Zero-Knowledge Proofs: Privacy, Innovation, and Equity

A cryptographic math maze circle with path to center; which path you actually take is secret thanks to zero-knowledge proofs.

Zero-Knowledge Proofs: Privacy, Innovation, and Equity

Imagine being able to prove you’re old enough to buy a drink without flashing your ID—or proving you have insurance without handing over your policy details. Sounds like magic? It’s just math. Zero-Knowledge Proofs (ZKPs) might be the biggest leap for privacy since encryption, but they also come with serious challenges. Let’s talk about the good, the bad, and the future of this technology.

If you’re not familiar, ZKPs are a cryptographic technique that allows one party to prove something to another party without revealing any other information beyond the proof itself. It’s no wonder these have been heralded as the holy grail for privacy-preserving selective disclosure.

🎙 Audio Blog

ZKPs have the attention of several standards development communities and have for a while. (Mike Jones did a great presentation at EIC in 2023 that touched on ZKPs; check out the slides starting around slide 26). I get it. ZKPs are mathematical magic, especially for applications like age verification, secure access control, and decentralized identity systems. But like any technology, they come with their own set of challenges. For one, they have a high computational cost, requiring powerful devices to execute the complex math behind them efficiently. The equipment required to support that computational effort is expensive, raising questions of scalability. There are also several ZKP algorithms out there; I don’t know what happens when competing platforms don’t support each other’s algorithms. These questions take my brain to one uncomfortable question: Are ZKPs going to widen the digital divide?

Understanding Zero-Knowledge Proofs

At their core, ZKPs allow someone (the prover) to convince another party (the verifier) that a statement is true without sharing any additional details. For example, imagine proving you know the solution to a puzzle without revealing the solution itself. This is achieved through advanced cryptographic algorithms that ensure the verifier gains confidence in the proof while learning nothing else. (I’m just saying that “mathematician” and “magician” sure sound similar. But I digress.)

ZKPs do promise some very sexy things:

  • Privacy: They enable granular data sharing, revealing only the necessary information.
  • Security: They lower the risk of data breaches by limiting the exposure of sensitive data.
  • Versatility: They can be applied across various fields, from financial transactions to identity verification, because every sector has use cases for this.

But, sexy math doesn’t mean solving for everything:

  • Computational Intensity: The algorithms are resource-heavy, demanding significant processing power up to and including specialized hardware.
  • Device Dependency: Effective use often requires high-end (read: expensive) devices, limiting accessibility.
  • Complexity: Developing and implementing ZKPs is technically challenging and requires significant expertise.

ZKPs in Standards Development

In the world of digital identity, ZKPs have come up quite a bit in the verifiable credentials space. Standards development groups like those in the IETF working on selective disclosure (e.g., SD-JWT, SD-CWT) are exploring how ZKPs can be integrated into identity systems to improve privacy and security. Research groups like the IRTF’s Crypto Forum Research Group (CFRG; more on them later) are also looking at work in this space and how it might apply to standards under development. Age verification tends to be the most popular example, though there are others that apply in healthcare, public sector, banking, etc.

Zero Knowledge Proofs are just one piece of the standards puzzle. If your team is figuring out how to engage in standards development—or just needs to stay ahead of what’s coming—I can help. 👉 See how I work or Book a quick chat.

While ZKPs offer innovative solutions to challenging problems, they won’t work for everyone. For example, in settings where access to high-end devices or strong network connections is limited, alternative methods of selective disclosure may be more practical. Verifiable credentials based on attribute-based encryption or other techniques might complement ZKPs to create more inclusive systems.

Despite the promise of solving very thorny privacy problems, there’s a tension here between innovation and inclusivity. As we’ve seen with other technologies, the benefits often go first to those who can afford cutting-edge devices, leaving others behind. Standards development communities, particularly those involved in the digital credentials space, are positioned to address this gap, but it requires intentional design choices and collaboration across stakeholders.

