原文:Zero-knowledge proofs explained in 3 examples
Author: Tian Daphne
Translation: Open Privacy Computing & PrimiHub
Zero-knowledge proof is a method of proving the validity of a statement without revealing its content. It is a proof system that enables users to share knowledge or proof of ownership publicly without revealing its details.
In cryptography, zero-knowledge proofs allow users to convince other users that they know something or have done something without revealing the secret content, and it is by far one of the most powerful tools in cryptography.
Below, we've delved into the concept of zero-knowledge proofs and helped readers understand how they work through a few easy-to-understand examples.
1. A brief history of zero-knowledge proofs
Zero-knowledge in cryptography first appeared in the 1985 paper The knowledge complexity of interactive proof systems [GMR85] , proposed by pioneers Shafi Goldwasser, Silvio Micali, and Charles Rackoff. They provide a definition of zero-knowledge proofs that are widely used today:
"A zero-knowledge protocol is a method by which one party (the prover) can prove to another party (the verifier) that a certain statement is true without revealing any information other than that this particular statement is true."
Zero-knowledge proofs must satisfy three properties:
- Completeness: An honest verifier will be convinced by an honest prover if the statement is true.
- Stringency: No dishonest prover can convince an honest verifier if the statement is false. Prove that the system is honest and does not allow cheating.
- Zero-knowledge: If a statement is true, no verifier will learn anything other than that the statement is true.
Interactive zero-knowledge proofs require a back-and-forth dialogue between a prover and a verifier in order to complete the proof. Non-interactive zero-knowledge proofs are where the prover sends a single message to the verifier, and the verifier is able to check the validity of the proof without requiring further communication from the prover. The following figure is the development history of zero-knowledge proof:
zk-SNARK (Succinct Non-Interactive Arguments of Knowledge) is probably the most popular form of zero-knowledge proof, first appearing in the Bit+11 paper in 2011. By 2013, zero-knowledge proofs could be used in real-world applications thanks to Pinocchio's PHGR13 paper, which made zk-SNARKS suitable, albeit slowly, for general computation. The Groth16 algorithm, proposed in 2016, greatly reduces computational complexity, making zk-SNARKS very efficient and is still the standard today.
However, a trusted setup is crucial to the security of these zero-knowledge protocols. The cryptographic parameters must be generated using the initialization process to be able to run the zero-knowledge protocol. This is performed by a third party to ensure that the encryption parameters are random, unpredictable and secure.
This was followed by the introduction of Bulletproofs (BBBPWM17) in 2017 and zk-STARKs (BBHR18) in 2018. Unlike their predecessors, they are a type of range proof that does not require an initial trusted setup. The 2019 PlonK paper implements a general-purpose zero-knowledge proof algorithm, which means only one trusted setup needs to be started, compared to Groth16 which requires a separate trusted setup for each circuit.
Due to the development of the field, zero-knowledge proof has transitioned from pure theory to application, and has practical applications in blockchain, secure communication, electronic voting, access control and games. As these technologies continue to be put into commercial use, I believe that there will be many more exciting developments in the future to advance this technology.
Here are some conceptual examples to help you intuitively understand different levels of Zero-Knowledge Proofs (ZKPs) without getting involved in complex theory and advanced mathematics .
2. Explain zero-knowledge proofs to children (Lv.1)
Where is Wally?
Proving that one knows something without revealing secret information can be illustrated with the usual "Where's Wally?" example.
Question : You and your friends want to find Wally.
Condition : You know where Wally is in the image, but your friends don't believe it. How do you prove to your friends that you know where Wally is without revealing his exact location?
The solution : You can take out a large piece of paper, cover the entire image, and show a friend the image of Valli through a cutout. Doing this will prove that you really know where Wally is, but your friend won't get Wally's location because the exact coordinates relative to the image are still unknown to him.
This is a simple analogy for a non-interactive zero-knowledge proof. Anyone who sees Vali through the aperture is able to prove that Valli exists and that the prover knows where he is without revealing any other information.
