Privacy is the product of modern society and the foundation of a free society. It is also one of the important research directions in the blockchain industry. So how can we implement and achieve privacy protection?

One way to protect privacy is with zero-knowledge proof.

Zero-knowledge proof technology is something that many people have heard of but might not understand. It can be neatly summed up in one sentence:

“A prover (Alice) convinces a verifier (Bob) to believe that the prover (Alice) knows a secret without revealing what that secret is”.

To make this explanation more intuitive, we will use the example of privacy protection.

What is Privacy Protection?

Privacy refers to freedom from unauthorized intrusion. This can mean being able to keep certain matters to yourself.It also means the ability, or even the right, to keep your information to yourself and not have it disclosed to unauthorized parties.

The purpose of privacy protection for data transmission is to cut off the connection between the sender and receiver in the transaction, improve the privacy and anonymity of transacted data, and to make it more difficult for third parties to track the use and ownership of that data.

A real-life example of this would be in the case of people donating money at a temple before praying. In this case, every person would throw a dollar of the same year into the donation box while a neutral third party watches. Later when the third party looks at the coins, he could not tell who had thrown each coin in.

In our example, the donation boxed acted like a type of privacy protection.

This protection allows users to mix their own data with the data of other users. The flaw with this type of system is that anyone can take out the data as ownership of that data isn’t clear. We would need to create a stochastic relationship between the receiver and the unorganized data. In this case, zero-knowledge proof can be used to prove the ownership of the data without exposing relevant information.

Why Privacy Needs Protection ?

Anonymity

At present, the anonymity of the chain only plays the role of a pseudonym.

Anonymity needs to be non-associative, which means that from the perspective of the attacker, it is impossible to correlate any two operations of a user.

A pseudonym is an identity we use online that has nothing to do with our real identity.

Writers generally interact with readers under a pseudonym. For example, the author of Harry Potter, Joanne Rowling, always publishes works under the name “J.K. Rowling.” However, the success of Harry Potter led her to adopt another nom de plume — Robert Galbraith. Free from the pressures and expectations of Harry Potter, Rowling was able to write crime fiction and have it assessed on its own merits. In this case, privacy protection was of great help in Rowling establishing a new creative voice outside of Harry Potter. Of course soon afterward her pseudonym was exposed, rendering it useless.

For blockchain, real people can generate as many public-private key pairs as they want; using them to send or receive each transaction on the chain while also using them as pseudonyms. If the world doesn’t know your relationship with the public key, they will not be able to connect you with your transaction history. There is currently no way to prevent third parties from linking us to our public key.

In short privacy protection allows you to be completely anonymous and untraceable.

Privacy Protection With Zero-Knowledge Proof

In order to create a stochastic relationship between the recipient and privacy-protected data, the zero-knowledge proof is needed to solve the problem of proving the ownership of the data without exposing other information.

Zero-Knowledge Proof

The following is only explained from the perspective of using zero-knowledge proofs so that everyone can see how zero-knowledge proofs are used from a macro perspective. As for the details of zero-knowledge proofs, you can read our previous articles on The A-to-Z on zkSnarks and Zero-Knowledge Proof.

The above picture is the general process of using zero-knowledge proof.

We’re going to think of a circuit as a black box, and in this circuit, we’re going to enforce some constraints that are relevant to the problem we’re going to solve, like x + y = 5.

Next, two values are passed from the prover to the circuit: private input (value: 2) and public input (value: 3). The circuit then performs a series of operations and checks to see if the constraint is satisfied (2 + 3 = 5). If they are satisfied, then it outputs a proof. The prover then sends the proof and public input to the verifier. The verifier uses the proof and public input to perform operations to verify whether the proof is correct. If it is correct, it returns true. If it is incorrect, it returns false.

Here the private input is not disclosed; only the prover knows the value. The public input is a value shared between the prover and the verifier.

The above process can be summarized as the prover proving to the verifier that it knows a value that satisfies (x + 3 = 5) without exposing the private input.

A circuit-based zero-knowledge proof is called a universal zero-knowledge proof, which turns a computing problem into a circuit. An example of this is zkSnark, which is depicted below.

zkSnark cannot be directly used to solve any problem. We must first convert the problem into the correct “form” for processing. This form is called the “quadratic arithmetic problem” (QAP).

While performing the QAP transformation, we can use the private input and public input to create a corresponding solution, called a QAP witness. The prover uses this witness to generate a proof.

As shown in the figure above:

  1. First, there must be a calculation problem, which is generally an NP problem.
  2. The calculation problem is then converted into a QAP by an equivalent conversion. The steps are as follows:

a. Turn the calculation problem into a circuit

b. Convert the circuit to R1CS (rank-1 constraint system). R1CS is a sequence of three vector groups (a, b, c). R1CS has a solution vector s. s must satisfy the inner product operation of the symbolic representation vector a.s * b.s-c.s = 0, where the solution vector s is the witness.

c. The next step is to convert R1CS to QAP form. The difference between the two is that QAP uses polynomials, whereas R1CS uses dot product operations. Both implement the same logic.

3. The next important step is the trusted setup, which generates two values PK and VK. The purpose of the trusted setup is to achieve zero-interaction verification. The generation PK and VK can help us to pose challenges to verify the prover.

4. The prover will use PK and the witness to generate the proof before giving it to the verifier.

5. When the verifier gets this proof, it will use VK to do some verification. This step occurs on the chain, and the nodes or smart contracts on the chain do the verification.

At this point, you have basically mastered the working principle of zkSnark. We will explore this topic in future articles to address any unresolved questions.

Conclusion

The purpose of privacy protection is to sever the connection between the sender and receiver in a data transaction.

The sender uses the privacy protection system to mix his own data with other people’s data, and the receiver uses zero-knowledge proof to prove the ownership of a certain data in order to make transactions.

Daniel Wu is the senior blockchain engineer of PPIO, decentralized storage & delivery platform for developers. You can read more of Daniel’s insights into the blockchain industry or follow him on Twitter.