Balancing Innovation with Equity

Here’s what’s making me anxious: The promise of ZKPs shouldn’t come at the cost of equity. If the future of privacy relies on technology that only the most privileged can access, then we’ve failed a significant portion of the global population. So let’s think about how to advance in a few more areas. (There is work going on in each, but let’s not get complacent):

  1. Optimizing Algorithms: Continued research should focus on reducing the computational burden of ZKPs, making them more efficient and accessible.
  2. Device Compatibility: Developing lightweight ZKP implementations that work on older or less powerful devices is crucial.
  3. Privacy Alternatives: While ZKPs are a powerful tool, they’re not the only path to privacy. There are other technical mechanisms to explore.
  4. Collaborative Standards: Standards bodies must prioritize equity, ensuring that technical specifications account for diverse use cases and resource constraints.

Non-Human Identities and ZKPs

ZKPs aren’t just about humans; they have a significant role to play in NHI as well. Devices, software agents, and even digital twins increasingly operate in environments where trust and privacy are critical. Here’s where ZKPs come into play:

  • Device Authentication and IoT: ZKPs can allow IoT devices to securely prove their identity without exposing sensitive information. For example, a smart thermostat could authenticate itself to a central hub without revealing its serial number or full configuration.
  • Machine-to-Machine Communication: ZKPs enable machines to verify each other’s credentials securely, such as an autonomous vehicle proving it has insurance coverage.
  • Supply Chain and Provenance: Digital twins of products can use ZKPs to prove authenticity or origin without disclosing the entire supply chain.

However, just as with human identities, there are challenges. Many non-human entities, like IoT devices, are resource-constrained and may struggle to handle the computational demands of ZKPs. These limitations further highlight the importance of making ZKPs more accessible, not just for individuals but for organizations and devices with limited resources.

What’s Next for ZKPs?

The future of ZKPs is as exciting as it is complex. One organization leading the way in advancing ZKP research and development is the CFRG. Part of the IRTF, CFRG brings together cryptographers, researchers, and industry professionals to explore cutting-edge cryptographic techniques, including ZKPs. Their work helps ensure that standards and implementations are both secure and practical for real-world use.

In addition to CFRG’s efforts, ongoing research (NIST is just one example) focuses on optimizing algorithms to reduce computational overhead and developing hardware accelerators to make ZKP technology more efficient and accessible. Collaboration across academia, industry, and standards bodies is necessary to overcome current limitations and ensure ZKPs can be deployed equitably.

Ultimately, the journey to mainstream adoption of ZKPs will require thoughtful design, practical implementation, and a commitment to inclusivity. By leveraging the work of groups like CFRG and fostering collaboration, we can ensure that ZKPs advance privacy and benefit everyone.

A Quick Compare and Contrast

FeatureZKPsCurrent Models of Selective Disclosure
Privacy LevelExtremely high (reveals nothing but the proof)Partial (shares limited info)
Computational CostHigh (math is hard!)Lower (simpler cryptography)
Device RequirementsExpensive hardware needed?Works on most devices
Adoption BarrierComplexity, costMore familiar, easier to deploy

Wrap Up

Zero-knowledge proofs are an exciting innovation that could actually make privacy a technically viable and enforceable thing online. Their ability to enable secure, selective disclosure is amazing, and their potential applications are as diverse as the people on the Internet. But as we push the boundaries of what’s possible with the latest technologies, we must also ensure that privacy is not a privilege reserved for those with the latest devices.

By balancing innovation with accessibility, I think we can build a future where everyone benefits from the advancements in privacy-preserving technology. ZKPs are undoubtedly a step in the right direction, but they’re just one piece of a much larger puzzle. Let’s make sure we’re solving it with everyone in mind.

🔹 Want more posts like this? Subscribe and get new insights delivered straight to your inbox.

Previous Article
Next Article

Heather Flanagan

Principal, Spherical Cow Consulting Founder, The Writer's Comfort Zone Translator of Geek to Human

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from Spherical Cow Consulting

Subscribe now to keep reading and get access to the full archive.

Continue reading