Zero-Knowledge Proofs
A zero-knowledge proof lets you mathematically convince a verifier that a statement is true — without revealing anything about the underlying secret or inputs.
Zero-knowledge proofs are one of the most powerful ideas in modern cryptography, and they're reshaping blockchain. Zcash uses them for private transactions. zkEVM rollups (zkSync, Polygon zkEVM) use them to compress thousands of Ethereum transactions into a single proof. Identity systems use them to prove age or citizenship without revealing your documents. ZKPs let you prove the truth without revealing anything else.
The Intuition
Can you prove you know a secret without revealing the secret? This sounds paradoxical. Yet zero-knowledge proofs make it mathematically rigorous.
The prover runs a protocol that convinces the verifier beyond measurable doubt — achieving any desired confidence level — while revealing nothing whatsoever about the secret itself. After a successful proof, the verifier knows exactly one thing: the statement is true. Everything else about the prover's knowledge is perfectly hidden.
See it concretely
The classic thought experiment: Ali Baba's cave. A circular cave has a fork — path A and path B — connected in the back by a magic door that opens only with a secret word. You want to prove to a skeptic that you know the secret word without saying it.
Protocol:
1. Skeptic waits outside. You enter and go down one path (A or B) — they don't see which.
2. Skeptic shouts which path you should emerge from.
3. If you know the secret word, you can always comply — using the door if you went the wrong way.
Repeat 30 times. If you're faking and got lucky every time: probability = (1/2)^30 ≈ 1 in a billion. After 30 rounds, the skeptic is convinced you know the word — and they never heard it.
Tempting — but wrong
The precise version
A zero-knowledge proof system must satisfy three properties:
1. Completeness: if the statement is true and the prover is honest, the verifier always accepts
2. Soundness: if the statement is false, no cheating prover can convince the verifier, except with negligible probability
3. Zero-knowledge: the verifier learns nothing beyond the statement's truth (formalized via the 'simulator argument': a verifier's view of the interaction is computationally indistinguishable from a simulation that uses no secret)
zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge) are used in Zcash and zkEVM rollups. 'Succinct' means proofs are small (hundreds of bytes) and fast to verify, even if the underlying computation is huge. The prover encodes computation as polynomial constraints, commits using cryptographic schemes, and proves correct evaluation without revealing inputs.
\Pr[\text{Verifier accepts dishonest prover}] \leq \frac{1}{2^k}Check your understanding
What are the three required properties of a zero-knowledge proof?
Click to reveal answer
What is a zk-SNARK and where is it used in blockchain?
Click to reveal answer
Why does the Ali Baba cave protocol need many rounds to be convincing?
Click to reveal answer
- I can state the three properties of a ZK proof and what each means
- I know the difference between ZKPs and encryption
- I understand where zk-SNARKs are used in blockchain
After a valid zero-knowledge proof, what exactly does the verifier learn?