--- type: slide slideOptions: theme: black #transition: 'fade' --- Zero Knowledge Cryptography <div> <p style="font-size: 30px; color:#00b8ff"> Alex Pruden </p> </div> --- #### How to Follow along ![](https://i.imgur.com/S8PtROz.png) ...and please add suggestions or comments! Note: - Sharing link to let everyone follow along - Save you (the audience) the trouble of notes - Hope that this talk can be a public resource for ppl --- ## About Me --- ## Agenda for this Talk </br> - A brief introduction to zk-cryptography </br> - A brief introduction and discussion of Aleo </br> - Use cases </br> - Q & A --- :book: ## A short history of zkps --- ## Motivating Problem Two cryptographers walk into a bar... --- ### Starting with Interactive Proofs ### <!-- .slide: style="font-size: 32px;" --> - A class of cryptographic schemes called interactive proof (IP) systems - Two parties: prover and a verifier - Prover hands a proof of some result to the verifier - After some back & forth, verifier accepts or rejects <div style="color:#d600ff; padding-top:30px"> <p>Turns out that this paradigm can apply to a huge range of problems!<!-- .element: class="fragment" data-fragment-index="1"--> </p> </div> Note: - Yes, I know that IP is a complexity class too - TODO: Make this nicely fragmented --- ### Starting with Interactive Proofs ### <!-- .slide: style="font-size: 32px;" --> ![](https://i.imgur.com/d9yNc5P.png) - Alice makes a claim - Bob asks some questions & Alice answers - Bob either accepts :+1: or rejects :-1: The interaction (or transcript :scroll:) is **shorter** than thcomputation proven Note: * So here's what interactive proofs look like * There's Alice the prover and Bob the verifier * They exchange some messages and at the end Bob accepts Alice' proof as valid * Typically Bob has access to some randomness that he uses to construct his queries --- ## Key Properties ## <div style="padding:50px"> Verify long computation <strong>more efficiently</strong> than just re-running the computation </div> * Completeness * Soundness * <span style="color:#d600ff"><!-- .element: class="fragment" data-fragment-index="1"-->Zero-Knowledge?</span> Note: * Any statement can be proven * Verifier rejects a false proof * What about zk? * What if we could do it w/o revealing info about the computation? --- ![](https://i.imgur.com/KXYxkVB.png) Note: * Two MIT professors and UToronto professor in the 1980s created a variant where the verifier *learns nothing* except just whether proof is correct * The prover knows something (the "witness") that must be true in order to the statement to be true * Authors won the Turing Award for this work in 2012 --- ## Zero Knowledge proof Flavors </br> - <span style="font-size:30px;">Interactive Proofs + zero-knowledge :arrow_right: Sigma Protocols :beer: </span> - <span style="font-size:30px;">Sigma Protocols + :8ball: (Fiat-Shamir) :arrow_right: NIZKs :wine_glass: </span> - <span style="font-size:30px;">NIZKs + :sparkles: :arrow_right: zkSNARKs :tropical_drink: </span> --- <p><span style="color:#00ff9f">Z</span>ero-<span style="color:#00ff9f">K</span>nowledge </span><span style="color:#00ff9f">S</span>uccinct <span style="color:#00ff9f">N</span>on-Interactive <span style="color:#00ff9f">Ar</span>gument of <span style="color:#00ff9f">K</span>nowledge</p> Note: - "succinct" here can mean a wide variety of things - The practical difference between SNARKs, STARKs, and BPs --- ### The Evolution from $\Sigma$ to zkSNARK ![](https://i.imgur.com/TBUt2X9.png) Note: - Paper by Goldwasser/Micali/Rackoff in '85 - Schnorr Protocol in the '90s - PCPs (garnered research interest in '90s + '00s) --- ## What are they good for? - Before ZKPs, there was a fundamental tension between *proving* something was true, and *hiding* that information from view - But ZKPs break that paradigm, letting you have your :cake: and eat it too! - (Don't) trust, but verify <div style="padding-top:60px"><!-- .element: class="fragment" data-fragment-index="1"--> They <span><strong>conceal</strong> <!-- .element: class="fragment highlight-red" data-fragment-index="2"--> </span> and <span><strong>compress</strong><!-- .element: class="fragment highlight-red" data-fragment-index="3"--> </span> information </div> Note: - Example, proving a hand in poker w/o revealing cards - They do so in an adversarial environment (no trust required!) making them natural fits for Web3 use cases - Also complement the existing client-server model of the web --- ## What Zero-Knowledge Proofs are <span><!