These technologies offer a way to have your cake and eat it, to enjoy the freedoms of the internet in a fully anonymised way without the corrupting influences of the current era of the internet’s data mining and infringements on personal liberty. But defining this new era of the internet is not without its massive, almost philosophical issues.
One of the biggest problems facing decentralised applications is verification.
Under the current system, third party platforms own a tonne of very specific data about you, and they use this to verify certain queries about you.
Your banking app knows exactly how much money you have, so it can verify whether you can afford to buy that pair of shoes.
Netflix knows exactly how old you are and your geographical location so it knows what content to show you.
Insurance companies collect a bunch of very personal data about you to decide whether they will insure you and protect you from bankruptcy.
Decentralised apps in utopian theory would collect none of this data about you, allowing you to access the internet as a fully anonymised and autonomous agent, without you surrendering any personable data to a third party.
But if no one knows anything about you, how would they verify anything about you?
Some parts of the internet require some form of verification to function safely and effectively, so how can you prove you have the funds to purchase a house, or are old enough to take out a loan, or any of the other very fun things about being an adult. Well, the answer is in something called Zero Knowledge Protocol or Zero Knowledge Proof (ZKP).
Zero knowledge proofs are essentially a way to prove something is true, without revealing its exact status.
Take the banking example, it means that you would be able to transfer money without anyone (like a bank) knowing exactly how much money you have, only whether you have enough to complete the purchase or not. No exact figure is given, but the first party (often called “The Prover”) is able to verify the status of their finances to the second party (“often called “The Verifier”).
ZKPs can be the holy grail for a host of decentralised apps, as it allows all the benefits of the open web, such as e-commerce and wider access to financial markets, but with none of the data-mining and privacy infringements that come with handing data wholesale over to a third party.
Broadly speaking, a ZKP method must satisfy these criteria:
Completeness: If the information provided by the prover is true, then a ZKP method must enable the verifier to verify that the prover is telling the truth.
Soundness: If the information provided by the prover is false, then a ZKP method must allow the verifier to refute that the prover is telling the truth.
Zero-knowledge: The method must reveal to the verifier nothing else than whether the prover is telling the truth or not.
But theoretically how does this work? Well, the best way I found to describe it was rather tellingly in an article that promised to explain it to me like I am five years old.
Imagine two children go trick or treating, and want to see if they have the same amount of sweets, but don’t want to reveal the exact number of sweets they have to each other.
The first child, unfortunately named Bob, has 20 sweets.
The second child, less unfortunately named Alice, has 30 sweets.
Bob gets four lock boxes, and labels them 10, 20, 30 and 40. He then chucks away the keys for all the boxes except for the box labelled 20 (as this is how many sweets he has). He then leaves.
Alice writes down four notes, one with a + and three with a -. She puts the + in the box labelled 30 (as this is how many sweets she has), and the ones labelled - in all the other boxes. She then leaves.
Bob comes back and unlocks his box with 20 on it, finding a note labelled - inside it, showing him that he and Alice do not have the same amount of sweets.
Alice returns and sees Bob holding a note with a - on it, and she now knows they don’t have the same amount of sweets.
This enables the children to compare whether they have the same amount of sweets without actually revealing to each other the exact number. Neither child knows who has more or less sweets and only the truth that they don’t have the same amount is disclosed.
Presumably due to cost and labour law concerns, ZKPs don’t actually use sweets, children and lock boxes to do verification, but the principle is the same.
The Prover is asked to complete a set of calculations (that they would only be able to solve by knowing the status of the thing they are trying to verify) which are run at lightning speed through computer code, and in “Interactive ZKP” (which is usually used peer-to-peer) The Prover has to complete multiple verification processes, making the likelihood of them “lucking” or guessing their way through the correct answers infinitesimally small.
This provides security and verification, without either party surrendering data to a third party or disclosing their own status.
Like a lot of technological advancement, ZKP is not a super new idea.
It is widely accepted that the first outline of functioning ZKP came from a 1985 MIT paper by Shafi Goldwasser, Silvio Micali & Charles Rackoff, where they outlined their vision for “communicating a proof” and described one method of ZKP, which is known as interactive ZKP, where The Prover and The Verifier interact multiple times until The Verifier is satisfied in the The Provers argument.
In terms of who will use ZKP and who is using ZKP, it’s driving a tonne of interest amongst those interested in decentralised, anonymous applications as a way to patch security concerns whilst maintaining privacy.
In fact, whole companies are springing up in the Web3 space specifically designed to integrate ZKPs to blockchains, like The Mina Foundation which provides a great segue into the next section…
It’s no secret that cryptocurrency is the first thing people think of when they think about decentralised applications, and my word crypto needs a publicity boost.
If you don’t keep up to date with the many many scams and security issues blockchain technologies are facing, I highly recommend you check out “Web3 is going just great”, a website built by software engineer Molly White to track such misadventures.
But the basic gist is that Web3 is fraught with danger, which I do agree with whilst disagreeing with the premise that the entire venture is worthless. ZKP could be one of the keys to changing this.
The aforementioned Mina Foundation ran a study on 1,978 crypto traders and developers to discover their attitudes towards ZKP, and the results were clear :
90% said they see cryptocurrencies that incorporate ZKPs are more attractive than those that don't.
78% see ZKPs as important to the future of the metaverse and Web3.
More than 40% see Finance as the industry most in need of ZKP solutions, followed by healthcare (12%), social media (5%), e-commerce (3%), gaming and entertainment (2%), and collectibles such as NFTs (2%).
If decentralisation is to be adopted in the mainstream, then security concerns need to be addressed, and ZKP could be a way to achieve this. I sound like a broken record now, but the ability to verify proofs without trusting a third party with all your data is absolutely groundbreaking, and I truly think that it’s one of the most exciting and overlooked parts of the Web3 space right now.
As with most things I write about here, this is happening as we speak and has a history dating back as I mentioned to 1985.
Organisations like the Mina Foundation are working tirelessly to get ZKP into most blockchains, and Cloudflare announced last year that they would use a ZKP for private web verification. Multiple cryptocurrencies (like Zcash) are already functioning with ZKP as a core principle in their technology.
In the non-tech space, ZKPs are being suggested for things like nuclear disarmament, and there are applications for voting as well, to allow people to vote anonymously and safely.
Keep an eye out for ZKP appearing on more roadmaps for decentralised applications, especially in the finance space, and if you are interested in investing or involving yourself with a Web3 initiative but are concerned about privacy and security, looking for ZKP-led ventures could be a great way to get involved!