--- marp: true title: "Taipei ZK Workshop: A Friendly Introduction to Zero Knowledge" paginate: true _paginate: false --- ## Taipei ZK Workshop - Intro by ZKET team - First session: Intro to ZK (1030-1115) Note: --- ## A Friendly Introduction to Zero Knowledge  Note: - Adapted from zkintro.com - Booklets available - General intro, then code/math --- ## Introduction (1) - ZKPs sometimes called “magic” tech - Let us do things that previously seemed impossible Note: Emphasize the “magic” aspect—technology offering new trust models. --- ## Introduction (1 cont) > “Any sufficiently advanced technology is indistinguishable from magic.” - Arthur C. Clarke --- ## Introduction (1 cont) > “Civilization advances by extending the number of operations we can perform without thinking about them.” - Alfred North Whitehead --- ## Introduction (1 cont) > “Privacy is the power to selectively reveal oneself to the world.” - A Cypherpunk's Manifesto Note: Quotes highlight key ZKP themes: magic, privacy, succinctness, and a future that’s unfolding. --- ## Introduction (1 cont) - Internet/computers touch every part of life - We feed data (consciously or not) into countless services - Complexity of systems → few fully understand them - Trust becomes a big question: Who do we trust? Why? Note: - Frames the problem: data usage, large-scale complexity, trust dilemmas. - MAMAA, B2B, government services, etc --- ## Introduction (1 cont) - ZKPs reduce blind trust requirements - Not a universal fix, but widely applicable - We’ll discuss: - What are ZKPs? - Why care? - How they work - Applications in the real world Note: Overview of the talk’s outline. --- ## What is a ZKP? (2) - A way to prove a statement is true without revealing extra data - Example: Confirm “I’m over 18” with no personal details - Zero knowledge = share only the claim’s truth Note: - The core principle is minimal disclosure of hidden info. - Bar example; prove paid correct taxes w/o details --- ## Where’s Waldo (2 cont)  Note: - Analogy - You know Waldo’s location but keep it hidden - Large paper with a small hole → only Waldo visible --- ## What is a ZKP? (2 cont) - ZKPs are general-purpose: - Prove knowledge of a solution (e.g., puzzle, ID, financial detail) - Preserve privacy while guaranteeing correctness Note: Sets the stage for advanced usage. Arbitrary statements. --- ## Why Care About ZKPs? (3) - **Privacy** (zero-knowledge): - Only reveal relevant facts - “Selective reveal” for digital data - **Compression** (succinctness): - Short proofs for big computations - Crucial in constrained settings (e.g., blockchains) Note: Two major benefits that power new possibilities. --- ## Privacy (3.1) - Privacy = data belonging to a single person/group - Physical world: private homes, keys, rooms - Digital world: also needs privacy (often neglected) - ZKPs = “programmable privacy,” revealing only what’s needed Note: - Reflect on the normalcy of privacy in physical contexts vs. the digital gap. - Passwords; convos/cc/social graphs... --- ## Silent Reading (3.1)  Note: - Historically, “silent reading” was novel—privacy norms can evolve similarly now. - Used to be surprising 2000 years ago, bishop --- ## Compression (3.2) > “I have made this longer… only because I haven’t had time to make it shorter.” – Blaise Pascal - Compress: press into small space - Succinctness: express clearly in few words - Example: Blockchains have limited space Note: Think of it as a “compressed detective conclusion.” Size stays constant; useful outside too --- ## Sherlock Holmes (3.2)  Note: - A metaphor for revealing “whodunit” succinctly. - A lot of back and forth, some argument of knowledge, ~proof --- ## What Do You Know? (3.3) > Civilization advances by extending the number of operations we can perform without thinking about them. (Alfred North Whitehead) --- ## What Do You Know? (3.3) - We trust banks, institutions, big tech daily - Mentally taxing - what if they fail or misuse data? - Audits/fines aim to reduce risks, but add complexity - ZKPs can streamline trust → do more automatically - Social scalability Note: Less mental overhead if proofs handle trust checks. Esp as social complexity increases; composing ZKPs --- ## General-Purpose Computation (3.4)   Note: - Hash function to proof; private input and public input, proof - Like calculator to computer --- ## General-Purpose Computation (3.4) - ZKPs shift from single-purpose (e.g., hashes) to universal programs - Like going from a **calculator** → **computer** - Example: prove valid