ZKPs allow one party to prove that a statement is true without revealing the contents of the statement. It proves data is valid with zero knowledge of the data itself. For example, a ring signature is a basic ZKP.
Imagine a group of 100 people, any of whom can sign a transaction for the ring’s wallet. The ring produces a valid, signed transaction. Although the signature matches the public key and validates in consensus with the network, the public has no knowledge of which member signed. The signature is a proof that one person signed with zero knowledge of which member signed.
The word proof refers to a mathematical proof. In the case of Bitcoin, a cryptographic hash function like SHA-256 hashing encrypts the contents of the message while allowing the signer to prove that the message is true.
The ZeroSync Project
As an example of zero-knowledge proofs for Bitcoin, Shinobi championed the ZeroSync Project, which has already built software in production.
This software doesn’t require any forks nor consensus changes. On a purely voluntary basis, ZeroSync’s zero-knowledge proofs permit node operators to compress the blockchain, sync their node faster, and augment their hard drive with additional data like the UTXO set commitment.
In general, zero-knowledge proof systems offer flexibility on top of Bitcoin’s base layer and introduce a range of novel applications.
The ZeroSync Association is a Swiss non-profit with core contributions from developers like Robin Linus, Tino Steffens, Lukas George, Andrew Milson, and Max Gillett. ZeroSync receives financial support from Lightning Labs, a popular developer of Bitcoin Layer 2 software, as well as Lamba Class, a contributor to the Ethereum network.
The history of zero-knowledge proofs
Zero-knowledge proofs use the idea that it’s possible to prove something without sharing much extra information about what’s being proved.
MIT researchers were among the first to use the term zero-knowledge proofs. Professors at the institute published a 1985 paper describing a way to prove a theorem is true without including much of the information behind the proof.
Even earlier, David Chaum published a paper describing untraceable electronic mail, an early attempt at a Bitcoin-like system for sending emails. Chaum introduced the idea that it might be possible to transmit electronic messages over public communication networks with no knowledge of the identity of the sender nor the history of the message.
Zero-knowledge proofs on Zcash and Bitcoin
Any discussion of zero-knowledge proofs typically discusses Zcash. It was one of the first layer 1 blockchains to implement a native version of zero-knowledge proofs.
It used zero knowledge SNARKS, which was a good start. However, Zcash still required a “trusted setup” that a malicious actor could misuse if setup information fell into their hands. Those risks abated slightly when Zcash developers introduced zk-STARKS.
Zcash also disabled privacy by default, so the vast majority of Zcash transactions didn’t utilize on-chain zero-knowledge proofs.
Generally speaking, interest in Zcash has waned over time. Today, the price of the Zcash coin languishes 95% below all-time highs.
According to Shinobi, discussions about adding something akin to zero-knowledge proofs on Bitcoin date back to at least 2010. Satoshi Nakamoto and a few other people discussed adding proofs of whether a satoshi (the smallest fraction of one bitcoin) was spent or unspent. Of course, they wanted to limit additional data that nodes would need to store on hard drives.
Someone suggested using the smallest amount of data possible — a single bit — for the job. Each satoshi could be flagged with a binary: 1 for spent or 0 for unspent. One bit per satoshi would save the need to share the entire transaction history of each satoshi — at least in order to prove whether the satoshi had ever been spent since its coinbase block.
Some Bitcoin maximalists on Twitter referred to the first successful implementation of zero-knowledge proofs as a rare case of something good coming out of altcoins like Zcash, Monero, and other private blockchains.
In conclusion, Shinobi has highlighted ZeroSync’s work on adding zero-knowledge proofs to the Bitcoin network in its Bitcoin Magazine article. Avoiding forks and consensus changes, the proofs could compress data, help nodes sync more quickly, and permit novel data structures and software functions — all without compromising Bitcoin’s security.