The most popular blockchains are entirely transparent public ledgers. So what? This means that if I know your wallet address for certain chains, I can see how much crypto you own and every account you’ve transacted with and for how much!
I’ve written a few times about the tradeoffs associated with this reality:
The duality of web3 is that open data enhances credibility and encourages innovation but decreases individual privacy.
While open data is supposedly one of the core tenets of web3, some people aren’t comfortable with exposing how much money they have in their wallet or the details of their transactions. For these situations, there exist a set of privacy-focused blockchains that solve questions like:
How can I prove that I have enough funds to send money to another account without showing anybody how much money I actually have?
How can I prove that I’m old enough to create a wallet without revealing my actual age?
How can I prove that I know my private key or password without having to type it into a potentially insecure website?
More generally: How can I prove a statement is true without revealing any additional information?
Enter Zero Knowledge Proofs, first introduced in 1985 by a group of MIT researchers:
a zero-knowledge proof is a method by which one party (the prover) can prove to another party (the verifier) that a given statement is true while the prover avoids conveying any additional information apart from the fact that the statement is indeed true.
The essence of zero-knowledge proofs is that it is trivial to prove that one possesses knowledge of certain information by simply revealing it; the challenge is to prove such possession without revealing the information itself or any additional information.
When I first read this definition, I had no idea what it meant in practice. Luckily, I’ve found and developed a few analogies to help me understand ZK Proofs, and I hope they’ll help you too!
Analogy 1: I Have a Red Card
In this scenario, I have a deck of 52 cards, and I draw one at random. It’s guaranteed to either be black or red, and in this case I draw the 7 of hearts, which is a red card. Now, I want to prove to my friend Bob that I in fact have a red card!
The obvious solution would be to show Bob the 7 of hearts, but I don’t want to show him my card for ~privacy reasons~. Instead, I tell Bob to count the number of black cards remaining in the deck, of which he finds 26. Therefore, since there are now 51 cards in the deck and all 26 black cards remain, Bob now knows I have a red card!
In this scenario, Bob was able to prove that I had a red card without me having to convey any additional information to him. Of course, I could have used a loaded deck, but the assumption here (and with smart contracts in the real world) is that the starting conditions of the situation have been agreed upon and vetted by all parties.
Analogy 2: I Spy With My Little Eyes…
Did you ever play with the I Spy books as a kid? If you didn’t, the concept is simple: take turns with a friend pointing out objects on a cluttered page and see if the other person can find it.
However, if you were a devious child, you could make up an object that doesn’t exist and have your friend search for hours! (I promise I never did this…) In order to prevent this trickery, your friend could ask you to prove that the object exists on the page before they start searching. The challenge would be to do so without actually revealing the location of the object, as otherwise you’d defeat the purpose of the game.
Here’s how you could prove that an object exists without revealing its location:
First, find a large piece of paper and obscure the smaller ISpy image. You know the relative positioning of the ISpy image under the larger piece of paper, but your friend doesn’t.
Next, cut a small circle around the object of interest. You can do this because you know where the ISpy image is under the larger paper. Your friend just sees the object of interest, which in the image below is the die.
You’ve now proved that the object exists on the ISpy image, but haven’t revealed any additional information about its location to your friend. The game is still valid, and now your friend has confidence that you were telling the truth about seeing the specified object.
Going Down the Rabbit Hole
There are two types of ZK Proofs: interactive and non-interactive. With interactive proofs, both the prover and the verifier have to be online in order to complete the proof. However, this makes interactive proofs less scalable than their non-interactive counterparts. Non-interactive ZK Proofs enable the verifier to verify the proof asynchronously at their convenience.
A challenge for you: are the examples I mentioned interactive or non interactive ZK Proofs? Or are they one of each? Drop your thoughts in the comment section!
If you’re still a bit hazy on the concepts behind ZK Proofs, here are two more analogies I found useful: the Ali Baba Cave and the Two Colored Balls and a Color-Blind Friend.
Back to Blockchains & zk-SNARKS
Many of the privacy-focused blockchains today like ZCash or Ironfish use zk-SNARKS, which are an application of non-interactive ZK Proofs. More precisely, zk-SNARKS stand for: “Zero-Knowledge Succinct Non-Interactive Argument of Knowledge.”
Furthermore, zk-SNARKS play a pivotal role in enabling scaling solutions due to their efficiency, such as in Ethereum’s Zero Knowledge Rollups.
If you’re interested in learning more about zk-SNARKS and how they work in practice, let me know! The analogies in this article should give you a solid foundation to dive deeper into the world of ZK Proofs, and I’d love to help you understand how they’re implemented for specific use cases in web3.
Until then, here’s some additional reading you can do on your own:
Mina Protocol’s Recursive zk-SNARKS (you can skip the first part)
Let’s Chat! Agree with the takes in this article? Think they’re way off? Let me know on Twitter.
Shoutouts! Thank you to Sridhar, Kristen, AY, and Cecilia for their contributions to this article.