Prove, you know a secret without actually revealing it, possible?
Your personal data like your contact information, your taste, or even your behaviour patterns are very valuable. Companies benefit from this data in two ways: by using the data to optimize the services to better appeal to you and resell it to other companies. A lot of companies try to collect as much information about you as they can so that they will be able to sell you more ads, give you a better recommendation or keep you longer on their platform
Can we put people back in control of their data?. Now of course you could say don’t use services that collect personal data. For instance, if you don’t agree with the way Facebook uses your data you could just decide to not sign up for it or even delete your account. But it’s not that simple, we don’t always have a choice. Some services genuinely require the data to serve you. Try for example getting a loan from the bank without revealing your financial history or getting health insurance without sharing health information with the insurer. Not possible right?
Is there any way by which it can be showed that your credit score is enough to get a loan, without disclosing the actual credit score, or you were in a healthy range on all metrics without revealing your actual health information?
Zero-Knowledge Proof / Zero-Knowledge Protocol (ZKP)
It’s a cryptographic method that allows one person(the prover) to prove to another person(the verifier) that they know a value X, without conveying any information apart from the fact that they know a value X
Few examples to gloss the Protocol well include-
Example 1:Prove you know Waldo’s location, without sharing the location-
Alice and Bob are racing to find Waldo in the above scene:
Alice: I know where Waldo is! Bob: Give me proof without revealing his location.
Alice brings up two solutions to prove her knowledge.
Proof 1:
Alice cuts a hole in the opaque sheet of cardboard. She places the cutout part on the original scene. Here only Waldo is shown, his coordinates relative to the rest of the scene are still unknown.
Proof 2:
Alice cuts out Waldo from the scene and shows Bob the snippet. To ensure that Alice hasn’t printed Waldo’s picture Bob can watermark the back of Alice’s scene page.
Example 2: The Magic Cave-
Consider a cave containing the magic door between C and D which requires the secret word to open it.
Consider two persons, P(the Prover) and V(the Verifier). P claims that P knows the secret magic word required to open the door and V does not.
Hence a system is devised which allows proving that P knows the secret word without actually revealing it to V. Initially, both P and V are standing at A.
Now the game begins-
- P enters the cave and takes either path B-D or B-C randomly. While P does this V waits outside the cave and is not allowed to see which path P took.
- Then V enters the cave and shouts out the path randomly through which P should return, either D-B or C-B.
- Now two cases arise-
Case 1– P knows the secret words:
P can return through the path told by V.
Case 2– P doesn’t know the secret words:
For this case, P can only return via the path P came in, if this is the path V told, then it’s good, if not P is caught lying. So there is a 50% chance that it can still be claimed that P knows the magic words, due to good luck that day.
The probability of ½ is not good enough. So P and V again repeat the process. At every iteration chances of P not knowing the magic words and being able to claim that P does know it, decreases. After 20 iterations the chances become one in a million.
Zero-Knowledge Proof must satisfy the following properties-
- Completeness – Everything that is true has a proof.
- Soundness – Everything Provable is true.
- Zero-Knowledge – Only Statement which has to be proved is revealed
Consider the Alice and Bob example-
Soundness: Assume Allice doesn’t know Waldo’s location and presents random pieces of her scene then, the cardboard holes display random images without waldo. In simple terms, Alice’s proof system does not let her cheat.
Completeness: As long as Alice finds Waldo, she’s able to consistently use her proof to show Waldo in each iteration. Simply, Alice’s proof system convince Bob that she found Waldo
Zero-Knowledge: As Alice proves to Bob that she has found Waldo, the only statement revealed was “Alice has found Waldo” without revealing Bob’s location. Simply, Alice’s proof system prove her victory to Bob, without revealing her knowledge
Why use ZKP?
Over the past few years, we were accustomed to the large banks and firms accessing and employing our personal data to deliver an enhanced experience.
Then entered Blockchain technology which enabled users to act anonymously and perform transactions with high-end security, in simple terms gave users control of their privacy and future back.
But has Blockchain really succeeded in doing so?
The answer is NO.
Many Blockchain networks use public databases. Anyone having the internet can view the list of the network’s transaction history. All the details associated with the transaction and all the wallet details can be seen, but the name of the user will still be unknown to them. Instead, they will come across as a public key- the unique code representing the user on the blockchain network.
The public key was created to safeguard your privacy to some extent. But it is still possible for one to expose you.
ZKP does not involve any complex encryption method and does not require anyone to reveal any sort of information.
In regular blockchain transactions, when an asset is sent from one end to another, the details of that transaction are visible to everyone in the network. However, in a zero-knowledge transaction, the aim is to prove the statement “this transfer of assets is valid” without revealing anything important about the transfer itself.
Applications of ZKP-
- Messaging in the Blockchain system: In messaging, end-to-end encryption is imperative so that no one can read your private message besides the one you are communicating with. To ensure security, messaging platforms ask users to verify their identity to the server and vice-versa. But, with the advent of ZKP, they will be able to build end-to-end trust in the messaging world without leaking any extra information
- Vote Verification: The most obvious example of applying ZKP with blockchain alludes to their democratic role in checking votes. ZKP’s can give reliable answers for auditable voting by recording the votes on a public blockchain (like ethereum). Subsequently, voting processes would not need any third-party confirmation alongside excluding the requirement for restriction. ZKP’s can permit voters to demonstrate their eligibility for casting a vote, along these lines preventing exposure of their sensitive personal data. Likewise, voters can request immutable evidence for consideration of their vote in the final vote count.
Conclusion
Zero-Knowledge Proofs could unleash a revolution when it comes to our online privacy. We can limit how much information a certain company has on us, while the company has just enough information to offer you a service or to comply with the regulation. ZKP is not perfect, does have certain limitations. Like the fact that it uses a lot of computational power. But it’s a lot better than just giving all our data away and let it be collected in huge databases. The use of ZKP will have an enormous impact in finance, health care, and other industries, by enabling transactions while safeguarding data privacy.
– By Tanmay Ranaware, Third Year Department of Electrical and Electronics Engineering