Zero Knowledge for Dummies: Introduction to ZK Proofs
Do you have zero knowledge about zero knowledge? Do you want to learn more about it? You’re in the right place and we have cookies.
Today we dive into the basics of zero-knowledge proofs (ZKPs), how they work and why you should care about them.
What is a ZK Proof
ZKPs were first mentioned in a paper by Shafi Goldwasser, Silvio Micali and Charles Rackoff. Titled “The knowledge complexity of interactive proof systems”, the paper was published in 1985 — for our GenZ readers, 1985 is a point in the past when people used rotary phones, had no TikTok and cryptocurrencies did not exist. What’s a rotary phone? That’s a… you know what, just google it. Now back to ZKPs.
The OG definition of a ZK proof aged well and we still use it today:
A zero-knowledge proof is a method by which one party (the prover) can prove to another party (the verifier) that something is true, without revealing any information apart from the fact that this specific statement is true.
Imagine Alice has the recipe for the best chocolate chip cookies in the world, and she wants to sell it to Bob. Bob needs to verify that Alice truly has the recipe but if Alice shows it to him, he will see the secret recipe and all the ingredients.
A ZK proof is a way to guarantee that Alice does, indeed, have the recipe but without revealing the actual recipe. Let’s see how.
How do ZK proofs work
Without going into too many technical details, here’s how ZKPs work.
As we already mentioned, there is a prover (the party that proves that they have some information) and a verifier (the party that verifies the prover has the info).
In the first step of the process, the prover and the verifier agree what parameters and cryptographic algorithms will be used.
The prover then generates a cryptographic commitment that represents the verified statement without revealing the statement’s content.
The verifier challenges the prover at random, and the prover generates a response based on the challenge and the committed statement.
Then the verifier checks that response against the challenge and commitment to determine if the statement is indeed valid.
The steps from the challenge on can be repeated multiple times to ensure that the statement is true with a high level of confidence.
Essentially, there are 3 main steps in that process in a ZK proof: a commitment, a challenge, and a response.
If we take the example of the world’s best chocolate cookies, this will look like this:
Bob and Alice agree that to demonstrate she has the recipe, Alice will bake the cookies and Bob will taste them (tasting the cookies will be the challenge). Alice bakes the cookies, Bob eats them and they taste like the worlds’ best cookies.
To make sure this was not a fluke, Bob requires Alice to bake the cookies multiple times and if every time they taste like the worlds’ best cookies, Bob can conclude with a high degree of confidence that Alice has the recipe. We, on the other hand, may conclude that Bob has diabetes.
The example above illustrates an interactive ZK proof — one where the prover interacts with the verifier to complete the proof, and there may be multiple rounds of interaction.
However, there are also non-interactive ZKPs where the proof can be generated by the prover without any further interaction with the verifier. In fact in most cases interactive proofs are rendered non-interactive using the Fiat-Shamir transform, as interaction is in most cases not an option.
Types of ZK proofs
There are multiple types of zero-knowledge proofs but we’re gonna look at the most popular ZKPs in blockchain: ZK-SNARKs and ZK-STARKs (these sound similar so pay attention!).
ZK-SNARKs
This abbreviation stands for Zero-Knowledge Succinct Non-Interactive ARgument of Knowledge. What it is is a form of ZK proof that requires no interaction between the prover and verifier. They are “succinct” because the proof size is small, and the verification is fast. Most ZK-SNARKS use elliptic curve cryptography and a trusted setup to generate parameters for the ZKPs.
SNARKs are currently one of the most common ZK proof types in crypto.
ZK STARKs
These are Zero-Knowledge Scalable Transparent ARguments of Knowledge: Similar to SNARKs but with a few differences. STARKs use hash functions instead of elliptic curves and unlike SNARKs, they don’t rely on a trusted setup, making them more transparent. They are also post-quantum secure, meaning they remain secure even in the face of quantum computing advancements.
STARKs are more scalable than SNARKs (they can handle larger computations) but require more gas fees.
See? Even though they sound similar, they are not the same and confusing them would be like confusing StarWars and StarTrek — inexcusable.
Why should we care about ZK proofs
There are two main reasons to use ZKPs: privacy and scalability.
“BuT we’Re iN crYpTO fOr thE trANspAreNcY”, you may say, and let us remind you that privacy and transparency are not equal. Many a situation in real life require anonymity and individuals’ data protection — that’s simply how society works. In a world where mega-corporations are making ridiculous amounts of money off of our personal data, zero knowledge matters.
Speaking of that, let’s dive into more specific use cases of ZKPs.
ZK proof applications
There are so many real-life use cases for zero-knowledge proofs that we sometimes wonder what can’t you ZKP.
We recently highlighted a couple of peculiar uses on Twitter (if you don’t follow us there, do it now, it’s free!): a ZKP microphone for detecting deepfakes (ah, the times we live in!) and using zero knowledge technology for redacting documents for investigative journalism.
Another use for ZKPs is anonymous payments — we live under mass surveillance and sometimes Alice just wants to keep it private that she sold the world’s best cookie recipe to Bob and not to Jimmy. She also wants to make purchases without allowing her credit card provider to sell her transaction information to data brokers who then sell it to advertisers for example.
ZKPs are perfect for identity protection — imagine being able to go through passport control at the airport without actually showing your passport to the border control agent and exposing all of the information in it to them!
Many advocate for using ZKPs for authentication — many platforms require a ton of personal data to allow users access. ZK proofs can drastically simplify authentication both for the platforms, and for the end users, thus improving the UX.
ZKPs can also be used for voting systems: they’re a solid way to ensure the integrity and privacy of voting systems, enabling secure and transparent elections without revealing individual votes.
Other potential applications include proof of membership, art ownership and provenance verification, ethical data monetization, supply chain management, gaming, etc. As we said — what can’t you ZKP!
What’s next for ZK proofs
Back in March of this year, Vitalik said that one very important major upcoming transition in the way the Ethereum chain gets validated is the rise of ZK-EVMs.
We believe it’s safe to say that we will see continued ZKP adoption in blockchain and finance but also branch out into many Web2 and Web3 industries, as we saw in the real-life application examples we gave above.
We may also see some overlap and integration between ZKPs and AI (and if we were to guess, we’d say Sam Altman would lead the way there as he founded both OpenAI and Worldcoin).
It would be interesting to see how ZKPs and machine learning work together too, letting us learn from data without revealing that data.
Whatever the future of zero-knowledge proofs holds, it is bright and promising and we’re excited to see it.
Need a more technical look at ZKPs? Check out our article “A Gentle Introduction to ZKPs and Circom”.
Want to learn more about zero knowledge tech? Subscribe to our blog and follow us on social media:
Twitter | Lens Protocol | LinkedIn | Github | Request Audit
