In the rapidly evolving world of digital technology and data privacy, Zero-Knowledge Proofs (ZKPs) have emerged as a groundbreaking tool that was, for many years, mostly a theoretical concept. However, recent advancements have brought ZKPs to the forefront, making them a practical solution for establishing trust and security.
In today's cybersecurity landscape, Zero Trust means no entity is trusted by default, emphasizing robust security measures that ensure trust through verification rather than assumption. Similarly, ZKPs establish trust without revealing sensitive information, perfectly complementing the Zero Trust model by enhancing security through verification without disclosure.
What are Zero-Knowledge Proofs?
Zero-knowledge proofs are a type of cryptographic protocol that enables a prover to convince a verifier that they possess certain knowledge or information without revealing the actual knowledge or information itself. This concept might seem counterintuitive at first, but it's a powerful tool for preserving privacy while still enabling secure transactions and interactions.
Imagine you have a friend who claims to have solved a complex mathematical puzzle, but you don't want them to reveal the solution. With zero-knowledge proofs, your friend can prove to you that they indeed have the solution without disclosing the actual solution itself. This is achieved through a series of challenges and responses, where the prover demonstrate their knowledge without revealing the underlying information.
But I hate crypto!
That is completely okay! Since this not the crypto you think about. It is crypto as in cryptography, not the crypto in cryptocurrency. Two wildly different things to get right.
"Cryptography is the study and practice of sending secure, encrypted messages or data between two or more parties. What ZK does in our case, is to prove that we know a secret, without revealing the secret"
In the context of Zero-Knowledge, mathematics plays the central role. While blockchain operates under the principle "Code is Law", for Zero-Knowledge, I would assert "Math is Law".
What I want you to understand is that this "magic" math challenges the concept about sharing personal information broadly on the Internet is a necessary trade-off for convenience. Implementing applications with ZKPs allows us to carefully control how much information we disclose and who has access to it.
When implemented as a security measure in the backend of an application, it would be a fundamental threat to the inversely proportional relationship between ease of use and high level of security strength.
In the end, Zero-Knowledge allows us to:
- To prove knowledge about private information: e.g. social security number, passwords etc.
- Compare items without revealing them.
- Establish the authenticity of data without disclosing its origin, such as proving ownership or creation without revealing specific details.
- Reduce risk since actual information is never stored or transmitted between the two parties.
How does it work?
First we need a system. In this system there is a prover who wants to convince a verifier that some statement is true without revealing any other information.
The proof itself operates on a mathematical constraint system. These constraints can vary from quadratic expressions to polynomial expressions depending on what backend language and what Zero-Knowledge Proof Language you use. These are often called circuits.
In a typical setup the prover generates first a witness, which represents the specific knowledge or information they wish to prove. This witness is essentially a solution to the mathematical constraints defined within the circuit. Importantly, this witness must satisfy the constraints without revealing any underlying private information.
Arithmetic Circuits
An arithmetic circuit is a network of gates that compute polynomial equations using interpolation techniques to generate outputs such as:
$3x^2 + 7y + 19 = 0$
Rank-1 Constraint System (R1CS)
An algebraic circuit to be expressed as a set of vectors and matrices, which then in turn are converted to a set of polynomials to be used further in the the QAP protocol
$\langle a_i, x \rangle \times \langle b_i, x \rangle = \langle c_i, x \rangle$
Quadratic Arithmetic Programs (QAP)
QAP uses polynomials to represent the same kind of constraints that R1CS does with dot products. Each R1CS constraint corresponds to a polynomial equation. Given polynomials Given polynomials $u(x), v(x), w(x)$ and a target polynomial $t(x)$ the relationship can be expressed as:
$u(x) \cdot v(x) = w(x) + h(x) \cdot t(x)$
where $h(x)$ is a quotient polynomial ensuring that $u(x) \cdot v(x) - w(x)$ is divisible by $t(x)$.
