Zero-knowledge proof: What is it and why does it matter?

Vlad Mendoza
6 min readFeb 16, 2022

--

As smart devices become more and more ubiquitous in our lives, they produce considerable amounts of data about us. On average, every human created at least 1.7 MB of data per second in 2020. By the end of the year, the average human would have generated 53 TB of data. Based on how much data is already generated every day by humans through social media, video sharing, and communications, the number will surely increase. Experts predict that by the year 2025, humans will produce 463 exabytes of data each day. This sensitive data, which is often stored in physical servers indefinitely, creates digital thumbprints of us in the pursuit of personalizing digital experiences.

All of this data is indispensable to companies, and the companies that store it have a responsibility to take care of it. But when the security technology designed to protect that data fails, it exposes users to potential dangers brought forward by hackers, thieves, and other nefarious third parties.

Everyone knows there’s no such thing as 100% user security; yet, cryptographers, engineers, and designers work extremely hard to make online experiences safer for everyone. The good news is that a new technology that can potentially change security on the internet is emerging, Zero-knowledge proof. Full disclaimer, Zero-knowledge proof isn’t itself a new concept; its origins date back to the 1980s, but its recent applications have the potential to revolutionize privacy on the internet.

But what are Zero-knowledge proofs? And more importantly, how can we use them to create better user experiences that safeguard user data?

Zero-knowledge proofs, or ZKPs is a pretty complicated concept, but essentially it’s a way of verifying information without revealing any underlying details. Zero-knowledge proofs are created by using mathematical functions called “homomorphic encryption” and “zero-knowledge Succinct Non-interactive Argument of Knowledge” or “ZK-SNARKs.” These mathematical functions allow the creator of the Zero-knowledge proof to conceal the information that they are trying to prove. In other words, it’s a way to prove that you know something without actually having to say what that something is. Currently, ZKPs are used in different applications, from data security to online voting, and its objective is becoming more and more important as we migrate most of our lives online.

To simplify it further, let’s explore a more abstract example that best explains how zero-knowledge proofs work. Consider that your friend is red-blue color-blind (while you are not), and you have two balls: one red and one blue, but otherwise identical. They appear entirely identical to your friend, so he doubts they are distinguishable. You wish to demonstrate to him that the balls are different colors without actually revealing their color. How can you prove to your friend that they are different without revealing anything else?

ZKPs allow you to prove a statement without compromising additional information

The solution is rather straightforward. You give your friend the two balls, one in his left hand and the other in his right hand, and he places them behind his back. He then pulls one of the balls out from behind his back and shows it to you.

“Did I switch the ball?” he will ask.

You may identify whether or not he swapped them simply by looking at their colors. If they were the same color and thus indistinguishable, there’s no way you could guess correctly with a probability of more than 50%. He then puts it away again before choosing which of the two to reveal at random. You will prove to your friend that the balls are different colors without revealing anything else.

You can check out more abstract examples of how ZKPs work, here.

The ability to prove statements without revealing more context makes Zero-knowledge proofs an ideal solution for authentication and data security applications.

The Facebook Cambridge Analytica scandal has brought data privacy and protection to the forefront of public discourse. The fact that a company can amass so much user data and use it in unethical ways without users’ consent or knowledge has alarmed many people. A recent study found that 75% of users would stop using a product or service if they discovered their personal data had been mishandled. While this issue is not unique to Facebook, it is a good reminder that companies that collect user data need to take steps to protect it. Otherwise, they risk losing the trust of their customers and harming their business.

This is where ZKPs enter the formula. A Zero-knowledge proof can help businesses safeguard user data without compromising privacy.

For example, Zero-knowledge proofs could be used to verify that a user is who they say they are without revealing any personal information. Hash functions are used to prove the ownership of data without having any knowledge about what’s inside. ZKPs could also be used to encrypt data so that only the intended recipient can decrypt it.

ZKPs have a vast number of potential applications, and some of the most promising use cases include:

Blockchains

Blockchains have begun using ZKPs to verify transactions and ensuring user privacy .Source Dmitry Lauretsky

Zero-knowledge proofs can be used to create more secure blockchains by allowing users to verify transactions without revealing their identities or the details of the transactions. Another advantage associated with ZKPs is the reduction of blockchain transactions. Consequently, users will not have to worry about information and identification storage across a variety of assets.

Finance

ZKPs keep your portfolio and baking information private. Source Alexander Plyuto

Imagine if every time you logged into your bank account, you had to share your entire credit history with the bank? Not very appealing, right? With zero-knowledge proofs, this wouldn’t be an issue because the bank could verify your identity without knowing anything about your financial past. The transparency versus confidentiality choice is complex in finance. Yet, zero-knowledge proofs can also be used to create more secure financial systems by allowing users to verify transactions without revealing their identities or the details of the transactions. The job of a TTP, such as a custodian or a notary, is currently used to achieve this. Because the data passes through the TTP and they report it to the client with a time lag, this process is both expensive and time-consuming. The use of Zero-knowledge proofs would mean instant automated proofs.

User Authentication

Apple verifies users’ identities while allowing them to remain anonymous. Source Bird iOS App

Zero-knowledge proofs can be used to create other secure authentication systems by allowing users to verify their identities without revealing any personal information. Recently, Apple added options that let you hide your name and email address, so apps on iOS don’t access your information. Apple verifies your identity by leveraging their FaceID or Touch ID technology and thus proves to the app that you are who you say you are. Ultimately, the app requesting your data to log in just sees an address like lkajsd808.privacyrelay.appleid.com and never stores your actual credentials on its server.

With the ever-growing amount of data produced by people, it’s more important than ever to have systems in place to store this information securely. Implementing zero-knowledge proofs into your products is one step you can take towards ensuring that your customers’ data is safe. The applications for this technology are endless, and we can only imagine the possibilities for the future of internet privacy and security.

Have you ever used zero-knowledge proofs in your products?

What was the outcome?

--

--

Vlad Mendoza
Vlad Mendoza

Written by Vlad Mendoza

Head of Product Design @Noble.ai | UI/UX Specialist | Bay Area | www.vladmendoza.com

Responses (1)