As etymology might imply, the cryptocurrency space runs fairly concurrently with the cryptography space, so any development in one space often substantially impacts the other. In this sense, understanding the basics of various cryptographic concepts can prove useful to solving problems in the cryptocurrency space.
One especially relevant development is the concept of the zero-knowledge proof (ZK proof). Initially conceived in the late 1980’s, ZK proofs seek to minimize the amount of knowledge transferred from the “prover” to the “verifier” in a transaction verifying something about a quantity of data. The measurement is also known as the knowledge complexity of a transfer.
The reasons for wanting to do this are manifold, as minimizing the amount of data needed to securely prove something can dramatically increase the speed and security of a proof by reducing a transaction’s bandwidth demand and by reducing the potential to reverse engineer the transaction — and thus uncover whatever sensitive data the transaction might have implicitly dealt with. Insofar as blockchains are public ledgers, ZK proofs are used to further anonymize and protect bits of data that go through blockchains in such applications as private transactions or blockchain messaging protocols.
ZK Proofs Explained
The conditions for something to be a ZK proof are as follows:
- Completeness: If the statement is true, the verifier will be convinced of this fact by an honest prover.
- Soundness: If the statement is false, no cheating prover can convince the honest verifier that it is true, except with some small probability.
- Zero-knowledge: If the statement is true, the verifier doesn’t learn anything other than the fact that the statement is true. The statement — not the secret — is sufficient to create a scenario definitively showing that the prover knows the secret.
ZK proofs are actually surprisingly intuitive when described in a scenario, as this example shows. Suppose you have an open vault with a six-digit passcode, and you want to show your friend that you know the passcode to the vault. You could ask the friend to write a 10-word message and to put it into the vault, with the instruction to lock it immediately afterwards. In this case, the statement is the 10-word message, and the secret is the passcode. If you were to then open the vault — without revealing the code to your friend — and correctly read the friend’s message back to them, they’d be sufficiently convinced that you know the code to the vault without your having told them the code at any point of the transaction — satisfying zero knowledge.
The probability of your having guessed the password right is 1/100000, and the probability of your having guessed your friend’s message without having opened the vault is essentially zero, satisfying completeness. Soundness is mostly achieved by the recency of your friend having written the message making it difficult for them to have forgotten it.
ZK Proofs vs ZK Rollups
ZK rollups are one particular application of ZK proofs in the context of cryptocurrencies, specifically one that acts as a scaling solution for blockchains. It’s no secret that the Ethereum Network has recently struggled with the amount of traffic that it currently has to deal with, leading to ballooning gas prices, and Layer 2 solutions have come into play to alleviate these issues.
ZK rollups also enter the picture here, by bundling and securing hundreds of transactions into a single proof, which gets brought to a Layer 2 solution by way of a rollup smart contract that maintains the state of these transactions unless a validity proof is provided to change the state of a transaction. The validity proof is the only piece of information that needs to be sent, which reduces the amount of data, time and cost needed to change the state of a transaction. Examples of scaling solutions and protocols that use ZK-rollups include Loopring, zkSync, and ZKSpace.
What about zk-SNARKS?
The acronym zk-SNARK stands for Zero-Knowledge Succinct Non-Interactive Argument of Knowledge and is a type of ZK proof with small proofs and quick, succinct response times where the two parties involved with the transaction never actually interact with each other directly. In this sense, zk-SNARKs only require unilateral communication, whereas typical applications of ZK proofs require both parties to engage with each other. Beyond typical applications of ZK proofs, this unilateral aspect makes it easy to bake Tornado-like privacy into every transaction, which in turn makes zk-SNARKs a robust place to build a privacy-oriented cryptocurrency on. Zcash has done exactly this, essentially giving every address a transparent address (t-address) that acts like a Bitcoin address and a shielded address (s-address) that uses zk-SNARKs to hide the transaction history.
Where to Buy Zcash
Zcash can be purchased using fiat at most of the usual CEXs. Specifically, Gemini became the first licensed Zcash exchange in 2018 and has supported it since then, and eToro also has had Zcash among its listed tokens for quite some time.
What are Applications of Zero-Knowledge Protocols?
Within the space of blockchains and cryptocurrencies, the main applications of ZK proofs are in rolling up many transactions to construct scaling solutions and to build robust coin mixers and other privacy-oriented tools. Beyond blockchains and cryptocurrencies, ZK proofs are useful in numerous other areas, with research and experiments indicating that ZK proofs could be used to solve nuclear miscalculation and proliferation by more robustly guaranteeing disarmament. In an abstract sense, ZK proofs could also be used to ensure that, in a society of many privacy-seeking people, ethical behavior according to a predefined protocol is followed without needing an individual to reveal their every action.
For instance, a non-monetary token version of the coin shopping cart corral (famously found at Aldi’s) is a basic example of a ZK proof, at the point where verifying the token doesn’t directly monitor shopping carts in any sense. The Civic protocol has done almost exactly this with a blockchain-based Civic pass identity verification system for the purchase of restricted substances.
About Aadharsh Pannirselvam
Aadharsh Pannirselvam is a student at the University of Chicago studying Economics and Data Science while building with Blockchain Chicago and the Chicago DAO. Aadharsh works on creating easily digestible web3 and DeFi content at Benzinga while learning off of the bleeding edges of blockchains and digital assets and exploring a career in the space. He holds positions in Ethereum, Bitcoin, and various other DeFi protocols and ecosystems. Aadharsh was previously affiliated with Flipside Crypto and is currently affiliated with Galaxy Digital. Aadharsh’s opinions are his own and not financial advice. The best way to get in touch with Aadharsh is via Twitter, @aadharsh2010 or via LinkedIn.