-- .element: class="fragment highlight-red" data-fragment-index="1"-->NOT</span> <br> <div style="text-align: left; padding-left: 20px"> <p>❌ a generalized solution for private computation</p> <p>❌ a perfect fit for every every use case</p> <p>❌ without with their own trust assumptions</p> </div> --- :octagonal_sign: ## Challenges <br> - :desktop_computer: Incompatibility with existing models (EVM) - :hammer_and_wrench: Lack of tooling - :running: (Relatively) high performance overhead - :open_file_folder: Data availability Note: - Zero-knowledge cryptography is a revolutionary new technology, but it's not a panacea - In order to effectively apply it, we have to understand what the limitations are - With that, let's go through some things to keep in mind when programming w/ ZKPs --- ## Zero-Knowledge & Blockchain ## ⛓️🔒 ---- A blockchain is a permission-less, digital, tamper-proof, distributed ledger secured using cryptography and organized into a series of data “blocks”. <br> <p style="color:#00ff9f; padding: 10px 10px 50px 10px;"> Motivating application:</p> <p style="font-size: 128px ;">💰</p> ---- Bitcoin represents the first "breakthrough" for decentralized money ![](https://i.imgur.com/H05XK2H.png) ...followed by Ethereum, which extended Bitcoin's programmability ---- ## A more private Bitcoin - Contrary to popular belief, Bitcoin is pseudonymous, not anonymous - Privacy (at least to some degree) is required for many real world applications - Coinjoin, Monero, other protocols tried to address this - ZCash addressed using zero-knowledge cryptography </br> <span style="color:#00ff9f">But all of these schemes were limited to the basic compute model of Bitcoin</span> ---- Aleo enables both privacy & programmability ![](https://i.imgur.com/M8GJl5g.png) Applies a research paper called *Zexe* to build an off-chain VM that verifies on-chain and supports general compute ---- Aleo represents a breakthrough in decentralized systems ![](https://imgur.com/JRyaBBy.png) ---- ## Why a new Layer-1? <div style="text-align: left; padding: 40px 10px 10px 10px"> <ul style="font-size: 50px;"> <li>Performance</li> <li>Security</li> <li>Privacy</li> <li>Decentralization</li> </ul> </div> Note: Performance - native operations often slow in SNARKs ---- ## What is Aleo 🤷‍♂️ ? </br> A new decentralized world computer that is <span><!--.element: class="fragment highlight-red"-->permissionless</span>, <span><!--.element: class="fragment highlight-red"-->programmable</span>, and <span><!-- .element: class="fragment highlight-red"-->privacy-preserving</span>. ---- ## What makes it special? - 💫 Unlimited program runtime (Zexe) - 🏎️ High-efficiency & Limited Re-execution - 🧘 Flexible (Hybrid) Proving Model - 🛡️ Unique Consensus Model (PoSW) <div style="padding: 80px 20px 20px 20px"> <span style="color:#00ff9f">Aleo allows developers to harness the power of zero-knowledge cryptography without needing a PhD in cryptogrpahy</span> </div> --- :wrench: ## Use Cases --- ## Regulated Stablecoins ## ## 💵 Note: - The traditional world of finance is *private by default* - Payments is multi-trillion dollar industry - Crypto rails make the experience way easier/better for the end consumer - But governments view the possibility of private unregulated payments as dangerous - **Solution**: Using ZKPs and blockchains, we can create a system of smart money - Privacy from outside observers, enabling many new use cases e.g. supply chain finance - Crypto is so radically open it's hard to even comprehend! - Massively reduced headache/lower cost of regulatory compliance --- ## Dark Pools ## ## 📈📉 Note: OTC markets are massive, in some asset classes they dwarf the volume on public exchanges - These markets are especially valuable for institutions that need to trade in large blocks (index fund rebalancing) for entities that don't want a signal to be misinterpreted by the markets - ZK lets you do this for on-chain liquidity w/o counterparties having to know each-other --- ## Proof-of-Solvency ## ## 🛡 Note: Massive series of defaults this year. Luna Protocol --> 3AC --> BlockFi, Celsius, Nexo, --> FTX etc. Consumer protection is of paramount importance Centralized lending protocols could submit "proof-of-solvency", to reveal that they had assets to cover liabilities, w/o revealing positions Analgous to a "proof-of-reserves" that for exchanges --- ## Self-Sovereign Identity ## Note: - Self-sovereign identity and verifiable credentials have been a dream - A simple example: prove that you are over the legal drinking age to get access w/o giving your ID documents, which contains other personal, sensitive information - Age verification - Proving your a citizen of a country w/o scanning a passport - Generalized passwordless