---
type: slide
slideOptions:
theme: black
#transition: 'fade'
---
Zero Knowledge Cryptography
<div>
<p style="font-size: 30px; color:#00b8ff">
Alex Pruden
</p>
</div>
---
#### How to Follow along
![](https://i.imgur.com/S8PtROz.png)
...and please add suggestions or comments!
Note:
- Sharing link to let everyone follow along
- Save you (the audience) the trouble of notes
- Hope that this talk can be a public resource for ppl
---
## About Me
---
## Agenda for this Talk
</br>
- A brief introduction to zk-cryptography
</br>
- A brief introduction and discussion of Aleo
</br>
- Use cases
</br>
- Q & A
---
:book:
## A short history of zkps
---
## Motivating Problem
Two cryptographers walk into a bar...
---
### Starting with Interactive Proofs ###
<!-- .slide: style="font-size: 32px;" -->
- A class of cryptographic schemes called interactive proof (IP) systems
- Two parties: prover and a verifier
- Prover hands a proof of some result to the verifier
- After some back & forth, verifier accepts or rejects
<div style="color:#d600ff; padding-top:30px">
<p>Turns out that this paradigm can apply to a huge range of problems!<!-- .element: class="fragment" data-fragment-index="1"-->
</p>
</div>
Note:
- Yes, I know that IP is a complexity class too
- TODO: Make this nicely fragmented
---
### Starting with Interactive Proofs ###
<!-- .slide: style="font-size: 32px;" -->
![](https://i.imgur.com/d9yNc5P.png)
- Alice makes a claim
- Bob asks some questions & Alice answers
- Bob either accepts :+1: or rejects :-1:
The interaction (or transcript :scroll:) is **shorter** than thcomputation proven
Note:
* So here's what interactive proofs look like
* There's Alice the prover and Bob the verifier
* They exchange some messages and at the end Bob accepts Alice' proof as valid
* Typically Bob has access to some randomness that he uses to construct his queries
---
## Key Properties ##
<div style="padding:50px">
Verify long computation <strong>more efficiently</strong> than just re-running the computation
</div>
* Completeness
* Soundness
* <span style="color:#d600ff"><!-- .element: class="fragment" data-fragment-index="1"-->Zero-Knowledge?</span>
Note:
* Any statement can be proven
* Verifier rejects a false proof
* What about zk?
* What if we could do it w/o revealing info about the computation?
---
![](https://i.imgur.com/KXYxkVB.png)
Note:
* Two MIT professors and UToronto professor in the 1980s created a variant where the verifier *learns nothing* except just whether proof is correct
* The prover knows something (the "witness") that must be true in order to the statement to be true
* Authors won the Turing Award for this work in 2012
---
## Zero Knowledge proof Flavors
</br>
- <span style="font-size:30px;">Interactive Proofs + zero-knowledge :arrow_right: Sigma Protocols :beer: </span>
- <span style="font-size:30px;">Sigma Protocols + :8ball: (Fiat-Shamir) :arrow_right: NIZKs :wine_glass: </span>
- <span style="font-size:30px;">NIZKs + :sparkles: :arrow_right: zkSNARKs :tropical_drink: </span>
---
<p><span style="color:#00ff9f">Z</span>ero-<span style="color:#00ff9f">K</span>nowledge </span><span style="color:#00ff9f">S</span>uccinct <span style="color:#00ff9f">N</span>on-Interactive <span style="color:#00ff9f">Ar</span>gument of <span style="color:#00ff9f">K</span>nowledge</p>
Note:
- "succinct" here can mean a wide variety of things
- The practical difference between SNARKs, STARKs, and BPs
---
### The Evolution from $\Sigma$ to zkSNARK
![](https://i.imgur.com/TBUt2X9.png)
Note:
- Paper by Goldwasser/Micali/Rackoff in '85
- Schnorr Protocol in the '90s
- PCPs (garnered research interest in '90s + '00s)
---
## What are they good for?
- Before ZKPs, there was a fundamental tension between *proving* something was true, and *hiding* that information from view
- But ZKPs break that paradigm, letting you have your :cake: and eat it too!
