Zk-SNARKs better known as the zero-knowledge succinct non-interactive argument of knowledge refers to a proof construction where one individual can prove to have possession of specific information like a secret key but without revealing the information. Also, without any interaction between the one who is proving and the one who is verifying.
These proofs allow an individual to prove to another that a statement is true; however without disclosing any information that is beyond the validity of the statement. So far, there are a few projects that are using Zk-SNARK proofs including Zcash, JP Morgan blockchain based payment system and also as a way to securely authenticate various clients to servers.
However, it’s worth noting that Zcash is the first widespread application of the technology. While there are other privacy coin projects like Monero that employ ring signatures and some other techniques to create smoke screens around transaction information effectively, Zk-SNARKs have fundamentally changed the way data is shared.
Zcash derives its privacy from the fact that transactions in the network can remain encrypted and still be verified as valid using zero-knowledge proofs. This means that those that are enforcing the consensus rules don’t have to know about all the data that is underlying in each transaction. It’s worth noting that the privacy features in Zcash are not activated by default but they are somewhat optional and one has to do a manual setup.
Table of Contents
History of Zk-SNARK
Zero-knowledge-proofs is the brainchild of three MIT researchers namely Silvio Micali, Goldwasser and Charles Rackoff. They developed the idea as they worked on some problems that were related to interactive proof systems. Interestingly, before they discovered the zk-SNARKS technology, there was an assumption that the “prover” was the malicious individual in any scenario, so the assumption was that s/he would be the one who tries to fool the verifier.
However, these three researchers filliped this idea and started questioning the morality of the verifier instead. They did this by illustrating how much knowledge the verifier would get know about the prover during the verification process. They pondered how they would be sure if the verifier was not going to leak the acquired knowledge.
Properties That Are Necessary For Zero Knowledge Proof To Work
For ZKP to work the following parameters need to be satisfied;
- Soundness – if the prover is dishonest; they will not be able to convince the verifier of the soundness of the statement through lying.
- Completeness – if the statement is true then an honest verifier can easily be convinced of it by an honest prover.
- Zero-Knowledge – if the statement is true then the verifier will have no idea what the statement is going to be.
A Breakdown of Zero-Knowledge Succinct Non-Interactive Argument of Knowledge
- Zero-Knowledge – this refers to a proof of construction where one can prove to possess information without having to reveal the piece of information. For example, Kelvin can prove to Alvin that the hash value of a random number does exist without having to tell what that random number is.
- Succinct – this tells that the zero-knowledge proof can be verified quickly, including proofs that have large statements. This is unlike the past with previous zero-knowledge protocols where the prover and the verifier had to engage in several rounds of communication so that they could validate a proof.
- Non-interactive – this means that the verifier doesn’t have to interact with the prover to validate zero-knowledge proof. Instead, the proving party can publish their proof in advance, and the verifying party can ensure its correctness.
- Arguments– here the verifier is only protected against provers whose computational power is limited. In case the prover happens to have enough computational power, they can create proofs/arguments about wrong statements. It’s important to note that a prover with enough computational power can break any public key encryption.
- Of Knowledge – it’s impossible for the prover to construct a proof/argument without knowing a certain “witness” in this case the address he intends to spend from, the path to a specific Merkle-tree node or the preimage of a hash function.
How Zk-SNARKS Works
On its basic level, a Zk-Snark consists of 3 algorithms; G, P and V. G is a key generator. It takes an input “lambda” (which has to be kept confidential and should not be revealed under any circumstances) and a program C.
G proceeds to generate two publicly available keys, i.e. a proving key pk and a verification key vk. Both of these keys are both public and are available to any of the concerned parties.
P represents the prover who is going use the proving key pk, a random input x (which is publicly available) and the private statement – three items as input to prove the knowledge of a statement without revealing what it is.
Using the example of “w” as the private statement the algorithm generates a proof (prf) such that: prf= P(pk,x,w). So, in this case, the verifier algorithm has returned a boolean variable. Usually, a Boolean variable has only two choices; either TRUE or FALSE.
The verifier then takes the verifying key, the public input x, and the proof prf as V(vk,x,prf) and returns TRUE if the prover is correct or False if otherwise.
Future Applications of The Tech
Being able to create shielded transactions on Zcash is just one of the many possible applications of this technology. Theoretically, zk-SNARKS can be used to verify any relation but without revealing the inputs or leaking information.
Also, with Ethereum entering the Metropolis phase, the platform plans to introduce Zk-SNARKs as one of the various changes that are going to make it more abstract and privacy-friendly.
There is no doubt the introduction of zero-knowledge proofs is going to be a huge game changer for the smart contract platform.
However, how the integration will happen remains to be seen, but there is plenty of excitement stemming from the theoretical concepts.