Altoros, profile picture
Uploaded byAltoros
PPTX, PDF31,347 views

A Zero-Knowledge Proof: Improving Privacy on a Blockchain

The document discusses zero-knowledge proofs (ZKPs) as a method for proving one’s identity while keeping personal information private, highlighting the cryptographic protocol's components and conditions like completeness, soundness, and zero knowledge. It elaborates on applications of ZKPs in various fields, mentioning implementations such as Zcash and Ethereum's Aztec protocol which leverage zk-SNARKs for privacy in transactions. The document also touches on practical implementations of identity verification using ZKPs within the Hyperledger frameworks.

Embed presentation

Downloaded 120 times
A Zero-Knowledge Proof: Improving Privacy on a Blockchain Dmitry Lavrenov Senior Blockchain R&D Engineer ALTOROS @altoros
@altoros The situation ● you need to prove your identity ● you only have your driver’s license Driver License First Name: Dmitry Last Name: Lavrenov Date of Birth: 21.08.1995 City: Minsk
@altoros Wouldn’t it be better to have an option that hides your private information, but still keeps the driver’s license valid? Driver License First Name: Dmitry Last Name: Lavrenov Date of Birth: 21.08.1995 City: Minsk
@altoros Zero-Knowledge Proof can help
@altoros Zero-knowledge proof 01 What is it ? Cryptographic protocol
@altoros Zero-knowledge proof 02 Participants ? The Prover The Verifier
@altoros Zero-knowledge proof 03 Goal ? The Prover has a secret value X The Goal is to prove it to the Verifier without revealing any information about X
@altoros ZKP conditions Completeness If the statement is true, then the honest verifier — the one that is following the protocol properly — will be convinced of this fact by an honest prover.
@altoros ZKP conditions Soundness If the statement is false, then no cheating prover can convince the honest verifier that it is true, except for some small probability.
@altoros ZKP conditions Zero knowledge If the statement is true, then no verifier learns anything, except the fact that the statements is true.
@altoros ZKP Zero knowledge proof is probabilistic rather than deterministic.
@altoros The general structure of a ZKP ● witness ● challenge ● response
@altoros The general structure of a ZKP Witness Proof P V Questions 02 Calculate a proof 03 Send the proof to V 01 Choose a question
@altoros The general structure of a ZKP Challenge 02 Please, give the answer for the question 01 Choose a question P V Questions
@altoros The general structure of a ZKP Response Send the answer for the questionP V
@altoros Ali Baba cave example ● Peggy acts as the Prover ● Victor acts as the Verifier
@altoros Ali Baba cave example A B
@altoros Ali Baba cave example A A B
@altoros Ali Baba cave example Ok
@altoros A non interactive ZKP ● Note that interaction between users is required for general ZKP ● What can be done if interaction between users is not an option?
@altoros The general structure of a non interactive ZKP Witness P Function “Make a proof” 02 Get the proof 03 Send the proof 01 Send a confidential info Function “Check a proof” 05 Get the result 04 Check the proof V
@altoros zk-SNARK Zero-knowledge succinct noninteractive argument of knowledge
@altoros zk-SNARK Succinct The size of the proof is small enough to be verified in a few milliseconds.
@altoros zk-SNARK Noninteractive Only one set of information is sent to the verifier for verification, therefore there is no back and forth communication between the prover and verifier.
@altoros zk-SNARK Argument of knowledge A computationally sound proof: soundness holds against a prover that leverages polynomial-time, i.e. bounded computation.
@altoros Where can ZKP be applied ? ● Authentication systems ● Ethical behaviour ● Confidentiality ● Checking personal information ● Anonymity
@altoros Zcash zk-SNARK - based Bitcoin transactions are fully transparent. Everyone can use a Bitcoin block explorer to check transaction that has been sent from one BTC address to another BTC address. Bitcoin vs Zcash Zcash transactions can be private only if the user chooses z-address. A special view key can provide selective transparency. 1FeexV6 bAHb8ybZjqQMjJrcCrHGW9sb6uF 5 BTC nothing to see here 1JCe8z4jJVNXSjohjM4i9Hh813dLCNx2Sy nothing to see here Sender’s address ??? ZEC Unknown amount “shielded ZEC” Recipient’s address unkown address unkown address
