Privacy and managing our relationship with data is critical to a functioning society in this era of hacks and data leaks.
Zero-knowledge proofs are likely to have an impact on delivering control and privacy of data, so it’s worth knowing what they are and more importantly what they can enable.
Zero-knowledge proofs are a new innovation in applied cryptography. Cryptography is the “art of writing or solving codes” and ‘applied’ just means those situations where you use it for something in real life.
Breaking down the term, a ‘proof’ is a mathematical computation, the result proves a factual statement.
‘Zero-knowledge’ refers to how much you know about the underlying information behind that proof – ie. Nothing.
So you are proving something about which you know nothing.
There are a few analogies in the blockchain world for zero-knowledge proofs, these are two of my favourites to show how they work:
If I want to prove that I am over 18 (or 21 or the relevant legal age) in order to buy alcohol, a zero-knowledge proof will let me show that I am over that age, without revealing my actual age or date of birth to the receiver of the proof.
So I am proving a certain fact to someone but they get ‘zero’ information (or ‘knowledge’) about that fact.
This analogy comes from a talk by the CEO of a company called QED-it, who are building a privacy layer for blockchains with zero-knowledge proofs.
Imagine holding a Where’s Wally? (or Where’s Waldo?) book for children.
Open the book and put it inside an envelope that is slightly bigger than the open book, so you can move the book around when you tip up the envelope.
There is a small hole about 1 inch in diameter on one side of the envelope. You move the book so that Wally/Waldo’s face appears in the hole. Show the book to a child.
You are proving that Wally/Waldo is definitely inside the book on that particular double page. But you have not given the child any information about where the character actually is.
So when you remove the book from the envelope, they would still have to search for the character, knowing that he is definitely there somewhere.
Hopefully these analogies make zero-knowledge proofs as a concept a bit clearer.
But so what? Who needs to prove all these random things anyway in such a complicated way?
Zero-knowledge proofs could give us increased control over our own data and help in the great trade-off between privacy/security of data and convenience.
There have been countless examples where companies have misused people’s personal information, from Equifax to Facebook. At the moment our data is everywhere and I know I leave my email address all over the internet, just in search of that 30% discount or easy login.
A better way has been envisaged: imagine if we all had control of our data, like a digital black box of our identity, whether financial, legal, health-related, personal logins, etc.
As individuals owning our own data, we can choose to whom to release each part of our lives.
Another layer of this is that I only need to release what is 100% necessary for each party.
So I can show the doctor the relevant information they want about my medical history, I can prove to the bank I have enough deposit to get a mortgage and I can give lawyers all my personal info to write me a will.
Zero-knowledge use cases
Zero-knowledge proofs can be the privacy layer for our data lives, enabling security and convenience at the same time.
Identity and personal data security is not the only area that zero-knowledge proofs will affect, there are many other applications being developed by different companies or projects at the moment.
Some of the projects that use zero-knowledge proofs or have built something with them are:
I wanted to use zero-knowledge proofs for assurance purposes last year, when I started a company for a few months.
I realised that building with interesting technologies that are on the cutting edge of what is possible has its downsides!
Like anything in the early stages of development, there are still major issues being worked out by all the different parties.
A Zero-knowledge hack
Last year for example, Z Cash (a privacy-oriented cryptocurrency) discovered a vulnerability in its software that would have enabled someone to create more Z Cash , or ‘print money’ indefinitely.
Encryption techniques are not considered secure unless they are about 20 years old. This is because if no one has managed to crack the code, it gets increasing less likely that they will as time goes on.
The Z Cash incident just shows how vulnerabilities can be open to exploitation, even in situations where no one is trying to be malicious.
Of course it is more dangerous to leave people’s private information unsecured.
Zero-knowledge for the future
That’s why the use of zero-knowledge proofs for our identity and personal info is probably a long way off. People will need proof (ironically!) that they will be secure and that will be difficult to provide.
It’s interesting that no matter what new technology you are using, a key issue to grapple with is trust.
So even if zero-knowledge proofs are the best privacy tool that has ever been created, there will still be a need for the industry to educate and prove that it can be used safely.
I recommend following the development of zero-knowledge proofs and how blockchain tech incorporates privacy, even by just following the above companies on Twitter.
This is a niche area now, but it will likely become one of the building blocks of our future relationship with data, and that is something everyone should care about.