3. Explain zero-knowledge proof to friends (Lv.2)
Example of proof of membership
Problem : When you meet someone you don't know, but she claims to be part of your team as well. How do you know she's telling the truth?
Solution : Luckily, your team has a safe with a lock, and only your team members know the combination and can open the safe. So write a secret message and put it in a locked safe. Specific steps are as follows:
- The verifier writes a secret message and puts it in a locked safe.
- A qualified prover has the code, which opens the locked safe.
- The prover returns the secret information to the verifier.
- The verifier is sure that the prover really knows the password to the safe and can therefore be trusted.
If the stranger was a team member as she said, she would know the password. As such, she'll be able to open the locked safe and find your secret message, thus proving to you that she is indeed part of your team.
This is an analogy for interactive zero-knowledge proofs. Only an actual member of the team would know the secret combination code (password), gaining access to the locked safe, thus proving his membership without revealing any other information.
4. Explain the zero-knowledge proof to the team (Lv.3)
Example of opaque pricing
In this example, you and your competitor are buying the same material from the same supplier and you want to know if you are paying the same price per kilogram. However, you lack sufficient trust between you to reveal your respective prices, and you are contractually bound not to share this information.
Assuming that the market price of the material can only be 100, 200, 300 or 400 per kilogram, in this case we can solve the above problem through zero-knowledge proof. Follow the steps below:
- You and your competitor want to know whether you are paying the same price without disclosing how much each is paying.
- Assume that there are 4 lock boxes with locks (which cannot be opened without a key), each marked with numbers 100, 200, 300 and 400, and a small slot for only one piece of paper, placed in a safe in a private room.
- You first enter the room alone. Since you pay 200 per kilo, you take the key to the lock box marked 200, and destroy the keys to the other boxes, and you leave the room.
- Your competitor enters the room alone with 4 sheets of paper, 1 of which is a check (for no specific amount) and 3 of which have crosses on them. Since your competitor pays 300 per kilo, he puts the paper with the check in the lockbox marked 300, puts the paper with the cross in the other lockbox, and finally leaves the room.
- After they leave, you can return with the key that only opens the box labeled 200. You'll find a piece of paper with a cross on it, and now you know your competitors aren't paying the same amount as you.
- Your competitors come back and see you have a piece of paper with a cross on it, so now they also know that you didn't pay the same amount as they did.
If you get a piece of paper with a check on it, both of you will know you paid the same amount. Because of the crosses on the paper you got, you both know you didn't pay the same amount, but neither do you know how much the other paid.
You both walk away knowing you didn't pay the same amount, but neither of you gains the knowledge of how much the other paid.
Here's another analogy to an interactive zero-knowledge proof using the original half-range proof. It's important to note that all of these examples have limitations and must assume certain assumptions, but they are enough to illustrate how they work.
Five, finally
This article explains the concept and principle of zero-knowledge proof in a progressive and easy-to-understand manner through three examples.
By understanding how zero-knowledge proofs work, zero-knowledge proofs are not magic. It currently has great potential in blockchain and various applications that require sensitive information, such as providing cryptographic proofs, proofs of identity, and proofs of membership. For example, some foreign banks use zero-knowledge proof technology to allow their customers to prove the amount in the bank account without disclosing the specific amount in the mortgage loan application.
Microsoft official announcement: Visual Studio for Mac retired The programming language created by the Chinese developer team: MoonBit (Moon Rabbit) Father of LLVM: Mojo will not threaten Python, the fear should be C++ The father of C++ Bjarne Stroustrup shared life advice Linus also Dislike the acronym, what TM is called "GenPD" Rust 1.72.0 is released, and the minimum supported version in the future is Windows 10 Wenxin said that it will open WordPress to the whole society and launch the "100-year plan" Microsoft does not talk about martial arts and uses "malicious pop-ups "Prompt users to deprecate Google's high-level, functional, interpreted, dynamic programming languages: CrumbPrimiHub is an open source privacy computing platform built by a team of cryptography experts, focusing on sharing technologies and content in privacy computing fields such as data security, cryptography, federated learning, and homomorphic encryption.