As more people have embraced Bitcoin and the amazing technology that makes it function, they have also discovered some of its most important pitfalls. One of those is the concept of a completely anonymous transaction. While Bitcoin is often thought of being “anonymous”, it is actually only “pseudonymous”, because every Bitcoin address’s transactions are tracked on the public blockchain. There are, however, other cryptocurrencies that have been able to develop blockchains that provide for complete privacy in their protocols. One such cryptocurrency is Zcash which makes use of a revolutionary privacy implementation called zkSNARKs.
In this post we will take a look at the basics of zkSNARKs, how they hide privacy and how they will develop in the future.
Zero Knowledge of It
zkSNARKs are based on a relatively recent cryptographic principle called zero knowledge proofs. In the initial academic paper that theorized Zero Knowledge protocols, they were defined as:
“A zero-knowledge protocol is a method by which one party (the prover) can prove to another party (the verifier) that something is true, without revealing any information apart from the fact that this specific statement is true.”
So, essentially a zero knowledge proof can allow for one person to prove that they know something secret without revealing what that secret is. This has important implications for many situations in which we need to exchange a secret but cannot fully trust the party that we are sending that information to.
For example, think about the way in which your online passwords work. When you insert your password on a website, that password is sent to the server and stored in a hashed form. While hashes do attempt to obscure the password, in the hands of a competent hacker, a hash can be just as dangerous as plain text. Hence, you are disclosing a secret to a website and relying on the supposed trustworthiness of the site to protect it. Would it not be much more secure if you could demonstrate your knowledge of the password by solving some cryptographic proof?
This is exactly how zero knowledge proofs work and they are particularly important in crypto privacy protocols. You want to be able to prove to the party that you are transacting with that you do indeed hold the private key to your wallet without actually revealing that private key. According to the theory, in order for a zero knowledge proof to be valid, it has to meet the following requirements:
- Completeness: If the input is true, the proof will always return “true”.
- Soundness: If the input is false, you cannot trick the zero-knowledge proof to return “true”.
- Zero-Knowledge: The verifier learns nothing more than whether the statement is true
Now that we have laid the groundwork of zero knowledge proofs, let’s take a look at how they have been incorporated into zkSNARKS.
zkSNARKs and Blockchains
zkSNARKs expand on the mathematical theory of zero knowledge proofs and allow them to be used in blockchains with reduced computational complexity. “zkSNARKs” stands for Zero Knowledge Succinct Non Interactive Argument of Knowledge. Yes, that is a mouthful but let’s break that down word by word.
- Zero-Knowledge: Explained Above
- Succinct Can be verified very quickly
- Non Interactive: A proof where a single message can be sent from the prover to the verifier. There is no need for a back and forth of messages.
- Argument of Knowledge: The prover can convince the verifier that information exists and that they are the only person that can access that information without revealing said information.
In regular transactions, when a payment is sent from one party to the other, the details of this payment are visible to all nodes on the network. This includes all the inputs and outputs to the transaction which contain information about the public addresses and amounts. However, with a zero knowledge transaction, the only information that one is able to glean is that a transaction has taken place. There is no information about the sender, recipient or amount. Below is a simple visual representation as to how Zero Knowledge Transaction work in a blockchain protocol.
Another term for these transactions is a “shielded transaction”. zkSNARKs are used to prove that the conditions of a valid transaction has been met without revealing anything. The sender of this transaction will have to construct a proof that shows the following:
- Input values equal the output values
- The sender does indeed have control of the private keys to the wallet
- There is a cryptographic link between the private spending key and the signature to the transaction. This will eliminate the possibility that a third party can tamper with the transaction.
Of course, this is the basic theory behind zkSNARKS and zero knowledge proofs. A deeper look would require an understanding of advanced computational mathematics and cryptography (moon math according to Vitalik Buterin).
zkSNARKS in Use
Given that zkSNARKs have such an important impact on cryptocurrencies, they are already in use on a number of chains and are being considered by others. Most notably, they were popularized for their use in the Zcash protocol.
Zcash is one of the most popular cryptocurrencies in the world with a current market cap of $4.3bn. There have also been a number of forks of Zcash and forks of forks. For example, you have Zclassic which is a fork of Zcash. Zclassic has also spawned two of its own forked coins in ZenCash and Bitcoin Private. Both of these chains make use of zkSNARKs for their shielded transactions. Then, there is also the ambitions of the second most valuable cryptocurrency, Ethereum, to include zkSNARKs into their protocol. This will come as part of their Metropolis upgrade that will include a number of features like Proof-of-Stake.
zk-SNARK support is a key feature in the ethereum roadmap
— Vitalik “Not giving away ETH” Buterin (@VitalikButerin) February 3, 2017
Currently, the computational complexity involved with generating many of these proofs is quite high. This limits their application in many other potential use cases. Yet, as more work is done on this and computing power advances, we are likely to see similar technology in a number of privacy dependent applications.
One of the most important concerns about zero knowledge blockchains is that they have to rely on a certain “master key”. Having an active master key to a blockchain worth billions is no doubt a big deal. This is a shadow that has remained over the Zcash blockchain since its inception. Although the ZCash team has claimed that they have destroyed the master key in their Zcash ceremony, there is always a risk that it could have leaked or someone has a copy. However, there may soon be an alternative to this in the form of another unique adaption called a “zkSTARK”. The main advantage of this technology over zkSNARKs is that it would not have to rely on a master key or public key cryptography. All they would need is a simple algorithm to function. zkSTARKs could also be much more efficient in terms of the computing power required to complete the proofs. The technology is in its infancy though and is still being researched by numerous cryptographers. It would be interesting to see how the technology develops over the next few years.
Bitcoin was developed for a number of reasons, one of which which was to give personal financial control back to individuals. Privacy of the holder is likely to have been another of the most important considerations. But as cryptocurrency adoption has grown, so has the ability for governments and agencies to meticulously track these transactions on the very public blockchain.
With technology such as zkSNARKs, however, such transactions will be shielded and the parties will remain completely anonymous. There is also a great deal of other applications that will benefit from these technological advancements. While the technology is still new and questions do remain, one cannot discount the demand for a truly private cryptocurrency.