ZKP Workshop Real World Examples

This technology has proved useful in providing

  1. Privacy
  2. Scalability - proofs of computation can be used to show that the result of a (costly) computation is correct without having to repeat the computation.

Privacy

  1. Tokens such as ZCash a cryptocurrency using zkSNARKS.
    A typical cryptocurrency such as bitcoin uses transactions that are visible and hence verifiable by participants in the system. This provides transparency, but does mean that anyone can know the accounts that are sending and receiving the currency, and the amount transferred.
    In ZCash it is possible to have shielded transactions, where although the transaction can be verified as correct, no information is given about the sender, receiver or amount transferred.
  2. Age range verification
  3. KYC
  4. Electronic voting
  5. Electronic Auctions
  6. Board Membership using ZKSM and ring signatures
  7. AML - FAFT can produce whitelists and blacklists that are verified by ZKSM

Scalability

The Coda protocol uses zero knowledge proofs to create a more scalable blockchain.
In their own words : 'Coda is the first cryptocurrency protocol with a succinct blockchain’
We are used to blockchains increasing in size to the point where for an ordinary user, running a node is impractical.

Shielded Asset Systems

ZCash in more detail

We have a merkle tree of commitment notes

These follow a similar principle to the UTXO model used in Bitcoin
The note is a pedersen hash of a value and an owner
Notes are only additive, spending notes does not remove them, that is the role of the nullifier
Miners update their copy of the merkle tree based upon incoming transactions

Nullifier

A set of serial numbers that disables spent notes from being spent again.

https://electriccoin.co/blog/zcash-private-transactions/

Transactions

Each transaction has a list of Spend and Output Descriptions
Output Descriptions create new notes
Only sender’s outgoing view key and recipient’s incoming view key can decrypt
Only the recipient can spend
Spend Descriptions spend existing notes , the spender proves in zero knowledge that
* The note exists
* The spender owns the note
* The note has not been spent before, by computing a nullifier unique to that note and checking this against the nullifier set.
Which note was used is not revealed
Who the sender, recipient, or the amount is not revealed
The nullifier is unique to each note, and is revealed when spent

Balancing is also done to check the transaction, achieved with pedersen hashes and blinding

ID Schemes

An Identity Escrow scheme allows users to identify themselves as members of a group with zero knowledge.

See Camenisch and Lysyanskaya for identity schemes using accumulators to prove set membership and non membership.

From Self Sovereign Identity with ZKP

Qedit - DLT + ZKP solution, proofs verify correctness of asset transactions.

Aztec

The AZTEC protocol can enable confidential transactions for any generic digital asset on Ethereum, including existing assets.
Aztec Documentation
Aztec Slides
Aztec is built around range proofs - On an elliptic curve, a negative number is in fact a very large positive number and a range proof is used to ensure that any point is within a usable range and to prevent double spend attacks by wrapping around the modulo
Aztec follows a UTXO model, tracking the state of 'Notes’
Aztec provides a number of proofs with financial semantics that can be used to prove the validity of financial assets, these include :

Using normal Ethereum addresses the transaction graph of AZTEC is not anonymous. However anonymous transactions are possible. The protocol is forward compatible stealth addresses and as AZTEC does not mandate the transaction sender to be a party in the transaction, the transaction graph can be hidden.
Combining stealth addresses and a trusted party to relay transactions achieves full anonymity. Using a trusted third party hides the payment of gas and provides full anonymity. Future updates to the protocol will allow the relay of transactions whilst obscuring the payment of gas in a decentralised manor. At that point fully private transactions will be possible.

Their work has prompted the Ethereum Standard for Confidential Tokens : https://github.com/ethereum/EIPs/issues/1724

ZETH

An alternative ZKP implelementstion on Ethereum - ZETH
ZCash on Ethereum : Paper

Enigma - Decentralised Computation platform with proven privacy

Nightfall - Ethereum and Zokrates based

Mimblewimble

MimbleWimble is a blockchain format and protocol that provides extremely good scalability, privacy and fungibility by relying on strong cryptographic primitives. It addresses gaps existing in almost all current blockchain implementations.

Grin is an open source software project that implements a MimbleWimble blockchain and fills the gaps required for a full blockchain and cryptocurrency deployment.

Documentation

Monero

Many ZKP projects involve DLT :

Recent improvements to ZKSNARKS

Universal and updateable common reference strings.
Sonic
Plonk

Distributed Zero Knowledge Proofs - DIZK

[Paper] (https://eprint.iacr.org/2018/691.pdf)
* Distributed generation of proofs
* DIZK scales to computations of up to billions of logical gates (100×larger than prior art) at a cost of10μs per gate

Zero Knowledge Database queries

zkvSQL - a zero knowledge version of vSQL : verifiying SQL queries on outsourced databases

Jana - Private Data as a Service via MPC

Private Data as a Service

Proof of retrievability - verifying cloud storage