What is a zero-knowledge proof?

A zero-knowledge proof is a cryptographic protocol that allows one party (the prover) to convince another party (the verifier) that a statement is true without revealing any additional information about it—neither the content nor the source from which the prover learned of its truth. The definition was first proposed by MIT researchers Shafi Goldwasser, Silvio Micali and Charles Rackoff in the 1985 paper The Knowledge Complexity of Interactive Proof Systems.

Imagine you are in a room with a blindfolded person. On the table lie two balls—one white and one black. You must convince the other person (the verifier) that the balls are of different colours without revealing which is which. To do so, ask them to hide both balls under the table. Then ask them to show just one so you can see it. Next the ball is hidden again and the verifier may show either the white or the black ball. You can prove the claim because you can tell whether they swapped the balls beneath the table.

Yet the verifier cannot be fully certain, as luck or trickery could still be at play. This is addressed by repeating the experiment n times. With each round the chance of guessing correctly by accident halves: after five repetitions the probability of deception is 1 in 32, after ten rounds—1 in 1,024, and after twenty—roughly 1 in 1,000,000.

Through repetition you can reach the desired level of assurance, though absolute certainty remains unattainable.

One obvious application in cryptocurrencies is verifying that a user has enough funds for a transaction without revealing to the network who the user is or how much is in the account.

The protocol can also be used wherever data security is required (for example, for personal information) or for conducting financial transactions.

A zero-knowledge proof can serve as a tool for verifying data and users, granting privileged access and establishing trusted connections.

• interactive (the verifier questions the prover in real time);
• non-interactive (no direct communication between verifier and prover is required; the former can verify the claim after the fact).

Zero-knowledge proofs can also be divided into two groups depending on whether there is a phase in which several verifiers fix the authenticity of the claim—the so‑called trusted setup using a Boolean function.

For some protocols, such as zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge), this is a necessary condition. Verifiers generate a special secret that is destroyed immediately after the trusted setup. If the secret persists, data on the network can be forged, negating the advantages of the protocol.

There are protocols that do not require a trusted setup (for example, zk-STARK (Zero-Knowledge Scalable Transparent Arguments of Knowledge)).

• greater user privacy in public blockchains and other networks;
• stronger information security by replacing inefficient methods of authentication and verification;
  higher throughput and better scalability for blockchains.

• significant computational demands;
• the possibility of compromise during a trusted setup;
• potential vulnerability to quantum computing.

The privacy-focused cryptocurrency ZCash uses a modified zk-SNARKs protocol. The same protocol was partially implemented on the Ethereum network in the Byzantium hard fork. Ethereum developers are considering additional applications of the technology.

The startup QEDIT developed an SDK (Software Development Kit) that implements zero-knowledge proofs on existing blockchains to increase transaction privacy while preserving validation by nodes. The project has already received the European Commission’s Seal of Excellence, and its partners include VMWare, Ant Financial and Deloitte.

StarkWare created solutions based on the zk-STARKs protocol that can also be deployed on existing networks. The project has attracted funding from Vitalik Buterin, Pantera Capital, Intel Capital, Sequoia Capital and other investors.

The Dutch bank ING released a modified version of a zero-knowledge proof—Zero-Knowledge Range Proof (ZKRP). This protocol can prove that a client’s salary is within the range required for a mortgage without revealing the actual amount.

Subscribe to ForkLog on Telegram: ForkLog Live — the full news feed, and ForkLog — the most important stories and polls.