零知识证明：它的工作机理、用例和应用概述

https://research.aimultiple.com/zero-knowledge-proofs/

Cem 于 2017 年创立了高科技行业分析师 AIMultiple。AIMultiple 每月通知约 100 万家企业（根据similarWeb），其中包括 55% 的财富 500 强企业。

在他的整个职业生涯中，Cem 担任过技术顾问、技术买家和技术企业家。十多年来，他为麦肯锡公司和奥特曼索伦的企业提供技术决策建议。在向首席执行官汇报的同时，他领导了一家电信公司的技术战略和采购工作。他还领导了深度科技公司的商业增长，这些公司的年经常性收入在 2 年内从 0 增长到 300 万。

Cem 定期在国际技术会议上发表演讲。他以计算机工程师的身份毕业于 Bogazici 大学，并拥有哥伦比亚商学院的 MBA 学位。

https://secure.gravatar.com/avatar/3b7ad6413e9b9c6a253a68a33cb6fa58?s=120&d=mm&r=g

As businesses collect a vast amount of customer data to gain insights, improve their products and services, and monetize their data assets, they can become vulnerable to

cyber threats

and data breaches. Breaches’ cost are rising every year,

reaching ~$4.2M per breach

, and as seen in Figure 1 they significantly harm businesses’ reputations and trustworthiness.

Privacy-enhancing technologies (PETs)

such as zero-knowledge proofs (ZKPs) provide ways for businesses to protect their sensitive data. We describe the functioning of ZKP and examples of its application in this article to assist executives in strengthening their

organization’s cybersecurity posture

.

Figure 1: Cost of data breaches

What are zero-knowledge proofs (ZKPs)?

A zero-knowledge proof (ZKP) is a mathematical technique to verify the truth of information without revealing the information itself. The method was first introduced by researchers from MIT in a 1985

paper

.

How do zero-knowledge proofs work?

A popular example to illustrate the basic idea behind ZKPs is as the following:

Suppose you (the prover) have a color-blind friend (the verifier) that cannot distinguish a green and a red ball from each other (have zero knowledge about whether the balls are different colors). You need to prove that the colors of the balls are different but your friend needs something more than your words to be convinced. A ZKP method for this problem would be like this:

1. Your friend takes the balls and lets you see which ball is in which hand.
2. Then, they either switch the balls between their hands or not behind their back.
3. They then present the balls to you and asks you whether they switched the balls or not. As you can distinguish the green ball from the red one, you can easily give the correct answer.
4. Your friend is not convinced. You have a 50% chance to correctly guess whether they switched the balls or not and the balls can still be the same color.
5. However, if they repeat this several times, eventually, the probability of you correctly guessing whether they switched the balls or not each time would be very low. This enables your friend to verify that the balls are different colors without knowing the actual colors of the balls.

A series of cryptographic algorithms are used in the real-world applications of ZKPs to enable the verification of a computational statement. For instance, using ZKP methods, a receiver of payment can verify that the payer has sufficient balance in their bank account without getting any other information about the payer’s balance.

What are the properties of zero-knowledge proofs?

A zero-knowledge proof (ZKP) method must satisfy these criteria:

• Completeness: If the information provided by the prover is true, then a ZKP method must enable the verifier to verify that the prover is telling the truth.
• Soundness: If the information provided by the prover is false, then a ZKP method must allow the verifier to refute that the prover is telling the truth.
• Zero-knowledge: The method must reveal to the verifier nothing else than whether the prover telling the truth or not.

What are the different types of zero-knowledge proofs?

There are two main types of zero-knowledge proofs:

• Interactive zero-knowledge proofs: In this type of ZKPs, the prover and the verifier interact several times. The verifier challenges the prover who provides replies to these challenges until the verifier is convinced.
• Non-interactive zero-knowledge proofs: In this type of ZKPs, proof delivered by the prover can be verified by the verifier only once at any time. This type of ZKPs requires more computational power than interactive ZKPs.

What are some applications and use cases of zero-knowledge proofs?

Zero-knowledge proofs can be used to protect data privacy in a diverse set of use cases, such as:

• **Blockchain:** The transparency of public blockchains such as Bitcoin and Ethereum enable public verification of transactions. However, it also implies little privacy and can lead to deanonymization of users. Zero-knowledge proofs can introduce more privacy to public blockchains. For instance, the cryptocurrency Zcash is based on Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (Zk-SNAKR), a type of zero-knowledge cryptographic method.
• Finance: ING uses ZKPs that allow customers to prove that their secret number lies in a known range. For example, a mortgage applicant can prove that their income is in the admissible range without revealing their exact salary.
• Online voting: ZKPs can allow voters to vote anonymously and to verify that their vote was included in the final tally.
• Authentication: ZKPs can be used to authenticate users without exchanging secret information such as passwords.
• Machine Learning: ZKPs can allow the owner of a machine learning algorithm to convince others about the results of the model without revealing any information about the ML model itself.

What are the challenges of zero-knowledge proofs?

• No 100% guarantee: Even if the probability of verification by the verifier while the prover is lying can be significantly low, ZKPs don’t guarantee that the claim is valid 100%. As demonstrated above, the probability of a prover lying decreases in each iteration of the ball-picking process, but it can never reach zero. Thus, zero-knowledge proofs aren’t actual proofs in a mathematical sense.
• Computation intensity: Algorithms used are computationally intense as they require many interactions between the verifier and the prover (in interactive ZKPs), or require a lot of computational capabilities (in non-interactive ZKPs). This makes ZKPs unsuitable for slow or mobile devices.

For more on data privacy and information security, you can check our other articles:

• Privacy Enhancing Technologies (PETs) & Use Cases.
• Top 9 Cybersecurity Best Practices for Corporations.
• Top 6 Data Security Best Practices.
• In-depth Guide to Zero Trust Paradigm & Zero Trust Architecture.

