The word “crypto” may spark images in your mind of ciphers, code breaking and even Bletchley park’s involvement in World War 2. I, alongside others, believe that cryptography is more than just the process of encrypting and decrypting.

Greg Maxwell provides an intuitive definition. From his perspective, the fundamental nature of information is that it wants to be freely available and read by all. The idea that information wants to find its way into every nook and cranny does have consequences (for the better or worse). For example, information leaks can help us learn about atrocities committed by government, but it can also be used by the government for surveillance of its citizens.

Cryptography is a tool that enables us to bend the nature of information to our will and prevent its unhindered propagation. It has similarities to the perspective of David vs Goliath as cryptography is one of the only tools that allows a citizen to successfully fend against a nation state actor. In fact, for most of cryptography’s history, it is a tool that allows the defender to protect itself from an all-powerful adversary.

Goals of cryptography

A protocol designed using cryptography tends to have three goals:

• Integrity. Protect the message from tampering while it is in transit.
• Authentication. Authenticate that a message was signed or authorised by another party.
• Confidentiality. Only allow the intended recipient to open and read the content of a message.

Remarkably, the cryptography used in Bitcoin and Ethereum is not concerned with confidentiality. It is only focused on integrity and authentication. Both goals form the backbone for decentralization as it allows anyone to verify:

• They have a copy of the one true blockchain.
• Signer has authorised the confirmed transaction,
• Compute the same database as everyone else.

Put another way, decentralization relies on a property called public verifiability. This property allows anyone to fetch data from an untrusted source and independently check if the relevant computation (and data) is correct. Applied to cryptocurrency, it allows a network of users to continuously check the blockchain’s integrity and ultimately protect our assets represented in the database.

If a user cannot get access to the data, or if the cryptography did not exist, then we must blindly trust an authority to protect the system -- essentially how the legacy financial system works today.

Twitter for your bank account

Newcomers find the lack of confidentiality in Bitcoin and Ethereum strange. Very often, this is because Bitcoin was touted by the misinformed that it was an anonymous currency and ideal for use on the dark web to buy drugs. The very name, -crypto-currency, can help lead to that misunderstanding.

Unfortunately for criminals, both Bitcoin and Ethereum are the most traceable currencies in the world. It is a really bad tool for their desired purpose as the historical transactions are replicated across the world and kept forever. This is why it is estimated only 0.15% of all cryptocurrency usage is for an illicit purpose.

In fact, even for crime that originates on the network, there are some fun examples to consider:

• Bitfinex hacker. The FBI helped recover over 94k BTC from the hacker on behalf of Bitfinex. In typical crypto fashion, the hacker was an amateur rapper called “Razzlekhan” and a sophisticated social engineering attacker. They got caught after trying to cash out a small portion of the stolen bitcoins.
• OpenSea insider trading. A twitter user found credible evidence, using transactions in the blockchain, that a product manager at OpenSea were buying NFTs before they were announced on the homepage (and then sold for a premium). The SEC will use this evidence for proceedings against the ex-employee.
• MtGox repeatedly hacked. The exchange was responsible for loosing around ~6% of all Bitcoin. An investigation by WizSec, using blockchain data, found credible evidence that the exchange was not solvent for a long time.

While the lack of confidentiality has helped the adoption of cryptocurrencies in the eyes of regulators and law enforcement, confidentiality is still a sought-after feature to protect the right of users to transact. A number of cryptocurrency networks exist today with strong confidentiality guarantees for transferring assets including ZCash, Aztec Protocol and Monero. The new frontier of research and development is focused on building smart contract platforms that support confidentiality for some aspects of the application.

The ‘crypto’ is pretty boring

There are only two primitives to consider and we have put together a dedicated article for each primitive alongside a brief explanation.

Commitment scheme. A commitment scheme empowers a receiver to independently test whether they have received (or computed) the anticipated data from the sender.

It is often thought of as a two-step protocol:

• Commit phase. Sender can decide on a value and only reveal a commitment to it publicly.
• Reveal phase. Sender can reveal the value and a recipient can test whether it matches their commitment.

Both the commit and reveal phase can be performed at the same time. A good mental model for a commitment scheme is to think of it was a testing mechanism. Users can check whether they have computed or received data in its entirety. The test is conducted independently.

In the land of cryptocurrency, it allows all users to agree on the same data and eventually compute a copy of the same database. This is because the node software and test whether they have received the full list of transactions for a block before processing it. Interestingly, a commitment scheme can be used to test whether the resultant database has the expected data and structure too.

Digital signature. It is synonymous with a written signature. A recipient of a message can check the message was created by a known sender (authenticity) and the message was not altered in transit (integrity).

For a cryptocurrency, it allows a user to create and manage their own identity. They can compute the credentials (public-private key pair) locally on their machine. The public key is used as their identity (Bitcoin address, Ethereum account) and the corresponding private key is used to digitally sign messages.

As such, coins can be sent to a user’s public key and the system can verify the user has authorised to spend the coins if they have signed a message which attests to the transfer. A signature is timeless and it can be verified at any point in time. In fact, we can check all historical transactions in a network like Bitcoin and verify the signer was indeed authorised to spend the coins

What about zero knowledge proofs?

The concept of a zero knowledge proof is very simple and this video explanation by Amit Sahai remains one of the best explainers.

Briefly, Alice (the prover) wants to convince Bob (a verifier) that a statement is true without telling them why it is true. Bob should only learnt 1 bit of information - the statement by Alice is indeed true.

But what is a statement? Let’s consider a few examples:

Financial transaction. Alice wants to convince Bob that a financial transaction, TX1, is valid. If Bob is checking the validity of a transaction, he may want to check:

• Does the sender have a sufficient balance to transfer the desired quantity of funds?
• Did the sender digitally sign and authorise this transaction?

The tricky part is that Alice needs to convince Bob that TX1 is valid without revealing the sender, receiver or the value transferred. She just wants to reveal a single bit of information - this transaction blob is indeed valid.

If this is possible, then we can build shielded and confidential transactions. Only the sender and receiver can read the content of a transaction, but the world can verify it is the transaction is valid and can be confirmed as final/irreversible. It may appear paradoxical, but it is indeed possible and available for use on ZCash.

Accept an update to the database. Alice wants to convince Bob about an update to the database. He should only apply this update if he is convinced the database is public.

He may:

• Request from Alice the list of transactions that produced the database update.
• Given his copy of the database, execute all transactions in order and compute update’.
• Only apply it if update === update’

This may sound a bit far fetched. Why would Bob naively re-process every transaction to check if an update to the database is valid? Well, this is exactly what every node on the Ethereum network performs today and it is one of the scalability bottlenecks faced by the network.

In an ideal world, Alice can simply send Bob the update alongside a tiny proof. He can quickly check the proof, be convinced the update is valid, and then apply the update to his database. He only needs the update (“a state diff”) and he does not even need a copy of the transactions processed.

Again, this is possible and we can call it a computational integrity proof (as the zero knowledge property is not always required). It is within the realm of verifiable computing and it is implemented by StarkWare’s layer-2 project.

How does a zero knowledge proof work exactly? If you want to dive into the details, I recommend checking a host of online resource:

• Lecture notes from Stanford
• A student’s final report from Tim Roughgarden’s class
• Vitalik’s articles about zero knowledge proofs and his approximate introduction to SNARKS.