6 min read

Power of Zero-Knowledge Proof - Proving your age without disclosing your birthday

Power of Zero-Knowledge Proof  - Proving your age without disclosing your birthday
Photo by Shubham Dhage / Unsplash

Recently, I have the great opportunity to participate in a web3 related project and it almost opened a new window for me on interesting concepts about blockchain, cryptography and one of the most mind-blogging ideas that I found was about the Zero Knowledge Proof. The idea really took me sometime to understand but I try to make it as easy to understand as I can, I promise.

As its name suggest, zero knowledge proof means you can proof something true (you are now 25 years old) without revealing any additional information (i.e. your date of birth or your picture). You might be wondering - how is this even possible?

A classic example to explain how can this possibly been done is the two colored balls example. Imagine you are Alice and you have two balls, one blue and one red, identical in every way except color. You have a color-blind friend, Bob who sees them as identical, and he doesn’t believe you when you say that they are different. You want to prove to him that they are in fact different, but do not want to reveal which is blue and which is red (as that’s an additional information).

So you give your friend the balls, one in each hand, and tell him to put the balls behind his back and mix them up (or not) while you can’t see them. You can then tell him with 100% accuracy whether he switched the balls (or not) each time simply by looking at the color. If there was not a difference in color, the best you could do over time would be guess with 50% accuracy. You can prove to him that the balls are different colors, but with this method, your mate didn’t gain any knowledge (zero knowledge, in other words) as to which ball is red and which is green.

If we have to be more accurate on the definition of Zero-Knowledge Proof (according to Wikipedia 😉) here, it involve 3 major elements:

  1. Completeness: If the statement is true, an honest verifier (Bob) will be convinced by an honest prover (you) that the balls are different colors. In this case, you can always correctly tell Bob whether he switched the balls or not based on the color.
  2. Soundness: If the statement is false, no cheating prover can convince an honest verifier that it is true, except with some small probability. In other words, if the balls were actually the same color, no matter how much you try to convince Bob otherwise, there will always be a chance of him catching the deception.
  3. Zero-knowledge: If the statement is true, no verifier (your friend) learns anything other than the fact that the statement is true. In this case, Bob knows that the balls are different colors, but they still don't know which one is red and which one is blue. Bob gains no additional knowledge about the color of the balls.

Ok, this sounds complicated and technical, but so what? why would I be interested in proving someone my age without telling them my birthday, plus I am not bored enough to prove my ability to recognize color properly to any of my color blind friend.

Well, the zero knowledge proof idea is most commonly being applied in situations that there’s not only zero knowledge but also almost zero trust between different parties.

Crypto Transactions: Zero-knowledge proofs (ZKPs) can be applied in crypto transactions to enhance privacy and security. They enable the verification of transaction validity without revealing sensitive details, such as the sender, recipient, and transaction amount. ZKPs also allow for transparent auditing and compliance while maintaining privacy, create anonymous credentials to prove attributes without disclosing personal information, and facilitate secure multi-party computations without sharing sensitive data.

Medical Record: ZKPs can be also used to create a system where patients can share their medical records with doctors or researchers without revealing any sensitive information, such as their names, addresses, or insurance information. As digital healthcare is gaining increasing popularity, concerns around the health data which contains highly personalized and sensitive information aroused accordingly.

It might sound surprising at first glance that the price of a stolen electronic medical record on the black market is 10 times of a stolen card, while it would all make sense when you know it contains individuals' social security numbers, medical insurance numbers, addresses, and credit card information that criminals can easily exploit to apply for multiple new credits and obtain loans. While with ZKPs, these concerns can be minimized if the initial medical records being shared doesn’t involve any personal information.

Nuclear Disarmament: This, to me, is the most interesting use case of ZKPs. When examining the compliance of a nuclear-armed country with a treaty, it is essential to gather information about the nuclear warhead, including its design, destruction capability, and precise location. However, national security teams are understandably reluctant to disclose this sensitive information to external parties such as the United Nations or NATO.

Here's where ZKPs come into play. By utilizing zero knowledge proofs, inspectors can verify the presence of a nuclear weapon without recording, sharing, or revealing any internal workings that may be classified. This allows for a level of transparency and assurance while maintaining the utmost security and confidentiality.

Well, let's end this article with a touch of philosophical reflection. Have you ever wondered why it's called Zero Knowledge Proof instead of "Zero Information Proof" or "Zero Data Proof"? This question was actually raised in an expert discussion between Prof Amit Sahai and Prof Shang-Hua Teng in the video Computer Scientist Explains One Concept in 5 Levels of Difficulty, and it got me thinking.

I guess if I have to try to interpret that, there’s subtle yet critical difference between “Information” and “Knowledge”.

In the fascinating case of the red and blue ball example, "knowledge" can be seen as the secret prowess or hidden understanding that the prover possesses. It enables them to convince the verifier of the truth without explicitly disclosing that knowledge. It represents the underlying wisdom or facts that the prover holds, cleverly concealed from plain sight.

On the other hand, "information" takes on a broader meaning within this scenario. It encompasses not only the covert knowledge about the colors of the balls but also any data or details exchanged during the interactive process between the prover and the verifier.

In the example, the prover's knowledge is that one ball is blue and the other is red. This knowledge is used to convince the verifier that the balls are indeed different colors without explicitly revealing which ball is green and which is red. The information exchanged during the proof process includes the fact that the balls are different colors, but it does not disclose the specific colors themselves.

Therefore, in the context of the blue and red ball example, "knowledge" refers to the specific knowledge or secret that the prover possesses, while "information" encompasses any data or details exchanged during the proof process, including the fact that the balls are different colors.

Anyways, these are just some of my additional thoughts and I know it has already been on the edge of TL;DR (or it probably is).

So, Ciao!  And I will talk to you next time.


Things that I found interesting this week:

🎬 Video — Computer Scientist Explains One Concept in 5 Levels of Difficulty | WIRED - YouTube

I really enjoyed watching this video created by Wired. It was the first YouTube video I watched in an attempt to understand the concept of ZKPs. I want to express my gratitude to the WIRE team for creating this series, and to Prof Amit for providing a clear and insightful explanation.

In addition to the specific knowledge about ZKPs, I believe the video perfectly illustrates what a Subject Matter Expert in a field should be. They should be able to explain complex concepts in simple terms that even a 5-year-old can understand, while also being capable of engaging in advanced discussions with other experts on the cutting edge of the field.

🎼 Music —  RubberBand - Ciao

One of my closest friends from university has decided to pursue his interest and dream career by studying a postgraduate degree in the UK. As he was about to board the plane, I struggled to find the right words to express my emotions. However, if I had to choose a song to capture what I wanted to say, the lyrics of "Ciao" would have been the perfect fit.

聽朝散聚誰先飛 未及嘆氣

這晚的 懇請放入行李

可過渡這別離 待那 聚首終到期

And lastly 說了再見 約定再見 就會再見