Zero knowledge proofs (ZKPs) will revolutionize how we think about privacy and scaling computation.
And they're just starting to take off.Don't want to get left behind?Here's a quick primer, just for you👇
1/ Despite becoming popular only recently in the context of crypto, ZKPs have a rich history.
In 1987, @JamesGleick published an article in The New York Times titled "A NEW APPROACH TO PROTECTING SECRETS IS DISCOVERED".
2/ Even before the advent of blockchains, Gleick describes possible uses of ZKPs, such as protecting credit card numbers and military access codes. Several researchers mentioned in the article won the Turing Award decades later for their work in cryptography.
3/ The lack of software tooling, fast hardware, and alternative options prevented ZKPs from going mainstream until now.
This is similar to how advances in compute and software have enabled neural networks to flourish, even though the algorithms have been around for a while.
4/ But how do ZKPs work?
Well, with a lot of group theory wizardry and "zk circuit" engineering. Let's save that for another thread ;)
5/ For today, let's treat ZKPs as a black-box that allow someone to prove they know some information without revealing it. Furthermore, ZKPs can be verified incredibly quickly even if the associated computation takes a long time to finish.
Alice, Bob, and Carol are having a conversation. Alice asks Bob a question, but doesn't want Carol to know the answer.
Bob can respond with a ZKP, which would confirm him knowing the answer without ever revealing it.
ZKPs always output true or false, and never lie.
7/ Zooming back into the present day, ZKPs promise three use cases.
1. Protecting user privacy
2. Enabling new kinds of transparency
3. A new paradigm for verifying distributed computationLet's pick these apart, one by one.
8/ Let's take a look at the most popular smart contract blockchain. All transactions on Ethereum are public. If the world's financial system shifted to Ethereum overnight, you could see everyone's salaries, transactions, and who they interacted with. This is a huge problem!
9/ Imagine if all your Venmo transactions were public — that's what Ethereum would look like.
Except transactions wouldn't just be splitting food between friends. They could include remittances to family in sanctioned countries or payments towards medical bills.
10/ To reword a comment by @jswihart: If you wouldn't tweet it out, you shouldn't want it on the blockchain.
11/ But on Venmo you can choose to make some transactions private. ZKPs allow blockchain participants to flexibly choose which transactions they want to disclose and which they want to hide.
13/ Financial institutions can make crypto investments in private without leaking alpha.Similar to investing laws placed on members of congress, ZKPs can hide investments for a certain amount of time before revealing them on chain through smart contracts.
14/ And it's not just crypto.
This is a public company serving millions of websites!
Introducing Zero-Knowledge Proofs for Private Web Attestation with Cross/Multi-Vendor Hardware
In Cryptographic Attestation of Personhood the server sends a message to the browser that the hardware security signs, demonstrating its authenticity.
Bitcoin is to programmable money as zero knowledge is to programmable privacy.
This is a totally novel concept!
16/ ZKPs also allow for a radically new level of financial transparency. Corporations can selectively make certain payments public to allow for an audit trail, while hiding information about confidential clients, employee salaries, contractors, suppliers, and investments.
17/ Moreover, financial entities can be forced to provide a Proof of Solvency to the rest of the world.Every few weeks, regulators can require banks to publish a ZKP that proves to everyone that their assets exceed their liabilities.
18/ Now, let's take a look at ZKPs in verifiable computing.What if you wanted to offload a difficult task to a machine better suited to do so? What if you didn't trust the results of that machine because it's run by a third party?You could require the machine to submit a ZKP!
19/ A big issue with blockchains right now is scaling. One solution is using rollups.Blockspace is expensive. ZK-rollups move compute that would have otherwise been on the main chain to a cheaper compute environment.In the end, only a short ZKP is committed to the main chain.
20/ There are entire L1 blockchains dedicated to using the succinctness of ZKPs for scaling, such as @MinaProtocol.
Imagine the entire state of a blockchain stored in a set of ZK proofs shared across nodes and updated in parallel.
You could set up a new node in seconds!
21/ But there's no such thing as free lunch. What's the catch with ZKPs and why is their time now?
Once we reach faster prover speeds for ZKPs, we could see zk-rollups overtaking other choices.
23/ ZKPs involve complex calculations, many of which haven't been necessary for computing before. This makes hardware costs expensive.
Example: It can cost up to ~500K gwei to verify a single ZKP on Ethereum.ZKP verification can also be costly for similar reasons.
24/ Engineers are working hard on two fronts to solve these problems.
1. Designing better custom hardware for ZKPs.
2. Building more performant (and easier to use) software and tooling for ZKPs.
These two inflection points provide the perfect tailwinds for a ZK future.
25/ We'll be diving into both of these topics in a later threads, but here's a sneak peek.
@Ingo_zk has an entire toolkit for using FPGAs on AWS, enabling cheaper and faster ZK.
28/ In sum:
ZKPs provide a new layer of optionality when it comes to user privacy.
The future of distributed computing will rely on ZKPs to offload intensive work to third-parties in a trustless manner.
ZKP developer tools are still new. Now's the best time to start building.
29/ Interested in ZK and want to chat? DMs open!I'll be publishing more ZK content over the next few weeks and would love to get your input.Thanks @yb_effect for proofreading + edits.