Introduction to Zero-Knowledge Proofs
通过 LCX Team · November 3, 2023
While the inherent transparency of blockchains is advantageous in many circumstances, there are a number of smart contract use cases that require privacy for business or legal reasons, such as the use of proprietary data as inputs to initiate the execution of a smart contract. Zero-knowledge proofs (ZKPs) are a method for one party to cryptographically demonstrate to another that they possess knowledge about a piece of information without divulging the underlying information. ZKPs are becoming an increasingly popular method for achieving privacy on public blockchain networks. In the context of blockchain networks, the only information disclosed on-chain by a ZKP is that the prover knows with a high degree of certainty that some hidden information is valid.
“Zero knowledge” refers to the specific cryptographic method of zero-knowledge proofs, whereas “zero trust” is an organization-wide cyber security model used to safeguard data, premises, and other resources. The zero-trust framework assumes that every individual and device, both inside and outside the network, may pose a threat due to malicious intent or simple incompetence. Before granting access to resources, zero-trust systems require users and devices to be authenticated, authorized, and continuously validated. Zero-knowledge proofs can be incorporated into a zero-trust architecture.
How Do Zero-Knowledge Proofs Work
A zero-knowledge proof operates at a high level by having the verifier request the prover to perform a succession of actions that can only be performed accurately if the prover knows the underlying information. If the prover is only making educated guesses about the outcome of these actions, they will be proven incorrect by the verifier’s test with a high degree of probability.
Zero-knowledge proofs were first described in a 1985 MIT paper titled “The Knowledge Complexity of Interactive Proof-Systems” by Shafi Goldwasser and Silvio Micali. In this paper, the authors demonstrate that a prover can persuade a verifier that a particular statement about a data point is true without disclosing additional data information. ZKPs can be interactive, in which a prover must persuade a particular verifier but must repeat this process for each individual verifier, or non-interactive, in which a prover generates a proof that can be verified by anyone using the same proof.
The three defining characteristics of a ZKP are as follows:
Completeness: If a statement is true, a trustworthy verifier can be persuaded by a trustworthy prover that they possess knowledge of the correct input.
Soundness: If a statement is false, no dishonest prover can persuade a trustworthy verifier on their own that they possess knowledge of the correct input.
Zero-knowledge: If the state is true, the verifier learns nothing from the prover other than the fact that the statement is true.
In its basic form, the zero-knowledge proof consists of three components: witness, challenge, and response.
Witness: In a zero-knowledge proof, the proponent wishes to demonstrate knowledge of some concealed information. The secret information is the “witness” to the proof, and the prover’s presumed knowledge of the witness establishes a set of questions that can only be answered by the party in possession of the information. Thus, the prover initiates the process of proving by selecting a query at random, computing the answer, and sending it to the verifier.
Challenge: The challenger selects another question at random from the set and asks the prover to answer it.
Response: The prover accepts the query, computes the solution, and returns it to the verifier. The respondent’s response enables the verifier to determine whether the prover actually has access to the witness. To ensure that the prover is not randomly assuming the correct answers, the verifier selects additional questions to ask. By repeating this interaction numerous times until the verifier is content, the likelihood of the prover faking knowledge of the witness decreases significantly.
Types of Zero-Knowledge Proofs
There are numerous ZKP implementations, each with its own trade-offs regarding proof size, prover time, and verification time, among others. They consist of:
zk-SNARKs
SNARKs, which stands for “succinct non-interactive argument of knowledge”, are compact and straightforward to verify. Using elliptical curves, they generate a cryptographic proof that is more gas-efficient than the hashing function method employed by STARKS.
zk-STARKs
“scalable transparent argument of knowledge” is what STARK stands for. STARK-based proofs necessitate minimal interaction between the prover and verifier, making them significantly faster than SNARKs.
PLONKs
PLONKs, which stands for “permutations over Lagrange-bases for oecumenical noninteractive arguments of knowledge,” employ a universally trusted setup that is compatible with any program and can accommodate a large number of participants.
Bulletproofs
Bulletproofs are zero-knowledge proofs that are brief, non-interactive, and require no trusted preparation. They are designed to facilitate private cryptocurrency transactions.
Zero-Knowledge Proof Use Cases
Zero-knowledge proofs enable exciting use cases across Web3, thereby augmenting security, protecting user privacy, and supporting layer 2 scaling.
Private Transactions
ZKPs have been utilized by blockchains such as Zcash to enable users to construct transactions that protect their privacy by concealing the monetary amount, sender, and recipient addresses.
Verifiable Computations
Decentralized oracle networks, which provide smart contracts with access to off-chain data and computation, can also use ZKPs to prove a fact about an off-chain data point without disclosing the underlying data on-chain.
Highly Scalable and Secure Layer 2s
Verifiable computations facilitated by techniques such as zk-Rollups, Validiums, and Volitions allow for highly secure and scalable layer 2s. Using layer 1s as settlement layers, such as Ethereum, they can provide dApps and consumers with faster and more efficient transactions.
Decentralized Identity and Authentication
ZKPs can serve as the foundation for identity management systems that allow users to validate their identity while safeguarding their private data. For instance, a ZKP-based identity solution could allow a person to verify that they are a country’s citizen without providing their passport information.
Conclusion
Zero-knowledge proofs represent a breakthrough in cryptographic techniques, redefining the way we ensure data privacy, security, and integrity in the digital age. Their potential applications extend far beyond cryptocurrencies, offering invaluable solutions to various industries and use cases. As researchers and technologists continue to refine and optimize ZKPs, the future holds exciting prospects for a more secure and privacy-preserving digital world. By embracing this cryptographic prowess, businesses can stay at the forefront of the evolving technological landscape, fostering trust, and safeguarding sensitive information in an increasingly interconnected world.
