Zero-Knowledge Proof – How It Works

A typical blockchain transaction shows the wallet addresses of the parties and the amount involved. If someone knows one of the parties behind the addresses in real life, they can know how much they are worth or what they are up to.

This is why privacy is of utmost priority in the blockchain industry. Zero-knowledge proofs add a layer of privacy to make on-chain activities more discreet. Blockchain companies are adopting zero-knowledge proofs at a fast rate. This is evidenced in the recent launching spree of ZKEVMs and ZK-rollups.

Amidst all the hype, the whole idea of ZK needs to be clarified to many people. This article thoroughly explains every important thing you should know about it.

What Is Zero-Knowledge Proof?

Zero-knowledge proof is a technique used in cryptography that enables one party to prove to another that they know a certain piece of information without actually revealing the information itself. For instance, a blockchain protocol can prove with ZK that they are solvent without stating their exact amount in the reserves.

Although zero knowledge might be a popular concept now, it has existed since 1985. The term surfaced in an academic paper entitled “The Knowledge Complexity of Interactive Proof Systems” by Goldwasser, Micali, and Rackoff (1985). The main motivation was to prove the validity of a thing without providing additional information about it. This led them to discover the zero-knowledge concept through polynomials and modern algebra.

In addition, it’s worth mentioning that zero-knowledge proofs are more probabilistic than deterministic. What does that mean? An element of trickery and cheating tends to exist in zero-knowledge communication. The prover might want both the protocol and verifier to believe that a false statement is true. The 100% absolute truthfulness of zero-knowledge proofs is not guaranteed. All the same, the generated proofs indicate beyond a reasonable doubt whether a witness is true or not.

How Zero-Knowledge Proof Works

Zero-knowledge proofs work based on the level of interaction.

Interactive Zero-Knowledge Proofs 

In zero-knowledge proof, there are typically two parties involved: a prover who wants to show they have the knowledge and a verifier who checks the prover’s claim. In cryptography, the secret that the prover knows is called the “witness.” The verifier must have a challenge-response interaction to ascertain the prover’s knowledge.

The verifier starts the challenge by picking random questions and requesting immediate answers. The prover, in turn, sends the answers back to the verifier. The prover may fake one or two answers. So the verifier asks tons of questions and gets correct answers for each. This is important to be sure there are no elements of guesswork. 

If the prover can answer all the bundles of questions correctly, then the other party can be sure that they know the secret they claim to know. For example, John claims to know Jane’s Twitter password but won’t reveal it. To prove his knowledge, Jane asks him questions about the password:

1. How many characters does my password have? John: 8 characters
2. What ends my password? John: The # sign.
3. What are the numbers in the password? John: 419

From the conversations above, it is clear that John knows the password even though he does not say it plainly or disclose how he got to know.

Non-Interactive Zero-Knowledge Proofs  

The interactive proving method can be quite unsuitable in real-life applications for two main reasons:

• The proofs require more than 1 round of confirmation 
• The proofs will be unavailable for independent assessment 

Three cryptographers—Silvio Micali, Manuel Blum, and Paul Feldman—picked this as a research topic in 1988. They came up with the idea of non-interactive ZK, which they explained in their paper “Non-interactive zero-knowledge and its applications.”

How does it work? Both the prover and verifier have a shared private key. The former commits secret knowledge into an algorithm to generate a zero-knowledge proof. On the other side, the latter also cross-check the validity of the proof through another algorithm.

Unlike its counterpart, non-interactive proofs are only generated once for convenience. So once the prover proves the validity of a statement, there is no need for subsequent rounds of confirmation. The single-generated proof suffices every time. In addition, anyone with access to the shared private key and algorithms can also cross-check the proof independently. Most protocols use the non-interactive method.

Basic Principles Of Zero-knowledge Protocol

A typical zero-knowledge protocol must have three important qualities — completeness, soundness, and zero-knowledge. These qualities are the basic principles of any zero-knowledge protocol.

1. Completeness

Zero-knowledge protocols should be able to revert in the affirmative if and only if the witness is indeed true. That is if the prover makes a truthful statement, the facilitating protocol should be able to return the “true value” to the verifier. 

2. Soundness

The protocol must be intelligent and uncompromisable. The prover should not be able to trick it into returning true when the statement is false. This unwavering degree of soundness is needed to maintain zero-knowledge integrity.