@altoros Zcash Bitcoin, UTXO ● Bitcoin tracks UTXOs to determine what transactions are spendable and validates it BUT: All UTXO’s information is open and public.
@altoros Commitments Nullifies Com_1 Com_2 Com_3 Com_4 Nul_1 Nul_2 Nul_3 Nul_4 Zcash
@altoros Zcash recipient address amount rho r CommitmentHash function
@altoros Zcash spending key rho NullifierHash function
@altoros Zcash ● the sum of the input values is equal to the sum of the output values for each shielded transfer ● the sender proves that they have the private spending keys of the input notes, giving them the authority to spend
@altoros Zcash ● the private spending keys of the input notes are cryptographically linked to a signature over the whole transaction ● for each input note, a revealed commitment exists
@altoros Zcash ● the nullifiers and note commitments are computed correctly ● it is infeasible for the nullifier of an output note to collide with the nullifier of any other note
@altoros Ethereum ● zk-SNARK-based solution can potentially increase transaction processing to 500 tx/sec ● transaction cost is about 600,000 gas ● goal is to reduce the total transaction cost
@altoros Ethereum. AZTEC protocol ● zk-SNARK-based solution on smart-contract level in Ethereum ● confidential Transfer function ● transaction cost is between 800,000-900,000 gas (a simple transaction cost is about 21,000 gas)
@altoros Identity Mixer (Idemix) ● ZKP-based cryptographic protocol ● Based on Camenisch-Lysyanskaya signature scheme ● Flexible public keys ● Flexible credentials
@altoros Idemix and Hyperledger Fabric Identity Mixer MSP Implementation Peer Identity Mixer crypto package KeyGen Presentation Issuance Verification Revocation Audit Fabric-CA Implementation Sign/Verify Enroll/Register/Revoke Sign/Verify Transaction (MSP interface) Issue/Revoke ECert
@altoros Idemix and Hyperledger Indy Indy-anoncreds. ZKP-based on the Idemix protocol.
@altoros Idemix and Hyperledger Indy Issuer Issuer’s wallet Prover Prover’s wallet Verifier Ledger 01 Create master key create master key store master key
@altoros Idemix and Hyperledger Indy Issuer Issuer’s wallet Prover Prover’s wallet Verifier Ledger 02 Create, request and issue credentials get master secret return master secret send credential offer send signed credential request send credential store credential
@altoros Idemix and Hyperledger Indy Issuer Issuer’s wallet Prover Prover’s wallet Verifier Ledger 03 Present credential to 3rd Party create proof send proof request return proof send proof verify proof
@altoros Idemix implementation in Go AttributeNames := [ ]string{"First Name", "Last Name", "Age", "City"} data := [ ]string{"Dmitry00000000000000000000000000", "Lavrenov000000000000000000000000", "23000000000000000000000000000000", "Minsk000000000000000000000000000"}
@altoros Idemix implementation in Go. //1. The prover creates keys and credential request to the issuer. sk := idemix.RandModOrder(rng) ni := idemix.RandModOrder(rng) m := idemix.NewCredRequest(sk, idemix.BigToBytes(ni), key.Ipk, rng)
@altoros Idemix implementation in Go. //2. The issuer creates credentials for the prover. cred, err := idemix.NewCredential(key, m, attrs, rng)
@altoros Idemix implementation in Go. // 3. The prover signs the credentials without disclosure Age and City. disclosure = [ ]byte{1, 1, 0, 0} sig, err = idemix.NewSignature(cred, sk, Nym, RandNym, key.Ipk, disclosure, msg, rhindex, cri, rng) attrs[2] = FP256BN.NewBIGint(0) attrs[3] = FP256BN.NewBIGint(1)
@altoros Idemix implementation in Go. // 4. The verifier checks the signature using the Issuer’s public key. err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex, &revocationKey.PublicKey, epoch)
THANK YOU! @altoros website blog

More Related Content

PPTX
Write smart contract with solidity on Ethereum
byMurughan Palaniachari
 
PDF
Blockchain Explained | Blockchain Simplified | Blockchain Technology | Blockc...
byEdureka!
 
