This paper aims to give readers an overview of what Zero-Knowledge Proofs are through a series of examples and definitions, as well as provide an understanding of how they work and how they are implemented from a mathematical and computer science perspective. The proofs and theories used in this paper are not of my creation, but rather are an explanation of the combined work of others referenced at the end of this paper.
Privacy and security have become two of the hottest yet important topics in blockchain technology. The idea of protecting privacy in the space is not new; historically, privacy and security come at a compromise of speed and scalability, two other significant areas of focus in this sector. Blockchains such as ZCash and Monero were created with privacy and anonymity in mind. Although these blockchains are great for protecting user privacy, they run on their native networks and do not provide privacy protection on other chains that offer more scalability and web3 applications.
Ethereum, BNB, and Solana are three of the most widely used smart contract platforms, allowing for some of the fastest speeds available today. However, this speed and scalability they offer comes at a cost; a readily available paper trail that anyone with access to the internet can follow. Any transaction a user has ever made across multiple wallet addresses with complete transparency can all be linked together with ease, compromising privacy and security.
The lack of private transactions on a public ledger poses some serious risks. One major risk is “exchange doxxing”, wherein a user has their private information discovered through following transactions back to a centralized exchange address. Businesses using a blockchain with a transparent public ledger for transactions could have their entire supply chain, such as vendors, cost of products, etc. widely available to competitors, as they are unable to operate anonymously. Employers choosing to pay employees in cryptocurrencies without private transactions risk an HR nightmare if coworkers see variable pay for the same jobs. For blockchains to gain the mass adoption everyone is (very) patiently waiting for, transactions must evolve to support scalable privacy solutions.
Innovation aiming to combine scalability and privacy has emerged been innovated by creating protocols that allow users to break on-chain links to wallet addresses. One notable and widely used privacy application built on the Ethereum blockchain is Tornado Cash. Tornado Cash leverages smart contracts to act as a coin mixer, enabling users to break links in on-chain transactions and enhance transaction privacy between deposit and withdrawal addresses, making it difficult to know a participant’s identity.
As a brief aside it must be noted that the use of Tornado Cash came to a sudden halt when the U.S. Treasury sanctioned Tornado cash, prohibiting US crypto users from interacting with the protocol, as well as any tokens associated with the protocol, over claims of money laundering and drug trafficking (though, to be fair, plenty of this was happening).
Moving forward as the space continues to grow and adapt, how can developers and users ensure their privacy and security while maintaining the scalability provided by Layer 1 blockchains? Introducing Zero-Knowledge Proofs.
Zero-Knowledge proofs are, at their most basic level, a way for a prover to convince a verifier that something is true without revealing any reason why it is true. Similarly, I can prove to a reader that I understand what zero-knowledge proofs are without revealing any of my knowledge of the subject to them. Jokes aside, the concept of zero-knowledge proofs has significant applications in and out of blockchain technology. Some notable use cases such as identity management, protection of personal data, and medical privacy, though very interesting to explore, will not be addressed in this paper, as the focus will be on blockchain-specific applications.
The concept of Zero-knowledge proofs is quite simple (though somewhat counterintuitive), but the implementation is quite complex. Having become one of the more popular buzzwords in the blockchain industry, users and developers should better understand what this evolving technology is and how to utilize it.
The concept of zero-knowledge proofs can be rather elusive in the sense that it is not always clear how to construct or even define them. Thus, to avoid confusion as we dive into some abstract concepts, let’s begin by taking a look at proofs and provide some necessary generalizations and definitions that will be used throughout the paper.
First, a distinction must be made about the idea of proofs and how the definition of a proof can vary in mathematics, computer science, and cryptography.
In math, we want to prove that some statement, or claim, is correct. We do so by constructing a sequence of axioms, or universal truths, until a logical arrival at the claim is undeniably true without any concern for the number of steps it took to arrive at this conclusion. More simply, if I know that $X$ is true and want to convince someone that it is true, I will present all of the facts that I know about $X$ , as well as all of the inferences from those facts that imply that $X$ is true.
In computer science, and more specifically cryptography, a proof system is an algorithm that takes a statement, in the form of a string, as an input, and a proof, in the form of another string, to produce an output of $1$ if the proof is valid for the statement. A proof system is sound if a false statement can never be derived using it. Additionally, a proof system is complete if all true statements can be proved using it. We will formally describe these definitions in later sections.
This is the basis for understanding verifier algorithms, leading us into a generalization of statistical sequenced proofs for the examples .
<aside> 💡 Some of the examples to follow will have a slight change of language from Proof Systems to Argument Systems. The distinction is quite technical and does not change much about the conceptual understanding for the proofs and thus, it is not entirely necessary to dive into, but a further explanation can be found in the sub-page below.
</aside>