In this article, you will learn what are zero- knowledge proofs. All of the developers are trying to keep the crypto blockchain safe and to add innovative features. Among them, zero-knowledge proofs can provide users with a higher level of privacy when transacting in cryptocurrency.
What are Zero-knowledge proofs?
A zero-knowledge proof is a way of proving the validity of a statement without revealing the statement itself. The 'prover' is the party trying to prove a claim, while the 'verifier' is responsible for validating the claim.
Zero-knowledge proofs first appeared in a 1985 paper, “The knowledge complexity of interactive proof systems” which provides a definition of zero-knowledge proofs widely used today:
A zero-knowledge protocol is a method by which one party (the prover) can prove to another party (the verifier) that something is true, without revealing any information apart from the fact that this specific statement is true.
Zero-knowledge proofs have improved over the years and they are now being used in several real-world applications.
Why Do We Need Zero-knowledge Proofs?
Zero-knowledge proofs represented a breakthrough in applied cryptography, as they promised to improve security of information for individuals.
Personally Identifiable Information (PII) shared with third-party services is stored in central databases, which are vulnerable to hacks. With identity theft becoming a critical issue, there are calls for more privacy-protecting means of sharing sensitive information.
Zero-knowledge proofs solve this problem by eliminating the need to reveal information to prove validity of claims. The zero-knowledge protocol uses the statement as input to generate a succinct proof of its validity. This proof provides strong guarantees that a statement is true without exposing the information used in creating it.
Types of Zero-knowledge Proofs
1. ZK-SNARKs
ZK-SNARK is an acronym for Zero-Knowledge Succinct Non-Interactive Argument of Knowledge. The ZK-SNARK protocol has the following qualities:
- Zero-knowledge: A verifier can validate the integrity of a statement without knowing anything else about the statement. The only knowledge the verifier has of the statement is whether it is true or false.
- Succinct: The zero-knowledge proof is smaller than the witness and can be verified quickly.
- Non-interactive: The proof is 'non-interactive' because the prover and verifier only interact once, unlike interactive proofs that require multiple rounds of communication.
- Argument: The proof satisfies the 'soundness' requirement, so cheating is extremely unlikely.
- Knowledge: The zero-knowledge proof cannot be constructed without access to the secret information. It is difficult, if not impossible, for a prover who doesn't have the witness to compute a valid zero-knowledge proof.
The 'shared key' mentioned earlier refers to public parameters that the prover and verifier agree to use in generating and verifying proofs. Generating the public parameters is a sensitive operation because of its importance in the protocol's security. If the entropy (randomness) used in Generating the CRS gets into the hands of a dishonest prover, they can compute false proofs.
Multi-party computation (MPC) is a way of reducing the risks in generating public parameters. Multiple parties participate in a trusted setup ceremony, where each person contributes some random values to generate the CRS. As long as one honest party destroys their portion of The entropy, the ZK-SNARK protocol retains computational soundness.
Trusted setups require users to trust the participants in parameter-generation. However, the development of ZK-STARKs has enabled proving protocols that work with a non-trusted setup.
2. ZK-STARKs
ZK-STARK is an acronym for Zero-Knowledge Scalable Transparent Argument of Knowledge. ZK-STARKs are similar to ZK-SNARKs, except that they are:
- Scalable: ZK-STARK is faster than ZK-SNARK at generating and verifying proofs when the size of the witness is larger. With STARK proofs, prover and verification times only slightly increase as the witness grows (SNARK prover and verifier times increase linearly with witness size).
- Transparent: ZK-STARK relies on publicly verifiable randomness to generate public parameters for proving and verification instead of a trusted setup. Thus, they are more transparent compared to ZK-SNARKs.
ZK-STARKs produce larger proofs than ZK-SNARKs meaning they generally have higher verification overheads. However, there are cases (such as proving large datasets) where ZK-STARKs may be more cost-effective than ZK-SNARKs.
Bottom Line
Zero-knowledge proofs can be used in many ways such as Anonymous payments, Identity protection, Authentication and Verifiable computation. But there are some drawbacks too. You can learn about what are zero-knowledge proofs in this article.