PDF
Ethereum
byNexThoughts Technologies
 
PPTX
Hyperledger Fabric
byMurughan Palaniachari
 
PDF
Scaling Ethereum using Zero-Knowledge Proofs
byHyojun Kim
 
PDF
Blockchain Security and Privacy
byAnil John
 
PPTX
Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...
bySimplilearn
 
PDF
PoW vs. PoS - Key Differences
by101 Blockchains
 
Write smart contract with solidity on Ethereum
byMurughan Palaniachari
 
Blockchain Explained | Blockchain Simplified | Blockchain Technology | Blockc...
byEdureka!
 
Ethereum
byNexThoughts Technologies
 
Hyperledger Fabric
byMurughan Palaniachari
 
Scaling Ethereum using Zero-Knowledge Proofs
byHyojun Kim
 
Blockchain Security and Privacy
byAnil John
 
Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...
bySimplilearn
 
PoW vs. PoS - Key Differences
by101 Blockchains
 

What's hot

PPTX
Smart Contract & Ethereum
byAkshay Singh
 
PPTX
BLOCKCHAIN
byNitish sharma
 
PDF
Blockchain Study(1) - What is Blockchain?
byFermat Jade
 
PDF
Blockchain Security Issues and Challenges
byMerlec Mpyana
 
PDF
Introduction To Solidity
by101 Blockchains
 
PPTX
The Blockchain and the Future of Cybersecurity
byKevin Cedeño, CISM, CISA
 
PDF
Blockchain
byFrank Calberg
 
PPTX
Introduction to Blockchain
byAIMDek Technologies
 
PPTX
Blockchain Intro to Hyperledger Fabric
byAraf Karsh Hamid
 
PPTX
Blockchain technology
byhellygeorge
 
PDF
Blockchain 101 | Blockchain Tutorial | Blockchain Smart Contracts | Blockchai...
byEdureka!
 
PDF
How does blockchain work
byShishir Aryal
 
PDF
Blockchain
bySai Nath
 
PDF
ERC Identity
byFabian Vogelsteller
 
PPTX
Blockchain basics
byRomit Bose
 
PDF
Introduction to Blockchain
byMalak Abu Hammad
 
PDF
6 Key Blockchain Features You Need to Know Now
by101 Blockchains
 
PDF
Blockchain Presentation
byZied GUESMI
 
PPTX
IoT and Blockchain Challenges and Risks
byAhmed Banafa
 
PPSX
Blockchain HyperLedger Fabric Internals - Clavent
byAraf Karsh Hamid
 
Smart Contract & Ethereum
byAkshay Singh
 
BLOCKCHAIN
byNitish sharma
 
Blockchain Study(1) - What is Blockchain?
byFermat Jade
 
Blockchain Security Issues and Challenges
byMerlec Mpyana
 
Introduction To Solidity
by101 Blockchains
 
The Blockchain and the Future of Cybersecurity
byKevin Cedeño, CISM, CISA
 
Blockchain
byFrank Calberg
 
Introduction to Blockchain
byAIMDek Technologies
 
Blockchain Intro to Hyperledger Fabric
byAraf Karsh Hamid
 
Blockchain technology
byhellygeorge
 
Blockchain 101 | Blockchain Tutorial | Blockchain Smart Contracts | Blockchai...
byEdureka!
 
How does blockchain work
byShishir Aryal
 
Blockchain
bySai Nath
 
ERC Identity
byFabian Vogelsteller
 
Blockchain basics
byRomit Bose
 
Introduction to Blockchain
byMalak Abu Hammad
 
6 Key Blockchain Features You Need to Know Now
by101 Blockchains
 
Blockchain Presentation
byZied GUESMI
 
IoT and Blockchain Challenges and Risks
byAhmed Banafa
 
Blockchain HyperLedger Fabric Internals - Clavent
byAraf Karsh Hamid
 

Similar to A Zero-Knowledge Proof: Improving Privacy on a Blockchain

PDF
Texas Bitcoin Conference: Are Privacy Coins Private Enough?
byClare Nelson, CISSP, CIPP-E
 
PPTX
Blockchain privacy approaches in hyperledger indy
byManishKumarGiri2
 
PDF
How to verify computation in the blink of an eye
byFacultad de Informática UCM
 
PDF
How Do Zero-Knowledge Proofs Keep Blockchain Transactions Private.pdf
byimoliviabennett
 
