It is one of the hottest topics in cryptography over the last year. One major reason behind it being hot is Zcash launch. Zcash is a cryptocurrency, whose flagship feature is that it integrated zk-SNARKS (Zero Knowledge Succinct Non-Interactive Argument of Knowledge).
As the title suggests, this is ultimate in privacy.
It is about proving thing about encrypted data without revealing anything about the data except for the claim that you are proving.
In other words, you can verify the correctness of computations without having to execute them and you will not even learn what was executed; just that it was done correctly.
Example – Suppose you have a cryptocurrency on any blockchain, but you don't want people's balances to be visible to everyone else. Then we store people's encrypted balances on the blockchain. Here, transaction amount is encrypted and it is not allowed to people to set their balances in encrypted data (as they can give themselves free money). Now, if you want to send a transaction, then there is a kind of correctness claim, that can be verified.
It says that, if a transaction is being sent then
B1 = old encrypted balance, B2 = new encrypted balance, T = Transaction value;
zk-prove : T <= B1, B2 = B1 – T
To check the correctness of the transaction in case all these data are encrypted is the biggest problem. Solution to this problem is being suggested in zk-SNARKS.
Zk-SNARKS are the cryptographic proof that other people can use to verify that the above computation was performed and the result of the computation says that this check is true but without knowing anything about the encrypted numbers. It suggests that the owner of the account and the sender of the transaction has the decryption key and they know the value can create magic cryptographic zk-SNARKS. In some way, it is a super protocol in the field of cryptography over the last 30 years. In addition to being great for privacy, they're also great at reducing the verification cost of complicated smart contracts. Since they can be verified quickly, and because the proofs are small, they can protect the integrity of the computation without burdening non-participants. It is potentially very powerful technology and similar technology is used in Zcash with some other complexity attached. Technical implementation of zk-SNARKS can be studied at zkSNARKs in a nutshell
For Ethereum, engineers are trying to use this approach but by generalizing them to use for other applications such as voting, digital identity system etc. beyond currency transactions as well.
The general concept was existing in some or the other form for about 30 years but yet not widely used. One of the reasons is that it become viable in last 2-3 years and there are very small number of people who can understand this kind of technology. Blockchain usage is the major use case for this concept.
It also has fundamental weaknesses of the technology:
Trusted setup (can be N of N multiparty computed, but still risk all N were compromised)
Takes 40 seconds to generate a proof-of-concept on a computer. (A year ago, it was 90 seconds.) This can increase to 5-10 minutes on a smaller device like smartphone.
- This could be mitigated by Application Specific Integrated Circuits (ASICs) [specialized computer chips]. Given the fact that specialized ASICs has made mining Bitcoin 10,000 times faster, it can also make proof creation faster as well.
Not the same as obfuscation; someone must have decryption key. It can't work with a system with no owner concept.
The basic idea of trusted setup is to provide access to the setup key generated by other people (on the blockhain network) to create and verify the transaction proof described in zk-SNARKS. The process of generating the setup key involves a bunch of secret information (which is not part of setup key) and is needed to be deleted at the end of the person (who created setup key) after the setup key is created and shared to be used for zk-SNARKS. But, if they end up not deleting the secret data; then other people (on the blockhain network) could use this secret data to create invalid proofs. Because this is on blockchain, people involved for creating the setup key is fairly large group of people. This problem can be mitigated but at the same time it's not perfect.
Implementing zk-SNARKS in Ethereum (Baby ZoE)
In July 2016, Vitalik Buterin, Andrew Miller, Eran Tromer and Sean Bowe from Ethereum, Zcash and IC3 Team were at Ethereum/IC3 Bootcamp at Cornell, USA. They worked together on a project called “Baby ZoE” (Zcash on Ethereum). It is an integration of zk-SNARKS into Ethereum. where a zk-SNARK precompiled contract was written for Parity (the Ethereum Rust client). The contract allows you to deposit discrete amounts (units of ETH) by inserting a commitment to a "serial number" into a Merkle tree maintained by the contract.
The idea of integrating Zerocash into a currency using a SNARK verification opcode goes back to the original Zerocash paper (Section 6.3 in Zerocash Extended Version). Following this prescription, it is possible to extend the ZoE contract to work with the complete Zerocash protocol.
In order to move forward from the “Baby ZoE” (Zerocash over Ethereum) prototype to more realistic project (actual implementation into Ethereum protocol) and keep project simpler; the entire zk-SNARKS verifier were not integrated directly. Over integrating is the most computational intense of the components of the SNARKS verification. This is called as an elliptic curve pairing verification.
Ethereum and Zcash are working together to achieve the functionalities such as creating anonymous tokens and verifying Zcash transactions on the Ethereum blockchain, implementing other elements used by Zcash in Solidity. Once these two requirements are met, project can be tested and implemented to provide a broader applicability of smart contracts. Release date of the project is not yet revealed.