Magical internet blockchain robots: ZK Snarks and Starks edition
The most advanced privacy method known to mankind could soon be publicly available to anyone and everyone.
Note: The opinions stated here are my own, not those of Google.
Explaining crypto with magical internet blockchain robots.
Crypto and blockchain are still in their infancy by commercial technology standards. The blockchain community can’t even build a decent digital ponzi scheme without getting repeatedly hacked and even using Metamask is too confusing for the average muggle. In order to move the ecosystem forward, there needs to be a better method of describing how these products work and what their capabilities are.
If product managers and designers are willing to trust these new technologies without having to completely understand them, then we can treat them as a black box with particular capabilities. Since Clarke’s third law states “Any sufficiently advanced technology is indistinguishable from magic,” I have adopted the model of a magical internet blockchain robot to explain some of the more advanced capabilities of the decentralized web.
Explain Snarks and Starks using Magical Internet Blockchain Robots
In a recent paper titled “Scalable, transparent, and post-quantum secure computational integrity” Eli Ben-Sasson and his colleagues have made a bold statement about the future of privacy on blockchains.
“ZK-STARKs could replace ZK-SNARKs and achieve the fungibility and confidentiality of Zcash, transparently...” (Benson et al., 2018)
There is more to your identity than your name. Blockchain tech has made it easy to make transactions without attaching your name to it, but your transaction behavior may say more and more about you over time. This phenomenon was recently touched on by Wired in a reminder to crypto enthusiasts that transparency and anonymity are difficult to reconcile.
The need for a private transaction method that employs the powers of decentralization has pushed cryptographers to test the limits of what was previously available for consumer-grade protocols. Until recently, the most advanced method available was known as ZK Snarks.
There are several reviews online of how snarks work, such as those by Vitalik Buterin and Christian Reitwiessner, and while Ameer Rosic does a pretty good job of catering to less technical audiences, these explanations are mostly for an engineering audience and they require significant decoding in order to understand their product implications for designers and product managers.
For most muggles, the thing that you need to know about Snarks and Starks is that they are Non-Interactive. That’s the interesting part of the SNARK acronym that Product Managers should focus on.
It means that two spies don’t need to communicate at all in order to prove themselves to each other. With interactive methods, like typical signatures with private / public key pairs, the message is sent back and forth between parties. With a snark, they don’t need to authenticate to each other.
Example of interactive proofs without a magical internet blockchain robot
Imagine there are two spies in enemy territory and they need to exchange messages. They agree to meet at the train station at 3pm every day to exchange messages using secret codes.
The two spies share passwords to identify themselves and then trade encrypted messages after they are satisfied. In this example, the two spies know that they have found their partner without the other people on the platform being any wiser to what is really happening.
If the two spies can’t make it to the platform at the same time, they would need some non-interactive way to pass on the encrypted message to the right person. They could try hiding the messages beneath the platform, which would be insecure if someone else found them. Or, they could lock them in a locker, but then they’d have to share keys (which would require an interaction).
Example of non-interactive proof without a magical internet blockchain robot.
In a non-interactive example, the two spies meet a third spy, let’s call her Agent Snark. Both spies have their own set of passwords to identify themselves to Agent Snark.
Agent Snark works as the ticketing agent at the train station and is there every weekday. On any day that she is working, Spy 1 or Spy 2 can go to the station and identify themselves using their own passcodes and give her a message to pass along to another spy.
Since each spy has their own way of identifying themselves to Agent Snark, there is no need to interact with each other in order to pass the encrypted messages. Also, each spy does not need to know the identity of the other spy, or even that there is only one other spy.
Agent Snark can pass along messages, transactions, media, anything from one party to another without ever revealing who the parties are or what the contents of the encrypted message is.
In this example, the entire system works as far as we can trust Agent Snark. Is she loyal? Is she a double agent? Maybe it’s not actually Agent Snark and she’s been replaced by an imposter. All of these problems arise from a trust-based system which is no longer an issue with a trustless system like the blockchain.
Example with a magical internet blockchain robot
Now imagine that Agent Snark is a magical internet blockchain robot (MIBR). MIBRs can’t lie, be copied, or impersonated, and will never tell you her secrets (even under duress). This is how the blockchain has given us non-interactive proofs with a trustless system.
The problem with Agent Snark… Trusted setups
Agent Snark the MIBR was built by a top-secret military genius named Captain Lambda. She alone knows the program that was used to program Agent Snark’s brain and if the bad guys captured her, they might be able to get her to reveal her secrets. The fact that a human still needs to be trusted in order to keep this system from being hacked means that this isn’t really a “trustless” system, but it’s the best system so far.
Since Captain Lambda is a genius after all, she decided to share the programming with a bunch of colleagues. They each programmed a piece of Agent Snark’s brain software and never shared their code with each other. This makes it a bit better, because now the bad guys would have to capture ALL of the colleagues in order to hack Agent Snark, but that is still possible. It’s also possible that the colleagues all decide to commit treason and collude to hack Agent Snark together.
So, Captain Lambda thinks long and hard about how she can make the system truly trust-less and so she decides that for the sake of the good fight, she should assassinate one of the other colleagues. After much moral and ethical deliberation, Captain Lambda hires a hitman to do the job so that no one thinks she faked the assassination. She reaches out to her black-ops contacts and orders the assassination of one of her colleagues at random so that no one can ever, ever hack Agent Snark.
But… what if the assassin takes a bribe from the colleague and fakes the assassination? Then you have to trust the assassin to do the job and not lie about it…. There’s basically no getting away from the fact that eventually you’re going to HAVE to have some amount of trust in the system when building a Snark MIBR.
Introducing Agent STARK
Tonya Stark. Agent extraordinaire. The newest model of magical internet blockchain robots so powerful that until Jan 9, 2018 was simply known as “the myth”.
Agent Stark is a MIBR that is capable of programming itself. No Captain Lambda, no band of colleagues, and no assassin required. To top it off, she is much, much faster than Agent Stark when passing along really long messages.
What does this mean for cryptocurrencies?
Right now, Zcash is the most private blockchain protocol, but it’s built on Snarks, which means someone somewhere is being trusted to prevent a hack. With Starks, any blockchain or protocol could implement anonymous transactions on data with bulletproof anonymity.