PDF
zkSNARKs in Ethereum, and Baby ZoE
byFeng-Ren Tsai
 
PDF
Privacy Preserving State Transitions on Ethereum
byClearmatics
 
PPTX
Advanced Blockchain Technologies on Privacy and Scalability
byAll Things Open
 
PDF
Advanced Blockchain Technologies on Privacy & Scalability (All Things Open)
byKaleido
 
PDF
Privacy-preserving techniques using zero knowledge proof in public Ethereum
byNagib Aouini
 
PDF
Bat38 aouini bogosalvarado_zk-snark_blockchain
byBATbern
 
PDF
Exploring the role of DSA in Zero Knowledge Proof
by22f2000330
 
PDF
Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...
byOW2
 
PDF
Zero-Knowledge Proofs in Light of Digital Identity
byClare Nelson, CISSP, CIPP-E
 
PDF
The Emerging Role of ZKP in the Privacy Stack of Production Business Networks...
byPeter Broadhurst
 
PDF
Privacy Preserving Paradigms of Blockchain Technology
byGokul Alex
 
PDF
Improving Authenticated Dynamic Dictionaries, with Application to Cryptocurre...
byDmitry Meshkov
 
PDF
Bitcoin.pdf
byINSPECTORESWSS
 
PDF
Anonymous credentials with range proofs, verifiable encryption, ZKSNARKs, Cir...
bySSIMeetup
 
PPTX
lecture2 block_chain technology it is.pptx
byMaulikSidana
 
PDF
Post-Bitcoin Cryptocurrencies, Off-Chain Transaction Channels, and Cryptocur...
byBernhard Haslhofer
 
Texas Bitcoin Conference: Are Privacy Coins Private Enough?
byClare Nelson, CISSP, CIPP-E
 
Blockchain privacy approaches in hyperledger indy
byManishKumarGiri2
 
How to verify computation in the blink of an eye
byFacultad de Informática UCM
 
How Do Zero-Knowledge Proofs Keep Blockchain Transactions Private.pdf
byimoliviabennett
 
zkSNARKs in Ethereum, and Baby ZoE
byFeng-Ren Tsai
 
Privacy Preserving State Transitions on Ethereum
byClearmatics
 
Advanced Blockchain Technologies on Privacy and Scalability
byAll Things Open
 
Advanced Blockchain Technologies on Privacy & Scalability (All Things Open)
byKaleido
 
Privacy-preserving techniques using zero knowledge proof in public Ethereum
byNagib Aouini
 
Bat38 aouini bogosalvarado_zk-snark_blockchain
byBATbern
 
Exploring the role of DSA in Zero Knowledge Proof
by22f2000330
 
Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...
byOW2
 
Zero-Knowledge Proofs in Light of Digital Identity
byClare Nelson, CISSP, CIPP-E
 
The Emerging Role of ZKP in the Privacy Stack of Production Business Networks...
byPeter Broadhurst
 
Privacy Preserving Paradigms of Blockchain Technology
byGokul Alex
 
Improving Authenticated Dynamic Dictionaries, with Application to Cryptocurre...
byDmitry Meshkov
 
Bitcoin.pdf
byINSPECTORESWSS
 
Anonymous credentials with range proofs, verifiable encryption, ZKSNARKs, Cir...
bySSIMeetup
 
lecture2 block_chain technology it is.pptx
byMaulikSidana
 
Post-Bitcoin Cryptocurrencies, Off-Chain Transaction Channels, and Cryptocur...
byBernhard Haslhofer
 

More from Altoros

PDF
Maturing with Kubernetes
byAltoros
 
PDF
Kubernetes Platform Readiness and Maturity Assessment
byAltoros
 
PDF
Journey Through Four Stages of Kubernetes Deployment Maturity
byAltoros
 
PPTX
SGX: Improving Privacy, Security, and Trust Across Blockchain Networks
byAltoros
 
PPTX
Using the Cloud Foundry and Kubernetes Stack as a Part of a Blockchain CI/CD ...
byAltoros
 