If you have other questions about zero-knowledge proofs or other privacy-enhancing technologies, we can help:

Find the Right Vendors

Share on LinkedIn

Share on Twitter

Cem Dilmegani

Cem founded the high tech industry analyst AIMultiple in 2017. AIMultiple informs ~1M businesses (as per similarWeb) including 55% of Fortune 500 every month.Throughout his career, Cem served as a tech consultant, tech buyer and tech entrepreneur. He advised enterprises on their technology decisions at McKinsey & Company and Altman Solon for more than a decade. He led technology strategy and procurement of a telco while reporting to the CEO. He has also led commercial growth of deep tech companies that reached from 0 to 3M annual recurring revenue within 2 years.Cem regularly speaks at international technology conferences. He graduated from Bogazici University as a computer engineer and holds an MBA from Columbia Business School.

随着企业收集大量客户数据以获取洞察力、改进其产品和服务并将其数据资产货币化，他们可能容易受到

网络威胁

和数据泄露的影响。违规成本每年都在上升，

每次违规达到约 420 万美元

，如图 1 所示，它们严重损害了企业的声誉和可信度。诸如零知识证明 (ZKP) 之类的

隐私增强技术 (PET)为企业提供了保护其敏感数据的方法。

我们在本文中描述了 ZKP 的功能及其应用示例，以帮助高管加强其

组织的网络安全态势

。

图 1：数据泄露成本

什么是零知识证明 (ZKP)？

零知识证明 (ZKP) 是一种数学技术，可以在不泄露信息本身的情况下验证信息的真实性。该方法首先由麻省理工学院的研究人员在 1985 年的

一篇论文

中提出。

零知识证明如何工作？

一个流行的例子来说明 ZKP 背后的基本思想如下：

假设你（证明者）有一个色盲的朋友（验证者）不能区分绿色和红色球（对是否球是不同的颜色）。你需要证明球的颜色是不同的，但你的朋友需要的东西比你的话更能说服你。这个问题的 ZKP 方法是这样的：

1. 你的朋友拿起球，让你看看哪个球在哪只手上。

2. 然后，他们要么在双手之间切换球，要么不在背后。

3. 然后他们将球呈现给您并询问您是否交换了球。因为你可以区分绿球和红球，你可以很容易地给出正确的答案。

4. 你的朋友不相信。你有 50% 的机会正确猜测他们是否换了球，而且球仍然可以是相同的颜色。

5. 但是，如果他们重复几次，最终，您正确猜测他们是否每次都换球的概率将非常低。这使您的朋友可以在不知道

   球的实际颜色的情况下验证球的颜色是否不同 。

在 ZKP 的实际应用中使用了一系列密码算法来验证计算语句。例如，使用 ZKP 方法，收款人可以验证付款人的银行账户中是否有足够的余额，而无需获取有关付款人余额的任何其他信息。

零知识证明的性质是什么？

零知识证明 (ZKP) 方法必须满足以下标准：

• 完整性：

  如果证明者提供的信息是真实的，那么 ZKP 方法必须使验证者能够验证证明者说的是真话。

• 健全性：

  如果证明者提供的信息是假的，那么 ZKP 方法必须允许验证者反驳证明者说的是真话。

• 零知识：

  该方法必须向验证者揭示证明者是否说真话。

零知识证明有哪些不同类型？

零知识证明主要有两种类型：

• 交互式零知识证明：

  在这种类型的 ZKP 中，证明者和验证者交互多次。验证者挑战提供对这些挑战的答复的证明者，直到验证者被说服。

• 非交互式零知识证明：

  在这种类型的 ZKP 中，证明者交付的证明在任何时候只能由验证者验证一次。这种类型的 ZKP 比交互式 ZKP 需要更多的计算能力。

零知识证明有哪些应用和用例？

零知识证明可用于在各种用例中保护数据隐私，例如：

• **区块链：比特币和以太坊等**公共匿名Zcash

  区块链 的透明度使交易能够公开验证。但是，这也意味着很少有隐私，并可能导致用户去

  化。零知识证明可以为公共区块链引入更多隐私。例如，加密货币

  基于零知识简洁非交互式知识论证 (Zk-SNAKR)，这是一种零知识密码学方法。

• 金融： ING

  使用 ZKP，允许客户证明他们的秘密号码在已知范围内。例如，抵押贷款申请人可以证明他们的收入在可接受的范围内，而无需透露他们的确切工资。

• 在线投票：

  ZKP 可以允许选民匿名投票，并验证他们的投票是否包含在最终计票中。

• 身份验证：

  ZKP 可用于在不交换密码等秘密信息的情况下对用户进行身份验证。

• 机器学习：让

  ZKP 可以

  机器学习算法的所有者在不透露任何有关 ML 模型本身的信息的情况下让其他人相信模型的结果。

零知识证明的挑战是什么？

• 没有 100% 保证：

  即使验证者在证明者撒谎时验证的概率可能非常低，ZKP 也不能保证声明 100% 有效。如上所示，证明者撒谎的概率在每次选球过程中都会降低，但它永远不会达到零。因此，零知识证明不是数学意义上的实际证明。

• 计算强度：

  使用的算法计算强度很高，因为它们需要验证者和证明者之间的许多交互（在交互式 ZKP 中），或者需要大量计算能力（在非交互式 ZKP 中）。这使得 ZKP 不适合慢速或移动设备。

有关数据隐私和信息安全的更多信息，您可以查看我们的其他文章：

• 隐私增强技术 (PET) 和用例
• 企业的 9 大网络安全最佳实践
• 6 大数据安全最佳实践
• 零信任范式和零信任架构深入指南