In the world where the internet is evolving around Blockchain and Social Media, user privacy has become a major concern due to increased awareness regarding control over personal data. With the passage of a revolutionary regulation in the European Union named General Data Protection Regulation popularly known as GDPR, each online service provider is trying to find ways to comply with the regulation.
Also Read: How to Become GDPR compliant with Private Blockchains
One such concept which is popularly applied to achieve user privacy in the world of Blockchain is Zero-Knowledge Succinct Non-Interactive Argument of Knowledge popularly termed as zk-SNARK.
zk-SNARK is a process for construction of proof (secret key for example) wherein one can prove that they are in the possession of something without actually revealing it. Sounds crazy, right? If you are scratching your head right now, don’t worry I did that too when I read about it the first time.
Let’s dig deeper into the part where it says, “proving that they are in possession of something without revealing." So the principle of zk-SNARK’s is summed up in the word “prove." So to prove that we have the possession of the secret, we just need to produce the required cryptographic proof generated from zk-SNARK.
Let’s take an example to see how the principle of zk-SNARK can be applied to prevent user’s privacy. Suppose Alice needs to transfer some funds from her account, so she calls the Bank’s customer center. Let’s see how the conversation plays as of today:
The fundamental problem in the above setup is that she was asked to prove her identity. Alice needs to provide all her personal information to Bob which now lies with the sole discretion of Bob as to how he uses it.
If we see, the need to share personal data arise because one needs to validate their identity. So what if we deduce some other way wherein we do not need to share our personal information, instead we share some cryptographic proof of our information.
Let’s consider the below example and analyze how we can validate the identity of Alice without having to ask for her personal information.
In this case, The Bank and The Digital Identity Information Data Provider will be the trusted third party setup required to setup and verification of zk-SNARK program.
Let us assume that Alice has already registered with the Digital Identity Information Data Provider which stores all the private information of Alice in a cryptographic form and, in return, the application generates a secret key (PIN) and provides it back to Alice.
So if you see the above scenario, there was no exchange of personal information between Alice and Bob yet the identity of Alice was proven without any sensitive information being passed to Bob.
The above example just presents the overview, typically a use case where zk-SNARK’s can be applied. For practical information, the trusted setup parties would be created over a Blockchain based network so as to incur transparency.
The concept described in this blog will allow the user to have a full control over their data and minimize data leakage without hindering the smooth transaction process that is already in place.
A key area where zk-SNARK can still be improved is by removing the need of a third party required for generating Zero Knowledge Proof. There is still a lot of research going on in zero-knowledge cryptography and once such concept that has come out is zk-STARKS.
In the next blog, we will dig into the technical aspects of zk-SNARK. We’ll see what properties a zk-SNARK proof constitutes and we’ll also see the process involved in the generation of zk-SNARK proof.