PPTX
Crap. Your Big Data Kitchen Is Broken.
byAltoros
 
PDF
Containers and Kubernetes
byAltoros
 
PPTX
Distributed Ledger Technology for Over-the-Counter Trading
byAltoros
 
PPTX
5-Step Deployment of Hyperledger Fabric on Multiple Nodes
byAltoros
 
PPTX
Deploying Kubernetes on GCP with Kubespray
byAltoros
 
PPTX
UAA for Kubernetes
byAltoros
 
PPTX
Troubleshooting .NET Applications on Cloud Foundry
byAltoros
 
PPTX
Continuous Integration and Deployment with Jenkins for PCF
byAltoros
 
PPTX
How to Never Leave Your Deployment Unattended
byAltoros
 
PPTX
Cloud Foundry Monitoring How-To: Collecting Metrics and Logs
byAltoros
 
PDF
Smart Baggage Tracking: End-to-End Sensor-Based Solution
byAltoros
 
PPTX
Navigating the Ecosystem of Pivotal Cloud Foundry Tiles
byAltoros
 
PPTX
AI as a Catalyst for IoT
byAltoros
 
PPTX
Over-Engineering: Causes, Symptoms, and Treatment
byAltoros
 
PPTX
What's New in the Cloud Foundry Ecosystem?
byAltoros
 
Maturing with Kubernetes
byAltoros
 
Kubernetes Platform Readiness and Maturity Assessment
byAltoros
 
Journey Through Four Stages of Kubernetes Deployment Maturity
byAltoros
 
SGX: Improving Privacy, Security, and Trust Across Blockchain Networks
byAltoros
 
Using the Cloud Foundry and Kubernetes Stack as a Part of a Blockchain CI/CD ...
byAltoros
 
Crap. Your Big Data Kitchen Is Broken.
byAltoros
 
Containers and Kubernetes
byAltoros
 
Distributed Ledger Technology for Over-the-Counter Trading
byAltoros
 
5-Step Deployment of Hyperledger Fabric on Multiple Nodes
byAltoros
 
Deploying Kubernetes on GCP with Kubespray
byAltoros
 
UAA for Kubernetes
byAltoros
 
Troubleshooting .NET Applications on Cloud Foundry
byAltoros
 
Continuous Integration and Deployment with Jenkins for PCF
byAltoros
 
How to Never Leave Your Deployment Unattended
byAltoros
 
Cloud Foundry Monitoring How-To: Collecting Metrics and Logs
byAltoros
 
Smart Baggage Tracking: End-to-End Sensor-Based Solution
byAltoros
 
Navigating the Ecosystem of Pivotal Cloud Foundry Tiles
byAltoros
 
AI as a Catalyst for IoT
byAltoros
 
Over-Engineering: Causes, Symptoms, and Treatment
byAltoros
 
What's New in the Cloud Foundry Ecosystem?
byAltoros
 

Recently uploaded

PDF
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
PDF
apidays New York 2025 | AI in Application Security
byapidays
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PDF
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
PDF
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
PDF
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
PPTX
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PPTX
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
PPTX
PPTX game guess the logo with a twistppt
byAdrianAnig
 
PDF
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PDF
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
PPTX
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
PDF
apidays Paris 2025 | Zero Trust By Design
byapidays
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PPTX
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PDF
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
apidays New York 2025 | AI in Application Security
byapidays
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
PPTX game guess the logo with a twistppt
byAdrianAnig
 
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
apidays Paris 2025 | Zero Trust By Design
byapidays
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 

