Blockchain-based Zero Knowledge Proof solution

VivaTech 2017 in Paris generated a LOT of excitement and buzz last week! The event brought together an incredible crowd of innovation and tech lovers, startups, investors and CEOs. Click on the link if you wish to see my Twitter Moments.

It was not even remotely possible for me to see everything I wanted to, but I did attend the full startup pitch session at BNP Paribas’ booth. Out of 12 startups pitching their projects, I have decided to single out QED-it — since I think that you might find Zero Knowledge Proof (ZKP) to be an interesting topic.

What is Zero Knowledge Proof?

In essence, Zero Knowledge Proof is a clever way of showing that one knows something without showing what one knows. In other words, by using Zero Knowledge Proofs one party, called the prover, can prove to another party, the verifier, that a given statement is true, without disclosing any additional information. For instance, in a Zero Knowledge transaction, the creator of the transaction can prove that a valid transaction has taken place without revealing any details about the sender, the recipient, or the transaction volume.

How does it work?

In my opinion, a horseshoe-shaped tunnel with a door in the middle illustrates the concept really well: Catie is the one who needs to prove that she knows the password to unlock the door without disclosing it to Chris! Therefore, the left entrance is labeled A, and the right entrance B. Catie enters the tunnel either via A or B. Chris is not allowed to see which path she takes. Once Catie is in, Chris announces the name of the path he wants her to use to return. Providing that Catie knows the password, she can open the door — if she needs to — and return along the required path.

If Catie happens not to know the password, she is only going to be able to return via the named exit if Chris gives the name of the same route by which she entered. Since Chris is going to choose A or B at random, Catie will have a 50% chance of guessing correctly. But, if they repeat this exercise many times in a row, Catie’s chance of successfully anticipating Chris’ requests becomes vanishingly small.

Therefore, if Catie repeatedly appears at the exit Chris names, it is astronomically probable that Catie really knows the password!

Isn’t that a cool example? Now that you understand how it works, you can imagine how other things can be ascertained and verified in a similar way! The verifier can repeatedly present a challenge to the prover, or alternatively, a “random oracle” can create the challenges by some code. That’s how any property of encrypted data can be proved to the desired degree of certainty — obviously, only if it can be defined by a computer program — without revealing the data itself!

Zero Knowledge Proof solution is essential for distributed banking ledgers!

After the pitching session, I spoke to QED-it’s CEO Jonathan Rouach. QED-it is a Tel Aviv-based startup that combines advanced cryptography, parallel computing and blockchain technology. Their product is a trustless audit platform enabled by Zero Knowledge Proofs. It enables business partners to share information about their business processes without revealing the underlying data.

Jonathan confirmed to me that they were seeing huge interest in Zero Knowledge Proofs as a solution to confidentiality problem on blockchains from many leading companies. At the moment, their priority is to help companies understand how to adapt Zero Knowledge Proof technology to their particular use cases.

As you know, privacy of transaction data is especially important for distributed banking ledgers! Sharing the proofs without sharing the data will enable banks to protect the clients’ privacy while providing services.

Currently, the only “live” application of Zero Knowledge Proof technology is Zcash, a cryptocurrency that offers privacy and selective transparency of transactions. In spite of Zcash payments being published on a public blockchain, the sender, recipient, and amount can remain private.

Though, QED-it is taking the idea of proving the data without revealing it to the next level since they can prove much more than just a token moving from one place to another. It seems that the “blockchain of proofs” is going to be the next hot term! ☺

Jonathan gave me a few more interesting examples: for instance, the regulators will be able to enforce rules for transactions in real time, without the need to collect the confidential data from participants. In case of real-time asset valuation, which is normally performed by a third party and quite costly, the asset operator will be able to run a self-audit, using its own confidential data, and send only the result to the bank, along with a proof that the audit was done correctly. As a result, banks could introduce tighter risk margins and propose better financing terms for asset owners.

How does QED-it do it?

QED-it provides a suite of a prover, verifier, dashboard and tools for creating proofs as an enterprise solution. The product enables users to process their own data in a proving circuit, thereby generating proofs. This allows other actors to verify in real-time that the rules were followed, while the data remains confidential.

By the way, in the future this is going to be integrated into all the large blockchain stacks like R3, Hyperledger and Ethereum. For instance, I have just learned that a Zero Knowledge Security Layer will be added to JP Morgan’s Quorum blockchain.

What is the current state of affairs?

Being an advanced technology, the application of Zero Knowledge Proof systems is still very resource intensive. That’s why QED-it uses parallel computing to make the technology scalable and fit for the most advanced uses.

Logically, the speed depends on what one is trying to prove. In case of transactions not requiring unlinkability and confidentiality, sub-second speed can be reached — at the moment, it takes less than a second to generate a Zero Knowledge Proof for a transaction, and several hundred milliseconds to verify it. However, the greater the number of transactions and their complexity is, the longer it will take to generate the proof. Hence, QED-it is currently working on doubling, possibly tripling that speed! Likewise, the speed will get improved by using more advanced computers in the near future.

Zero Knowledge Proofs are open source code!

I would also like to mention that Zero Knowledge Proofs exist as open source code that can be forked and optimised for various use cases. Can you think of any in your particular field?

Here are a few more use cases QED-it is working on in partnership with their clients that I hope will inspire you to take action: stakeholders tracking carbon emission or other indicators without getting access to corporate data; individuals proving dynamic statements about their digital identity, such as credit score and loan worthiness, without revealing their full financial history; and investors getting reassured, in real-time, of the correct use of the money they invested. What a great potential!