Zero-Knowledge Proofs - Proving Without Revealing
About 2 min read
A Zero-Knowledge Proof (ZKP) is a cryptographic technique that proves you know a piece of information without revealing the information itself at all. In 1985, Shafi Goldwasser, Silvio Micali, and Charles Rackoff established its theoretical foundation. As an innovative technology that reconciles privacy and security, such as authenticating without sending a password or verifying the legitimacy of a transaction without disclosing its contents, it sits at the forefront of encryption technology.
Understanding the Concept - The Cave of Ali Baba
The concept of zero-knowledge proofs can be understood intuitively through the parable of "the Cave of Ali Baba." Deep inside a ring-shaped cave there is a magic door that only someone who knows the secret word can pass through. The prover (Peggy) wants to prove to the verifier (Victor) that she knows the secret word, but does not want to reveal the word itself.
Through this process, Victor gains confidence that "Peggy knows the secret word," yet he cannot learn the secret word itself at all. This is the essence of a zero-knowledge proof.
zk-SNARK and zk-STARK
| Property | zk-SNARK | zk-STARK |
|---|---|---|
| Trusted setup | Required | Not required |
| Proof size | Small (hundreds of bytes) | Large (tens of KB) |
| Verification speed | Fast | Somewhat slow |
| Quantum resistance | None (depends on elliptic curves) | Yes (depends on hash functions) |
zk-SNARK (Succinct Non-interactive Argument of Knowledge) has a small proof size and fast verification, but its initial setup requires trust. zk-STARK (Scalable Transparent Argument of Knowledge) needs no setup and is quantum-resistant, but its proof size becomes large. Choosing the right one for the use case is important.
Application to Password Authentication
In traditional password authentication, the user sends the password to the server, which then checks it. This approach carries the risk of the password leaking over the communication path or on the server side. By applying zero-knowledge proofs, you can prove only that you "know the correct password" without sending the password itself. The SRP (Secure Remote Password) protocol is based on this idea and is adopted by password managers such as 1Password. The article The Basics of Encryption explains the overall picture of the related cryptographic technologies.
Zero-Knowledge Encryption Services
A cloud service that advertises itself as "zero-knowledge" means it is designed so that the service provider itself cannot decrypt the user's data. Proton Mail provides end-to-end encryption for email, and not even Proton's servers can read the contents of messages. Tresorit adopts the same design for file storage. In these services, encryption is performed on the client side with a key derived from the master password, and only the ciphertext is stored on the server. Please also refer to the article Balancing Privacy and Convenience.
Real-World Use Cases
"For identity verification at a financial institution, we are considering a mechanism to prove that someone is 18 or older without disclosing their date of birth. With zero-knowledge proofs, it may be possible to satisfy compliance requirements using only the minimum necessary information."
Common Misconceptions
There is a misconception that "zero-knowledge = no data exists," but the data does exist. Zero-knowledge means that "the verifier gains no new knowledge during the proof process." In addition, even zero-knowledge encryption services come with the trade-off that if you forget your master password, your data cannot be recovered. It is important to decide on adoption after understanding the balance between convenience and security. For those interested in the latest trends in cryptography, zero-knowledge proof books on Amazon are a helpful reference. The article Post-Quantum Cryptography and Password Security also explains the cryptographic technology of the quantum era.
Was this article helpful?