Blockchain transactions require network consensus to be completed which is carried out by validators who record these on a shared, public ledger for all network participants to see. Whilst this process maintains network transparency and security, it presents a privacy issue under certain scenarios where transactions across blockchain networks and Web3 dApps contain sensitive data.
Network validators don’t necessarily need to ‘see’ the data within the transaction – they just need to be able to confirm that the key data within the transaction matches what the sender claims it to be. A key innovation is Zero-Knowledge Proofs (ZKPs) which enable transactions to be verified and conditions to be met without the verifier being able to view the information tied to the transaction.
As an example, consider applying to rent a home. Your estate agent may employ a third-party verification company to carry out certain eligibility checks – you may be required to send over documents such as bank statements to prove your income. In this scenario, the verifier just needs to validate that your income meets the criteria and doesn’t need to see your full spending habits and other sensitive data held within the statement.
Essentially, a Zero-Knowledge Proof enables you to prove that you can afford to rent the home by meeting their set criteria without having to inadvertently show your personal data. This is a way of protecting your privacy whilst producing a satisfactory outcome for all parties involved.
What is a Zero-Knowledge Proof?
Zero-Knowledge protocols aren’t new – in fact, the concept predates blockchain technology by almost 40 years. It first appeared in a 1985 paper written at MIT. However, the Web3 application of ZKPs is a recent development. The Ethereum Foundation defines a Zero-Knowledge Proof as ‘a way of proving the validity of a statement without revealing the statement itself.’
In other words, it’s a way to prove to one party who is verifying a transaction that the sending party knows what they’re sending. This knowledge is proven mathematically, and the verifying party can approve the transaction with confidence based on that proof without ever seeing the details of the data concerned.
ZK Proofs are often used in situations where the security of the sender and the private nature of the information are paramount – for example, private transactions where key information such as the amount of value in the transaction or the sender/receiver data needs to be shielded. This has been historically difficult due to the open nature of blockchain technology.
However, with ZK Proofs, the transaction can be verified without the verifier needing to see any of the key information. ZK Proofs are generated using complex cryptographic algorithms. Only the proving party can generate a ZK Proof – the verifying party cannot reverse-engineer a proof to determine the hidden information.
Three criteria must be satisfied within every ZK Proof:
- Completeness
- Soundness
- Zero-Knowledge
Completeness is tied to the proving party’s ability to indicate that they know what the hidden information is, and Soundness speaks to the verifying party’s capacity to provide reliable verification of the sender’s claim that they truly hold the information.
It may seem slightly obvious to mention that a ZK Proofs must achieve the criterion of zero knowledge, but its inclusion just illustrates that without the satisfaction of the Completeness and Soundness criteria, the proof can’t be considered zero knowledge.
Interactive Zero-Knowledge Proofs
When Zero-Knowledge Proofs were first implemented in computing, they were ‘interactive’. There are 3 elements to the interactive proving method – witness, challenge, and response.
The ‘witness’ is the secret information, of which the sender’s knowledge should be reliably verifiable. The process generates a set of questions for the sender to answer to prove to the verifier that they do in fact know the secret information being sent.
The sender chooses a question at random and answers it – usually, this is a mathematical equation that is calculated and sent to the verifier. The verifier can ‘challenge’ the sender to answer further questions, and this can go on until the verifier is sufficiently satisfied with the outcome of the answers.
As the sender answers question after question, the mathematical probability that they are lying about their knowledge of the secret information is slashed. In theory, it’ll get to the point of negligibility, at which point the verifier can be satisfied that the sender genuinely has the knowledge that they claim to.
This early method of ZK Proofs was phased out due to the need for the two parties (sender and verifier) to communicate repeatedly, which is limiting and doesn’t allow for independent verification of the proof.
Non-Interactive Zero-Knowledge Proofs
In its place, ‘non-interactive’ Zero-knowledge Proofs were developed. This method reduced the amount of communication necessary between the sender and verifier to a maximum of one interaction. Non-interactive ZK Proofs rely on extra hardware/software that houses an algorithm.
This algorithm uses hashing to generate the ZK Proof, free of the need to do continual rounds of questioning between the sender and verifier. Non-interactive ZK Proofs are the type favoured on the blockchain due to their inherent lack of complexity and faster speed.
However, this method requires a lot more computational power than the interactive method of zero-knowledge proofing.
Diagram depicting a Non-Interactive Zero-Knowledge Proof system in action
Amongst Non-Interactive Zero-knowledge Proofs, there are two distinct approaches when utilised in digital ledger technology: ZK-SNARKS and ZK-STARKS. They work to achieve the same result, however, the pathways to achieving that conclusion are slightly different.
ZK-SNARK stands for Zero-Knowledge Succinct Non-Interactive Argument of Knowledge.
ZK-STARK stands for Zero-Knowledge Scalable Transparent Argument of Knowledge.
‘Argument of Knowledge’ comes up in both abbreviations. This refers to the whole process of zero-knowledge proofing (the sender is arguing that they know the information they’re sending).
ZK-SNARKS
When making a transaction on the blockchain, such as sending cryptocurrency from one person to another (sender to receiver), the transaction needs to be independently verified by other network participants – the ‘verifier’ for the purposes of this writing, but this isn’t a single individual.
