Zero Knowledge

# Zero-Knowledge and the next Digital Revolution <div style="padding-top:30px;"> <p style="font-size: 30px; color:#00b8ff"> Alex Pruden </p> </div> --- #### How to Follow along ![](https://i.imgur.com/Dt4DmC3.png) ...and please add suggestions or comments! Note: - Sharing link to let everyone follow along - Save you (the audience) the trouble of notes - Hope that this talk can be a public resource for ppl --- ## About Me --- ## Motivation for this Talk </br> - Zero-knowledge cryptography is a game-changing technology </br> - Lots of research/protocol work, but only a few deployed applications. </br> - This talk is meant to inspire ideas for developing applications and give enough context to do that Note: * Not a talk about cryptography, or a how-to-implement. Plenty of great resources out there for that though! * Not a talk about liberty, or privacy, even though I believe both are important and relevant * Intent for this talk is going to be high-level * This talk is about why you should care about zkps * First, I have to provide you with enough context for why you should care * Then I'm going to go through some of the exciting use cases * Finally, we're gonna talk about the future and what's on the horizon for this technology * Disclaimer: I work at Aleo --- :book: ## A short history of zkps --- ## Motivating Problem Two cryptographers walk into a bar... --- ### Starting with Interactive Proofs ### - A class of cryptographic schemes called interactive proof (IP) systems - Two parties: prover and a verifier - Prover hands a proof of some result to the verifier - After some back & forth, verifier accepts or rejects <div style="color:#d600ff; padding-top:30px"> <p>Turns out that this paradigm can apply to a huge range of problems! </p> </div> Note: - Yes, I know that IP is a complexity class too - TODO: Make this nicely fragmented --- ### Starting with Interactive Proofs ### ![](https://i.imgur.com/d9yNc5P.png) * Alice makes a claim * Bob asks some questions & Alice answers * Bob either accepts :+1: or rejects :-1: * The interaction (or transcript :scroll:) is **shorter** than the computation proven Note: * So here's what interactive proofs look like * There's Alice the prover and Bob the verifier * They exchange some messages and at the end Bob accepts Alice' proof as valid * Typically Bob has access to some randomness that he uses to construct his queries --- ## Key Properties ## <div style="padding:50px"> Verify long computation <strong>more efficiently</strong> than just re-running the computation </div> * Completeness * Soundness * <span style="color:#d600ff">Zero-Knowledge?</span> Note: * Any statement can be proven * Verifier rejects a false proof * What about zk? * What if we could do it w/o revealing info about the computation? --- ![](https://i.imgur.com/KXYxkVB.png) Note: * Two MIT professors and UToronto professor in the 1980s created a variant where the verifier *learns nothing* except just whether proof is correct * The prover knows something (the "witness") that must be true in order to the statement to be true * Authors won the Turing Award for this work in 2012 --- ## Zero Knowledge proof Flavors </br> - <span style="font-size:30px;">Interactive Proofs + zero-knowledge :arrow_right: Sigma Protocols :beer: </span> - <span style="font-size:30px;">Sigma Protocols + :8ball: (Fiat-Shamir) :arrow_right: NIZKs :wine_glass: </span> - <span style="font-size:30px;">NIZKs + :sparkles: :arrow_right: zkSNARKs :tropical_drink: </span> --- <p><span style="color:#00ff9f">Z</span>ero-<span style="color:#00ff9f">K</span>nowledge </span><span style="color:#00ff9f">S</span>uccinct <span style="color:#00ff9f">N</span>on-Interactive <span style="color:#00ff9f">Ar</span>gument of <span style="color:#00ff9f">K</span>nowledge</p> Note: - "succinct" here can mean a wide variety of things - The practical difference between SNARKs, STARKs, and BPs --- ### The Evolution from $\Sigma$ to zkSNARK ![](https://i.imgur.com/TBUt2X9.png) Note: - Paper by Goldwasser/Micali/Rackoff in '85 - Schnorr Protocol in the '90s - PCPs (garnered research interest in '90s + '00s) --- ## What are they good for? - Before ZKPs, there was a fundamental tension between *proving* something was true, and *hiding* that information from view - But ZKPs break that paradigm, letting you have your :cake: and eat it too! - (Don't) trust, but verify <div style="padding-top:60px"> They <span><strong>conceal</strong>  </span> and <span><strong>compress</strong> </span> information </div> Note: - Example, proving a hand in poker w/o revealing cards - They do so in an adversarial environment (no trust required!) making them natural fits for Web3 use cases - Also complement the existing client-server model of the web --- :wrench: ## 10 Use Cases for Zero-Knowledge Proofs Note: - Frame new technologies in the unique *capabilities* that they give you - A "listicle" follows --- ## Regulated Stablecoins ## ## 💵 * The traditional world of finance is *private by default* - Payments is multi-trillion dollar industry - Crypto rails make the experience way easier/better for the end consumer - But governments view the possibility of private unregulated payments as dangerous - **Solution**: Using ZKPs and blockchains, we can create a system of smart money Note: - Privacy from outside observers, enabling many new use cases