I am taking Blockchain, Cryptocurrency, and Distributed Ledger Technology being offered for the first time at University of Pennsylvania co-taught by David Crosbie from the Computer Science Department and Kevin Werbach from Wharton. Throughout this class I have gained a balanced view and lot of hands-on in-depth experience with cryptocurrencies and blockchain. I have purchased cryptocurrency, tumbled cryptocurrency, wrote smart contracts in Solidity, and consulted with a Consensys startup in the process of conducting an ICO.
As a part of this class I am publishing a brief summary of why zero knowledge proofs are useful and highlighting some interesting venture backed startups that use zero knowledge proofs.
Zero-knowledge proofs are a way for somebody to prove a (mathematical) statement without revealing any other information that leads to that statement being true.[1] A zero knowledge proof application must always return true if the input is true, not be possible to trick the proof to return an inaccurate answer, and the input should always remain a secret. This simply means that something can be verified cryptographically by share the zero-knowledge proof without revealing what that something is.
Every transaction of the blockchain is public and can be viewed by anyone. People or enterprises may be wary of competitors or friends being able to see lots of data about the them based on public transactions on the blockchain. The public could see their suppliers, how much they are paying employees, and a host of other data that could be used against them. People want the benefit of blockchain, securely verifying multi-party transactions that you may not trust, without the drawback of revealing their private data. Zero-knowledge proofs make it possible to transfer information on a blockchain network with complete privacy.
Some examples where zero knowledge proof could be useful are the follows:
Verify required bank balance for an auction attendee Alice. If the bank sends a letter with a digital signature to the auction with the Alice’s bank balance the bank has reduced her privacy to the auction and Alice’s bank now knows exactly what she is trying to do. With zero knowledge proof Alice could receive a signed statement of bank balance which can be kept secret. The attendee can build custom zero knowledge proofs as needed to verify a minimum balance and maintain privacy of her balance and her commercial intentions from her bank.
Supply chain management is another example where individual parties may not want the exact amount paid, to whom, and when to be publicly available. This could be extrapolated to figure out when new products will launch, new materials being used, and a whole host of other information that a competitor would like to use for their own gain. A store for example may want to verify that a manufacturer has enough raw materials to handle their order. However, the manufacture will not want to share exactly how much raw material they have as it will impact pricing. Zero knowledge proof will allow this verification to occur by proving cryptographically at least a certain amount of raw materials privately.
The concept of Zero Knowledge was first proposed in 1985 by Shafi Goldwasser et all in the paper, “ The knowledge complexity of interactive proof systems”.[2] The zk-SNARK protocol (zero-knowledge Succinct Non-Interactive Arguments of Knowledge) allows for the sender/receiver and amount of transactions to be hidden from the shared public ledger while still being able to prove mathematically that the transactions are accurate. This protocol also introduces innovations that reduced the size of the proofs and the computational effort needed to verify them. These advancements allowed zero-knowledge proofs to be used on a blockchain.
A known challenge with zk-snarks is the trusted setup process. “The setup is a process where the CRS (Common Reference String) is generated, or more publicly known as the pair of proving and verification keys.”[3] If the trusted setup is compromised and the pair of proving and verification keys are known one could create as many correct proofs as desired. This is an active research area where solutions or ways to manage the setup process have and are still being developed.
Zcash is one of the first widespread application of zk-snarks.[4] Zcash is a cryptocurrency that shields addresses and their associated balances on the blockchain. Z cash is the 19th most valuable cryptocurrency as of writing has a market cap of $418,469,638. [5]
Below I will highlight a few interesting startups that are at the bleeding edge leveraging zero-knowledge proofs.