- (Don't) trust, but verify
<div style="padding-top:60px"><!-- .element: class="fragment" data-fragment-index="1"-->
They <span><strong>conceal</strong> <!-- .element: class="fragment highlight-red" data-fragment-index="2"--> </span> and <span><strong>compress</strong><!-- .element: class="fragment highlight-red" data-fragment-index="3"--> </span> information
</div>
Note:
- Example, proving a hand in poker w/o revealing cards
- They do so in an adversarial environment (no trust required!) making them natural fits for Web3 use cases
- Also complement the existing client-server model of the web
---
## What Zero-Knowledge Proofs are <span><!-- .element: class="fragment highlight-red" data-fragment-index="1"-->NOT</span>
<br>
<div style="text-align: left; padding-left: 20px">
<p>❌ a generalized solution for private computation</p>
<p>❌ a perfect fit for every every use case</p>
<p>❌ without with their own trust assumptions</p>
</div>
---
:octagonal_sign:
## Challenges
<br>
- :desktop_computer: Incompatibility with existing models (EVM)
- :hammer_and_wrench: Lack of tooling
- :running: (Relatively) high performance overhead
- :open_file_folder: Data availability
Note:
- Zero-knowledge cryptography is a revolutionary new technology, but it's not a panacea
- In order to effectively apply it, we have to understand what the limitations are
- With that, let's go through some things to keep in mind when programming w/ ZKPs
---
## Zero-Knowledge & Blockchain
## ⛓️🔒
----
A blockchain is a permission-less, digital, tamper-proof, distributed ledger secured using cryptography and organized into a series of data “blocks”.
<br>
<p style="color:#00ff9f; padding: 10px 10px 50px 10px;"> Motivating application:</p>
<p style="font-size: 128px ;">💰</p>
----
Bitcoin represents the first "breakthrough" for decentralized money
![](https://i.imgur.com/H05XK2H.png)
...followed by Ethereum, which extended Bitcoin's programmability
----
## A more private Bitcoin
- Contrary to popular belief, Bitcoin is pseudonymous, not anonymous
- Privacy (at least to some degree) is required for many real world applications
- Coinjoin, Monero, other protocols tried to address this
- ZCash addressed using zero-knowledge cryptography
</br>
<span style="color:#00ff9f">But all of these schemes were limited to the basic compute model of Bitcoin</span>
----
Aleo enables both privacy & programmability
![](https://i.imgur.com/M8GJl5g.png)
Applies a research paper called *Zexe* to build an off-chain VM that verifies on-chain and supports general compute
----
Aleo represents a breakthrough in decentralized systems
![](https://imgur.com/JRyaBBy.png)
----
## Why a new Layer-1?
<div style="text-align: left; padding: 40px 10px 10px 10px">
<ul style="font-size: 50px;">
<li>Performance</li>
<li>Security</li>
<li>Privacy</li>
<li>Decentralization</li>
</ul>
</div>
Note:
Performance - native operations often slow in SNARKs
----
## What is Aleo 🤷♂️ ?
</br>
A new decentralized world computer that is <span><!--.element: class="fragment highlight-red"-->permissionless</span>, <span><!--.element: class="fragment highlight-red"-->programmable</span>, and <span><!-- .element: class="fragment highlight-red"-->privacy-preserving</span>.
----
## What makes it special?
- 💫 Unlimited program runtime (Zexe)
- 🏎️ High-efficiency & Limited Re-execution
- 🧘 Flexible (Hybrid) Proving Model
- 🛡️ Unique Consensus Model (PoSW)
<div style="padding: 80px 20px 20px 20px">
<span style="color:#00ff9f">Aleo allows developers to harness the power of zero-knowledge cryptography without needing a PhD in cryptogrpahy</span>
</div>
---
:wrench:
## Use Cases
---
## Regulated Stablecoins ##
## 💵
Note:
- The traditional world of finance is *private by default*
- Payments is multi-trillion dollar industry
- Crypto rails make the experience way easier/better for the end consumer
- But governments view the possibility of private unregulated payments as dangerous
- **Solution**: Using ZKPs and blockchains, we can create a system of smart money
- Privacy from outside observers, enabling many new use cases e.g. supply chain finance
- Crypto is so radically open it's hard to even comprehend!
- Massively reduced headache/lower cost of regulatory compliance
---
## Dark Pools ##
## 📈📉
Note:
OTC markets are massive, in some asset classes they dwarf the volume on public exchanges
- These markets are especially valuable for institutions that need to trade in large blocks (index fund rebalancing) for entities that don't want a signal to be misinterpreted by the markets
- ZK lets you do this for on-chain liquidity w/o counterparties having to know each-other
---
## Proof-of-Solvency ##
## 🛡
Note:
Massive series of defaults this year. Luna Protocol --> 3AC --> BlockFi, Celsius, Nexo, --> FTX etc.
