Cryptography and encryption have enabled a degree of trust on today’s internet that allows us to use our passwords without having to think about whether someone will be able to watch our connections and steal them.
These existing trust primitives have been very useful, but they’ve also been single-purpose. To-date they have not been leveraged effectively for general use cases, such as proving data is being used as expected or information has a trustworthy origin. That’s why a cryptographic primitive, Zero Knowledge Proofs (ZKPs), is so vital. You’ve probably read a bit about this solution. I’d like to walk you through some of the lesser known facets of this potentially game-changing technology.
Having been used and championed in cryptocurrencies for years, ZKPs are now poised to make an impact on the internet. Essentially, when you get a contract notarized, you are getting a stamp of approval from a trusted authority that you can then share with other authorities to prove your contract is legitimate and should be executed. In the digital realm, a ZKP is the notary, and the properties of ZKPs means that it is mathematically impossible to be untruthful.
This innovation comes at a time when user trust in digital systems is at an all-time low. And there’s little wonder why: as we continue to learn, websites are presenting false and misleading information, and they are unable to store private information without the risk of leaks.
On the other hand, the rise of web3 is poised to drive real and positive impact by empowering users to own and control their own data. However, this evolution to a decentralized, user-controlled web cannot come to full fruition without trust and alignment with their users.
Zero Knowledge Proofs offer the opportunity to provide that scale. They can efficiently convey trusted information with selective privacy between computers and users. Ultimately, ZKPs are best leveraged to enable privacy and verifiability, creating the conditions to enable a truly user-controlled Web.
ZKPs for Privacy
Once your personal information is out in the wild, it is there forever, to be used by others for whatever purpose they like. Unfortunately, Web2 doesn’t have a great track record handling that data. In the United States, 49 million people fell victim to ID theft in 2020, costing an estimated $13B in damages from data breaches.
Ideally, users would be able to interact with these websites without exposing their information. With Zero Knowledge Proofs, a company can leverage a user’s information without ever taking custody of that information, thereby keeping user data private and protecting millions of people.
To use another example, let’s say you are buying a house and are applying for a mortgage. In order for the bank to approve the loan, they need assurance that you can be trusted to pay them back. Traditionally, this requires you sharing an immense amount of personal information, including your credit score, banking history, unpaid debts, marital information, tax history — the list goes on.
If any of this highly sensitive personal information slipped into the wrong hands, it could jeopardize your financial health and make you a target for other types of attacks. Instead of taking that risk, you could simply share a proof that you are eligible for the loan and can be trusted to pay back the bank. That is what a Zero Knowledge Proof can enable.
ZKPs for Verifiability
According to Edelman’s annual 2022 Trust Barometer published by Axios, only 54% of Americans trust tech companies to “do the right thing” when faced with a decision that will impact their users.
This is another place where ZKPs have a role to play. When we interact with websites today, we have no idea where the information they are presenting is coming from—whether it is true, false, generated by a human, or increasingly, generated by AI. With a ZKP, guarantees can be provided of data and computational authenticity.
Let’s say you are interacting on an online platform. These other users could be anyone, from anywhere; they could be bots. Ideally, the platform would know you are an authentic person and not a bad actor, and you would know this about the other people on the platform as well.
In the physical world, we use passports issued by our country of citizenship to verify who we are. Naively applying such a digital passport to the web would present a substantial privacy risk.
However, with zero knowledge proofs, people can provide private proofs of identity demonstrating that they match relevant criteria to use a platform; for example that they are a real person, haven’t made more than 3 accounts on the web platform they are on, and haven’t been banned in the last 6 months—without revealing any particular details of their identity or exposing any private information.
ZKPs + Cryptocurrencies for a User-owned and Aligned Internet
Web2 offers an uneasy dynamic controlled by centralized entities. Through network effects, these entities monopolize their respective markets, and often have incentives that conflict with their provision of useful public services. Ideally, these platforms that are made possible by users’ collective involvement, would be aligned with users.
The combination of the capabilities enabled by cryptocurrencies and ZKPs allows for a new dynamic to be created. Now, through decentralized platforms, it is possible to build platforms that are collectively owned and have collective oversight, while ensuring that user information is kept private and is verified.
To put this in context, for Meta (formerly Facebook) to function, it needs to retain huge amounts of centralized, private data. As a private company, it can claim alignment with its users but is unable to prove that alignment.
A social network built on a cryptocurrency and ZKPs on the other hand, would be able to simultaneously have transparency over its own rules and be able to provide proofs demonstrating it is actually following those rules, while allowing users to retain privacy over their data and increase their trust of the service.
A Safer Web for All
ZKPs’ capacity to enable privacy, verifiability, and a user-controlled Web can give users the psychological safety they need to be able to use an increasingly impactful digital world effectively. If the internet is to successfully and healthily become the interface in which we conduct much of our lives, these foundational features will be essential.
An internet that lacks clear ground rules about how user data is being used and lacks a way of verifying the validity of information you are ingesting, it will be an internet of far lower impact and engagement.
Evan Shapiro is the co-founder of Mina Protocol & CEO of Mina Foundation.