#11 Zero Knowledge
Knowing but actually not knowing
As we ride through this crypto winter discussing what does or does not qualify as a genuine ‘use case’, we thought it would be worth it this week to discover some more cool tech enabling the web3 infrastructure - zero knowledge proofs. We briefly touched upon one application of Zero Knowledge proofs when we covered rollups a few weeks ago but today we will spend more time appreciating what ZK proofs bring to the table. Let’s jump right in!
First off, zero knowledge protocols use very complicated math and are often computationally intensive. They are so wild that even cryptographers call it ‘moon math’. Having said that, let’s try to develop some intuition for what zero knowledge proofs are all about.
In cryptography, zero knowledge proofs let you convince me that you know something, or have done something, without revealing to me what your secret thing was
- 0xSage
So ZK proofs are about proving that you know something without actually revealing what you know. Here’s a classic example. Let’s say Person A is colour blind and Person B is not. How can Person B prove to Person A that they can indeed see colours without revealing the exact colours they see? In this experiment, consider person A is made to hold on to one red ball and one green ball (both balls are identical otherwise). With Person B in front of them, Person A can hide the balls behind their back and choose to swap the balls between their hands or keep them where they are. Person B now has to tell person A whether they swapped the ball or not. On multiple iterations, if Person B can rightly point out if the balls were swapped, it amounts to sufficient proof that Person B can in fact tell red from green. This was achieved without revealing to Person A the colours of the individual balls. This is an example of an interactive zero knowledge proof with a challenge and response mechanism. 0xSage has also illustrated an example of a non interactive zero knowledge proof on their blog linked above which I would highly recommend you check out.
Zero Knowledge Proofs have the following properties:
Soundness - Everything that is provable is true. If Person B is lying about being able to see colours and starts guessing at every turn, they would not be able to guess if the balls were swapped out on every single turn. The proof’s mechanism does not let the prover cheat.
Completeness - Everything that is true has a proof. As long as Person B can indeed see colours, they can prove consistently that the balls were swapped. So the proof is statistically complete
Zero Knowledge - Only the statement being proved is revealed. The proof’s mechanism does not reveal to Person A what the colours are. It only proves to them the person in front of them is not colour blind.
But how did we end up here? If ZK proofs are so computationally intensive then what are the alternatives? Vitalik talks about this in his 2016 blog post where he refers to cryptographically secure obfuscation as the holy grail for privacy on the block chain. Here’s what it means: Obfuscation is a way of turning any given logic into a black box. It is where the logic of processing the inputs is the same but it is impossible to figure out any other details about the program. So the encryption basically cancels itself out to not influence the processing of the inputs but it is there only to ensure one cannot see what’s happening inside. As with many such ‘holy grail’ ideas, obfuscation is computationally impractical. Taking a step down, we have another method which is close enough: secure multi party computation. This process allows for a program and its state to be split among N parties such that you need a majority of them to cooperate to initiate the computation or reveal any intermediate state. It makes the important compromise that you need to assume you can trust the majority of the actors to be honest.
That is how we come down to ZK proofs, owing to recent developments in this field. Many believe that ZK protocols are totally going to become mainstream over the next 5 years and that everyone will be talking about it. And until that happens, subscribe to Ideal Gas: