The word “crypto” may spark images in your mind of ciphers, code breaking and even Bletchley park’s involvement in World War 2. I, alongside others, believe that cryptography is more than just the process of encrypting and decrypting.
Greg Maxwell provides an intuitive definition. From his perspective, the fundamental nature of information is that it wants to be freely available and read by all. The idea that information wants to find its way into every nook and cranny does have consequences (for the better or worse). For example, information leaks can help us learn about atrocities committed by government, but it can also be used by the government for surveillance of its citizens.
Cryptography is a tool that enables us to bend the nature of information to our will and prevent its unhindered propagation. It has similarities to the perspective of David vs Goliath as cryptography is one of the only tools that allows a citizen to successfully fend against a nation state actor. In fact, for most of cryptography’s history, it is a tool that allows the defender to protect itself from an all-powerful adversary.
A protocol designed using cryptography tends to have three goals:
Remarkably, the cryptography used in Bitcoin and Ethereum is not concerned with confidentiality. It is only focused on integrity and authentication. Both goals form the backbone for decentralization as it allows anyone to verify:
Put another way, decentralization relies on a property called public verifiability. This property allows anyone to fetch data from an untrusted source and independently check if the relevant computation (and data) is correct. Applied to cryptocurrency, it allows a network of users to continuously check the blockchain’s integrity and ultimately protect our assets represented in the database.
If a user cannot get access to the data, or if the cryptography did not exist, then we must blindly trust an authority to protect the system -- essentially how the legacy financial system works today.
Newcomers find the lack of confidentiality in Bitcoin and Ethereum strange. Very often, this is because Bitcoin was touted by the misinformed that it was an anonymous currency and ideal for use on the dark web to buy drugs. The very name, -crypto-currency, can help lead to that misunderstanding.
Unfortunately for criminals, both Bitcoin and Ethereum are the most traceable currencies in the world. It is a really bad tool for their desired purpose as the historical transactions are replicated across the world and kept forever. This is why it is estimated only 0.15% of all cryptocurrency usage is for an illicit purpose.
In fact, even for crime that originates on the network, there are some fun examples to consider:
While the lack of confidentiality has helped the adoption of cryptocurrencies in the eyes of regulators and law enforcement, confidentiality is still a sought-after feature to protect the right of users to transact. A number of cryptocurrency networks exist today with strong confidentiality guarantees for transferring assets including ZCash, Aztec Protocol and Monero. The new frontier of research and development is focused on building smart contract platforms that support confidentiality for some aspects of the application.
There are only two primitives to consider and we have put together a dedicated article for each primitive alongside a brief explanation.
Commitment scheme. A commitment scheme empowers a receiver to independently test whether they have received (or computed) the anticipated data from the sender.
It is often thought of as a two-step protocol:
Both the commit and reveal phase can be performed at the same time. A good mental model for a commitment scheme is to think of it was a testing mechanism. Users can check whether they have computed or received data in its entirety. The test is conducted independently.
In the land of cryptocurrency, it allows all users to agree on the same data and eventually compute a copy of the same database. This is because the node software and test whether they have received the full list of transactions for a block before processing it. Interestingly, a commitment scheme can be used to test whether the resultant database has the expected data and structure too.
Digital signature. It is synonymous with a written signature. A recipient of a message can check the message was created by a known sender (authenticity) and the message was not altered in transit (integrity).
For a cryptocurrency, it allows a user to create and manage their own identity. They can compute the credentials (public-private key pair) locally on their machine. The public key is used as their identity (Bitcoin address, Ethereum account) and the corresponding private key is used to digitally sign messages.
As such, coins can be sent to a user’s public key and the system can verify the user has authorised to spend the coins if they have signed a message which attests to the transfer. A signature is timeless and it can be verified at any point in time. In fact, we can check all historical transactions in a network like Bitcoin and verify the signer was indeed authorised to spend the coins
The concept of a zero knowledge proof is very simple and this video explanation by Amit Sahai remains one of the best explainers.
Briefly, Alice (the prover) wants to convince Bob (a verifier) that a statement is true without telling them why it is true. Bob should only learnt 1 bit of information - the statement by Alice is indeed true.
But what is a statement? Let’s consider a few examples:
Financial transaction. Alice wants to convince Bob that a financial transaction,
TX1, is valid. If Bob is checking the validity of a transaction, he may want to check:
The tricky part is that Alice needs to convince Bob that
TX1 is valid without revealing the sender, receiver or the value transferred. She just wants to reveal a single bit of information - this transaction blob is indeed valid.
If this is possible, then we can build shielded and confidential transactions. Only the sender and receiver can read the content of a transaction, but the world can verify it is the transaction is valid and can be confirmed as final/irreversible. It may appear paradoxical, but it is indeed possible and available for use on ZCash.
Accept an update to the database. Alice wants to convince Bob about an
update to the database. He should only apply this
update if he is convinced the database is public.
update === update’
This may sound a bit far fetched. Why would Bob naively re-process every transaction to check if an update to the database is valid? Well, this is exactly what every node on the Ethereum network performs today and it is one of the scalability bottlenecks faced by the network.
In an ideal world, Alice can simply send Bob the
update alongside a tiny
proof. He can quickly check the proof, be convinced the update is valid, and then apply the update to his database. He only needs the update (“a state diff”) and he does not even need a copy of the transactions processed.
Again, this is possible and we can call it a computational integrity proof (as the zero knowledge property is not always required). It is within the realm of verifiable computing and it is implemented by StarkWare’s layer-2 project.
How does a zero knowledge proof work exactly? If you want to dive into the details, I recommend checking a host of online resource: