Can I cast my vote without revealing my date of birth? Can I obtain a loan without revealing my current salary? Can I fulfill auditory requirements without revealing my customer’s private data?
The answer to all these questions is a “yes”, provided techniques, such as Zero Knowledge Proof (ZKP), a technique by which a prover can convince the verifier of a fact without revealing the actual content, are leveraged. ZKP operates on three basic tenets:
- Completeness – If a statement is true then the verifier will be convinced that prover possesses the correct input
- Soundness – If a statement is false then no dishonest prover can convince verifier that they have the correct input
- Zero knowledge - if a statement is true then no verifier learns anything other than the fact that the statement is true
Zero Knowledge Proof techniques have been around for almost three decades. A renewed interest in ZKP amongst industry leaders and researchers is observed which can be attributed to increased adoption and application of blockchain technology.
Why blockchain and ZKP?
Since public blockchain platforms do not provide capabilities to address data and transaction privacy, there is an imminent need to apply ZKP techniques. In a typical blockchain setup, all transactions are broadcast to all participants and the details of interaction meant for two parties is visible to others as well. And this can result in breach of privacy and/or confidentiality. In such cases ZKP can ensure that others only know that a valid transaction has taken place, but no information is available to them about the sender, recipient and type/quantity of asset transferred.
One of the most popular techniques is zk-SNARKS (zero knowledge – Succinct Non-Interactive Argument of Knowledge). This technique can be used to define a quadratic equation which takes public data (known to all) and private data (only known to prover) and inputs to generate proof, which can then be validated by the verifier. For example, ZCash is the first cryptocurrency to implement zk-SNARKS. Potentially there could be other use cases also, such as proving one’s age without sharing date-of-birth or proving one’s identity without sharing details of their identity proof, etc.
This need was evident during our participation at ZKProof 2nd Workshop. This event was attended by industry and technology leaders, startups, researchers and academicians with the intent of sharing and collaborating on the following topics:
- Application of ZKP techniques to real-life use cases, in which we demonstrated the application of using zero knowledge and blockchain to support the audit requirements for Unsolicited Commercial Communication
- Innovations and research findings related to existing techniques of interactive and non-interacting ZKP techniques in which zk-SNARKS and its variants were covered
- Breakout sessions focused on brainstorming on ideas, ranging from establishing interoperability between different zero knowledge systems to defining standards in the areas of security, application and implementation of zero knowledge techniques
While ZKP used with blockchain does solve the problem of data privacy and security for cryptocurrency use cases, the current implementations require significant computational power to generate the zero knowledge proofs. As complexity of the problem to be solved increases, the proof generation, which involves executing arithmetic circuits in the range of 106 to 1012, becomes more compute intensive. Therefore, efficient and modular ZKP implementations are the need of the hour. In the ZKProof workshop, the efficiencies being introduced to various implementations, such as Bulletrproofs, zk-SHARKs, LegoSNARK, Distributed ZKP etc. were also discussed.
It is evident that public blockchain platforms will require ZKP techniques but at the same time certain alternatives are also available:
- Permissioned blockchain platforms, such as Quorum, Hyperledger Fabric and Corda, which provide the capability of executing private transactions between two or more participating nodes. This ensures that the transaction details pertaining to the sender and recipient are part of a private ledger and will not be revealed to unauthorized participants.
- EEA (Enterprise Ethereum Alliance) is coming up with Trusted Compute Framework specifications which will comprise of a hardware secured off-chain environment that protects the data and business logic and at the same time offloads transaction processing from blockchain
- Self-Sovereign Identity management platforms provide the concept of pair-wise decentralized identifiers and verifiable claims that can be presented to third party service providers without revealing all the details of a person or entity and thus protecting privacy
Privacy and confidentiality will continue to be an area of concern in this digital age. Therefore methods, such as ZKP show great promise in enforcing “honest” behavior and determining transaction “validity” without compromising the sensitive details. The usage and application of zero knowledge techniques in conjunction with blockchain is bound to increase as more efficient techniques get invented in the near future.