3. Zero-knowledge 

This is the game-changer. The verifier must not know beyond what the prover wants them to know. The verifier will discover the information attached to the statement if there is no zero-knowledge privacy.

Types Of Zero-Knowledge Proofs 

There has been a huge development in the zero-knowledge space. As a result, there are now different prominent zero-knowledge schemes.

1. ZK-STARK

In 2018, Eli-Ben Sasson of Starkware and three other researchers masterminded STARK –a Scalable Transparent Argument of Knowledge. It proves the validity of witnesses off-chain and returns the verified responses on-chain.

STARK creates bigger proof sizes but is faster, more scalable, and more transparent than other ZK schemes due to off-chain calculations and public randomness methods.

2. ZK-SNARK

Another popular zero-knowledge scheme, SNARK is an acronym for Succinct Non-Interactive Argument of Knowledge. It handles relatively smaller proof sizes, unlike STARK. Non-interaction is an impact attribute of ZK-SNARK proofs. Both the prover and verifier only need to interact once. This is where the trusted setup ceremony also comes in

“A trusted setup ceremony is a procedure that is done once to generate a piece of data that must then be used every time some cryptographic protocol is run.”
Vitalik Buterin on trusted setups

Each party must contribute random values or public parameters to initiate the trusted setup ceremony. But there is a danger — the random values must not leak to a dishonest prover so they don’t generate false proofs. Therefore, one of the parties must delete their random values to ensure soundness in the transaction.

To dive deeper into specific zero-knowledge proof systems, explore our detailed comparison of ZK-SNARKs vs ZK-STARKs and understand their distinct characteristics.

3. ZK-SNORK

SNORK stands for Succinct Non-Interactive Oecumenical (Universal) Arguments of Knowledge. SNORKs are adaptations of SNARK with a few differences. First, they are universal so that a single setup can work for several applications, and parameters are stored in a library. Secondly, their trusted setups are updateable.

SNORKs currently have 3 variations — Sonic, PLONK, and Marlin.

Sonic. Maller et al. (2019) came up with Sonic. Its setup does not terminate after the first contribution. Instead, it can keep adding loops of as many contributions as possible. Sonic utilizes a more sizable form of global parameters. So a user can store and verify parameters even on a laptop.

PLONK. Ariel Gabizon, Zachary J. Williamson, and Oana Ciobotaru (2022) developed Permutations over Lagrange-bases for Oecumenical Non-Interactive arguments of Knowledge (PLONK) to fix a major problem of Sonic: high-proof construction overheads. PLONK has a faster proving time and fully succinct verification.

Marlin. Marlin is a new variant of SNORKs. It was designed for systems that require individual rather than batched verification. In short, Marlin seeks to fix the inadequacies of Sonic.

4. Bulletproofs

Bunz et al. (2017) introduced Bulletproofs as a trustless scheme with short proofs. Unlike other SNARK schemes, it is not about the validity of a particular statement. Instead, it proves that a piece of hidden information is within a particular range. For instance, Bulletproofs can verify whether Jane is a Gen Z, but it will conceal the exact age.

Attributes	STARK	SNARK	SNORK	Bulletproof
Trusted setup	No	Yes	Yes	No
Post-quantum security	Yes	No	No	No
Prove	Actual data	Actual data	Actual data	Range
Universality	No	No	Yes	No
Prover-verifier Interaction	Multiple times	Once	Once	Depends
Prove Size	Large	Small	Small	Small

Advantages and Disadvantages of Zero-Knowledge Proof 

ZKP Advantages

Zero-knowledge proofs brought a lot of innovations into the blockchain space, including

1. Data Privacy: There is no disclosure of underlying transaction data; it implements complete anonymity.
2. Tighter Security: ZK utilizes deeper cryptographic encryption mechanisms. Thereby enhancing transactional security.
3. Faster Transactions: It led to the creation of other innovations, such as ZK-rollups, which facilitate more speedy transactions.

ZKP Disadvantages

Although not glaring on the surface, Zero-knowledge proof has some limitations and shortcomings.

1. It Is Not Deterministic: There is no 100% assurance that the generated values are true. There is only a high probability that they are.
2. Losing Touch with the Actual Secret: Since ZK verifies without necessarily disclosing the hidden information, no one might ever know the actual underlying secret.
3. Responses Can Be Corrupted: A dishonest prover might tamper with the challenge and response sessions to return a falsified result.

