How Zero-Knowledge Proof is Revolutionizing Privacy
A lot of people are likely to associate blockchain with anonymity. They’ve heard stories of the Silk Road and how criminals used cryptocurrency to run underground economies. While it may seem that way because of how wallet addresses consist of complex strings of letters and numbers; in reality, blockchain is only pseudonymous, meaning that it’s just your wallet address instead of your name. It’s also a lot more transparent than one might think: if you transact with another user, they can now see all your past, current, and future activity.
But what if there was a way to transact in a trustless manner without revealing any sensitive information? That solution is zero-knowledge proof, which was first conceptualized in a 1989 MIT paper. It is the idea of proving to another party that you have something, such as a password, but not having to reveal what the password is.
The Ali Baba Cave Story
Zero-knowledge proof may seem confusing and foreign at first. That’s natural since we have not seen technology implemented like this yet in our everyday lives. To illustrate this concept, Belgian cryptographer Jean-Jacques Quisquater came up with a famous story called the Strange Cave of Ali Baba.
In the story, there is a man named Ali Baba. In a bazaar, a thief steals something from Ali and runs to this cave. Ali follows suit, and as he goes inside the cave, he notices that it diverges into two paths. He picks one side and follows it to see a dead end. Ali then checks the other side, but also finds a dead end. He figures that he probably just picked the wrong side, although this continues for several days with more thieves all managing to escape Ali through the cave. Each time, Ali thinks he picks the wrong side, though we know that this is highly unlikely as there is a fifty percent chance that he’d choose the correct side. One day, Ali gets suspicious and chooses to hide at the dead end, where he sees a thief say some magic words to get through it .
Ali recorded the magic words in a manuscript that was passed down to one of his descendants, Mick. Mick wanted to prove to the public that he knew the magic words without having to reveal what they are. A camera was set up in the cave where the tunnels diverged into two. Mick was positioned at the dead-end. The reporter flipped coins — if it was heads, Mick should come out from the right, and vice versa. The reporter flipped the coin multiple times, and each time, Mick came out on the correct side. Mick could just have been lucky, but this was unlikely as he succeeded so many times in a row. This proved that Mick knew the magic words, and he didn’t have to tell the public what they were.
What is Zero-Knowledge Proof?
From the Ethereum website, zero-knowledge proof is “a way of proving the validity of a statement without revealing the statement itself.” Here there are two parties: a prover and a verifier. In the story above, Mick was the prover because he wanted to prove a claim which was that he had the magic words. The reporter was the verifier because he tested Mick’s claim for its validity.
Instead of the reporter testing Mick in the cave, mathematical formulas are used. Zero-knowledge proof protocols take unsubstantial segments of information to verify that the prover has the complete set of data. This means that third parties who you don’t want accessing your information have nothing valuable to intercept.
There are two methods to test whether a prover possesses what he claims to have: interactive and non-interactive zero-knowledge protocols.
The Ali Baba Cave example is an interactive protocol, as both the prover and verifier had to be available and interact a sufficient number of times. But the repeated interactions make this method inefficient.
Non-interactive proofs solve this inefficiency by generating a shared key for the prover and verifier. The prover runs its set of data through an algorithm that outputs a zero-knowledge proof. The verifier is sent the proof and checks its validity by using another algorithm. This method is a lot more efficient as only one round of communication between parties is required, and anyone else with access to the shared key and verification algorithm can verify this. The problem with non-interactive proofs is the processing power and additional software needed to run them.
Applications of Zero-Knowledge Proofs
Every time we exchange data, we expose ourselves to vulnerabilities. Zero-knowledge proofs are a solution to this, so naturally, most of its use-cases entail privacy matters.
- Payments: When you make purchases, your payments are seen by multiple entities such as the shop, the payment provider, your bank, and possibly government authorities. The same applies in crypto as well, since transactions are pseudonymously transparent on the blockchain. Zcash uses zero-knowledge technology to “ensure transactions remain confidential while allowing people to selectively share addresses and transaction information for auditing or regulatory compliance.”
- User identification: Most applications today use a person’s passport or driver’s license for their Know-Your-Customer (KYC) verification process. Zero-knowledge proof allows users to pass certain KYC requirements without having to expose their personal information. Polygon recently announced that they are working on a zero-knowledge-based identity solution that does this.
- Finance: When applying for financial instruments like loans, you often have to provide information such as your salary. Dutch bank ING uses zero-knowledge proofs to show that a user’s income lies within a certain range to determine their viability for a mortgage.
Conclusion
Zero-knowledge proof evidently fills a gap in our technology regarding privacy issues. By utilizing the technology, we are able to limit the number of vulnerabilities our sensitive data is exposed to. But it is also important to note that zero-knowledge proofs are not perfect. They have their drawbacks as well such as hardware and verification costs which pose additional problems to consider. Regardless, it is a breakthrough in technology that we can expect to see applied more both in Web3 and traditional systems.