ZK-SNARKs allow that to be completed without the verifier being able to see the value of sensitive transactional information, such as the amount the transaction is worth or the personal details of those involved in the transaction. The technology allows the sender to prove that they have the correct amount of funds to make the transaction and the private key(s) required without revealing what those are.
ZK-SNARKs rely on an initial trusted setup based on pre-defined public parameters. These rules are encoded into the protocol for sending and receiving on the network and are a necessary step within the validation and transaction process.
These parameters are generated secretly and randomly per transaction to prevent fraud, and the parameter should be destroyed post-transaction. Some observers have taken issue with the idea of an initial setup and secret parameters – these are usually created by a small group of individuals, a direct challenge to the idea of decentralisation which is a central pillar of Web3.
The ZK-SNARK algorithmic grouping generally has three components: the key generator, the prover and the verifier – explained in great detail here. Essentially, two keys are created – a proving key and a verifier key. Both are publicly visible and created for the purpose of this exchange.
These two keys, the secret parameter, the witness and a public input are bundled into the ZK-SNARK’s algorithm, generating a Zero-Knowledge Proof. This ZK Proof is computed by the verifier and a ‘TRUE’ or ‘FALSE’ is returned, thus verifying or rejecting the transaction. The likelihood of the sender being fraudulent is made negligible by the complexity of the mathematical equations required, but it is not impossible.
Speculators have postulated that with the advancement of quantum computing, it could be possible to reliably forge ‘TRUE’ results for false proofs, leaving the ZK-SNARK technology vulnerable to exploitation by groups with enough resources.
This has led some practitioners to lean towards the other method of Zero-Knowledge proofing – ZK-STARKs.
ZK-STARKs
So, as previously stated, ZK-STARK stands for Zero-Knowledge Scalable Transparent Argument of Knowledge. The difference between the two is the word ‘Transparent’ in place of ‘Non-Interactive’, and ‘Succinct’ is replaced with ‘Scalable’.
In this context, ‘Transparent’ refers to the capability of anyone on the network to verify the proof without needing access to the witness. ‘Scalable’ is a description pointing to one of the key drivers of the technology’s adoption – its capacity to be implemented at scale.
Proponents of ZK-STARKs argue that the newer technology is more secure than its ZK-SNARK counterpart, utilising collision-resistant hash functions to generate ZKPs. ZK-STARKs do away with the need for the closed, trusted setups that are necessary with ZK-SNARKs, hence the ‘Transparent’ part of the abbreviation.
StarkWare has created ZK-STARKs for application within the enterprise blockchain space. The technology allows the required computations to be moved off-chain, relieving the computational burden on the blockchain. ZK-STARKs can be operated by layer-2 blockchain solutions to batch transactions together, increasing scalability.
However, the potential drawbacks of ZK-STARKs (when compared to ZK-SNARKs) are that ZK-STARKs can take longer to verify, and the sizes of the proofs generated are generally larger. This can lead to higher gas fees due to the amount of data within the transaction.
Zero-Knowledge Proofs Use Cases
Zero-Knowledge protocols are intended to address the information security and privacy concerns with using open-source, public blockchain technology. These concerns inform many of the use cases around the technology:
Private Transactions
With blockchains being digital public ledgers, the information about transactions is shared with everyone on the network. While this is paramount for transparency, it means that private transactions have historically been difficult to conduct.
However, with ZK proofs, transactions on the blockchain can be verified without revealing any of the sensitive information to the wider public. Information that would usually be key to a financial transaction – such as transaction amount and sender/receiver details – is obscured without opening the network to fraudulent transactions. This could encourage a greater level of adoption of Web3 technologies in larger organisations.
Compliance
As Web3 markets grow and gain popularity, the amount of attempted regulation in the space by governments and other supranational entities is likely to increase. DeFi and TradFi are coming into contact more closely with the introduction of fiat on-ramps and crypto investment integrations, which has led to financial regulation issues around the globe.
Zero-Knowledge Proofs allow sensitive documents to be provided to regulators without revealing the contents to the wider world, helping to satisfy the compliance requirements of regulatory bodies while reducing the friction between Web3 and Web2 financial institutions.
Identity Verification
Given what we’ve discussed about concealing personally identifiable information, this use case might seem a little odd at first glance. But realistically, Zero-Knowledge Proofs allow an individual to mathematically prove they’re being honest about their digital identity without revealing what that identity is.
Decentralised autonomous organisations (DAOs) could use this to allow members to vote on proposals anonymously whilst maintaining integrity within the process. A ZK Proof could be generated per each user’s vote, which confirms that the individual is a member of the DAO without revealing which member it is, eliminating any potential backlash or bias based on their choice.
Conclusion
The introduction of Zero-Knowledge technology into Web3 has been a proactive response to privacy and data security concerns that have been echoed since the concept of a blockchain first appeared.
Whether you are in the ZK-SNARK or ZK-STARK camp, it’s generally agreed that Zero-Knowledge Proofs are a great innovation with huge potential in the Web3 space.
Consequentially, Layer-2 solutions such as ZK-Rollups and newer ZK-EVM’s are further shaping the way that Web3 works, increasing scalability and interoperability, and presenting vast new commercial and individual opportunities.