In a world increasingly anxious about privacy and exploitation of one’s personal data by governments, corporations, social media platforms and banks, zero-knowledge proofs may offer some relief.
Indeed, this emerging cryptographic protocol could partially remedy two rapidly growing global deficits: privacy and truth.
ZK-proofs have already found a home within the cryptocurrency and blockchain sector — enabling scaling protocols to make Ethereum transactions faster and cheaper, for example. But this may just be the beginning.
One day, ZK-proofs could help convince your bank that your income is above a certain threshold — to qualify for a mortgage, for example — without revealing your actual income. Or prove to the election authorities that you are a resident or citizen without giving them your name, driver’s license or passport.
ZK-proofs open up a new world of potential applications, including “anonymous voting, decentralized games, proving personal information without fully disclosing your personal information, and fighting against fake news by proving the source of the news,” Polygon co-founder Jordi Baylina tells Magazine.
To this point, some in the cryptographic community already view ZK-proofs as a potential weapon in the looming struggle against false information, including AI-altered documents, images and identities.
“We may have a technological battle for truth coming up where ZK can play a critical part,” prize-winning cryptographer Jens Groth tells Magazine. “There is this idea of proof-carrying data,” i.e., data that carries within itself proofs of correctness including origin and provenance data, “so nirvana would be that all data we get are verified data.”
In some industry sectors like finance, ZK-proofs may profoundly alter how business is conducted. “We see this revolutionizing the audit industry,” Proven co-founder and CEO Rich Dewey tells Magazine in connection with ZK-enabled proof-of-solvency protocols, like the one his tech firm has developed. “The only question is the timeline.”
Table of Contents
ToggleRequiring fewer resources
Even though ZK-proofs were first presented back in the 1980s by researchers Shafi Goldwasser, Silvio Micali and Charles Rackoff, only in the past decade have they had their “big breakthrough,” according to Baylina.
“Now it’s possible to prove any generic statement.” This statement — sometimes called a circuit — “can be programmed with a specific language and can be anything,” Baylina says.
ZK-proofs are computationally complex, which has arguably slowed their development, but their core intuition seems simple enough. As described in a forthcoming paper by the Federal Reserve Bank of St. Louis:
“By using a zero-knowledge proof (ZKP), a party can prove to other parties that a computation was executed correctly. There is no need to replicate the computation—only the proof needs to be verified. Ideally, verifying a ZKP needs significantly less resources than re-executing the computation.”
What follows are some of the promising ZK-proof use cases on the table today — beyond the strict confines of the crypto sector — that may or may not involve the use of blockchains.
Verifying digital voting
Electronic voting has been slow to catch on globally, but if and when it does, the odds are that ZK-proofs will play a prominent part. ZK-proofs are already being used in e-voting systems in trials in a number of Swiss towns and cantons, Dahlia Malkhi, distinguished scientist of Chainlink Labs, tells Magazine.
“ZK-proofs can add verifiability to an online election, allowing anyone to check that the votes were counted correctly,” explains Malkhi, without revealing how individuals voted — a key concern with electronic voting, she says.
Cryptographic electronic voting systems have been around for decades, Malkhi adds, but their adoption has been moderate. On the technical side, one of the challenges has been “the compromise of end-user devices, which ZK-proofs don’t protect against.”
There are other obstacles, too, that are beyond ZK-proofs purview or ability to control — which also may suggest their limitations.
Electronic voting requires a credible “digital identity” system, i.e., a link to “real world” information that isn’t always easy to secure. (Think of all those voting rolls on aged paper ledgers.) “ZK by itself cannot bootstrap e-voting,” Malkhi says.
Cryptographer Groth, like Malkhi, cites the need for some sort of “trust anchor” to make ZK-proofs impactful in everyday life. “Zero-knowledge proofs often need a hook to reality.”
Maybe one day, thanks to ZK-proofs, someone will be able to prove that they are older than 18 years of age or a United Kingdom citizen without having to pull out a driver’s license or passport, Groth tells Magazine, but “you cannot prove you’re over 18 out of thin air. You need the trust anchor that establishes your age,” he says, i.e., some authority that verifies your citizenship or birth year, adding:
“In the future, organizations may issue ZK-friendly trust anchors, but right now, it is not common practice, so you have a bit of a chicken-and-egg problem.”
Privacy safeguards for CBDCs
Today, the world seems awash with central bank digital currency projects. According to the Atlantic Council, 130 countries representing 98% of global GDP are now exploring state-issued digital money.
But CBDCs come freighted with privacy questions, and some fear they could be misused by governments to surveil their own populations, for instance.
