A zero knowledge proof is a cryptographic protocol where one party (the prover) proves to another party (the verifier) that something is true without revealing how it is true.
For example, you could prove to someone that you are immune to COVID without revealing how you are immune (antibodies through illness or vaccine) or when you became immune. The underlying cryptography ensures that neither the verifier nor any party observing the transaction learns any information at all about why the statement is true. Yet those same parties can be convinced even if they don’t trust the prover making the claim.
This sounds like magic, yet it’s all just math.
In fact, it’s the same math that underlies the encryption algorithms that we rely on every day for e-commerce. But how does zero knowledge solve our original, society-wide problem?
It turns out that proving the truth of something without revealing the information itself can be a powerful primitive. Zero knowledge allows us to use the internet more powerfully than we do today without leaving extractable traces of our data everywhere. Think of each of us as a “prover” and any service on the internet as a verifier:
We could log in to Facebook by proving who we are without having to reveal our email, password, location, birthday, mother’s maiden name, or favorite pizza topping.
We could prove our credit score qualifies us for a loan without needing to initiate a hard inquiry that would hurt our credit score.
We could file insurance claims that can be reviewed, verified, and approved without needing to expose the rest of our insurance identity, which creates unethical reasons for claims to be denied.
We could prove relevant facts about ourselves and our identity to any application without fear that the information could be lost, stolen, or abused. This use case in particular is increasingly relevant as we anticipate a future where much of our biological data/genetic information is used to provide personalized medical care and services.
So if zero knowledge proofs are so powerful, why aren’t they used for these applications already?
It took decades from the invention of the computer for it to be miniaturized into a PC. Similarly, zero knowledge proofs have only recently become practical. The cost of generating them is still expensive compared to the traditional way of doing things. And the reality is that very few people would accept a slower, less efficient system; even one that preserves their privacy and gives them more control over how their data is shared.