There are two types of people: crypto enthusiasts and everyone else. If you’re in the latter category, perhaps you felt some relief last fall when now-disgraced crypto-wunderkind Sam Bankman-Fried’s exchange, FTX, collapsed, taking much of the industry with it. You could finally stop wondering if you had missed the boat on all that blockchain stuff. Crypto was dead. Right?
Wrong. To begin with, “crypto” means more than one thing. Sure, in the past several years the word has become synonymous with the Wild West-like industry catering to cryptocurrency markets — an industry now facing intense regulatory scrutiny as it tries to piece itself back together after a disastrous 2022. Whether that crypto will ever be of much value for people besides speculative investors is arguably more uncertain than ever.
Advertisement
Before Bitcoin and its impersonators arrived, however, “crypto” referred to something else: cryptography, the study of secure digital communication that uses math to hide secrets. And while cryptocurrencies were getting all the attention during the past several years, the blockchain technology under the hood was quietly fueling a cryptographic renaissance.
The most intriguing of these cryptographic breakthroughs involves a mind-bending tool called a zero-knowledge proof. Systems based on zero-knowledge proofs can help address some of the technical limitations of blockchains. But they could also be valuable in ways that don’t have anything to do with blockchains or cryptocurrencies. They could even help us deal with the rising tide of disinformation online, by verifying the original sources of content.
Where’s Waldo?
A zero-knowledge proof system makes it possible to prove to someone that you know a secret without revealing the secret itself. Imagine being able to show that you were old enough to enter a nightclub without revealing your birthday or any of the other information on a typical ID card.
Sarah Meiklejohn, a professor of cryptography and security at University College London, uses a “Where’s Waldo?” analogy to explain how a zero-knowledge system works. Suppose you want to prove to your friend that you know Waldo’s location on a given page without revealing where he is.
Advertisement
The way the cryptography works is complicated, but in essence, it’s as if both of you have a copy of the same page in a “Where’s Waldo?” book. You cover your copy with a piece of cardboard that is twice as long and twice as wide as the page. Then you cut a hole in the cardboard large enough to reveal enough of Waldo so that it’s unmistakably him. Your friend can’t tell exactly where the page is sitting behind the cardboard, but he knows you know the location without learning it himself.
Cryptographers Shafi Goldwasser and Silvio Micali introduced the theory behind zero-knowledge proofs in 1985, while they were at MIT. In 2013, Goldwasser and Micali won the Turing Award, the prestigious prize from the Association of Computing Machinery, for their contributions to the field of modern cryptography. But it wasn’t until a few years later — and three decades after they first came up with the idea — that their most famous invention became more than a theory.
The catalyst was the boom in cryptocurrency and the underlying blockchain technology. Blockchain developers were searching for something that could do exactly what a zero-knowledge proof can do.
Bitcoin’s blockchain is essentially a ledger that uses cryptography and a distributed network of computers to validate and track every single transaction. The system’s mysterious inventor, Satoshi Nakamoto, called it an alternative payment system “based on cryptographic proof instead of trust.” There was a problem with this vision, though.
Advertisement
In short, blockchains are not private. Users are represented on the blockchain by alphanumeric strings called addresses. To validate a transaction, the computers in the network need to know the addresses of the sender and the recipient as well as the amount being transferred, so all that information must be published on the blockchain.
This level of transparency would keep blockchains from ever becoming what their enthusiasts dream of creating: a true replacement for the traditional financial system, says Zac Williamson, the chief technology officer at Aztec, a startup focused on creating tools for developers building zero-knowledge proof applications. “People won’t accept a world where everybody can see how they are spending their money, what they are getting paid, and what their mortgages are,” he says.
Early blockchain developers were in luck: Around the time Bitcoin and its first copycats started getting traction, academic cryptographers were finally figuring out how to make Goldwasser and Micali’s ideas practical. The system they came up with is called the zero-knowledge succinct non-interactive argument of knowledge, or the zk-SNARK. In 2016, a team of cryptocurrency-focused cryptographers implemented zk-SNARKs on a blockchain and launched a Bitcoin-like cryptocurrency called Zcash, which lets users transact privately. Nodes on the network can verify transactions without revealing any of the information used to perform the calculation. As Waldo is to the page, the valid transaction is to the blockchain.
Advertisement
Beyond blockchains
Zcash doesn’t have nearly as many users as Bitcoin or some other digital currencies, but it kickstarted a “Cambrian explosion” of technologies based on zero-knowledge proofs, says Pratyush Mishra, who recently received his PhD in computer science at the University of California, Berkeley, where he studied under Alessandro Chiesa, one of Zcash’s co-inventors. Mishra’s PhD research formed the basis of a startup called Aleo, which built its own blockchain that uses zero-knowledge proofs.
Another application of zk-SNARKs fuels Tornado Cash, a privacy-focused open-source project that lets users deposit cryptocurrency and later withdraw it to a different digital address. Zk-SNARKs hide the links between the addresses. Last year, the US Treasury imposed sanctions on Tornado Cash, alleging that it facilitated money laundering by North Korea. Since Tornado Cash is composed of publicly accessible programs that no one owns or controls, however, the government can’t kill it unless it is somehow able to shut down the larger Ethereum blockchain that Tornado Cash runs on. The situation illustrates why blockchain applications are far from dead.
It also helps show the versatility of zero-knowledge proofs, including in applications well beyond blockchains and digital currencies. For example, a company could use zero-knowledge proofs to demonstrate that its machine-learning model satisfies certain criteria around accuracy or fairness without sharing the actual model, says Dawn Song, a professor of computer science at UC Berkeley. A startup she founded, Oasis Labs, is aiming to commercialize this idea.
Advertisement
Stanford researchers recently described a system that is designed to fight disinformation by adding zero-knowledge proofs to digital images in the news media. It builds on a standard that has been proposed by a group called the Coalition for Content Provenance and Authenticity (C2PA), which includes Adobe, Microsoft, The New York Times, the BBC, and other media organizations.
C2PA’s original idea relies on a camera, like one Sony released last year, that uses a different kind of cryptography to “digitally sign” an image. Once it is signed, attempts to manipulate or tamper with the image will be detectable by a viewer running the right software.
The problem with that idea on its own is that if outlets edit the original photo before publishing the image, then the public will no longer be able to validate the digital signature. So Stanford graduate student Trisha Datta and Dan Boneh, a professor of computer science and electrical engineering, suggest that a zero-knowledge proof could be the answer.
Incredibly, the cryptography involved could verify that the original unedited photo was signed by a C2PA camera and that certain edits have occurred. Software running in your browser could verify the proof and make sure that metadata of the photo you see matches metadata from the unedited photo.
As AI-generated content continues to flood into our digital spaces and as many of those spaces get more adversarial, it will become more challenging to determine what is true and to know whom or what to trust. Whatever you think about crypto, it has given us a powerful tool for deciphering such things.
Mike Orcutt is a freelance technology journalist focused on the future of the Internet. He was previously an editor at MIT Technology Review and The Block, a cryptocurrency news publication.