e.g. supply chain finance - Crypto is so radically open it's hard to even comprehend! - Massively reduced headache/lower cost of regulatory compliance --- ## On-chain OTC & Dark Pools ## ## 📈📉 - OTC markets are massive, in some asset classes they dwarf the volume on public exchanges - These markets are especially valuable for institutions that need to trade in large blocks (index fund rebalancing) for entities that don't want a signal to be misinterpreted by the markets - ZK lets you do this for on-chain liquidity w/o counterparties having to know each-other --- ## Proof-of-Solvency ## ## 🛡 - Massive series of defaults this year. Luna Protocol --> 3AC --> BlockFi, Celsius, Nexo, --> FTX etc. - Consumer protection is of paramount importance - Centralized lending protocols could submit "proof-of-solvency", to reveal that they had assets to cover liabilities, w/o revealing positions - Analgous to a "proof-of-reserves" that for exchanges --- ## Password-less Authentication ## ## 🔐 --- ## Self-Sovereign Identity ## Note: - Self-sovereign identity and verifiable credentials have been a dream - Uniquely enabled by zero-knowledge cryptography - A simple example: prove that you are over the legal drinking age to get access w/o giving your ID documents, which contains other personal, sensitive information - Proving your a citizen of a country w/o scanning a passport --- ## Private, Secure Voting ## * DAO voting today is fully on-chain * There are potential reasons why you wouldn't want to publicly tie everyone to a vote (which can be viewed for all time) * Remember, elections today are all done by (mostly) private voting! * ZK Elections [talk](https://docs.google.com/presentation/d/1xRMi0jufb9fDBNMKJAXMGW8hVGEYqr7Vqxl-pvZmuXo/edit#slide=id.p) at ETHDenver --- ## Stateless, Secure Light Client Wallets ## * Blockchains are great tools. A drawback is that a popular blockchain like ETH can grow in size very quickly * Zero-knowledge proofs make for more private, secure light clients * Similar to the cryptographic concept of "proof-carrying data" --- ## Privacy-preserving Machine Learning for Health Data ## Note: - Today, biggest use case for AI/ML is advertising. You browse the web, your data is collected and packaged and sold as a commodity - We may not want this for things like health data (and to be honest, we may not even want it for digital ads) - ZKPs enable you to prove a result w/o showing the underlying data. - E.g., a linear regression that gives you a slope & intercept w/o showing points --- ## Player-owned MMO games ## Note: - The prospect for gaming in Web 3 is one of the most underrated/exciting - Zero-knowledge cryptography allows for **hidden information** games, which enable a much richer set of game mechanics --- ## NFTs w/ hidden attributes ## Note: - Hiding the fact that you own the NFT (e.g. maybe in the case of a charitable donation) - Hidden attributes that could make NFTs more interesting --- :octagonal_sign: ## Challenges Note: - Zero-knowledge cryptography is a revolutionary new technology, but it's not a panacea - In order to effectively apply it, we have to understand what the limitations are - With that, let's go through some things to keep in mind when programming w/ ZKPs --- ### Challenges - :desktop_computer: Incompatibility with existing models (EVM) - :hammer_and_wrench: Lack of tooling - :running: (Relatively) high performance overhead - :open_file_folder: Data availability --- :telescope: ## What does the future hold? Note: - So now we understand some of the challenges, let's see how we're addressing them and what the future may hold --- - Cambrian Explosion of Proof Systems - More powerful proof systems, less strong assumptions - Better tooling & language support - Composability of proof systems in ways that are more efficient - Combining with optimistic approaches - Hardware acceleration - Combination of ZKPs w/ MPC/FHE to enable fully private everything --- :wave: ## Closing Thoughts ## --- <div style="color:#00b8ff"> Zero-knowledge cryptography helps us overcome the tension between verifiability and privacy </div> Note: - Web1 vs Web2 vs Web3 - Shared data standard, Strong anti-censorship guarantees, no platform risk - Efficency and low cost of third-party providers - "Modular" blockchains --- <div style="color:#00b8ff"> But the fundamental philosophical principles of decentralization that underpin Web3 are important and shouldn't be forgotten </div> --- <div style="color:#00b8ff"> Technological (and therefore societal) progress isn't always guaranteed </div> --- <div style="color:#00b8ff"> If you want to get involved in defining this space, there is no better time. It's the beginning of the beginning! </div> --- ## Resources - Articles - (Beginner) [What is a zkSNARK?](https://z.cash/technology/zksnarks/) - (Intermediate) [Introduction to zkSNARKs](https://tlu.tarilabs.com/cryptography/zksnarks/mainreport.html) - (Advanced) [zkSNARKs in depth](https://electriccoin.co/blog/snark-explain/) - Talks - [Rise of the SNARKs](https://www.youtube.com/watch?v=Hig_1ZFbWRM) - Podcasts - [Zero Knowledge Podcast](https://www.zeroknowledge.fm/) - Courses - [Stanford University Cryptography](https://www.coursera.org/learn/crypto) - Blogs - [Cryptography Engineering](https://blog.cryptographyengineering.com/) --- Thank you! ![](https://i.imgur.com/Dt4DmC3.png) ---