Every day, users are becoming more and more exposed to security breaches on the Internet. On top of this, they have to forgo privacy as businesses collect a vast amount of customer data and monetise it, making it vulnerable to cyber threats.
However, data ownership and privacy are fundamental rights. And Zero Knowledge Proof (ZKP) is one of the technologies demonstrating the greatest potential to strike the right balance between taking advantage of the data-based economy and preserving privacy.
Let’s take a deep dive into this privacy-enhancing technology that provides ways for businesses to protect their sensitive data and users from achieving more privacy.
What is Zero-Knowledge Proof?
Zero-knowledge Proof is a mathematical technique to verify the truth of information without revealing the information itself. It was first introduced by MIT researchers in a 1985 paper. Over the years, ZKPs have improved and found use in several real-world applications.
In cryptography, a zero-knowledge proof is a method in which one party (“prover”) proves to another party (“verifier”) that a given statement is true without providing any additional information.
In zero-knowledge proofs, the challenge is to prove that one possesses knowledge of certain knowledge, secret information but without revealing or transmitting the information itself.
A protocol implementing interactive ZKPs requires input from the verifier several times. They are usually in the form of challenges such that the responses from the prover will convince the verifier, but only if the statement is true, meaning the prover does have the claimed knowledge.
Meanwhile, in non-interactive zero-knowledge proofs, proof delivered by the prover can be verified by the verifier only once at any time but requires far more computational power than interactive ZKPs. ZK-SNARKS is a technology that uses the non-interactive ZKP concept. Its alternative version is ZK-STARKS.
Advantages of Zero-knowledge Proof
Zero-knowledge proofs have made a breakthrough in applied cryptography by improving the security of information for individuals.
Usually, you need to provide evidence to prove a claim to another party, such as a nation’s passport, to demonstrate you are a citizen of a country. These approaches, however, lack privacy as your Personally Identifiable Information (PII) is shared with third-party services and stored in central databases, which are vulnerable to hacks.
ZKP solved this problem by eliminating the need to reveal information to prove the validity of claims. What is used is the statement as input to generate proof of its validity without exposing the information used in creating it.
In blockchain and cryptocurrency, where transparency enables public verification of transactions implies little privacy for users, ZKPs can introduce more privacy to public chains. For instance, privacy-coin Zcash is based on Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (Zk-SNARK), a type of zero-knowledge cryptographic method.
There are also privacy-focused blockchains that shield transaction details, including asset type, quantity, transaction timeline, and sender/receiver addresses. By incorporating this technology into the protocol, privacy-focused blockchain networks allow nodes to validate transactions without requiring access to transaction data.
Even on public blockchains, ZKP can be applied to anonymise transactions such as Tornado Cash which uses zero-knowledge proofs to obfuscate transaction details, allowing users to conduct private transactions on Ethereum.
When it comes to authentication, ZKPs make communication secure and protected as no secret information like passwords is exchanged here. As such, they cannot be stolen either.
In payments, ZKP technology can be of great importance as credit card payments are often visible to many parties, including banks, payment providers, and government authorities, undermining the privacy of ordinary citizens.
From finance, identity protection, and verifiable computation to online voting and machine learning, zero-knowledge proofs protect sensitive details in many areas of digital life.
Disadvantages of Zero-Knowledge Proof
While it does enhance privacy, ZKP is not foolproof. The probability of the prover lying is significantly low, but it doesn’t guarantee that the claim is valid 100%. In some of its applications like ZK-SNARK, there’s a problem of trust assumptions as the Common Reference String is generated once and available for parties to re-use. These public parameters are created via a trusted setup, where it is assumed that participants are honest.
Another drawback of ZKPs is their high computation intensity. Algorithms used here are computationally intensive, especially in the case of interactive ZKPs, as they require many interactions between the verifier and the prover and even more so in the case of non-interactive ZKPs. This makes ZKPs unsuitable for mobile devices.
There’s also the threat of quantum computing. For instance, ZK-SNARK uses elliptic curve cryptography (ECDSA) for encryption which is pretty secure, but the development of quantum computers in the future could break its security model.
Now comes the cost part. Generating zero-knowledge proofs involves very complex calculations best performed on specialised machines. And these machines are expensive, which often means they’re out of the reach of regular individuals. So, applications that want to use ZKP technology must factor in hardware costs. After all, it significantly increases costs for end-users.
For instance, the gas cost to verify single ZK-SNARK proof on Ethereum for ZK-rollups is ~500K and even higher for ZK-STARKs.
How does Zero-Knowledge Proof Work?
So, in ZKP, a prover is convincing a verifier that they have correctly executed some computation on secret data without revealing the secrets. For instance, using this technology, a payment receiver can verify that the payer has a sufficient balance in their bank account without knowing the payer’s balance.
To make it all possible, zero-knowledge protocols rely on algorithms that take some data as input and return ‘true’ or ‘false’ as output. For this, ZKP must satisfy some criteria:
Completeness: If the input is valid, the ZKP always returns ‘true.’ So, if the prover and verifier act honestly and the underlying statement is true, the proof can be accepted.
Soundness: If the input is invalid, ZKP won’t return ‘true.’ That said, it’s impossible to make it do so, theoretically. This means a lying prover cannot trick an honest verifier into believing that an invalid statement is valid.
Zero-knowledge: The verifier here learns nothing about a statement beyond its validity, preventing the verifier from getting the original input from the proof.
In ZKP, the secret information is “witness,” and the prover’s assumed knowledge of the witness establishes a set of questions that can only be answered by a party with knowledge of the information.
“Challenge” is another element that makes up a ZKP, where the verifier randomly picks a question and asks the prover to answer it.
In “response,” the prover accepts the question, calculates the answer, and returns it to the verifier. It is the prover’s “response” that allows the verifier to check if the former has access to the witness.
Conclusion: Zero-Knowledge Proof Explained
As we discussed above, zero-knowledge proof allows for data verification without revealing any unnecessary data to make transactions anonymous. In this manner, this technology has tremendous potential to give people back control over their data.
ZKP can transmit data with better security and has been applied in many fields like authentication, messaging, payments, etc. Their usage in blockchain makes crypto even more attractive.
Overall zero-knowledge proof has its own merits and demerits. But together with blockchain, they can transform not just the blockchain industry but many other sectors by enabling projects to build advanced and cost-efficient applications while preserving users’ privacy.
