and making secure payment over Bitcoin Blockchain.

# Example

In the paper â€śHow to Explain Zero-Knowledge Protocols to Your Childrenâ€ť, the author provides an abstract illustration of how ZKPs work.

Consider a cave similar to Alibaba cave, containing a magic door which requires a secret word to open it. The cave has two entrances A and B, both leading to the magic door.

Consider two persons, Priya (prover) and Varun (verifier) with the situation that Priya knows the secret words to open the magic door and Varun does not. Varun is curious to find out whether Priya really knows the secret words or not.

Hence, a scheme is devised which allows Priya to prove that she knows the secret words without actually revealing them to Varun.

Varun waits outside the cave as Priya goes into the cave. Priya takes either path A or B. Varun is not allowed to see which path she takes. Then, Varun enters the cave and shouts the name of the path he wants her to use to return, either A or B, chosen at random.

Now two cases arise,

Case 1. Priya knows the secret words: She can return via the path specified even if it requires her to cross the gate, no problem.

Case 2. Priya doesnâ€™t know the secret words: In this case, she can only return via the path she came in, if this is the path Varun chose earlier, then it is good, if not she is caught lying. So there is a 50% chance that she still can successfully claim that she knows the secret words, even though she doesnâ€™t due to sheer luck.

50% is not good enough, so Priya and Varun repeat this exercise. With each iteration the chances of Priya not knowing the secret words and being able to claim that she does, decreases. After 20 iterations they become very low (one in a million)

At this point, Priya has successfully proved to Varun that she really does possess the knowledge of secret words.

# Definition

A ZKP must satisfy the following properties:

## Completeness

If the statement is true, the honest verifier (that is, one following the protocol properly) will be convinced of this fact by an honest prover.

## Soundness

If the statement is false, no cheating prover can convince the honest verifier that it is true, except with some small probability. Linking back to our example, even after 20 iterations there is still a one in a million chance that Priya (prover) has fooled Varun (honest verifier)

## Zero-Knowledge

If the statement is true, no verifier learns anything other than the fact that the statement is true. In our example, Varun does not get the knowledge of the secret words to open the magic door in the verification process.

# Applications

## Private Blockchains

ZKPs can be used to guarantee that transactions are valid despite the fact that information about the sender, the recipient, and other transaction details remain hidden. Example https://z.cash/
Zcash implements a modified version of ZKP called zk-SNARKS, with â€śzkâ€ť referring to â€śzero-knowledgeâ€ť and SNARK referring to â€śSuccinct Non-interactive ARgument of Knowledgeâ€ť

## Private Purchases

Imagine going to the supermarket and purchasing goods with your credit card without revealing your card information to the merchant. A smart card using zero-knowledge proof could identify the cardholder to a merchant without giving the merchant the knowledge, i.e the card number, that would let him make illicit purchases or forge a new card.