In 1985, the original concept for zero-knowledge proofs (ZKPs) emerged in a peer-reviewed academic paper titled, “The Knowledge Complexity of Interactive Proof Systems,” marking a breakthrough in cryptography. Researchers Shafi Goldwasser, Silvio Micali, and Charles Rackoff explored whether it would be possible to prove that a datum is valid without revealing any information aside from the datum itself. Nearly 40 years later, ZKPs are a fundamental component of many blockchains, empowering users through enhanced privacy and security.
Keep reading to learn more about the following topics:
- What is a zero knowledge proof? (ZKP)
- Components of zero-knowledge proofs
- How do zero-knowledge proofs work?
- Types of zero knowledge proofs
- Zero-knowledge proof applications and use cases
- Challenges of zero-knowledge proof adoption
What is a zero-knowledge proof? (ZKP)
A zero-knowledge proof, or ZKP, is a cryptographic method that allows multiple parties to verify a statement’s truth without revealing information beyond the statement itself. Many blockchains leverage ZKPs to boost security of interactions involving sensitive data. Consequently, participants of blockchains with ZKPs may be able to interact with more confidence because it is less likely that private information will be compromised or used by malicious actors.
Components of zero-knowledge proofs
ZKPs require a minimum of two parties for each interaction: the prover and the verifier. The prover is responsible for providing the actual mathematical proof to convince the verifier of a statement’s validity. The verifier must examine this evidence and either accept or reject it.
There are typically multiple rounds of communication between the prover and verifier to reduce the likelihood that either party will guess or provide illegitimate information.
How do zero-knowledge proofs work?
ZKPs operate using the basic building blocks of advanced cryptographic algorithms and mathematical concepts. For instance, ZKPs employ cryptographic hash functions to generate random challenges for verifiers as they work toward developing mutual trust with provers.
Interactions powered by ZKPs must satisfy the following:
- Completeness: If a statement is true, an honest prover should easily be able to convince a verifier of this.
- Soundness: If a statement is false, a dishonest prover should not be able to trick a verifier.
- Zero-knowledge: Neither party can extract additional private information about one another; they only know the contents of the statements provided.
Let’s look at an example of how two users might use a ZKP to transact:
- Person A (prover) wants to execute a transaction using privacy coin ZCash so that no observers of the blockchain can extract any details of the transaction (i.e. the amount transferred, the address being transferred to, etc.).
- Person B (verifier) expects to receive ZCash from Person A, but doesn’t know their private details such as the total amount of assets held in Person A’s wallet.
- Person A encrypts the transaction and submits it to the blockchain.
- Person A submits a ZKP with the encrypted transaction to prove that the transaction is valid.
- Nodes on the blockchain inspect the ZKP to ensure that Person A’s encrypted transaction is indeed valid.
- If the ZKP is valid, Person B will accept.
- The ZCash moves from Person A’s account to Person B’s account.
- The transaction is permanently recorded on the blockchain.
Types of zero-knowledge proofs
ZKPs come in two primary forms: interactive and non-interactive. Interactive ZKPs involve multiple rounds of back-and-forth communication between the prover and the verifier. Non-interactive ZKPs involve only one round of communication — the prover only sends one message to the verifier and they do not have to be online at the same time for this to occur.
Interactive proofs are uncommon in blockchain-based systems, as they are inefficient and it is generally undesirable to require two parties to be online at the same time. Consequently, the following types of ZKPs are used in non-interactive setups:
Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge (zk-SNARKs) enable participants to prove possession of certain information without revealing the details of that information. Zk-SNARKs are common on the Ethereum blockchain and are particularly useful for privacy-preserving smart contracts. Zk-SNARKs are also utilized by ZCash for proving the validity of shielded transactions, such as those where no information is revealed — including the sender, receiver, and amounts being transferred.
Zero-Knowledge Scalable Transparent Arguments of Knowledge (zk-STARKs) function similarly to zk-SNARKs, but are designed to scale large computations. Due to their added benefits of transparency and scalability, zk-STARKs are compatible with a wide range of blockchain applications.
Bulletproofs prove that a value lies within a specific range without revealing the value itself. Through the use of advanced mathematical concepts, bulletproofs are able to make proofs smaller, thus reducing transaction sizes and verification times. Monero uses bulletproofs.
Zero-knowledge proof applications and use cases
Zero-knowledge proofs offer a wide range of applications in the blockchain ecosystem, spanning from privacy-enhancing decentralized protocols to scalable transaction solutions. Although some of these use cases are already employed by blockchains, others remain speculative or are in the early stages of development.
Authentication and secure identity verification: DeFi participants can use ZKPs to prove that they possess certain attributes, such as participation in governance activities or membership in a particular token holder group, without revealing the actual values of these attributes. Similarly, users can interact with ZKPs to selectively disclose information related to their identities.
Secure voting systems: ZKPs can enable DeFi participants to prove their voting eligibility and number of votes they have without revealing their history or voting preferences.
Zk-rollups are layer 2 scaling solutions that bundle or “roll up” transaction data off-chain into a cryptographic proof, then use ZKPs to post transaction validity on the Ethereum mainnet in the form of calldata. Given that transactions are posted to the mainnet in a bundle, they typically take up less space, thus reducing Ethereum’s computational burden. Popular zk-rollups include ZkSync and Loopring.
Zk-Plasma is a variation of the Plasma network that leverages ZKPs to create a privacy-preserving sidechain on Ethereum. Instead of verifying all data on the mainnet, users can verify transactions on the sidechain and then use ZKPs to post their validity on Ethereum.
Decentralized exchanges (DEXes): ZKPs can facilitate trading of a wide variety of assets without revealing the trading history, strategies, or account balances of users.
Supply chain transparency and integrity verification: ZKPs can enhance the security of a supply chain by validating suppliers’ credentials and authenticity of products without disclosing transaction information to unauthorized parties or proprietary information about a production process. Additionally, ZKPs may help to verify certifications and compliance with supply chain regulatory standards.
The below chart illustrates the scale of how zero-knowledge technology is employed for some of these use cases. We see the amount of funds sent to several of the most popular ZKP applications, including ZCash (privacy-preserving cryptocurrency), Tornado Cash (decentralized, non-custodial smart contract), Railgun (Ethereum L2 privacy protocol), and Aztec (Ethereum L2 privacy protocol). Between January 2022 and April 2024, more funds were sent to Tornado Cash than the other three ZKP-enabled applications, at nearly $5 billion.
Challenges of zero-knowledge proof adoption
Although ZKPs may hold the promise of making blockchains more secure and efficient, their widespread adoption faces several challenges:
- Implementing and deploying ZKPs require a deep understanding of cryptographic principles and advanced mathematics — most developers do not possess this specialized knowledge.
- Generating ZKPs often requires significant computational resources, leading to slower transaction processing times and higher fees.
- Interoperability of blockchains may become difficult if participants encounter incompatible protocols or verification methods.
- The complexity of ZKPs and corresponding data storage may introduce challenges regarding regulatory compliance and auditing.
The future of zero-knowledge proofs in blockchain
As awareness about the importance of privacy and security of blockchain platforms grows, it is likely that zero-knowledge proofs will experience increased adoption. Additionally, many layer 2 protocols on Ethereum are consistently seeking ways to improve scalability and efficiency, which ZKPs may help to solve. These ongoing efforts will play a key role in protecting users’ sensitive information and standardizing blockchain transactions to facilitate blockchain interoperability.
This website contains links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein.
This material is for informational purposes only, and is not intended to provide legal, tax, financial, or investment advice. Recipients should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with Recipient’s use of this material.
Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in this report and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.