That is why high privacy guarantees are “at the core of most CBDC projects today,” Jonas Gross, chairman of the Digital Euro Association, tells Magazine.
ZK-proofs can be part of the solution, he adds, and it is for this reason that “various central banks are studying [ZK-proof] applications — for example, in the U.K., Japan and South Korea.”
“If privacy is a top priority, ZK-proofs should be considered,” Remo Nyffenegger, a co-author of the St. Louis Fed paper cited above and research assistant at the Center for Innovative Finance at the University of Basel, tells Magazine.
Indeed, the European Central Bank published a regulatory proposal for the digital euro in late June “and states therein that zero-knowledge proofs should be considered in the CBDC tech stack,” he adds.
Again, there may be limits on what exactly ZK-proofs can do by themselves. “I don’t see using ZK-proofs [alone] as sufficient because ongoing political discussions show that not all CBDC-related data will be obfuscated if ZK-proofs are used,” Gross comments. “High privacy also needs to be supported by regulation and educational efforts around the actual degree of privacy of a CBDC.”
Exposing an altered photo
AI apps are now so powerful that distinguishing between machine-generated images or documents and those created by human beings is already problematic. Things will only get worse, but ZK-proofs may offer at least a partial remedy.
“Blockchain tech and ZK-proofs could be used as built-in safeguards in these systems to verify the origin, authenticity, and ownership of AI-generated files and manage some of the risks associated with AI-generated content,” says Malkhi, while Groth adds:
“There is interesting new research showing applications of ZK-proofs to demonstrate, for example, you’ve not altered a photo too much — i.e., combating fake news.”
High-end cameras that digitally sign photos along with metadata like location and timestamp are already on the market and can establish authenticity, continues Malkhi. The current problem is that these digital files are often enormous — much too large to post on a news service’s website, for instance.
But with ZK-proofs, their file size can be substantially reduced, making them practical to use online while preserving critical verification elements. “It could prove that the recording or image has not been altered, maybe [including] even the date, without revealing identity or location or whatever,” adds Baylina.
Proof-of-solvency with ZK-proofs?
Many believe that finance will be the first major business sector to be impacted by ZK-proofs. Indeed, 41% of respondents in Mina Foundation’s “State of Zero-knowledge Report 2022” agreed that finance was the industry “most in need of ZKPs,” far ahead of healthcare (12%), social media (5%) and e-commerce (3%).
In March, Mexican cryptocurrency exchange Bitso announced a partnership with tech firm Proven to implement a “proof of solvency” solution that relies on ZK-proofs. This protocol will soon enable investors, regulators and others to know whether the exchange is solvent — i.e., its obligations are less than its assets — based on daily reports.
Read also
One of the more ingenious aspects of Proven’s protocol is that it involves the exchange’s customers in the process of keeping the exchange honest. It’s a sort of crowd-sourcing version of auditing.
Co-founders Dewey and Agustin Lebron tell Magazine that every day, an exchange (e.g., Bitso) publishes a cryptographic proof-of-solvency attestation. And when it does, each individual client/user of the exchange is issued a “receipt” that reflects that individual’s unique holdings. Millions of digital receipts might be issued on a daily basis.
What if one day a customer doesn’t receive a daily receipt, or it’s wrong? That user might take to Twitter or some other social media venue and complain or ask questions. Have others experienced something similar? A thread might grow.
This protocol relies on the law of big numbers. Bitso, for instance, has some five million users, and the presumption is that a critical mass of complainants might surface quickly, collectively waving a red flag that might prompt further investigation.
This ZK-proofs-based protocol has another advantage, too, according to Bitso. It provides “a proof-of-solvency that can be confirmed without revealing all of that information to a third party. All an auditor needs to do is run the zk-SNARK protocol to come to the conclusion that the proof is true.”
According to Groth, the use of ZK-proofs to demonstrate financial solvency “gained more traction after the FTX implosion.” Indeed, if such a protocol had been available last year, the Bahamas-based exchange’s meltdown might have been avoided, some say — or at least its wrongdoing would have come to light sooner.
Interestingly, FTX Japan, now rebranded as Liquid Japan, has been using Proven’s proof-of-solvency technology since its recent re-launch in early September. “With the adoption of Proof of Solvency, we can now prove it [solvency] in a cryptographic manner that is verifiable by 3rd parties,” notes the company, adding:
“We are starting to work on increasing the frequency of publishing the Proof of Solvency to 1x day by the end of 2023.”
“Immutable” tracking of goods
“ZK-proofs can become very relevant in the context of digital identities, whether they are issued by the government or private entities,” adds Nyffenegger. They could prove that you are not included on some government sanctions list without revealing who you are, for instance.
