AIMultiple ResearchAIMultiple Research

Zero-Knowledge Proofs: How it Works & Use Cases in 2024

As businesses collect a vast amount of customer data to gain insights, improve their products and services, and monetize their data assets, they can become vulnerable to cyber threats and data breaches. Breaches’ cost are rising every year, reaching ~$4.2M per breach, and as seen in Figure 1 they significantly harm businesses’ reputations and trustworthiness.

Privacy-enhancing technologies (PETs) such as zero-knowledge proofs (ZKPs) provide ways for businesses to protect their sensitive data. We describe the functioning of ZKP and examples of its application in this article to assist executives in strengthening their organization’s cybersecurity posture.

Figure 1: Cost of data breaches

Image shows data breaches have long and short term financial and reputational costs for the firms.

What are zero-knowledge proofs (ZKPs)?

A zero-knowledge proof (ZKP), also called a zero-knowledge protocol, is a mathematical technique to verify the truth of information without revealing the information itself. The method was first introduced by researchers from MIT in a 1985 paper.1

How do zero-knowledge proofs work?

A popular example to illustrate the basic idea behind ZKPs is as the following: 

Suppose you (the prover) have a color-blind friend (the verifier) that cannot distinguish a green and a red ball from each other (have zero knowledge about whether the balls are different colors). You need to prove that the colors of the balls are different but your friend needs something more than your words to be convinced. A ZKP method for this problem would be like this:

  1. Your friend takes the balls and lets you see which ball is in which hand. 
  2. Then, they either switch the balls between their hands or not behind their back.
  3. They then present the balls to you and ask you whether they switched the balls or not. As you can distinguish the green ball from the red one, you can easily give the correct answer.
  4. Your friend is not convinced. You have a 50% chance to correctly guess whether they switched the balls or not and the balls can still be the same color.
  5. However, if they repeat this several times, eventually, the probability of you correctly guessing whether they switched the balls or not each time would be very low. This enables your friend to verify that the balls are different colors without knowing the actual colors of the balls.

A series of cryptographic algorithms are used in the real-world applications of ZKPs to enable the verification of a computational statement. For instance, using ZKP methods, a receiver of payment can verify that the payer has sufficient balance in their bank account without getting any other information about the payer’s balance.

Another popular example that illustrates how interactive proofs work can be found in the Wikipedia article on Ali Baba’s cave story by Jean-Jacques Quisquater.

What are the properties of zero-knowledge proofs?

A zero-knowledge proof (ZKP) method must satisfy these criteria:

  • Completeness: If the information provided by the prover is true, then a ZKP method must enable the verifier to verify that the prover is telling the truth.
  • Soundness: If the information provided by the prover is false, then a ZKP method must allow the verifier to refute that the prover is telling the truth.
  • Zero-knowledge: The method must reveal to the verifier nothing else than whether the prover telling the truth or not.

What are the different types of zero-knowledge proofs?

There are two main types of zero-knowledge proofs:

  • Interactive zero-knowledge proofs: In this type of ZKPs, the prover and the verifier interact several times. The verifier challenges the prover who provides replies to these challenges until the verifier is convinced. 
  • Non-interactive zero-knowledge proofs: In this type of ZKPs, proof delivered by the prover can be verified by the verifier only once at any time. This type of ZKPs requires more computational power than interactive ZKPs.

What are some applications and use cases of zero-knowledge proofs?

Zero-knowledge proofs can be used to protect data privacy in a diverse set of cryptography use cases, such as:

  • Blockchain: The transparency of public blockchains such as Bitcoin and Ethereum enable public verification of transactions. However, it also implies little privacy and can lead to deanonymization of users. Zero-knowledge proofs can introduce more privacy to public blockchains. For instance, the cryptocurrency Zcash is based on Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (zk-SNARK), a type of zero-knowledge cryptographic method. Another example is Zero-Knowledge Scalable Transparent Argument of Knowledge (zk-STARK), which is used in the Ethereum blockchain and provides privacy and scalability.
  • Finance: ING uses ZKPs that allow customers to prove that their secret number lies in a known range. For example, a mortgage applicant can prove that their income is in the admissible range without revealing their exact salary.
  • Online voting: ZKPs can allow voters to vote anonymously and to verify that their vote was included in the final tally.
  • Authentication: ZKPs can be used to authenticate users without exchanging secret information such as passwords.
  • Machine Learning: ZKPs can allow the owner of a machine learning algorithm to convince others about the results of the model without revealing any information about the ML model itself.

What are the challenges of zero-knowledge proofs?

  • No 100% guarantee: Even if the probability of verification by the verifier while the prover is lying can be significantly low, ZKPs don’t guarantee that the claim is valid 100%. As demonstrated above, the probability of a prover lying decreases in each iteration of the ball-picking process, but it can never reach zero. Thus, zero-knowledge proofs aren’t actual proofs in a mathematical sense.
  • Computation intensity: Algorithms used are computationally intense as they require many interactions between the verifier and the prover (in interactive ZKPs), or require a lot of computational capabilities (in non-interactive ZKPs). This makes ZKPs unsuitable for slow or mobile devices.

Check out ZKProof, an organization that seeks to standardize and popularize the use of zero-knowledge proof cryptography. For more on data privacy and information security, you can check our other articles:

If you have other questions about zero-knowledge proofs or other privacy-enhancing technologies, we can help:

Find the Right Vendors
Access Cem's 2 decades of B2B tech experience as a tech consultant, enterprise leader, startup entrepreneur & industry analyst. Leverage insights informing top Fortune 500 every month.
Cem Dilmegani
Principal Analyst
Follow on

Cem Dilmegani
Principal Analyst

Cem has been the principal analyst at AIMultiple since 2017. AIMultiple informs hundreds of thousands of businesses (as per similarWeb) including 60% of Fortune 500 every month.

Cem's work has been cited by leading global publications including Business Insider, Forbes, Washington Post, global firms like Deloitte, HPE, NGOs like World Economic Forum and supranational organizations like European Commission. You can see more reputable companies and media that referenced AIMultiple.

Throughout his career, Cem served as a tech consultant, tech buyer and tech entrepreneur. He advised businesses on their enterprise software, automation, cloud, AI / ML and other technology related decisions at McKinsey & Company and Altman Solon for more than a decade. He also published a McKinsey report on digitalization.

He led technology strategy and procurement of a telco while reporting to the CEO. He has also led commercial growth of deep tech company Hypatos that reached a 7 digit annual recurring revenue and a 9 digit valuation from 0 within 2 years. Cem's work in Hypatos was covered by leading technology publications like TechCrunch and Business Insider.

Cem regularly speaks at international technology conferences. He graduated from Bogazici University as a computer engineer and holds an MBA from Columbia Business School.

To stay up-to-date on B2B tech & accelerate your enterprise:

Follow on

Next to Read

Comments

Your email address will not be published. All fields are required.

0 Comments