ZK Proofs and Their Implications for Privacy in Crypto
7 min read
They’ve been around for years and yet it’s only now with the emergence of decentralized blockchain networks that zero knowledge (ZK) proofs have finally achieved a feasible real world use case. So what are they and what are their implications for privacy in crypto?
What are ZK proofs?
The origins of ZK proofs date back to a research paper published in 1985. At the time, the MIT research team termed ZK proofs as “those proofs that convey no additional knowledge other than the correctness of the proposition in question." Put in the context of a payment, it’s a means for one party to a transaction to prove to the other party that the transaction has occurred and is legitimate without revealing additional information.
2 years later the breakthrough was discussed in a New York Times article titled "New approach to guarding secrets developed." And for an age, that was as far ZK proofs went. For years the research failed to capture anyone’s imagination as it simply hadn’t found anything in the way of a practical use case.
The lack of software tooling, fast hardware, and alternative options prevented ZK proofs from going mainstream. Fast forward to recent years and the emergence of blockchain has finally given ZK proofs the lease of life that they were always deserving of. This is similar to how advances in computing and software have enabled neural networks to flourish, even though the algorithms had been around for a while.
Privacy-centric cryptocurrency Zcash was the first blockchain to incorporate ZK proofs as a mechanism to maintain the privacy of a transaction on the network.
Bitcoin and most other blockchains have both the benefit and Achilles heel of publicly transparent transactions. Yet for most, it goes too far. Most people would prefer that nobody knows what they paid someone or how much they paid them. Nobody in their right mind would publicly publish their bank account balance, yet anyone can look up that information for a given wallet address on a blockchain explorer.
How ZK proofs work
At a fundamental level, ZK proofs involve two parties to a transaction, a verifier and a prover. The verifier requires the prover to perform a specific task which would only be possible if the prover had knowledge of a wallet’s private keys. The prover doesn’t reveal the private key itself, just associated knowledge.
In this way, it provides a mechanism through which only the most essential information is revealed. Otherwise, the user’s privacy is maintained while both parties can trust in the transaction having been completed.
There are three essential properties of a ZK proof:
Completeness: The claim needs to be irrefutable and the completeness of a ZK proof sees to it that a prover is honest.
Soundness: If the claim is disingenuous, the odds of the claim persuading the verifier that it is genuine are slim. The verifier will reject the ZK proof if the claim is untrue.
Zero Knowledge: In the case of an accurate claim, the only information that the verifier receives is that the claim is valid. Data that is otherwise not relevant to the transaction remains private.
But how does the zero knowledge aspect of this proof system work in a practical sense? Cryptography isn’t the easiest thing in the world for many of us to grasp and so, some researchers thought up an example based around the puzzle book, ‘Where’s Waldo?’ back in 1999.
Let’s say that the verifier wants to demonstrate to the prover that he/she knows where Waldo is on an illustrated drawing. The verifier doesn’t want to reveal his actual location within the drawing or any other information. The illustration is covered with a sheet of cardboard with a tiny cutout in it.
The verifier aligns the cutout with Waldo and then shows this to the prover. The exercise proves that the verifier has found Waldo without revealing any further information. The verifier could have just got lucky and so the exercise is repeated. Every time it’s repeated with the verifier demonstrating that he/she has found Waldo, the odds of this having happened by chance reduce ultimately to a point where such an occurrence is statistically unlikely.
That’s a rough example of how a ZK proof works. Applying it to a smart contract, there are all manner of details within a smart contract that one party may not be keen on revealing.
ZK proof adoption within the Ethereum ecosystem
While ZK proofs may have started out in blockchain with networks such as Zcash, their use has really exploded within the Ethereum ecosystem as developers try to solve for scalability. Ethereum in its current form doesn’t scale, resulting in exorbitant transaction fees, together with transaction speed and throughput limitations.
Scaling has been the primary motivator but privacy isn’t far behind as a consideration. Various forms of ZK proofs are being implemented on Ethereum layer 2 chains such as Polygon. As with everything in life, they also come with disadvantages. They don’t have great support when it comes to the Ethereum Virtual Machine (EVM). Furthermore, there is a computational overhead which can be difficult to account for.
With that, developers in the blockchain space are also building out systems based on optimistic roll-ups. Naturally, they too come with their own merits and demerits. It’s a subject that’s deserving of an article all of its own so we won’t stray any further into the area of optimistic proofs today, particularly given that they don’t bring with them the same privacy gain that ZK proofs do.
Privacy vital for further DeFi adoption
In a recent interview, Sergey Nazarov, Co-founder of the Chainlink network, underscored just how important a role ZK proofs will play. Chainlink is an oracle network built on Ethereum that allows blockchain networks to interact with real world data.
It’s not just individuals who would stand to benefit from greater privacy within blockchains. Nazarov identified the lack of privacy in existing blockchain networks as being a barrier to entry for many corporations when considering getting involved in DeFi. A core problem for enterprises is how can contract details be kept private?
Nazarov believes the solution is to do the computation outside of the chain but provide the proof of the outcome of the off-chain computation on the chain. He cites ZK proofs as being key to providing a level of privacy to allow the institutions to enter and participate in DeFi in a significant way.
For an institution, there may still be sensitivity in terms of who carries out such an off-chain computation with their data. However, it will be possible for the institution to select a specific node to carry out that computation.
With the node having being selected by the institution on the basis that the institution decides that it can trust that third party, privacy is preserved. Chainlink has already enabled this ZK proof-driven privacy feature through its DECO product.
The use of ZK proofs within the blockchain arena has been a recent development and one that is building up considerable momentum. In a recent tweet, Soona Amhaz, Managing Partner at crypto-native venture capital firm Volt Capital, cited the large-scale research and development being applied to the application of zero knowledge-based implementations within crypto as one of a number of positive signs in the future development of the sector.
Ethereum co-founder Vitalik Buterin believes that while ZK roll-ups using validity proofs is an early stage technology, development will continue, with this approach likely to win out over optimistic roll-ups over the medium to long term.
Varun Shenoy, partner at venture capital firm Contrary, echos this sentiment. In a recent tweet he stated that ZK proofs are just taking off and that they will revolutionize how we think about privacy and scaling computation.
While we mainly associate ZK proofs with Zcash and the Ethereum ecosystem in crypto, it's less well known that Bitcoin creator Satoshi Nakamoto had pondered how to incorporate ZK proofs as early as 2010. Work by ZK roll-up research John Light suggests that consideration relative to Bitcoin continues. In a recent report, Light concludes that validity rollups (an application related to ZK proofs) could be a good fit for Bitcoin and is deserving of more research, experimentation and observation. Pursuing this technology could unearth new capabilities for Bitcoin in terms of privacy and transaction throughput as well as support for more expressive smart contracts.
While everything is fluid and formative in the blockchain space right now, it certainly seems like we are likely to be hearing more about ZK proofs as development progresses. With ZK proofs in their ascendency at the very same time as decentralized identity, the restoration of privacy stands a fighting chance.