A Zero-Knowledge Proof: Improving Privacy on a Blockchain

Editor's Notes

  • #2 Hello everyone, I’m from Minsk. I’m a senior blockchain R&D engineer at Altoros and professionally focus on cryptography. Today I would like to talk about a mechanism that has a close connection to cryptography, called zero-knowledge proof, and its potential within blockchain. From potentially being used in nuclear disarmament to providing anonymous and secure transactions for public blockchain networks, a zero-knowledge proof is a profound example of cryptographic innovation.
  • #3 Let’s imagine the following situation. You need to prove your identity with First Name and Last Name to 3rd party. But you only have your driver’s license that contains additional personal information.
  • #4 Wouldn’t it be better to have an option hides your private information, but still keeps the driver’s license valid ?
  • #5 In this case, Zero-knowledge proof can help us
  • #6 The first question is what is a zero-knowledge proof ?
  • #7 There are 2 types of participants: the prover and the verifier
  • #8 The prover has a secret value X. But The prover wants to prove it to the Verifier without revealing any information about X. The essence of a zero-knowledge proof is that it is trivial to prove that someone possesses knowledge of certain information by simply revealing it. The challenge is to justify such possession without revealing the information itself or any additional information.
  • #9 Also, zero-knowledge proof protocol must satisfy the following three parameters: Completeness. If the statement is true, the honest verifier—the one that is following the protocol properly—will be convinced of this fact by an honest prover
  • #10 Soundness. If the statement is false, no cheating prover can convince the honest verifier that it is true, except for some small probability.
  • #11 Zero knowledge. If the statement is true, no verifier learns anything, except the fact that the statement is true. Completeness and soundness are properties of more general interactive proof systems. The addition of zero knowledge is what turns the verification process into a zero-knowledge proof.
  • #12 Zero-knowledge proofs are not proofs in the mathematical sense of the term, because there is some small probability, the soundness error, that a cheating prover will be able to convince the verifier of a false statement. In other words, zero-knowledge proofs are probabilistic proofs rather than deterministic ones.
  • #13 The general structure of a zero-knowledge proof consists of three sequential actions between the prover and the verifier. These actions are called a witness, a challenge, and a response.
  • #14 The fact that the Prover knows the secret determines the set of the questions, which always can be answered by the Prover correctly. At first, the Prover chooses randomly any question from the set and calculates a proof. Then, the Prover sends the proof to the Verifier.
  • #15 After that, the Verifier chooses a question from the set and asks the Prover to answer it.
  • #16 The Prover calculates the answer and sends it back to the Verifier. The received answer allows the Verifier to check that the Prover really knows the secret. The procedure can be repeated as many times as you want, until the probability that the Prover makes guesses rather than knows the correct answers becomes low enough.
  • #17 To illustrate how ZKP works in practice, Wikipedia refers to the Ali Baba cave story. In this example, Peggy acts as the prover and Victor acts as the verifier.
  • #18 In the story, the cave is shaped like a ring. The entrance is on the left side, and there’s a magic door blocking the right side. Peggy wants to prove to Victor that she knows the secret word to open the magic door. However, she does not want to reveal the secret word. To prove that Peggy knows the secret word, they mark the left and right paths from the entrance as A and B. Victor waits outside the cave, while Peggy enters. Hidden from Victor, Peggy walks along either path A or B.
  • #19 Victor then enters the cave and shouts the name of the path—A or B—he wants Peggy to return to.
  • #20 Peggy can easily do it if she knows the secret key. In case Peggy doesn’t know the secret word, she would only be able to return from the door to the entrance if Victor called out the path she took after entering. Since the path Victor chooses in random, the probability that Peggy doesn’t know the keyword is 1/2. If you repeat the process ktimes, then the probability becomes (½)^k. This way, it’s enough, for example, to repeat the procedure 20 times to prove that Peggy know the keyword.
  • #21 Note that the interaction between the users is needed for a ZKP. Although the number of interactions is small in single-round and constant protocols, both users must be involved simultaneously. In this case, we have the following question: “What can be done if interaction between users is not an option ?” Blum, Feldman, and Micali suggested a noninteractive ZKP, where users have a shared secret key, which is enough to prove that P knows some secret information without simultaneously involving both users and revealing the information itself.
  • #22 Unlike a regular zero-knowledge proof, a general structure of a noninteractive ZKP consists of just a single action between participants P and V, and this action is a witness. P creates the proof from the secret key using special function - “Make a proof”. Then P sends the proof to V. After than V can easily check the proof using another function, called “Check a proof”.
  • #23 Let’s consider one of the most famous noninteractive zero-knowledge proof protocol. It’s a zero-knowledge succinct noninteractive argument of knowledge protocol or zk-SNARK. As we can see, It’s a ZKP-based protocol with additional features.
