Common public chains such as Bitcoins can use the block explorer to freely browse the contents of all transactions including those of others.
Because the contents of the transaction also includes the public key (wallet address) of the remitter and the recipient, the amount sent, etc., it will be possible to track the destinations of certain Wallet’s assets and so on.
While these features are an important element of a distributed ledger, it is certainly inconvenient to know ” who sent it and where “.
So the focus of attention since last year is the technology called zk-SNARKs based on the concept of ” zero knowledge proof “.
In the block chain using the same technology, instead of disclosing the information that “the transaction was done properly ” in general, it is possible to hide the transaction details as described above perfectly .
On this page, I would like to introduce the zero knowledge proof and zk-SNARKs exactly what kind of mechanism it is, so that even beginners can understand it carefully.
What is zero knowledge proof
Zero knowledge proof is the concept formulated for the first time in 1985, which means “a dialogue” between the prover (prover) and the verifier (verifier) .
In this dialogue we prove to the verifier that the prover knows a certain secret without revealing its secret content .
Mathematically it says, ” Prove that the proposition is true without giving any other information .”
This concept is very useful for maintaining the privacy of distributed networks, and an application type called zk – SNARKs is used in block chains such as ZCash and Quorum.
Jean-Jacque’s Cave
As an example that can briefly explain zero knowledge proofs, there is a ” cave problem ” proposed by Belgian cryptologist Jean-Jacques Kisketa.
In this example, a prover P wearing pink clothes knows the password to open the door in the deepest part of the cave as shown in the above figure to the verifier Q who wore the green clothes Prove it.
Mr. P is at the entrance of the cave, and randomly chooses the route A or B which reaches the innermost part and proceeds. Here we assume that Mr. P has chosen Route A.
When enough time has elapsed for Mr. P to reach the innermost part, Mr. Q who was waiting outside the cave randomly chooses route A or B ( does not go inside ) and elects Mr. P I shout to come back from the root.
P who knows the password of the door separating the routes A and B can go back to the road that came if it is told to return from the route A and in the case where the route B was chosen unlock the door and let B You can return from .
Repeat this process a couple of times and if Mr. P comes back from the correct route every time, Mr. Q can confirm that P really knows the password without knowing the password itself .
Non interactive type
I will give another example of zero knowledge proof. This will be a proof of type called ” non-interactive type “.
Mr. X prove to the verifier Y that ” It is not tied with Mr. Y ” in the test of 5 points full scale. Here we assume that Mr. X won 5 points and Mr. Y took three points.
First, Mr. X will prepare five locked boxes. Each box has 1, 2, 3, 4 and 5 points.
Mr. X hands the key of each box to Mr. Y and leaves the room. Mr. Y (verifier) who confirmed the exit throws out the key (1, 2, 4, 5 points) of the boxes other than his score (3 points) on the spot. Mr. Y will leave when the work is over.
Next time Mr. X puts out a piece of paper with a circle from the gap of the lid of the box (5 points) in which his score was written, and crosses the other boxes (1, 2, 3, 4 points) I slip the paper on.
Mr. X and Mr. Y will change rooms again and Mr. Y will use the key to open three boxes. From the inevitably inadvertently the piece of paper that is inside it is a cross mark, you can see that Mr. Y is not equal to Mr. X.
However, Mr. Y does not know if Mr. X’s score was better or wrong.
Unlike cave problems, this example does not require direct interaction between Mr. X and Mr. Y. Such zero knowledge proof is called ” non-interactive type “.
Rule of zero knowledge proof
Zero knowledge certification defines rules to protect in order to minimize fraud by the prover.
The first is called completeness . This means ” If it is true that the prover has a secret, the verifier will surely know that it is true .”
For example, in the cave problem, if the prover P knows the password, the verifier Q verifies that P really knows the password by repeating the work of randomly selecting the routes A and B I can do it.
Secondly, it is called soundness , ” If you are lying that the prover has a secret, the verifier will find that lie with high probability .”
When prover P is lying with a cave problem, Mr. P can not unlock the innermost door, so there is no choice other than returning from the way (route A in the above example) that came.
Since the probability that the verifier Q randomly selects A is 50%, if this process is repeated, the probability that Q will return from the route selected by M every time P is extremely low Become.
As the number of proofs increases, the probability that the prover P will work illegally decreases, so Mr. Q will find that Mr. P is lying with high probability.
Finally, zero knowledge proofs must meet zero knowledge . This means that the knowledge obtained by the verifier as a result of the proof is that only the proposer ‘s proposition is true .
In the case of the cave, the verifier can confirm that the prover ( password ) is known to the prover (proposition), but it can not know the password itself.
What is zk-SNARKs?
The crypto-currency, ZCash etc. famous for its high anonymity uses the application type of zero knowledge proof called zk-SNARKs (ZetKay · Snark) for transaction record.
ZCash can not confirm information such as remitter, recipient, remittance amount, etc., because the information that a third party can obtain is only the proposition that “the transaction has been done properly” is true.
zk of zk – SNARKs means Zero – Knowledge, and SNARK has the following abbreviations respectively.
- S Uccinct (briefly) – Qualification results lighter size compared with proof of process (calculation). By making the certification process non-interactive type, the capacity of the certification result can be saved .
- N on-interactive – A verifier who wants to check the validity of a transaction can verify the proof without directly interacting with the prover.
- AR gument – The computing ability of the prover is limited. A prover with extraordinary computing power can solve the cryptogram by force and submit false proof .
- of K nowledge – Prover can not create proof unless he knows in advance knowledge such as the address of the wallet involved in the transaction.
By being concise and non-interactive (only sending a message from the prover to the verifier) the proof is to be able to keep the content recorded on the block chain to a lesser extent.
Argument of Knowledge can be thought of as an assumption that zk-SNARKs should satisfy.
In addition to ZCash, zk – SNARKs are implemented not only in JP Morgan ‘s Quorum but also in Ethernet, we know that we are considering implementation.
Summary
Let’s confirm important points about zero knowledge proof and zk-SNARKs once again.
review
- Zero knowledge proof is “to prove that the proposition is true without giving any other information .”
- By applying to a block chain, by proveing ” transaction is legitimate “, you do not need to provide any other information such as remitter, recipient, remittance amount, etc. → Privacy protection
- zk-SNARKs is a type of zero knowledge proof that can be used in combination with block chain technology. It is characterized by the small capacity of the certification result and assumption in calculation.
A description of zk-SNARKs by ZCash can be accessed from here. In addition, a mathematical explanation of zero knowledge proof is on this page.
Author: Yuya 【Coin Desk News】 – Source Post: https://crypto-times.jp/zero-knowledge-proof-and-zk-snarks/
Disclaimer: CoinNewsDesk.com is a crypto news portal, financial discussion forum, and content curator / aggregator. Articles on Coin News Desk are provided for informational purposes only. We are not an investment advisor and do not provide financial advice.
It’s also important to it properly to diligence and analysis, including consulting a professional financial advisor, No content on Coin News Desk makes up a recommendation to enter in any type of investment or to engage in any investment strategy present on this website.