How to Prove a Secret: A Magician’s Guide to Zero-Knowledge Proofs

Author: Michael Blau, a16zcrypto investment team partner; Translation: Golden Finance xiaozou

Any sufficiently advanced technology is indistinguishable from magic, and one such area that resembles science fiction is zero-knowledge proofs (ZKP), a cryptographic tool that solves two key challenges in the Web3 world: scalability and privacy. sex. In particular, ZKP may be the key to unlocking lower transaction fees and designing new privacy-preserving applications. As a result, we are expected to welcome the next billion crypto users. Even outside the crypto world, ZKP may one day help with the secure transmission of sensitive data, combat illicit finance, or combat disinformation.

But what is ZKP? There are many good explanations out there for engineers, researchers, and the crypto community, but they don't make sense for audiences with less experience in cryptography or computer science. Even with the plethora of metaphors available—from Waldo to Alibaba’s Cave—it’s not easy to find an accurate, understandable explanation that fully illustrates ZKP’s superpowers.

So, in this article I combine my crypto and magic background to explore and try to make a new metaphor: think of ZKP as a great magic trick.

**But first, let’s understand: what is a zero-knowledge proof? **

I would like to first share a high-level definition of ZKP (specifically regarding zk-SNARKs), as well as its various properties, before mapping those properties into a magic metaphor.

Let’s expand on a16z crypto research partner Justin Thaler’s definition of SNARK: “zk-SNARK allows someone (the prover) to prove to an untrusted party (the verifier) that they know some data without revealing any information about the data itself. ." Or, as MIT's AIP ZK course puts it, "Zero-knowledge protocols allow me to prove to you that I know something without telling you what it is."

This is exciting in the context of public blockchains because ZKP can protect private information while allowing anyone to verify (without a doubt) the authenticity of the information. zk-SNARK is also very simple and efficient: "simple" means that the size of the proof is smaller than the data you are proving. “Efficient” means that validators verify the proof faster than analyzing the raw data (on Ethereum, this means less data processed by the smart contract and lower gas costs for the user). L2 blockchain can take advantage of the simplicity and efficiency of zk-SNARK, allowing decentralized applications to process more data at a lower cost.

In summary, zk-SNARK has two main properties:

· Privacy: No information about the data (or facts or "knowledge") you are proving is revealed to the verifier.

· Simple and efficient: Verification proves to be more efficient than directly checking the original data.

Even this high-level description sounds a bit like a riddle: How does one prove that one knows something without sharing the information?

Let's look at the definition again, but this time, let's use some magic tricks.

Zero Knowledge Proof Magic

Simply put, magic is zero-knowledge proof. In magic, a magician claims to know a secret that enables them to perform magic tricks. But they don't want to reveal this secret to the audience - that would ruin their trick.

Extending this to ZKP: think of magicians as "provers" and their audience as "verifiers". A successful magic show (hopefully resulting in incredible awe and enthusiastic applause) is similar to a "valid" proof: the trick worked, so the magician must know the secret of the magic show. Of course, if the illusion doesn't work, proves to be "ineffective," the audience will be disappointed, and the magician may not actually know the secret method.

Magic demonstrates one of the properties of ZKP: privacy. But what about simplicity and efficiency? Let’s get back to this analogy…

Audiences can skip the show entirely and just ask the magician to share the secrets behind the magic. But the secrets of magic can be complex and subtle. Even just explaining the method of a magic trick, with all its subtleties and nuances, takes a long time to get the general idea, let alone understand the mysteries. Sometimes, when asked to reveal their secrets, a magician may deliberately reveal a "wrong" solution to the audience, thereby leading them down the wrong path. Audiences cannot be certain that a secret technique actually works without actually mastering it themselves—which can take days, months, or even years.

Therefore, just as directly checking the correctness of a secret technique is actually very time-consuming and energy-consuming - even if the magician is willing to reveal the secret to the audience - the same is true for ZKP. It is much quicker for the audience to verify the validity of the arcana by simply enjoying the performance.

Resumption

To give a simple example: I claim to know a secret method that allows me to immediately restore a deck of mixed up and down cards to single-sided cards. I want to prove to you that I have this ability, but I don’t want to reveal how. The act of showing everyone a single-faced deck of cards at the end of the magic was a valid proof that I must know the secret method of "restoring" the cards. And when I show you a single-faced card, you can immediately verify my statement much faster than learning magic tricks in person.