  • #24 Succinct. It means that The size of the proof is small enough to be verified in a few milliseconds
  • #25 Noninteractive. It means that Only one set of information is sent to the verifier for verification, therefore there is no back and forth communication between the prover and verifier.
  • #26 Argument of knowledge. It means bounded computation for the prover.
  • #27 ZKP protocol can be applied for the following actions.
  • #28 Zcash is the first widespread application of zk-SNARK. In most public blockchains like Bitcoin, Ethereum, Bitshares and etc, transactions are validated by linking the sender address, receiver address, and input and output values. Zcash uses zk-SNARKs to prove that the conditions for a valid transaction have been satisfied without revealing any crucial information about the addresses or values involved.
  • #29 Let consider differences between Bitcoin and Zcash for better understanding how zk-SNARK protocol enables privacy in Zcash. Bitcoin tracks unspent transaction outputs (UTXOs) to determine what transactions are spendable and validates it.
  • #30 In Zcash, the shielded equivalent of a UTXO is called a commitment, and spending a commitment involves revealing a nullifier. Zcash nodes keep lists of all the commitments that have been created, and all the nullifiers that have been revealed. Commitments and nullifiers are stored as hashes, to avoid disclosing any information about the commitments, or which nullifiers relate to which commitments.
  • #31 For each new note created by a shielded payment, a commitment is published which consists of a hash of: the address to which the note was sent, the amount being sent, a number rho which is unique to this note (later this number is used to derive the nullifier), and a random nonce.
  • #32 When a shielded transaction is spent, the sender uses their spending key to publish a nullifier which is the hash of the secret unique number rho from an existing commitment that has not been spent, and provides a zero-knowledge proof demonstrating that they are authorized to spend it.
  • #33 The zero-knowledge proof for a shielded transaction verifies that the following assertions are true.
  • #36 In September 2018 V.Buterin published the article[3] about on-chain scaling to potentially 500 tx/sec. Also It’s a zk-SNARK - based solution. The main idea is to scale asset transfer transactions on ethereum by using ZK-SNARKs to mass-validate transactions. In this case, the cost of a ZK-SNARK verification with the latest protocols is about 600,000 gas. The main goal for ZK-SNARK implementation in the Ethereum blockchain is to reduce the total transaction’s cost.
  • #37 Today, AZTEC team has implemented zk-SNARK-based solution on smart-contract level in Ethereum blockchain. You can use private transactions in Ethereum with AZTEC smart contract using confidentialTransfer function. A standard AZTEC zero-knowledge transaction costs between 800,000 - 900,000 gas.
  • #38 Idemix is the another example of ZKP-based protocol that is suite for privacy-preserving authentication and transfer of certified attributes which is developed by IBM Research. Identity Mixer works in a similar way as client certificates in a classical public-key infrastructure (PKI), but with two important differences: Flexible public keys: Rather than being bound to a single public key, users can have many independent public keys for the same secret key, so that they can use a different keys for each verifier or even for each session. Flexible credentials: The credentials that certify the user’s attributes can be transformed into valid tokens that contain only a subset of the attributes in the original credential.
  • #39 Hyperledger Fabirc is one of the famous Hyperledger’s frameworks for blockchain technology which also has implemented Idemix. There is the picture that described Idemix implementation in Hyperledger Fabric. Idemix crypto package implements basic cryptographic algorithms. In this way, Hyperledger Fabric with Idemix protocol provides strong authentication as well as privacy-preserving features such as anonymity, the ability to transact without revealing the identity of the transactor, and unlinkability, the ability of a single identity to send multiple transactions without revealing that the transactions were sent by the same identity.
  • #40 Hyperledger Indy also uses Idemix. Indy provides a software ecosystem for private, secure, and powerful identity. Indy-anoncreds is the main cryptographical part of Hyperledger Indy which provides privacy of identity’s credentials. It’s ZKP-based upon the Idemix protocol.
  • #41 There are the main steps which describe the main anoncreds workflow. Firstly, the prover creates master key. Master key is used to guarantee that a credential uniquely applies to the prover.
  • #42 Then the Prover creates credentials which is signed by the Issuer’s private key and stores it in the wallet.
  • #43 Finally, the Prover can create the proof to the Verifier.
  • #44 Identity Mixer crypto package was implemented firstly in Golang in Hyperledger Fabric v1.2. There is the example in Go which represents essence of Idemix. There are just high-level pictures which illustrate how it can be implemented in Go. The goal is to prove identity without disclosing Age and City.
  • #45 Firstly, 1. The prover creates keys and credential request to the issuer.
  • #46 After that, The issuer creates credentials for the prover.
  • #47 Then The prover signs the credentials without disclosure Age and City.
  • #48 Finally, The verifier checks the signature using the Issuer’s public key.
  • #49 That’s all I wanted to say. Any questions ?