ZK-proofs potential use in supply chains is also frequently cited. But the difficulty here, as with e-voting, is that this requires connecting to a trustworthy “real-world information” source, which can authenticate the date an order was shipped from the factory, for instance.
“ZK-proof-based supply chain tracking systems haven’t been battle-tested long enough in live environments,” notes Malkhi, adding that that could soon change:
“The potential of ZK-proofs here is vast — helping to improve transparency and reduce the potential impact of fraud by enabling the immutable, real-time tracking of goods.”
It should be added that while blockchains provide some of ZK-proof’s first exciting use cases, the technology does not require blockchain technology to work — but they are surely helpful.
“They are just a very suitable tool for blockchains because they provide proofs of correct computation — which aligns well with the need for verifiability on blockchains — while hiding as much information as possible,” Johannes Sedlmeir, a researcher at the University of Luxembourg’s Interdisciplinary Centre for Security, Reliability and Trust, tells Magazine.
With a blockchain platform, a verifier can check if a certain “hash” appears somewhere on the blockchain “and hence binds me as a prover,” he adds.
Blockchains aren’t required for Proven’s proof-of-solvency protocol to work, Lebron tells Magazine, though it’s always useful to have validators on-chain. It appears to be more of a “like to have” than a “need to have” circumstance.
Obstacles remain
What obstacles still need to be overcome before ZK-proofs become commonplace? Malkhi has already cited the challenges with “bridging to the real world,” and this would well prove the biggest hurdle to surmount before ZK technology becomes mainstream, in her view.
However, other barriers remain that might require laws and regulations to overcome. Will ZK claims be accepted in court, for instance?
Scaling also remains a challenge in many use cases given that there is, at present, no “standardized way to ‘program,’” says Malkhi, making it difficult for developers to integrate proofs into their apps.
To this last point, Proven’s protocol with Bitso requires some five million unique “receipts” to be issued monthly (though soon daily) to Bitso users, but Proven says this isn’t an issue. “We figured out how to scale,” co-founder Lebron says.
Complexity is another potential sticking point. “For small- to medium-size assertions, we already have a good ZK system,” cryptographer Groth tells Magazine. “For large assertions, we still need to improve efficiency.” ZK-proofs like SNARKs can be cheap to verify, “but the prover pays a large performance overhead compared to native computation,” he adds.
Becoming “magnitudes cheaper”
The user experience needs to improve, too. “Using a technology secured by ZK-proofs for an everyday activity like buying groceries should be so seamless that the user doesn’t even know,” says Baylina.
“The other thing we need is time,” Baylina says. Protocols like Polygon’s zk-Ethereum Virtual Machine are still new but are becoming more usable all the time. “As Polygon zkEVM matures, over the next year, we anticipate it will become orders of magnitudes cheaper.”
Given these potential roadblocks, how long might it take before the technology becomes commonplace?
“I believe five years is too short of a time frame owing to the current TRLs [technology readiness levels] of ZK-proofs,” says Sedlmeir, referencing the finance sector specifically. While ZK-proofs have matured rapidly in recent years, they “are still complex to implement and prover performance is still a significant bottleneck.”
There might be a transition period as ZK-proof works in tandem with traditional protocols, as in financial auditing. Proven’s Dewey envisioned working “hand in glove” with traditional Big Four audit firms for a time.
Vast potential
In sum, ZK-proofs still face challenges. They can’t work in isolation. They still need to be attached to a truth source or “oracle.” Doubts about computational complexity, usability and scalability remain as well.
But if these hurdles are surmounted, ZK-proofs could offer a 21st-century solution to not only the “fake news” challenge but also the privacy quandary as with CBDCs, providing just enough anonymity for users to comfortably use state-issued digital money but enough accountability so governments can be assured fraudsters or money launderers aren’t infiltrating their networks.
As the technology and the underlying infrastructure improve, summarizes Malkhi, “ZK-proofs have vast potential to enable an internet where the majority of contracts are underpinned by cryptographic guarantees.”
Subscribe
The most engaging reads in blockchain. Delivered once a
week.
Andrew Singer
Andrew Singer has been a regular contributor to Cointelegraph since October 2019. He has been a professional business writer and editor for more than 30 years, including 25 years as founder and editor-in-chief of Ethikos: The Journal of Practical Business Ethics, which still publishes. In 2017 he obtained a Master’s degree in statistics from Columbia University — which spurred his interest in AI, machine learning, and blockchain technology. He currently lives in Peekskill, New York and likes to hike in the Hudson Highlands.