Zero knowledge cryptography is one of the most underrated technologies of our generation. While the news media regularly covers topics like artificial intelligence and machine learning (AI/ML), the field of zero knowledge cryptography remains virtually unknown. Despite that fact, this technology represents a breakthrough that could have an equal societal impact as other cutting-edge technologies. One potential benefit: counterbalancing and addressing some of the privacy concerns raised by increasingly ubiquitous AI/ML algorithms. This is especially important as more and more of our social and economic activity occurs online.
Users don’t need a deep technical understanding of the systems they interact with to benefit from them. Thus, the purpose of this essay is not to cover how zero knowledge cryptography works. The goal is to provide the reader with a basic understanding of the technology. With that context, the remainder of the essay will discuss how this represents a breakthrough with a focus on the all-important question: why should we care?
Zero Knowledge Proofs: A Simple Explanation
Zero knowledge cryptography is a broad subject, but for this essay, we will zoom in on one area that is most relevant: zero knowledge proofs. A zero knowledge proof is an informal way to refer to a very specific concept in computer science: a non-interactive, zero knowledge argument of knowledge. The scheme assumes two parties: a prover and a verifier. The prover wishes to demonstrate that they know some information to the verifier without revealing what it is. Meanwhile, the verifier will look at the proof and either accept or reject it. These schemes have three properties
- Completeness — Any valid result can be proven for a given program
- Soundness — No dishonest actor can create an valid proof
- Zero knowledge — the verifier learns nothing about the inputs to the proof, only the result
To use a concrete metaphor, imagine you are at a festival. Because alcohol is being served, the event organizers have mandated that attendees must be 21 or older. When you show up at the entrance, security personnel check your ID to make sure you meet the age requirement. If so, they give you a wristband to wear. Every time you stop at a booth for a drink, the servers don’t need to check your ID. They know that because you have the wristband, you must have satisfied the age requirement.
Of course, there are many ways to spoof or circumvent this basic system. But what if you replace the security guard in the metaphor with a robust cryptographic protocol based on math? Not only does it make it impossible to cheat the system, but it works without you having to reveal your age to anyone at all.
At first, it may seem as though this is a primitive with a niche use case at best. But proving a statement without revealing the underlying facts which make it true is a powerful primitive. And the potential benefits of this technology extend not only to individuals, but to enterprises and governments as well. Enumerated below are real problems that exist today that zero knowledge cryptography can help solve, opening the door for new and exciting products and paradigms.
Use Cases for Zero Knowledge Proofs
Protecting user data
Zero knowledge proofs enable a better, more secure online experience for consumers. For example, imagine being able to apply for a loan without needing to share irrelevant details about your identity. Instead, you could prove that you met the criteria for underwriting using a zero knowledge proof. Aside from the convenience, this approach is much more secure. When credit rating agency Equifax was hacked in 2017, it exposed the personally-identifying information (PII) of millions. Far from an isolated incident, that hack points to a broader problem on the web today. Companies that ask for and store your sensitive personal data have (at best) only a limited incentive to properly secure it. But a system based on zero knowledge proofs not only reduces the potential liability and cost of storing user data, but it also makes the overall online experience more secure for consumers.
Auditing sensitive systems or contracts
From an enterprise perspective, this technology could streamline many business interactions and contracts. Imagine a company that purchased a license for a technology solution but wants to ensure that it works as advertised. But the vendor is hesitant to reveal the intellectual property that is essential to that product. Using zero knowledge cryptography, the vendor could prove that their product had certain properties or features without revealing the underlying source code. Of course, zero knowledge proofs don’t replace the existing corporate legal framework. But they can supplement it by reducing inefficient, expensive manual verification and audits. In this way, zero knowledge proofs guarantee confidentiality for both parties to a transaction without compromising on the adage “trust but verify.”
Proving fairness in public goods allocation
Other organizations can also use zero knowledge proofs to demonstrate that they ran a process correctly or allocated goods fairly. For example, universities could show that they selected the top candidates from among a pool of qualified applicants, without revealing the individual test scores or other sensitive personal details. This would enable them to maintain a proprietary, selective process while showing that it was “fair” by attesting to some facts about the selection process and the admitted applicants using zero knowledge proofs.
Enabling more efficient, less costly bureaucracy
Finally, this technology can also help non-governmental organizations and standards bodies perform audits in a much less onerous way. One obvious use case is financial auditing. But zero knowledge proofs can even be applied to nuclear arms control agreements. Also, zero knowledge proofs (combined with a blockchain or digital ledger) could enable a more efficient mechanism for governments to collect taxes or direct stimulus payments while ensuring citizens still maintain their right to privacy.
Why Zero Knowledge Proofs Matter
The internet has affected our society in numerous ways. One consequence is that as our lives become increasingly digital, the information we choose to share is becoming ever more important. Because once you publish or reveal anything about yourself online to anyone, it is very difficult if not impossible to hide it again.
In the physical world, the data we reveal is naturally ephemeral since we can always choose to hide it from view. But online you can never truly know if it has been downloaded and replicated by anyone who ever viewed. So that information might persist even after you take down a post or delete an application. A regular cadence of leaks, hacks, and even surveillance of our data only reinforces this peril and shows that the existing system of ad hoc privacy rules is a band-aid at best.
Fortunately, zero knowledge cryptography presents a possible solution for these challenges. A system where users of an application prove facts or knowledge without revealing its substance is a genuinely new paradigm. Integrated into the modern web, this technology could make the internet more convenient, more secure, and more powerful than ever.