Consumer protection is of paramount importance
Centralized lending protocols could submit "proof-of-solvency", to reveal that they had assets to cover liabilities, w/o revealing positions
Analgous to a "proof-of-reserves" that for exchanges
---
## Self-Sovereign Identity ##
Note:
- Self-sovereign identity and verifiable credentials have been a dream
- A simple example: prove that you are over the legal drinking age to get access w/o giving your ID documents, which contains other personal, sensitive information
- Age verification
- Proving your a citizen of a country w/o scanning a passport
- Generalized passwordless authentication
----
## Examples
[zPass](https://www.loom.com/share/bd773c138d154765be23f38d4a39ee58)
---
## Private, Secure Voting ##
* DAO voting today is fully on-chain
* There are potential reasons why you wouldn't want to publicly tie everyone to a vote (which can be viewed for all time)
* Remember, elections today are all done by (mostly) private voting!
* ZK Elections [talk](https://docs.google.com/presentation/d/1xRMi0jufb9fDBNMKJAXMGW8hVGEYqr7Vqxl-pvZmuXo/edit#slide=id.p) at ETHDenver
---
## System Interoperability ##
## 🌉
Note:
* Blockchains are great tools. A drawback is that a popular blockchain like ETH can grow in size very quickly
* Zero-knowledge proofs make for more private, secure light clients
* Similar to the cryptographic concept of "proof-carrying data"
---
## ZK Machine Learning ##
## 🦾
Note:
- Today, biggest use case for AI/ML is advertising. You browse the web, your data is collected and packaged and sold as a commodity
- We may not want this for things like health data (and to be honest, we may not even want it for digital ads)
- ZKPs enable you to prove a result w/o showing the underlying data.
- E.g., a linear regression that gives you a slope & intercept w/o showing points
---
## Player-owned MMO games ##
Note:
- The prospect for gaming in Web 3 is one of the most underrated/exciting
- Zero-knowledge cryptography allows for **hidden information** games, which enable a much richer set of game mechanics
---
## NFTs w/ hidden attributes ##
Note:
- Hiding the fact that you own the NFT (e.g. maybe in the case of a charitable donation)
- Hidden attributes that could make NFTs more interesting
---
:telescope:
## What does the future hold?
Note:
- So now we understand some of the challenges, let's see how we're addressing them and what the future may hold
---
- Now: Developer incentive program during testnet 3 Phase 3
- Next: Decentralized consensus & incentivizing validators
- End-of-year: Network launch
----
ZPrize
- text
---
:wave:
## Closing Thoughts ##
---
<div style="color:#00b8ff">
Zero-knowledge cryptography helps us overcome the tension between verifiability and privacy
</div>
Note:
- Web1 vs Web2 vs Web3
- Shared data standard, Strong anti-censorship guarantees, no platform risk
- Efficency and low cost of third-party providers
- "Modular" blockchains
---
<div style="color:#00b8ff">
But the fundamental philosophical principles of decentralization that underpin Web3 are important and shouldn't be forgotten
</div>
---
<div style="color:#00b8ff">
Technological (and therefore societal) progress isn't always guaranteed
</div>
---
![](https://i.imgur.com/P6gtTQx.png)
<span style="color:#00ff9f">*We are interventionists from the future*</span>
---
We are here to reboot the internet by creating an actually secure experience through zero-knowledge cryptography that makes it easy for developers to create powerful, personalized applications while giving users control over their data and online identities.
---
## ZK Resources
<!-- .slide: style="font-size: 32px;" -->
- Articles
- (Beginner) [What is a zkSNARK?](https://z.cash/technology/zksnarks/)
- (Intermediate) [Introduction to zkSNARKs](https://tlu.tarilabs.com/cryptography/zksnarks/mainreport.html)
- (Advanced) [zkSNARKs in depth](https://electriccoin.co/blog/snark-explain/)
- Talks
- [Rise of the SNARKs](https://www.youtube.com/watch?v=Hig_1ZFbWRM)
- Podcasts
- [Zero Knowledge Podcast](https://www.zeroknowledge.fm/)
- Courses
- [Stanford University Cryptography](https://www.coursera.org/learn/crypto)
- Blogs
- [Cryptography Engineering](https://blog.cryptographyengineering.com/)
---
Thank you!
![](https://i.imgur.com/Dt4DmC3.png)
<br>
Please follow me on Twitter: [@apruden08](https://twitter.com/apruden08)
---