The digital age has certainly brought about numerous advancements and has had a momentous impact on our lives and the way we go about them. We are more connected than ever, we can perform transactions completely remotely, and we can deal with our affairs from afar. However, one of the chief surrounding concerns is that privacy can be compromised. One method of overcoming this problem entails the adoption of a protocol known as zero-knowledge proof (ZKP). ZKPs can provide a pathway for a prover to show a verifier that a statement is true without having to disclose any other information about it. Hence, the concept was named zero-knowledge proof, because no additional information needs to be revealed to the verifier. In other words, the verifier has no knowledge, and yet a certain thing can still be successfully proved!
 
The idea of a ZKP was developed by MIT researchers during the 1980s. ZKPs have since evolved, namely into two main species: interactive and non-interactive. In general, interactive ZKPs involve a ‘challenge-response’ dynamic in which the verifier questions the prover, and the prover subsequently responds, progressively proving their claim. In this way, this method of ZKP entails continued interaction, with the verifier gradually gaining confidence that the statement is true. On the other hand, a non-interactive ZKP entails the verifier generating all their inquiries at once, and the prover subsequently responding. In a non-interactive ZKP, the prover is able to respond once to all the verifier’s questions and can successfully prove their statement. Thus, an additional feature of non-interactive ZKPs is that several parties have the capability to verify the prover’s claims, as there is no requirement for interaction or engagement of any particular sort.
 
Indeed there are some requirements for a ZKP. Firstly, known as the criterion of completeness, a ZKP is valid only if it can successfully convince the verifier that the prover knows what they claim to know. If the prover fails to convey this to the verifier, it is no longer a true ZKP. The second requisite dictates that if the statement is in fact false, then it should not be possible to convince the verifier that it is true - thus any ZKP must be ‘sound’. Finally, a zero-knowledge proof must reveal nothing about the statement (no metadata as such), other than whether it is true or not. Therefore, a ZKP must be robust - they need to satisfy all the above criteria to be a valid ZKP.
 
So how does a ZKP actually work in practice? Let us look at an interactive example; imagine Peggy the prover and Victor the verifier.
 

Setup

1. Victor has a red ball and a blue ball.

2. He places these balls under two opaque cups.

3. Peggy passes by these cups without Victor knowing, and peeks underneath.

 

Statement (prover’s claim)

When they later convene, Peggy claims that she knows which ball is under which cup.
 

Proof

1. Victor tells Peggy to leave the room; he then decides to either shuffle the cups or leave them.

2. She comes back and looks underneath each cup – now Victor asks whether he swapped the cups or left them. If Peggy can consistently answer correctly, Victor can be satisfied that Peggy did know the initial position of the cups.

The information about the original position of the balls has not been revealed, and so it really is a zero-knowledge proof. In fact, if this process is repeated 10 times, the probability that Peggy is guessing (and that she answers correctly) is less than 0.1%. Therefore, Victor can have some confidence.
 
To many, the notion that it is possible to prove something whilst revealing nothing is revolutionary, and it certainly has been monumental on the front of cryptography (including cryptocurrencies). It is a neat and interesting way to prove something, without revealing details that are perhaps superfluous and/or private. In practice, ZKPs involve a lot of numbers, calculations, and probabilities – a display of how mathematics is the tool that makes a lot of computer science ideas realisable.