authentication ---- ## Examples [zPass](https://www.loom.com/share/bd773c138d154765be23f38d4a39ee58) --- ## Private, Secure Voting ## * DAO voting today is fully on-chain * There are potential reasons why you wouldn't want to publicly tie everyone to a vote (which can be viewed for all time) * Remember, elections today are all done by (mostly) private voting! * ZK Elections [talk](https://docs.google.com/presentation/d/1xRMi0jufb9fDBNMKJAXMGW8hVGEYqr7Vqxl-pvZmuXo/edit#slide=id.p) at ETHDenver --- ## System Interoperability ## ## 🌉 Note: * Blockchains are great tools. A drawback is that a popular blockchain like ETH can grow in size very quickly * Zero-knowledge proofs make for more private, secure light clients * Similar to the cryptographic concept of "proof-carrying data" --- ## ZK Machine Learning ## ## 🦾 Note: - Today, biggest use case for AI/ML is advertising. You browse the web, your data is collected and packaged and sold as a commodity - We may not want this for things like health data (and to be honest, we may not even want it for digital ads) - ZKPs enable you to prove a result w/o showing the underlying data. - E.g., a linear regression that gives you a slope & intercept w/o showing points --- ## Player-owned MMO games ## Note: - The prospect for gaming in Web 3 is one of the most underrated/exciting - Zero-knowledge cryptography allows for **hidden information** games, which enable a much richer set of game mechanics --- ## NFTs w/ hidden attributes ## Note: - Hiding the fact that you own the NFT (e.g. maybe in the case of a charitable donation) - Hidden attributes that could make NFTs more interesting --- :telescope: ## What does the future hold? Note: - So now we understand some of the challenges, let's see how we're addressing them and what the future may hold --- - Now: Developer incentive program during testnet 3 Phase 3 - Next: Decentralized consensus & incentivizing validators - End-of-year: Network launch ---- ZPrize - text --- :wave: ## Closing Thoughts ## --- <div style="color:#00b8ff"> Zero-knowledge cryptography helps us overcome the tension between verifiability and privacy </div> Note: - Web1 vs Web2 vs Web3 - Shared data standard, Strong anti-censorship guarantees, no platform risk - Efficency and low cost of third-party providers - "Modular" blockchains --- <div style="color:#00b8ff"> But the fundamental philosophical principles of decentralization that underpin Web3 are important and shouldn't be forgotten </div> --- <div style="color:#00b8ff"> Technological (and therefore societal) progress isn't always guaranteed </div> --- ![](https://i.imgur.com/P6gtTQx.png) <span style="color:#00ff9f">*We are interventionists from the future*</span> --- We are here to reboot the internet by creating an actually secure experience through zero-knowledge cryptography that makes it easy for developers to create powerful, personalized applications while giving users control over their data and online identities. --- ## ZK Resources <!-- .slide: style="font-size: 32px;" --> - Articles - (Beginner) [What is a zkSNARK?](https://z.cash/technology/zksnarks/) - (Intermediate) [Introduction to zkSNARKs](https://tlu.tarilabs.com/cryptography/zksnarks/mainreport.html) - (Advanced) [zkSNARKs in depth](https://electriccoin.co/blog/snark-explain/) - Talks - [Rise of the SNARKs](https://www.youtube.com/watch?v=Hig_1ZFbWRM) - Podcasts - [Zero Knowledge Podcast](https://www.zeroknowledge.fm/) - Courses - [Stanford University Cryptography](https://www.coursera.org/learn/crypto) - Blogs - [Cryptography Engineering](https://blog.cryptographyengineering.com/) --- Thank you! ![](https://i.imgur.com/Dt4DmC3.png) <br> Please follow me on Twitter: [@apruden08](https://twitter.com/apruden08) ---
Last changed by  
apruden2008
52

Read more

ARC-0100 Compliance Best Practices for Developers and Operators on Aleo

Aleo Network Foundation – Statement of Best Practices for Bridges and Validators

6/13/2024
Aleo Audit Contest - Sherlock

The following document is to provide a primer for participants in the upcoming Aleo audit contest. Specifically, what follows is:

6/10/2024
Aleo Economics Summary

Aleo Economic Model Aleo credits are fundamentally what makes Aleo a decentralized, permissionless network. Aleo's consensus model is product of years of research and engineering effort, and integrates learnings from two previous testnets All of the below is subject to tweaks, not major changes </br> Please keep all of this confidential for now!

7/31/2023
Aleo Talk

type: slideslideOptions:theme: black#transition: ‘fade’

7/29/2023
Read more from apruden2008
Published on HackMD