August 2022

Zero-Knowledge Proofs

arrow pointi

For crypto to become truly mass-market, on-chain privacy must be enhanced, which is where zero-knowledge proofs come in. This month we will dive into what zero-knowledge proofs are, how they work and why advancing privacy and security in public blockchains will help drive mass market adoption.

Privacy is essential to a functioning economy. Individuals are unlikely to want to share their medical records, bank statements, shopping habits and location data with strangers. Similarly, corporations do not want to disclose how much they are paying suppliers or each of their employees. Most of what we do in crypto and on public blockchains today is entirely transparent and lacking in privacy. Wallet addresses are pseudonymous (not obviously linked to individuals) but all transactions are perfectly visible on the public ledger. For crypto to become truly mass-market, on-chain privacy must be enhanced, which is where zero-knowledge proofs come in. This month we will dive into what zero-knowledge proofs are, how they work and why advancing privacy and security in public blockchains will help drive mass market adoption.

A zero-knowledge proof or zero-knowledge protocol is a mathematical technique by which one party (the prover) can prove to another party (the verifier) that a statement is true, without sharing any more information other than that the statement is true. A simple practical example would be for me to prove that I know the password to my computer. A verifier could come into my office and see that my computer screen is locked. I could ask the verifier to leave the room and come back moments later. At this point my computer screen is unlocked. In this example, I have proved to the verifier that I know the password to my computer, without sharing any information as to what the password is.

Zero-knowledge proofs were first written about in 1985, pre-dating the blockchain industry, in a paper called “The knowledge complexity of interactive proof systems”.  A zero-knowledge proof must satisfy three properties:

  1. Completeness: if the statement is true, then an honest prover will be capable of convincing the verifier of this fact
  2. Soundness: if the statement is false, then no dishonest prover will be able to convince an honest verifier that the statement is true
  3. Zero-knowledge: the verifier does not learn any additional information other than that the statement is true

Imagine that you have a friend who is colour-blind and holding two snooker balls, a red one and a green one. Your friend does not believe that the balls are different, and you make a statement that they are. Your friend (the verifier) shows you which ball is in which hand and puts the balls behind her back. She then chooses to show you a ball at random and asks if she switched the balls. Of course, you correctly answer her question each time. Over time the verifier becomes convinced that your statement (the balls are different colours) is correct. This is completeness. Had the balls been the same colour then you would not have been able to convince your friend of the statement as you would have got the test wrong on multiple occasions. This is soundness. The example is also zero-knowledge as your friend never learns which ball is red or green.

Other than offering a breakthrough in applied cryptography, zero-knowledge proofs are hugely important when it comes to digital assets and the blockchain industry. They offer a new level of security and privacy and can be used in a variety of examples.

The original use case for Bitcoin was as a payments system that would allow users to conduct private, peer-to-peer transactions in the way that cash can be used today. While Bitcoin and many other public blockchains use pseudonymous addresses, the transactions themselves are visible on public blockchains and can be easily browsed on block explorers. The issue here is that when an address does get linked to a real-world identity, then on-chain data analysis can reveal the entire history of individual transactions.

At this point it is worth bringing up the topic of corruption (money laundering) and how this relates to privacy. Importantly, these two principles are not contradictory. For example, it is possible for users to maintain privacy, whilst also sharing data with law enforcement. Zero-knowledge solutions allow for transaction details to be shielded, including who the sender and receiver are, the asset type, quantity and even transaction timelines. However, the sender and recipient can share these details with authenticated third parties through the sharing of proofs. It would be possible to create a system that shares all information with a super-user (regulator) but is otherwise entirely private. In such a system, nodes are still able to process transactions and can validate them as legitimate transactions without knowing the details of the transaction. On the regulatory side, there is much to be determined. The technology itself is robust and flexible enough to be fitted to society’s needs.

A second use case is to enhance identity management systems. For example, if you need to prove your citizenship then today you likely need to share your passport information with the recipient. By doing so, you reveal more than just your nationality. You also reveal your date of birth and other information such as your place of birth, address, hair colour and religion. Zero-knowledge proofs can be used to control access to personal identifiers, allowing users to decide exactly what personal details they wish to share.

Insecure and non-private identity management is a particular issue online. Whenever you sign up to a website, you are often asked to provide various pieces of personal information such as name, address, age and nationality. As a result, your identity likely resides on hundreds of servers around the world, each at risk of leaking this sensitive data. Blockchains offer a solution, and the way that this information can be kept private is by using zero-knowledge proofs.

A third related use case is around authentication. Many websites require logins and access generally requires a combination of identity and proof that a user has the right to access a platform. Zero-knowledge proofs can simplify the authentication process for both users and the platform. Once a proof has been generated (signalling that the platform is satisfied that the user should be granted access), the user can simply present the proof in future scenarios demonstrating that their identity and right to access has been previously approved. The service provider no longer needs to store a horde of user data as the proof reflects that authentication has been done in the past.

Many projects in our digital asset portfolios are using or actively researching zero-knowledge proofs. All transactions on Ethereum are public by default. While this was once seen as a positive feature of the system, transparency by default is now being viewed as more of a bug. In 2017, Ethereum implemented its Byzantium update which allowed Ethereum to verify zk-snark proofs (a type of zero-knowledge proof). In the last year, “Zk-Rollups” have become popular on Ethereum. These are mechanisms that consolidate transactions off-chain via Merkle Trees and publish them to the Ethereum mainnet in a single transaction. By doing this, computation is done off-chain (which helps with scalability) and the main chain is used for data storage.

Anoma has taken the opposite approach of Ethereum, offering privacy by default. One of the drawbacks of using zero-knowledge proofs is that verification can be computationally costly. Specifically, proof circuits have been plagued by inefficiencies. This is a challenge that Anoma has been focused on, aiming to keep the cost of privacy to a minimum. The team’s solution is to combine two different proving schemes (Plonk and Plookup) to create a more efficient proof circuit for hash functions. The resulting scheme, known as “Plonkup” establishes a zk-SNARK that provides blockchains with a more scalable zero-knowledge solution.

Privacy is becoming increasingly popular and most blockchain platforms are adopting various forms of zero knowledge proofs. Many of the zero-knowledge proof software libraries were written in the Rust programming language and the zk community is primarily focused on building with that language. This is beneficial for Solana, which has Rust as its core language. It is less beneficial for Cosmos, with the Cosmos SDK written in the Go programming language. However, we are now seeing specific Cosmos zones adapt the SDK to enable privacy, with Penumbra as one example of a fully shielded zone that allows public verification of private data.

While the concept of zero-knowledge proofs has been around since the 1980s, it is only in recent years that computing power has caught up to allow us to use the technology to its full potential. According to Moore’s Law, we are at an exciting inflection point where an increasing number of interesting applications of this technology can be applied at a low cost. For crypto to go truly mainstream, users are going to need confidence that they can control the privacy of their financial transactions and personal information. As discussed earlier, this does not preclude sharing data with law enforcement, but allows for flexibility and control over privacy settings. This applies to both retail and corporate users. As a result, it is essential that blockchains offer strong and flexible privacy preserving technologies and zero-knowledge proofs are at the core of this.

At CMCC Global, we remain excited by the innovation happening in this field of mathematics and computer science. We remain focused on its applications in blockchain technology and are watching the innovations coming out of the Anoma team with particular interest.