How to Follow along
… and please add suggestions or comments!
- Sharing link to let everyone follow along
- Save you (the audience) the trouble of notes
- Hope that this talk can be a public resource for ppl
Agenda for this Talk
A brief introduction to zk-cryptography A brief introduction and discussion of Aleo Use cases Q & A
A short history of zkps Motivating Problem Two cryptographers walk into a bar …
Starting with Interactive Proofs
A class of cryptographic schemes called interactive proof (IP) systems
Two parties: prover and a verifier Prover hands a proof of some result to the verifier After some back & forth, verifier accepts or rejects
Turns out that this paradigm can apply to a huge range of problems!
- Yes, I know that IP is a complexity class too
- TODO: Make this nicely fragmented
Key Properties
Verify long computation more efficiently than just re-running the computation
Completeness Soundness Zero-Knowledge?
* Any statement can be proven
* Verifier rejects a false proof
* What about zk?
* What if we could do it w/ o revealing info about the computation?
* Two MIT professors and UToronto professor in the 1980 s created a variant where the verifier *learns nothing * except just whether proof is correct
* The prover knows something (the "witness") that must be true in order to the statement to be true
* Authors won the Turing Award for this work in 2012
Zero Knowledge proof Flavors
Interactive Proofs + zero-knowledge Sigma Protocols Sigma Protocols + (Fiat-Shamir) NIZKs NIZKs + zkSNARKs
Z ero-K nowledge S uccinct N on-Interactive Ar gument of K nowledge
- "succinct" here can mean a wide variety of things
- The practical difference between SNARKs, STARKs, and BPs
The Evolution from \(\Sigma\) to zkSNARK
- Paper by Goldwasser/Micali/Rackoff in
- Schnorr Protocol in the
- PCPs (garnered research interest in
What are they good for?
Before ZKPs, there was a fundamental tension between proving something was true, and hiding that information from view But ZKPs break that paradigm, letting you have your and eat it too! (Don't) trust, but verify
They conceal compress
- Example, proving a hand in poker w/ o revealing cards
- They do so in an adversarial environment (no trust required! ) making them natural fits for Web3 use cases
- Also complement the existing client- server model of the web
What Zero-Knowledge Proofs are NOT
❌ a generalized solution for private computation
❌ a perfect fit for every every use case
❌ without with their own trust assumptions
Zero-Knowledge & Blockchain ⛓️🔒 A blockchain is a permission-less, digital, tamper-proof, distributed ledger secured using cryptography and organized into a series of data “blocks”.
Motivating application:
💰
Bitcoin represents the first "breakthrough" for decentralized money
… followed by Ethereum, which extended Bitcoin's programmability
A more private Bitcoin
Contrary to popular belief, Bitcoin is pseudonymous, not anonymous Privacy (at least to some degree) is required for many real world applications Coinjoin, Monero, other protocols tried to address this ZCash addressed using zero-knowledge cryptography
But all of these schemes were limited to the basic compute model of Bitcoin
Aleo enables both privacy & programmability
Applies a research paper called Zexe to build an off-chain VM that verifies on-chain and supports general compute
Aleo represents a breakthrough in decentralized systems
Why a new Layer-1?
Performance
Security
Privacy
Decentralization
What is Aleo 🤷♂️ ? A new decentralized world computer that is scalable , decentralized , and privacy-preserving .
What makes it special?