After the prover generates a witness, the next step is to construct the actual proof that will be presented to the verifier. This proof aims to demonstrate that the witness satisfies all the constraints of the circuit without revealing the witness or any underlying private information itself. Here's how the process unfolds:
1. Proof Generation
The prover uses the witness and the circuit's structure to generate a proof. Depending on the ZKP system being used—such as zk-SNARKs, zk-STARKs, or Bulletproofs—the specific method of proof construction can vary significantly. However, the common goal is to create a proof that is both succinct and verifiable.
For systems like zk-SNARKs, the prover first transforms the arithmetic circuit into a polynomial equation through a process such as the QAP or the more recent Sonic, Marlin, and PLONK protocols. The prover then demonstrate that they know a polynomial $S(x)$ that satisfies this equation at a certain hidden point $x$. The proof involves creating commitments that show the equation holds while keeping $S(x)$ and $x$.
Upon generating the proof, the commitments are constructed using techniques such as elliptic curve pairings or hash functions, ensuring that the proof remains both hiding (keeps the witness secret) and binding (cannot be altered undetected).
2. Proof Submission
The prover sends the proof to the verifier. The communication does not include the witness but only the proof which is supposed to be succinct and easy to verify.
3. Verification
Upon receiving the proof, the verifier checks the validity of the proof against the public description of the circuit (the constraints). This is typically a much faster process than the proof generation and does not involve solving the circuit's constraints but merely verifying the cryptographic commitments and calculations presented by the prover.
Then what?
The final step is when the verifier concludes whether the proof is valid or not. If the proof is valid, the verifier accepts that the prover knows a witness that satisfies the circuit's constraints without the prover having revealed what that witness is or any other private information. That's it!
Different Flavors of Zero-Knowledge Proofs
Zero-Knowledge Proofs (ZKPs) come in various forms, each tailored to specific needs regarding proof size, computational requirements for proof generation and verification, and other considerations. These are some of the key types that are nice to know:
zk-SNARKs:
zk-SNARKs, an acronym for "succinct non-interactive argument of knowledge," are recognized for their compact proof size and quick verification process. They utilize elliptic curve cryptography to produce proofs, which are notably more efficient in terms of computational gas costs compared to other methods that rely on hashing functions.
zk-STARKs:
Standing for "scalable transparent argument of knowledge", zk-STARKs offer advantages in speed due to their minimal need for interaction between the prover and the verifier. This makes the verification process significantly quicker than that of zk-SNARKs.
PLONK:
This acronym stands for "permutations over Lagrange-bases for oecumenical noninteractive arguments of knowledge". PLONK uses a universal trusted setup, which is compatible with any computational program and supports participation by numerous users, enhancing its versatility.
Bulletproofs:
These are concise non-interactive zero-knowledge proofs that do not require a trusted setup, making them particularly suited for applications in private transactions within cryptocurrency systems.
Conclusion
In conclusion, Zero-Knowledge Proofs (ZKPs) represent a significant advancement in the field of cryptography, offering robust solutions to enhance privacy and security in systems we interact with. With its secure verification without revealing the information itself, it will become a crucial part of privacy protection, and the practical applications for this technology are likely to expand in the coming years.
So hey, if you are a developer, researcher etc, keep exploring the fascinating world of zero-knowledge proofs, and you'll be at the forefront of the privacy revolution. Your journey into this fascinating field doesn't have to end here.
I encourage you to continue learning and exploring through some highly informative resources:
- Vitalik Buterin's Insights: Dive into a variety of cryptographic concepts, including SNARKs and STARKs, on Vitalik's Blog.
- ZK HACK: is a platform for learning and building ZK, and they host virtual events and produce educational content like their in-depth whiteboard sessions that dissect various ZK projects.
- 0xPARC's Courses: For those interested in hands-on learning, 0xPARC offers two comprehensive online courses focusing on Circom and Halo2, helping you build numerous circuits in environments where resources are scarce (Halo2).
- Matterlab: Explore further with Matterlabs' curated list of zero-knowledge proof resources, crafted by the team behind zkSync.