ID, over-18, and a valid ticket without revealing personal info Note: “Program any condition” and get a privacy-preserving proof. Waldo, or Sudoku example - diff but can e express both Group signature, Publius --- ## Why Now? (3.5) - ZKP concept known since 1980s, only recently practical - Blockchains (Ethereum, Zcash) accelerated R&D - Rapid improvements: faster proof generation, robust tools - Comparable to “Moore’s law” leaps in performance Note: Perfect storm of research + real-world demand fueling the ZKP boom. --- ## How ZKPs Work (4.1) - Involves a **Prover** and **Verifier** - Prover has private input (“witness”) + public input - Often “non-interactive”: single proof, no back-and-forth - Protocol ensures correctness Note: High-level structure: one proof, easy to verify. --- ## How ZKPs Work (4.1 cont) - Protocol: rules for correct conduct - Proof: argument establishing truth of stm - Prover: someone who proves - Verifier: someone who verifies correctness - Private input: visible to prover (witness) - Public input: visible to prover & verfier (instance) Note: - Some terminoloy Protocol chess, Holmes, reasonable doubt Protocol prover verfier, interactive, then not --- ## How ZKPs Work (4.1 cont) - Called “zk-SNARKs”: Zero-Knowledge Succinct Non-Interactive ARgument of Knowledge - ZKPs as a Zoo: Different systems (varying math assumptions/setups) - Common theme: short proofs, data privacy Note: Summarizes acronym and broad categories. Different ones, SNARKs, some ZK system not even ZK --- ## Protocol (4.2)  - Special program: *circuit* made up of *constraints* - (Setup: Prover and verification key) Note: - Special program; e.g. preimg hash; verify t/f --- ## Constraints (4.3) - Program is broken into **constraints** - Example: Sudoku rules (each row/column has unique digits) - Satisfying all constraints → valid solution Note: ZKPs prove constraints hold without revealing internal secrets. Circuit because constraints related, electric circuit Any problem can be expressed; but diff paradigm! --- ## Sudoku example (4.4)  Note: Another example: prove you solved Sudoku without showing your final grid. Need all constraints valid! --- ## Proof (4.4) <table> <tr> <td><img src="https://hackmd.io/_uploads/B1ndB2kayl.png" width="80%"></td> <td><img src="https://hackmd.io/_uploads/rkuOrny6kx.png" width="80%"></td> </tr> </table> Note: - Magic spell left - Right is proof that works; we'll go into what this is more --- ## Some properties (4.5) - Completeness: if statement is true, verifier will be convinced - Soundness: if statement false, ~verifier won't be convinced by proof - Zero knowledge: if stm true, won't reveal anything else Note: Key takeaway: the solver’s secret remains hidden, but correctness is certain. Soundness is statistical --- ## Some properties (4.5) - Considerations: assumptions, security - Trusted setup - Performance for generating/verifying proofs - Software support, DevEx - Etc Note: - Many diff types of ZK Zoo, both in theory and practice - We'll see some here; focus on gist --- ## Real-World Applications (5) - **Electronic Cash (Zcash, Tornado Cash, Railgun)** - Private transactions, preserving fungibility - Anonymous Signaling (Semaphore) - Group membership/voting - **ZK Rollups/zkEVM** - Bundle txs off-chain, post a small proof - E.g., Polygon zk-EVM, zkSync - **Data Provenance & ZK-ID** - Prove access to e.g. passport or email - E.g. Rarimo, ZK-Email; also TLS Notary Note: Widespread usage across blockchain privacy and scaling. Last recently --- ## Real-World Applications (5 cont) - **ZK-VM (Mina, Aleo)** - new blockchain architecture - **Dark Forest** - “fog of war” in real-time strategy - **ZK Bridges** - cross-chain asset transfers - **ZK-ML** - private model/data - **Future**: - photo authenticity, nuclear disarmament, etc. Note: Rapidly expanding domain—beyond just blockchains. --- ## Real-World Applications (5 cont) > "By 2040, someone will have won a Nobel Peace Prize for using Zero Knowledge Proofs." > Barry Whitehat Note: - outlandish but who knows --- ## Conclusion & References (6) - ZKPs = privacy + succinctness → new trust paradigm - Deployed in real apps (finance, identity, gaming) - Ecosystem evolving quickly, more breakthroughs ahead - Original article & background: [zkintro.com/articles/friendly-introduction-to-zero-knowledge](https://zkintro.com/articles/friendly-introduction-to-zero-knowledge) Note: End of deck—encourage deeper study. --- ## Thanks! - Questions? - Logistics: - Short break - Then coding session