💫 Unlimited program runtime (Zexe) 🏎️ High-efficiency & Limited Re-execution 🧘 Flexible (Hybrid) Proving Model 🛡️ Unique Consensus Model (PoSW)
Aleo allows developers to harness the power of zero-knowledge cryptography without needing a PhD in cryptogrpahy
The Aleo Stack
The Aleo Stack
Aleo Economic Model
The Aleo token is used to access blockspace on the Aleo blockchain AND the finite computing resources on the Aleo network Aleo credits are sub-denominated into "gates" which represent the fundamental unit of compute on the Aleo network Aleo credits are distributed to provers for solving PoSW puzzles and validators for securing the network and participating in consensus
Aleo Economic Model
The starting supply will be 1.5B tokens ~45% will be allocated to early backers ~15% allocated to founding team ~30% allocated to the public and foundation (distribution TBD) ~10% allocated to the company for operations After 10 years, the total circulating supply will be ~2.6B tokens
Use Cases Regulated Stablecoins 💵 - The traditional world of finance is * private by default*
- Payments is multi- trillion dollar industry
- Crypto rails make the experience way easier/ better for the end consumer
<span data-position ="NaN" data-size ="87" > - But governments view the possibility of private unregulated payments as dangerous</span > <br >
<span data-position ="NaN" data-size ="6" > - </span > <strong data-position ="NaN" data-size ="0" > <span data-position ="NaN" data-size ="8" > Solution</span > </strong > <span data-position ="NaN" data-size ="67" > : Using ZKPs and blockchains, we can create a system of smart money</span > <br >
<span data-position ="NaN" data-size ="91" > - Privacy from outside observers, enabling many new use cases e.g. supply chain finance</span > <br >
<span data-position ="NaN" data-size ="63" > - Crypto is so radically open it's hard to even comprehend!</span > <br >
<span data-position ="NaN" data-size ="68" > - Massively reduced headache/lower cost of regulatory compliance</span > <br >
Dark Pools 📈📉 OTC markets are massive, in some asset classes they dwarf the volume on public exchanges
These markets are especially valuable for institutions that need to trade in large blocks (index fund rebalancing) for entities that don't want a signal to be misinterpreted by the markets ZK lets you do this for on-chain liquidity w/o counterparties having to know each-other
Proof-of-Solvency 🛡 Massive series of defaults this year. Luna Protocol - - > 3AC - - > BlockFi, Celsius, Nexo, - - > FTX etc.
Consumer protection is of paramount importance
Centralized lending protocols could submit "proof-of-solvency" , to reveal that they had assets to cover liabilities, w/ o revealing positions
Analgous to a "proof-of-reserves" that for exchanges
Self-Sovereign Identity - Self- sovereign identity and verifiable credentials have been a dream
- A simple example: prove that you are over the legal drinking age to get access w/ o giving your ID documents, which contains other personal, sensitive information
- Age verification
- Proving your a citizen of a country w/ o scanning a passport
- Generalized passwordless authentication
Private, Secure Voting
DAO voting today is fully on-chain There are potential reasons why you wouldn't want to publicly tie everyone to a vote (which can be viewed for all time) Remember, elections today are all done by (mostly) private voting! ZK Elections talk at ETHDenver
System Interoperability 🌉 * Blockchains are great tools. A drawback is that a popular blockchain like ETH can grow in size very quickly
* Zero- knowledge proofs make for more private , secure light clients
* Similar to the cryptographic concept of "proof-carrying data"
ZK Machine Learning 🦾 - Today, biggest use case for AI/ ML is advertising. You browse the web, your data is collected and packaged and sold as a commodity
- We may not want this for things like health data (and to be honest, we may not even want it for digital ads)
- ZKPs enable you to prove a result w/ o showing the underlying data.
- E.g., a linear regression that gives you a slope & intercept w/ o showing points
Player-owned MMO games - The prospect for gaming in Web 3 is one of the most underrated/ exciting
- Zero- knowledge cryptography allows for * * hidden information* * games, which enable a much richer set of game mechanics
NFTs w/ hidden attributes - Hiding the fact that you own the NFT (e.g. maybe in the case of a charitable donation)
- Hidden attributes that could make NFTs more interesting
What does the future hold? - So now we understand some of the challenges, let
Now: Developer incentive program during testnet 3 Phase 3 Next: Decentralized consensus & incentivizing validators End-of-year: Network launch
Closing Thoughts
Zero-knowledge cryptography helps us overcome the tension between verifiability and privacy
- Web1 vs Web2 vs Web3
- Shared data standard, Strong anti- censorship guarantees, no platform risk
- Efficency and low cost of third- party providers
- "Modular" blockchains
But the fundamental philosophical principles of decentralization that underpin Web3 are important and shouldn't be forgotten
Technological (and therefore societal) progress isn't always guaranteed
We are interventionists from the future
We are here to reboot the internet by creating an actually secure experience through zero-knowledge cryptography that makes it easy for developers to create powerful, personalized applications while giving users control over their data and online identities.
ZK Resources
Articles
Talks
Podcasts
Courses
Blogs
Thank you!
Please follow me on Twitter: @apruden08
Resume presentation
Alex Pruden
{"description":"type: slideslideOptions:theme: black#transition: ‘fade’","title":"Aleo Talk","breaks":true,"slideOptions":"{\"theme\":\"black\"}","contributors":"[{\"id\":\"c600df7f-2e4f-4560-a462-55fe167e66e3\",\"add\":6825,\"del\":3757}]"}
or rejects 
) is shorter than thcomputation proven
Sigma Protocols 
(Fiat-Shamir) 
and eat it too!
Incompatibility with existing models (EVM)
Lack of tooling
(Relatively) high performance overhead
Data availability
