Currently, people looking to buy alcohol may be asked to show their driver’s license or another form of ID to prove they are at least 21 years old. But what if there were a way to prove someone is of legal age without them revealing their specific birth date — and without revealing their full name, address, and other identifying information?
A zero-knowledge proof is a mathematical protocol designed to do just that. It permits a “verifying” party to confirm that a “proving” party has some explicit information without that information being revealed by the proving party.
However, the privacy promised by zero-knowledge proofs goes beyond monetary transactions. Since sensitive information is never revealed, that information cannot be stolen, improperly disclosed, or misused in the future. This degree of privacy protection makes zero-knowledge proofs appealing for all kinds of sensitive transactions, such as the legitimate sharing of private data.
The Zero-Knowledge Proof Protocol Explained
Zero-knowledge proofs — sometimes called ZKPs for short — use complex mathematics to make a probability assessment. This means they don’t prove anything with complete certainty in a way that revealing proof does. ZKPs merely establish that an assertion is overwhelmingly likely by linking small bits of information in an untraceable protocol.
So, in simple terms, what is a zero-knowledge proof? A common and simple example is a scenario involving a red ball and a green ball in the possession of a colorblind “verifier.” Because the verifier is colorblind, they have no knowledge of which ball is red and which ball is green. A “prover” is trying to establish that they are not colorblind and can tell the balls are different colors.
In the protocol’s first step, the verifier shows both balls to the prover. The verifier then puts the balls behind their back and switches them or keeps them in the same hands. The verifier then presents the pair of balls once again to the prover and asks if the balls were switched. Since the prover can tell the difference, they give the correct answer. But because the odds of being correct are 50 percent, this isn’t adequate proof of knowledge. After repeating this process dozens of times and a 100-percent rate of correct answers, the verifier can be satisfied that the prover can tell the difference between the two balls.
Challenges with Zero-Knowledge Proof Authentication
While zero-knowledge proofs hold promise for widespread use in all kinds of transactions — and discrete transactions in particular — they aren’t without drawbacks. These include:
- Computationally demanding. In addition to having a “math problem,” zero-knowledge proofs are made less practical by the fact that they are computationally intensive. As described in the red-green balls scenario, many zero-knowledge proofs require many interactions between the verifier and the prover.While there are some approaches that can perform zero-knowledge proofs in one round, processing a high number of interactions can be computationally demanding when more complex mathematics are involved. The computational demands become even greater when knowledge proofs are used in combination with other privacy technologies. For a typical use case, the computational power needed makes it impractical for use with mobile devices and slower computers.
- Limited use. Zero-knowledge proofs are also limited by the fact that they are numerically based. This means a transition into numerical values is necessary that wouldn’t be with other types of information. While this may not be a concern for financial and similar numerical transactions, zero-knowledge proofs are less practical for use with large complex datasets.
- No certainty. One challenge is the fact that zero-knowledge proofs don’t actually prove anything with 100-percent certainty. That said, there is only a statistically insignificant, but non-zero chance of incorrectness. The best-designed protocols can establish extremely low odds of a prover presenting sham evidence, but they cannot rule it out completely. Because zero-knowledge proofs are not true mathematical proofs, they leave the door open to skepticism and doubt.
- Minimal infrastructure. Another challenge has nothing to do with the protocol itself. The implementation of zero-knowledge proofs is so new that there is a lack of established standards, languages, and systems. This lack of infrastructure makes it difficult for entities to interact using zero-knowledge proofs without first establishing a system for interaction. ZKProof is one organization working to establish international standards that would expedite the adoption of zero-knowledge proofs.
A More Certain and Practical Approach with TripleBlind
As with several other PET–including homomorphic encryption and tokenization — TripleBlind’s innovative approach accomplishes the strengths of ZKPs while alleviating their limitations.
The TripleBlind Solution consists of privacy tools and techniques wrapped into expressive API-driven workflows for broad applicability across data types and analysis tasks. The underlying architecture has been designed with scalability, extensibility, and interoperability as first-class design principles. Security principles like non-repudiation, no trusted third-party, multi-legged authentication, and fine-grained authorization controls ensure that the sensitive workloads can be computed safely, securely, and in compliance.
Book A Demo
TripleBlind is built on novel, patented breakthroughs in mathematics and cryptography, unlike other approaches built on top of open source technology. The technology keeps both data and algorithms in use private and fully computable.