Zero knowledge proofs are a rabbit hole I’ve peeked into but haven’t really gone down yet.
For those not familiar, Wikipedia provides a broad definition:
In cryptography, a zero-knowledge proof or zero-knowledge protocol is a method by which one party can prove to another party that a given statement is true, while avoiding conveying to the verifier any information beyond the mere fact of the statement’s truth.
Put another way, they can allow us to have privacy in an environment that hasn’t typically been that private (a public blockchain). This can be the entire chain state, or specific protocols/contracts on a chain that implement circuits.
Given @dtribble’s (exciting!) comment here, I’d like to elicit some technical discussion and gather resources, ideas, and other information.
And to kick us off, here are some cool things I’ve found:
It seems the two most popular systems are:
zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge)
zk-STARKs (Zero-Knowledge Scalable Transparent Arguments of Knowledge)
Most of the implementation I’ve seen revolve around zk-SNARKs, such as Halo 2, Plonk, and Groth16.
Libraries / Tools
It seems most folks working on this need to develop a JS sdk at some point, in order for participants to build their own proofs client-side in a web browser (generating a proof on a server kind of defeats the whole point iuuc).
I have not tried any of these out myself yet, but:
1. halo2-repl, by Axiom
Written in rust, but (seemingly) has JS bindings for writing circuits. Announced 2 days ago!
It is unclear to me if there are JS bindings for writing circuits, or how tightly coupled the circuits are to the smart contracting framework.
Use Cases / Implementations
The ZK Email project is pretty cool! I spent some time digging into a few weeks ago.
They use the DKIM signature present in email messages to validate the receipt of emails. In their demo, a user can verify ownership of a Twitter address by generating a proof from a password reset email.
The public key for the DKM signatures may change over time, or could be corrupted by a rogue sysadmin along the way, but the idea and implementation are cool nonetheless!
This blog post from one of the authors is nice as well.