What is Zero-Knowledge (ZK)?
Part 1: Zero-Knowledge Proofs
--
This article was written by George, Tempus’ Head of Research.
If you have been around crypto long enough, you should by now have seen the word ZK plenty of times. But what really is it? Let us demystify it for you today.
ZKP — Zero Knowledge Proof
The most common interpretation of ZK is Zero Knowledge Proof. It is a cryptography concept where the Prover needs to convince the Verifier that he knows the answer to a question without revealing the actual answer.
Hmmm…. How is that possible?
Let us give you an ELI5 example.
Where is Wally?
Verifier is stuck in the following “Where is Wally” puzzle and seeks the Prover for help.
The Prover was able to find Wally but asked the Verifier for an incentive before revealing the answer. The Verifier does not want to give away the incentive now since he is not sure if the Prover is lying or not. So, the Prover decides to use a ZKP technique to show the Verifier he knows the answer without pointing out where Wally is to the Verifier.
The Prover asks the Verifier to turn around. He then takes a large piece of black cardboard with a small hole in the middle, which only shows Wally. Then he asks the Verifier to turn back.
From this, Verifier did not get Wally’s actual location, yet is now convinced the Prover has found Wally. Note, that the black cardboard must be so big that not even the approximate location of Wally can be estimated. Interesting technique, right?
If that wasn’t enough, let us give you another ELI13 example.
Sudoku
Imagine the Verifier has the following Sudoku and is unable to complete it:
But the Prover was able to work out the answer but does not want to share the exact solution with the Verifier (before he is paid at least):
Again, the Prover thought of a clever ZKP method to demonstrate to the Verifier he knows the answer without revealing the actual answer.
The Prover sets up the following automated function:
Step 1: The function comes up with a random mapping table, e.g.
1 -> 3
2 -> 4
3 -> 1
4 -> 2
Step 2: The function replaces the Prover’s Sudoku answer with the newly mapped number, e.g:
Step 3: The Verifier will ask to be shown a random row or column, e.g. row 2, then 4, 3, 1, 2 will be shown to the Verifier.
The Verifier sees the select subset meets the rule of Sudoku, hence it is likely the Prover did have the answer. He can request to repeat this randomized process enough times so he is fully convinced the Prover wasn’t bluffing him.
It is important during every repeat that a random new mapping table is used, so the Verifier cannot gain the full solution by requesting rows 1, 2, 3, and 4 and do the reverse mapping himself. Also, the process needs to be automated (just like how Smart Contracts are), so the Verifier can trust the process.
From these examples, we can see ZKP requires an intermediate process to mask the exact solution, which may not give 100% confidence to the Verifier immediately, but the probability can be increased as the process repeats.
Also, ZKP does not have a single solution for all cases; hence design and implementation of the proof in real life can be challenging.
As zero-knowledge is a deep topic, in the next blog we will dive into ZK’s usage in Ethereum. For example, scaling solutions utilize ZK to use only the most recent snapshots to produce new blocks on Layer 1 without having to store the whole history of the blockchain.
References
Where is Wally: https://www.youtube.com/watch?v=J3jKROwTPCs
Disclaimer
The information provided in this article is provided for informational purposes only and does not constitute, and should not be construed as, investment advice, or a recommendation to buy, sell, or otherwise transact in any investment, including any products or services, or an invitation, offer, or solicitation to engage in any investment activity. You alone are responsible for determining whether any investment, investment strategy, or related transaction is appropriate for you based on your personal investment objectives, financial circumstances, and risk tolerance. In addition, nothing in this article shall, or is intended to, constitute financial, legal, accounting, or tax advice. We recommend that you seek independent advice if you are in any doubt.