QEDIt – is an Israeli startup that created an SDK for zero-knowledge proofs so that enterprises can easily deploy zero-knowledge proof blockchains. The companies claims that the SDK is adaptable to every blockchain stack. In March 2018 QED it raised an undisclosed amount of venture capital. The team has Professor Zohar who is a leader in cryptography and cryptocurrency and two serial entrpreneurs one of which created the first Bitcoin exchange in Israel Bitgold. A use case of QEDIt is instead of auditors overseeing due diligence for a financial transactions companies could transact directly and share proof of data accuracy being requested utilizing zero-knowledge proofs without revealing the underlying data.
To address the trusted setup process QEDIt uses a multi-party computation process where to ensure proofs aren’t forged. More detail on this here.
Starkware– is an Israeli startup founded by the team that created Zcash. Starkware and just raised $30M dollars from a group of prominent venture capitalists including Sequoia and Atomico to name a couple. Starkware is commercializing the zk-STARK and it claims to be addressing scalability, privacy, and will not require a trusted setup. The company website states plans to “software and hardware to support fast and reliable generation and verification of computational integrity proofs for general computations.”
AZTEC – a London based startup received $2.1M in seed financing on Thursday November 29th with the round led by Consensys labs. The startup is working to leverage zk-snarks to make Ethereum transactions private and 2 times faster so that financial institutions and other enterprises can more comfortably use Ethereum. Consensys says AZTEC is close to production and is one of the most efficient in terms of gas costs.
Zero-knowledge proofs hold a lot of promise for a lot of applications. It allows control of one’s data while still being able to provide trust to parties interact with while maintaining privacy. There is a lot of innovation happening in this space and I am excited to see how this space evolves.
[1] Narayanan et al, Bitcoin and Cryptocurrency Technology,186.
[2] Shafi Goldwasser et al, “The Knowledge Complexity of Interactive Proof Systems”, http://people.csail.mit.edu/silvio/Selected%20Scientific%20Papers/Proof%20Systems/The_Knowledge_Complexity_Of_Interactive_Proof_Systems.pdf (accessed December 2, 2018).
[3] Gurkin Kobi, “Creating fakezkSnark proofs”,https://medium.com/qed-it/how-toxic-is-the-waste-in-a-zksnark-trusted-setup-9b250d59bdb4 (accessed December 2, 2018).
[4] “What are zk-snarks?” http://z.cash/technology/zksnarks (accessed December 2, 2018)
[5] https://coinmarketcap.com/
As a part of this class I am publishing a brief summary of why zero knowledge proofs are useful and highlighting some interesting venture backed startups that use zero knowledge proofs.
Zero-knowledge proofs are a way for somebody to prove a (mathematical) statement without revealing any other information that leads to that statement being true.[1] A zero knowledge proof application must always return true if the input is true, not be possible to trick the proof to return an inaccurate answer, and the input should always remain a secret. This simply means that something can be verified cryptographically by share the zero-knowledge proof without revealing what that something is.
Every transaction of the blockchain is public and can be viewed by anyone. People or enterprises may be wary of competitors or friends being able to see lots of data about the them based on public transactions on the blockchain. The public could see their suppliers, how much they are paying employees, and a host of other data that could be used against them. People want the benefit of blockchain, securely verifying multi-party transactions that you may not trust, without the drawback of revealing their private data. Zero-knowledge proofs make it possible to transfer information on a blockchain network with complete privacy.
Some examples where zero knowledge proof could be useful are the follows:
Verify required bank balance for an auction attendee Alice. If the bank sends a letter with a digital signature to the auction with the Alice’s bank balance the bank has reduced her privacy to the auction and Alice’s bank now knows exactly what she is trying to do. With zero knowledge proof Alice could receive a signed statement of bank balance which can be kept secret. The attendee can build custom zero knowledge proofs as needed to verify a minimum balance and maintain privacy of her balance and her commercial intentions from her bank.
Supply chain management is another example where individual parties may not want the exact amount paid, to whom, and when to be publicly available. This could be extrapolated to figure out when new products will launch, new materials being used, and a whole host of other information that a competitor would like to use for their own gain. A store for example may want to verify that a manufacturer has enough raw materials to handle their order. However, the manufacture will not want to share exactly how much raw material they have as it will impact pricing. Zero knowledge proof will allow this verification to occur by proving cryptographically at least a certain amount of raw materials privately.
