Zero-knowledge is a concept that might sound like science fiction, but it's a fundamental principle within cryptography. At its core, zero-knowledge is all about proving that you know something, without revealing any information about what you know.
So, what exactly is a zero-knowledge proof?
Just imagine you're trying to convince someone that you know the secret password to a secret club.
You might just tell them the password, but that's not very secure. Instead, a zero-knowledge proof allows you to prove that you know the password, without revealing what it is.
To achieve this, a zero-knowledge proof must satisfy three requirements:
Completeness: The proof must be able to convince the verifier that you do, in fact, know the secret information. If you can't convince them, then the proof is ineffective.
Soundness: The proof must be such that if you didn't know the secret information, then you would not be able to fool the verifier into thinking that you do. This is vital because we don't want people who don't know the secret information to be able to gain access to the secret club!
Zero-knowledge: This is the most interesting part. The proof must not reveal anything about the secret information other than the fact that you know it. This means that the verifier won't learn anything new from the proof other than the fact that you're telling the truth.
Zero-knowledge proofs may seem counterintuitive, but they are proven mathematical realities, and exceptionally useful. The challenge comes in creating a robust implementation and in proving that it is sound, complete and that it conveys no knowledge beyond proving that a secret value is truly known.
Qredo is working hard to develop innovative services to safeguard sensitive data, including secure zero-knowledge proof technology.
One such protocol that Qredo already has in operation within our Mobile Signing App is called MPIN. Qredo uses the open source, zero-knowledge MPIN protocol, which is part of the incubating Apache Milagro project.
We can also use this implementation as a simple example of what a zero-knowledge proof is.
MPIN is the only known software-based multi-factor authentication (MFA) protocol. This means that authentication requires at least two pieces of information to authenticate; something you have and something that you know.
But what sets MPIN apart from other authentication methods is that it utilizes a zero-knowledge proof (ZKP) functionality, making it impossible for an attacker to access your information.
Here's how it works: When you register for MPIN, the authentication server creates a 'MPIN client secret', which is a function of your identity.
You can now think of a PIN that can then be cryptographically subtracted from the client secret, leaving behind a secure token.
In order to authenticate, you enter the PIN which will be added to your secure token. This value is then used to generate a ZKP that is sent to the server to authenticate you.
Here's the core power behind ZKPs – the server has no knowledge of either the token or the PIN. That means that neither the token nor the PIN is ever sent to the server, making it impossible for an attacker to access your information. It is impossible to derive the original client secret from the token without knowing the PIN. The PIN or token on its own is of no use to an attacker. Despite this, the proof that the PIN is correct is delivered, without ever being revealed.
ZKPs have a range of incredibly unique and interesting applications and interesting applications across within as well as outside of blockchain technology, offering potential solutions to many problems related to privacy, proof, and security.
ZKPs can be used to prove that a transaction is valid without revealing the sender, recipient, or the amount of the transaction.
ZKPs can also be used in authentication and access control, as in our example above.
Other important applications of ZKP include performance optimisations for distributed applications, especially thanks to ZK rollups.
These can help strengthen security for digital asset transfers whilst speeding transactions and lowering gas fees, enabling on-chain systems to provably verify off-chain transactions.
With a self-sovereign identity solution, users can access identity services across multiple third-party platforms whilst maintaining control over the information associated with their identity.
This is potentially a perfect answer to the challenge of how one could possibly confirm one's identity without relinquishing one's privacy.
Qredo's mission is to build a secure, decentralized infrastructure for the blockchain industry that enables fast, low-cost transactions while maintaining the highest standards of security and privacy.
ZKPs are a powerful cryptographic protocol that allows one party to prove to another party that they have knowledge of a specific piece of information, without revealing the information itself.
Zero-knowledge proofs are in perfect alignment with Qredo's principal mission, as they provide credible ways to verify transactions without revealing any sensitive information.
Qredo Labs is excited about the potential of zero-knowledge proofs to enable new products and services that are secure, private, and decentralized. We see this technology as a key enabler of our mission to build a new blockchain infrastructure that is both fast and secure.
We're going to have a lot more to say about zero-knowledge, so look out for more from us on this exciting technology coming up soon.
At Qredo, we're here to help secure the future of the wider blockchain ecosystem, and your support is what empowers us to make that happen. Thanks for being part of it.