zk-SNARKs – Privacy for Blockchain
zk-SNARKs stands for Zero-Knowledge Succinct Non-Interactive Argument of Knowledge Proofs.
If your in crypto space, you might have heard about “zk-SNARKs” . Details are either sketchy or explained in a very complex way. Even the white paper from Ethereum has complex explanation to be easily understandable. So it takes some time to wrap around this concept.
FYI# zk-SNARKs is the most important feature of planned Ethereum Metropolis release.
This blog is my sincere attempt to understand zk-SNARKS and why it is so important. This blog might involve knowledge of polynomial functions , polynomial graphs , NP (Non deterministic Polynomial time) , RSA and Elliptic Curve Digital Signature Algorithm.
Before we being, lets go back in history. zk-SNARKS was first introduced by zerocash. The project started as privacy for Bitcoin. Due to complexity of soft fork etc of Bitcoin, this effort was abandoned. Instead zerocash , introduced an altcoin called Zcash, which focuses on privacy of transaction and zk-SNARKS.
Zcash is a cryptocurrency that grew out of the Zerocoin project, was the first to deploy zk-SNARKS which differentiated itself from other currencies on the bases of added privacy and security.
Why do we need zk-SNARKs?
Now, lets take few steps back and try to understand the privacy issues with Bitcoin or existing blockchain technology. And what zk-SNARKs is trying to solve.
On Bitcoin or Ethereum, all the transactions are public. Anyone can go to Blockexplorer or Etherscan and surf through transactions. This is synonymous to banks publicly exposing the transactions and accounts of every account holder without disclosing their personal identifiable information. This would still be a huge breach of privacy. People might feel that Bitcoin or other blockchain technologies do not reveal true identity of a user. But, this is not true. Users tent to keep the same public and private keys and wallets, hence they usually use the same address for different transactions. So, it is possible to trace back a person’s background , balance and transaction history especially when there are transactions between 2 parties. There is a false sense of anonymity with the current Bitcoin and Ethereum transactions. We will go bit deeper, how your identity can be compromised and used.
For example there are 2 parties A(sender) and B(receiver/merchant), where A sends -> money to B. Now, with the current architecture of Bitcoin and Ethereum, B knows the public key of A, after B receives the transaction. So, A’s identity has been revealed to B. Now B can easily trace back the transaction history of A using sites like Blockexplorer. Know private information like balance of A and A’s transaction history or pattern. This is like you pay a car dealer for a car, but now the car dealer knows your bank balance and your buying/selling history. So, next time when you plan to buy another car, the car dealer can act differently because he knows your bank balance etc.Not only that, now since the identity of A is revealed to B. Next time if A wants to buy another good from B, B might price or act differently because B knows all about A’s balance and transaction history. This is a huge breach of privacy for A.
So, now do we understand , this huge problem with current Bitcoin and Ethereum blockchain?
So, how do we plan to make a transaction from A to -> B, without revealing A’s identity or transaction history? And also how will B know that the currency B received is coming from A and not from someone else?
In an hypothetical case, how would you verify an identity without revealing your background to everyone? How about you use a “witness” or “accountant” who both A and B can trust. And the witness can let B know that, please trust that the payment has come from A. This works , right?
This is where zk-SNARKS comes in. zk-SNARKS has a virtual accountant for you to have crypto-graphic proof, that a person is a the proof.
zk-snarks is a type of crypto-mixing algorithm which obfuscates the ownerships. What is crypto-mixing? Imagine a bucket or pool. Everyone who holds crypto-currency drops their coins into this bucket and they mix. A witness confirms that a person has dropped a coin. Now, when someone needs to spend a coin, they pickup a “random” coin from the bucket. You prove that you have right to spend a coin because you already dropped one and have not spent that coin yet. This avoids the double spending problem. This brings a certain level of anonymity while spending a coin.This is the core of zk-SNARKS.
zk stands for “Zero Knowledge”. It stands for zero knowledge of the sender of the transaction (sender’s privacy) to the receiver.
zk-SNARKS refers to a proof construction where one can prove possession of certain information, e.g. a secret key, without revealing that information, and without any interaction between the prover and verifier.
zk-SNARK is used to prove that data is valid without actually revealing what that data is. The technology sits at the heart of the Zcash network, and recent months have seen developers moving to integrate the privacy tech into Ethereum.
The effort to bring the privacy features of zcash to ethereum took a step forward today during testing for the upcoming Byzantium upgrade.
There are multiple ways to build a commitment based on platforms.
Alice can use H to commit to string s (say , 256 bits long)
— Pick random r (say , 256 bit long).
— Publish c= H(s,r)
— Alice can prove she knows z by revealing r
— Bob cannot learn much about s from c.
Here is the White papers by Ethereum on zk-SNARKS. There is a great talk by Vitalk here in zk-Snarks.
Great video on zerocash zk-snarks.
Great video by Arvind Narayanan on anonymity and zerocash..
- zk-SNARKS brings anonymity and privacy for transactions.
- zk-SNARKS has multiple flavors based on the platforms for mixing algorithm and proof of ownership or trust.
- zk-SNARKS is critical feature for long term future of Ethereum as a crypto-currency along with being a platform for decentralized applications.
- zk-snarks can increase time per transaction and slow the already slow infrastructure of Ethereum or Bitcoin.
- Random secret inputs required to generated for public parameters.
- The secret input needs to be securely destroyed. This is called toxic waste.
- No one can know them (anyone who does can break the system).
- zk-snarks can increase memory requirement.
Very well thought article.
Could you please share your views on decentralized cloud storage and its future?