It’s common to hear about web3 initiatives incorporating or aiming to incorporate ZK-proofs for increased privacy. The notion of Zero Knowledge proof (ZK-proof) is not a modern concept; it was first introduced in a paper named “The Knowledge Complexity of Interactive Proof-Systems” in 1985. In this article we will see what a ZK-proof is, offer an intuitive explanation and explore several use cases.
Whether you are a developer or a user, it’s important to understand the core concept behind ZK-Proofs because it will help you understand not only what the product is trying to achieve in matters of security and privacy but also how they are trying to achieve them.
What is a Zero-Knowledge Proof?
ZK-Proof is protocol that involves a Prover and a Verifier and enables the Prover to demonstrate the truth of a statement to the Verifier without disclosing any additional information beyond the veracity of the statement. Essentially, it allows the Prover to prove to the Verifier that they possess knowledge of a specific piece of information, without disclosing it.
How does it work? An intuitive explanation
The Ali Baba cave is a well-known story used to give an intuitive explanation of how the ZK-Proof protocol works. This story is based in a circular cave with one entrance and a magic door opened by a password located in the middle of it. It involves two actors, Bob the verifier and Alice the Prover.
Alice wants to prove to Bob that she knows the password that opens the door placed inside the cave without telling him the word itself. To do that they follows three simple steps:
- Alice chooses a random path to enter the cave while Bob waits outside without looking at her.
- Bob goes to the entrance of the cave and screams a path.
- Alice returns to the entrance using the path that Bob screamed in step 2.
If Bob screams A, and Alice returns using A it can mean two things: either Alice entered the cave through B and knows the password or entered through A and cheated. After all, there is a 50% chance of getting it right.
The key is to iterate this process until it becomes highly improbable for Alice to have cheated in every repetition, given that each time Alice is correct, the probability of cheating is halved.
Where can we apply ZK-Proofs?
Any scenario where someone needs to demonstrate the validity of some statement without giving up the information that validates it is suitable. In web3, ZK-Proofs can enhance privacy. For instance, they can be used to anonymize transactions between peers, as done in the ZCash z-address to z-address transactions, or to enable anonymous voting for decentralized autonomous organizations (DAOs).
Given the fact that the ZK-Profs are a general cryptography concept, applications can also be found for web2: financial institutions could leverage ZK-Proofs to demonstrate that a person’s income falls within a specific range, without disclosing the precise income amount or or as a proof of identity, demonstrating that the possession a valid government issued document, without giving it up.
ZK-Proofs are perfect for this kind of scenario because they can provide strong privacy guarantees without compromising the integrity of the data managed by the system.
Zero-Knowledge proofs have the potential to make the web3 space a more private and safer environment for the users. But as Uncle Ben said in the best Spider-Man movie: “with great power comes great responsibility”. We can’t ignore the fact that these tools can also be used by bad actors to perform illicit activities such as money laundering and illegal transactions. As we continue to develop and apply this technology, it is crucial to consider methods for combating its misuse without sacrificing its benefits. As web3 enthusiasts and developers this can’t be ignored and should be discussed along with the development of ZK-Proof based solutions.