Enterprises Using Zero-Knowledge Encryption 

Some companies are already incorporated ZK into their tech stack.

1. Polygon
   Polygon is one of the most prominent Ethereum layer 2 blockchains utilizing zero knowledge in its architecture. It is a zero-knowledge rollup that scales Ethereum by making transactions faster and cheaper. Polygon also launched a zero-knowledge Ethereum Virtual Machine (zkEVM). This groundbreaking development makes it possible to execute smart contracts deployed on Ethereum more discreetly with ZKP.
2. Scroll
   Ethereum gas fees spike because transactions compete for block space. Scroll introduced zero-knowledge computational methods to increase blockspace to avoid transactional stampedes. Apart from being a rollup, Scroll also has a native zkEVM infrastructure.
3. Starknet
   StarkWare is an L2 on Ethereum. The protocol was founded on the research of Eli Ben-Sasson cited above. It rolls batches of transactions out of the Ethereum mainnet, processes them with ZK-STARK, and returns them. A StarkWare-centric programming language, Cairo is used to build smart contracts on Starknet.
4. zkSync
   zkSync is a layer 2 solution that enhances the performance of Ethereum with zero-knowledge rollup. It processes transactions outside the Ethereum mainnet with ZK proofs for optimized speed. The Matter Labs team founded and managed zkSync in 2020 to scale Ethereum. Its transaction speed is around 3000 transactions per seconds.
5. Aztech
   Aztech is one of the protocols currently using the PLONK scheme. It was designed to usher in the level of privacy of private blockchains to public ones. Aztech thrives on 3 principles – privacy, accessibility, and compliance. It also utilizes its native ZK-compliant smart contracts language called Noir.
6. Zcash
   Zcash was one of the earliest DeFi projects that shipped ZK mainstream. It is a SNARK-powered protocol that provides complete anonymity in DeFi. During the first trusted setup ceremony in 2016, Zcash run into a serious security issue. A critical bug, that was discovered two years later, allowed the generation of unlimited Zcash coins. The flaw had no effect on transaction privacy, but still compromised the security foundation. The dev team kept the issue secret for 90 days and finally addressed it during the Sapling setup ceremony. The addresses of transacting parties on Zcash remain largely untraceable.
7. Mina
   Unlike Starknet, an L2 protocol, Mina is a complete L1 blockchain utilizing the ZK tech. It boasts of being the lightest blockchain. It has a fixed size of 22 KB. Its simple design makes it easy for users to know its current state, even from their smartphones.
8. Loopring
   This is one of the most popular ZK-based L2 and dApp that services the DeFi industry. Its DeFi platform facilitates swapping and swift payment. It also provides low transaction fees.

Zero-Knowledge Proof Use Cases

ZKP introduced many tangible innovations, including:

1. Maintenance Of Trade Secret

Trade secrets are sensitive pieces of industrial information that a company’s product unique. ZK is a ground-breaking technology that can help preserve trade secrets without actually spilling them.

2. Anonymous Payments

Wallet addresses blockchain is traceable; thereby threatening the extent of their privacy. ZKP conveniently conceals the identity of the transacting party.

3. Personal Data Privacy

Personal data privacy is important. ZKP helps individuals to avoid disclosing sensitive pieces of information. For instance, someone can prove with ZK that they have a Driver’s License without showing their actual license, which contains their age, occupation, and other personal information.

4. Authentication

ZKP technology is set to make authentication easier than ever before. No need to cram long passwords or input personal details all the time. A ZK-proof will fast-track the authentication process.

5. Scaling Solutions

Zero-knowledge has brought in so many solutions to fix the inadequacies of some blockchains like Ethereum. Projects like Starknet, Aztech, and Polygon ZKEVM are leveraging the ZK technology to enhance the efficiency of blockchains.

Final Thoughts 

Blockchains are getting more creative with what they can achieve with ZKP. For instance, Binance recently launched its ZK-Proof-of-Reserve, where it can prove its solvency without disclosing further critical details. At the same time, companies using ZK tech should be security conscious. ZK protocols or programs are not immune to hacks. We recently discovered and alerted the Binance team about a bug in their ZK-Proof-of-Reserve. On this note, we recommend a thorough ZK audit for any Web3 company using ZKP technology.

---

FAQ