Skip to main content

Zero-knowledge proofs

A zero-knowledge proof (ZKP) allows someone to prove they know a secret without revealing it. For example, a ZKP can prove that an attribute has a value within a range without revealing its exact value. A potential client of a DApp or service can use ZKP to selectively disclose information from their self-sovereign identity without disclosing other information.

For example, consider a person wishing to vote in a local election. They must reside within the electorate, be on the voters' roll, and not have voted before. To establish these facts in a conventional setting, they must show a document disclosing their home address, date of birth, and full name. In addition, the name of every voter must be marked off the roll as they vote. This could expose the voter to coercion by an unscrupulous administration.

In a zero-knowledge setting, using a digital ID with an appropriate application, the citizen can prove that their address is within a geographical area, they are registered to vote, and have not voted already without disclosing any personally identifiable information.

In general, ZKPs can be used to make statements such as:

  • A company is not on a sanctions list
  • A customer is over 28 years of age
  • A customer has purchased over €1m of product in the past year.

In cases like these, the assertion can be proven without the need to reveal other information.

ZK Snarks

Midnight uses a zero-knowledge succinct non-interactive argument of knowledge (ZK Snark), which is a specific type of ZKP that is particularly efficient and powerful. There are two important differences:

  • Succinctness: ZK Snarks are succinct, meaning that the proof size remains sublinear with respect to the size of the statement being proved. This property is highly desirable as it allows for efficient verification and reduces the amount of data that needs to be transmitted.
  • Efficiency: ZK Snarks are non-interactive proofs, meaning that the prover can generate the proof without requiring any additional interaction with the verifier. This is different from other types of ZKP, which typically involve multiple rounds of communication.

How do ZK Snarks work?

Because ZK Snarks are non-interactive arguments of knowledge, they allow a prover to demonstrate the truth of a statement without the need for ongoing interaction with a verifier. Proof generation and verification involve mathematical operations and structures, such as elliptic curve pairings and advanced algebraic techniques.

The high-level process looks as follows:

zk-snarks

Figure 1. How ZK Snarks work

Here is a more detailed explanation of how ZK Snarks work:

  • Setup phase. Similar to other cryptographic protocols, ZK Snarks begin with a setup phase by establishing certain parameters. These parameters play a crucial role in the security and functioning of the scheme.
  • Key components. ZK Snarks involve several key components, including elliptic curve pairings (mathematical structures used in cryptography to secure data) and specialized hash functions (tools that transform data into fixed-size values, like a unique digital fingerprint of information). These components contribute to the creation of succinct and highly efficient proofs.
  • Circuit construction. Circuit construction is like a roadmap with a mathematical representation of the problem to be solved translated into an arithmetic circuit. This circuit encompasses various operations and constraints related to the statement being proven.
  • Witness and proof generation. The prover, who possesses a secret (the ‘witness’) related to the statement, constructs a ZK Snarks proof. This involves a series of cryptographic operations combined with the circuit's constraints and the public parameters from the setup phase. The result is a compact proof, attesting to the statement's truth without revealing any details about the witness.

Verification. The verifier, armed with the proof, the public parameters, and the original statement, can now efficiently verify the proof's validity. This process involves mathematical computations that confirm the proof's correctness, ensuring that the prover indeed possesses the correct witness for the statement.