How companies protect their business with zero-knowledge proofs.

In recent years, data breaches have reached an unprecedented scale and scope. Hackers, malicious insiders and social engineering are often the main causes of data breaches. However, these are merely symptoms resulting from the use of inadequate security technologies and encryption procedures.

06.08.2024

IOTA

Web3

Zero-knowledge proofs as a method for the future of data security

Imagine a procedure that only asks for the required information without disclosing the actual data. ZKProofs (Zero Knowledge Proofs) make it possible to prove that you have certain information without having to disclose this information. This has a revolutionary impact on various areas in which data protection and security are of central importance.

4 principles of ZKProofs:

1. Verification without Disclosure: The prover provides evidence that convinces the verifier that the statement is true without revealing the underlying data.

2. Interactive Protocols: The process can be iterative and interactive, with the verifier setting challenges for the prover to answer correctly.

3. Security: The evidence must be designed in such a way that it does not reveal any information about the underlying data and cannot be imitated or falsified, even with multiple attempts.

4. Complexity: The proofs should be efficient and practically feasible without requiring excessive computational resources.

Where can ZKProofs be used?

A typical example of the use of ZKProofs is authentication. In traditional systems, users have to enter their passwords or other sensitive information to confirm their identity. With ZKProofs, it would be possible to verify a user's identity without them revealing their password directly. This reduces the risk of passwords being stolen through hacking or phishing.

ZKProofs could also be used in financial transactions. For example, a buyer could prove that they have sufficient funds to make a purchase without disclosing the exact amount or other financial details. This could significantly improve data protection in digital transactions and prevent fraud at the same time.

Zero-knowledge proofs for companies

Two types of zero-knowledge proof

Interactive ZKProof (Multiple back-and-forth-communication)

An interactive ZKProof, as shown in the picture below, consists of an iterative communication process between the prover and the verifier.

This is how it works:

The verifier sends a new challenge to the prover. This challenge is random and varies in each round of the protocol.

The prover responds to the challenge with a message that contains both the challenge and the response. This response proves to the verifier that the prover has the necessary knowledge without directly revealing this knowledge.

This exchange process is repeated several times to increase the credibility of the proof.

Example to demonstrate this ZKProof: Two-colored pens

1. Scenario: The prover has two pens, one red and one blue. He wants to prove to the colour-blind verifier that he is not colour-blind and can tell the pens apart without telling the verifier which pen is red and which pen is blue.

2. Process:

The prover hands the two pens to the verifier
The verifier takes the pens and holds them behind his back.
The verifier has two options, either leave the pens the same or swap them behind his back.
The verifier shows the two pens to the prover
The prover must now say whether the pins have been swapped or not.

3. Result: If the prover is correct, the verifier cannot be 100% sure whether it was just luck or not. This process is therefore repeated as often as required until the verifier can be sufficiently sure that the prover is indeed not colour-blind.

Non-Interactive ZKProof (Single Round)

A non-interactive zero-knowledge proof consists of a one-time communication process between the prover and the verifier without the need to send multiple messages back and forth.

This is how it works:

The prover creates a message (response) that contains both the challenge and the answer. This message is sent once to the verifier.

The verifier checks the received message. Based on this check, it decides whether the prover's statement is true (TRUE!) or false (FALSE!).

Overall, the non-interactive ZK proof is an efficient and simple way of providing zero-knowledge proofs, but requires careful handling of the setup process, as both parties usually have to agree on a common reference string (CRS) in advance.

Example to demonstrate this ZKProof: Where is Waldo?

A simple example of a zero-knowledge proof can be illustrated with the game "Where is Waldo?":

1. Scenario: The prover has found Waldo on a hidden object picture, wants to prove this to the verifier without revealing Waldo's exact location.

2. Process:

The prover creates a cardboard disk that is larger than the hidden object picture and contains a small hole just large enough to see Waldo through.
The verifier hands the hidden object picture to the prover.
The prover places the cardboard disk on the hidden object picture so that Waldo can be seen through the hole.
The verifier can look through the hole and see Waldo, but the rest of the picture is obscured by the cardboard disk.

3. Result: The verifier is convinced that the prover has found Waldo without knowing his exact position on the hidden object picture.

Conclusion

Zero-knowledge proofs offer an innovative and powerful solution to modern data protection and security challenges. By making it possible to verify information without having to reveal it, they revolutionize the way we can ensure trust and integrity in digital and physical processes.

Head of Web3

Danish Kiani

Danish is our Head of Web3 and passionate DLT developer. He is dedicated to all things crypto and expert for IOTA.

Interested in implementing zero-knowledge proofs?

Talk to experts about your possibilities.