Proving knowledge of a secret is a common requirement in security.  For example, passwords are the most common form of user authentication.  If a user can provide the correct password, they are granted access to their account.

One of the limitations of password-based authentication is that it requires both parties to know the secret.  To validate a user’s password, the server needs to know their password as well (or at least its hash).  Additionally, proving knowledge of the password can expose it, especially if authentication is performed over a public medium like the blockchain.

Zero-knowledge proofs (or ZKPs) provide an alternative to this.  With a ZKP, the prover can prove knowledge of a secret without revealing the secret itself.

Introduction to Zero-Knowledge Proofs

Imagine that you have a red-green color-blind friend that doubts that red and green are actually distinct colors.  With two differently colored but otherwise identical balls, it is possible to prove this without revealing the actual color of each ball.

In this proof, the verifier (the color-blind friend) conceals both balls.  They then show the prover one ball and conceal it again.  They show the prover one ball and ask if the two balls shown are the same ball.

In theory, the only way that the prover would be able to distinguish the balls is by color (they’re the same color, randomized before being shown, etc.).  If the prover is telling the truth, they will always be able to state whether the two balls are the same.  If they are lying, they have a 50% chance of being correct each time.  By performing the proof multiple times, it is possible to decrease the probability of guessing right every time while lying to near-zero.

This is an example of a ZKP because it proves that the balls are different colors without revealing which ball is which color.  The prover never identifies the color of a ball, only if two balls are the same or different colors.  This allows them to keep the secret but demonstrate to the verifier that they know this secret.

ZKPs and the Blockchain

The blockchain’s digital ledger is completely transparent, meaning that everyone can see everything.  The need to validate transactions and execute smart contract code means that the source destination and contents of transactions are visible to all blockchain accounts.  As a result, there is limited privacy on the blockchain because anyone can see the contents of an account’s wallet and every transaction that it has performed.

ZKPs have the ability to improve privacy and security on the blockchain by enabling transaction validation without revealing the contents of a transaction.  For example, a financial transfer (like sending Bitcoin) is valid if the inputs to the transfer are unique and the sum of the inputs and outputs are equal.  A ZKP that demonstrates this while keeping the allocation of outputs secret improves privacy on the blockchain.

Several blockchain protocols are using or actively researching the use of ZKPs to improve privacy on the blockchain.  Common examples include zk-SNARKs and zk-STARKs.  These proofs are designed to be non-interactive, meaning that a proof can be generated and published on the blockchain and that a verifier can validate this static proof without the interaction required by our example ZKP above.

ZKPs and Blockchain Security

Zero-Knowledge Proofs enables blockchain users to achieve both privacy and security.  Without ZKPs, validation of transaction data requires that data to be publicly visible.  A ZKP allows a verifier to determine that something is true or a transaction is valid without needing to know the details.

ZKPs also have other benefits for the blockchain.  For example, Ethereum is examining the use of ZKPs as a scaling solution, boosting the throughput of the blockchain without changing the block size or rate.

Rob Behnke
04.17.2022