Hacker Lexicon: What Are Zero-Knowledge Proofs?

How do you make blockchain and other transactions truly private? With mathematical models known as zero-knowledge proofs.
Illustration: Elena Lacey

In digital security, the less stray information floating around the better. The fewer companies storing your financial records, the less likely they'll be exposed in a breach. But though there are lots of ways to cut down on data sharing and retention, there are some things services just need to know, right? Thanks to the cryptographic method known as “zero-knowledge proofs” that’s not always the case.

Zero-knowledge techniques are mathematical methods used to verify things without sharing or revealing underlying data. Think of a payment app checking whether you have enough money in your bank account to complete a transaction without finding out anything else about your balance. Or an app confirming a password's validity without needing to directly process it. In this way, zero-knowledge proofs can help broker all sorts of sensitive agreements, transactions, and interactions in a more private and secure way.

Zero-knowledge protocols are probabilistic assessments, which means they don't prove something with the complete certainty that simply revealing it would. Instead, they provide small pieces of unlinkable information that can accumulate to show that the validity of an assertion is overwhelmingly probable.

Researchers at MIT first started developing the concept of a zero-knowledge proof in the 1980s. A classic example of the utility of zero-knowledge proofs describes two millionaires, Alice and Bob, who want to know which of them has more money without revealing how much wealth they each have. The techniques have come into prominence over the past decade in a more concrete way thanks in part to their usefulness in blockchain applications like cryptocurrencies. For example, zero-knowledge proofs can be used to validate cryptocurrency transactions managed on a blockchain and combat fraud without revealing data about which wallet a payment came from, where it was sent, or how much currency changed hands. By contrast, digital currency that doesn't incorporate zero-knowledge proofs, like Bitcoin, reveals all of that information.

In addition to cryptocurrency, researchers have looked to apply zero-knowledge proofs to digital identification mechanisms, a secure alternative to the fog of birth certificate photocopies and smartphone photos of passports. Those ID schemes could also allow people to prove that they meet a minimum age requirement without sharing their date of birth, or that they have a valid driver's license without handing over their number.

"We have zero-knowledge proofs that can prove really complicated programs, and verifying them is much faster than actually re-computing the entire program yourself," says Johns Hopkins cryptographer Matthew Green. "So if I wanted to prove to you that I have a blockchain that is correct, I can just give you a proof—this is much faster than going through the whole blockchain and checking it yourself."

Beyond blockchain data verification, recently improved agility in zero-knowledge proofs can apply to all different types of size and scale comparisons. And researchers suggest that such techniques could also potentially be used physically in, say, nuclear arms control, to determine the nuclear missile capabilities of different countries without directly being able to inspect their weapons.

In July, the Defense Advanced Research Projects Agency announced a new initiative called Securing Information for Encrypted Verification and Evaluation that aims to adapt zero-knowledge proofs for use by the US military. In practice, that might mean developing capabilities to prove the origin or provenance of data without revealing how it was specifically obtained. It could involve proving that a digital system has a security vulnerability, without needing to disclose details about the vulnerability or methods to exploit it. The most concrete SIEVE example relates to attributing a cyberattack to a specific group of people, entity, or nation. In this situation, the goal would be the ability to prove attribution without needing to reveal classified intelligence or either side's specific hacking capabilities. If zero-knowledge proofs could be used in this way, the technique would make it significantly easier to deal with cybersecurity's well-documented "attribution problem.

Zero-knowledge proofs could also be used for government transparency initiatives in other ways, like to prove that IRS audits are being selected fairly.

As is unfortunately often the case, the enormous potential of zero-knowledge proofs can sometimes lead the phrase to be over-used. "Zero-knowledge is one of the most misused term," says Jean-Philippe Aumasson, CEO of the Swiss IoT encryption company Teserakt AG. "It's sometimes used to refer to user encryption when the server has 'zero knowledge' of the data. And there's also 'zero-knowledge architecture,' but these don't necessarily have much to do with zero-knowledge proofs."

There's really no reason to overhype zero-knowledge proofs, though, since they already have plenty of powerful potential to change how systems privately and securely verify information. But even decades after their development, it's still early days in understanding how to most effectively apply the techniques and spot flaws in how the components are designed and implemented.

"Zero-knowledge is probably the most useful technology we've got, and we've barely begun to use it," Johns Hopkins' Green says. "There's a lot more that we can probably figure out to do with it, but at the moment we're just groping around."


More Great WIRED Stories