The concept of Zero Knowledge was first proposed in 1985 by Shafi Goldwasser et all in the paper, “ The knowledge complexity of interactive proof systems”.[2] The zk-SNARK protocol (zero-knowledge Succinct Non-Interactive Arguments of Knowledge) allows for the sender/receiver and amount of transactions to be hidden from the shared public ledger while still being able to prove mathematically that the transactions are accurate. This protocol also introduces innovations that reduced the size of the proofs and the computational effort needed to verify them. These advancements allowed zero-knowledge proofs to be used on a blockchain.
A known challenge with zk-snarks is the trusted setup process. “The setup is a process where the CRS (Common Reference String) is generated, or more publicly known as the pair of proving and verification keys.”[3] If the trusted setup is compromised and the pair of proving and verification keys are known one could create as many correct proofs as desired. This is an active research area where solutions or ways to manage the setup process have and are still being developed.
Zcash is one of the first widespread application of zk-snarks.[4] Zcash is a cryptocurrency that shields addresses and their associated balances on the blockchain. Z cash is the 19th most valuable cryptocurrency as of writing has a market cap of $418,469,638. [5]
Below I will highlight a few interesting startups that are at the bleeding edge leveraging zero-knowledge proofs.
QEDIt – is an Israeli startup that created an SDK for zero-knowledge proofs so that enterprises can easily deploy zero-knowledge proof blockchains. The companies claims that the SDK is adaptable to every blockchain stack. In March 2018 QED it raised an undisclosed amount of venture capital. The team has Professor Zohar who is a leader in cryptography and cryptocurrency and two serial entrpreneurs one of which created the first Bitcoin exchange in Israel Bitgold. A use case of QEDIt is instead of auditors overseeing due diligence for a financial transactions companies could transact directly and share proof of data accuracy being requested utilizing zero-knowledge proofs without revealing the underlying data.
To address the trusted setup process QEDIt uses a multi-party computation process where to ensure proofs aren’t forged. More detail on this here.
Starkware– is an Israeli startup founded by the team that created Zcash. Starkware and just raised $30M dollars from a group of prominent venture capitalists including Sequoia and Atomico to name a couple. Starkware is commercializing the zk-STARK and it claims to be addressing scalability, privacy, and will not require a trusted setup. The company website states plans to “software and hardware to support fast and reliable generation and verification of computational integrity proofs for general computations.”
AZTEC – a London based startup received $2.1M in seed financing on Thursday November 29th with the round led by Consensys labs. The startup is working to leverage zk-snarks to make Ethereum transactions private and 2 times faster so that financial institutions and other enterprises can more comfortably use Ethereum. Consensys says AZTEC is close to production and is one of the most efficient in terms of gas costs.
Zero-knowledge proofs hold a lot of promise for a lot of applications. It allows control of one’s data while still being able to provide trust to parties interact with while maintaining privacy. There is a lot of innovation happening in this space and I am excited to see how this space evolves.
[1] Narayanan et al, Bitcoin and Cryptocurrency Technology,186.
[2] Shafi Goldwasser et al, “The Knowledge Complexity of Interactive Proof Systems”, http://people.csail.mit.edu/silvio/Selected%20Scientific%20Papers/Proof%20Systems/The_Knowledge_Complexity_Of_Interactive_Proof_Systems.pdf (accessed December 2, 2018).
[3] Gurkin Kobi, “Creating fakezkSnark proofs”,https://medium.com/qed-it/how-toxic-is-the-waste-in-a-zksnark-trusted-setup-9b250d59bdb4 (accessed December 2, 2018).
[4] “What are zk-snarks?” http://z.cash/technology/zksnarks (accessed December 2, 2018)
[5] https://coinmarketcap.com/