More than Just Math: Takeaways from the ZKProof Workshop

The crypto community is teaming up with academics and industry players to develop cryptographic standards for mainstream adoption.

Guest post from our R&D cryptography lead, John Brainard. 

Zero-knowledge proofs (ZKPs) have been getting a lot of attention lately. At the Consensus conference earlier this month, more than a few panels mentioned zero-knowledge proofs as the “answer” to privacy issues on blockchains, while others buzzed about Zcash’s recent listing on Gemini as proof that “privacy coins” like Zcash were about to take off. But are these tools, once the domain of cryptographers and cybersecurity experts, ready for mainstream adoption?

Earlier this month, I was fortunate enough to represent PegaSys at an MIT workshop of leading cryptographers called ZKProof. This was a much needed open initiative by a mix of academics and industry players who are interested in developing standards and tools around the usage of zero-knowledge proofs. Though the concept has actually been in existence for years (conceived in 1985), there are a number of cutting-edge implementations out there, from zk-SNARKS used on Ethereum to range proofs, and questions remain about issues like security, implementation, and use in applications.

Group photo of about 65-70 participants. 

Identity Mixers and Lightweight ZKPs
The workshop had great participation from newer blockchain companies like Zcash and QED-it, Hyperledger Fabric team members from IBM, and academics from Columbia, MIT, Yale, and many others, including Shafi Goldwasser, one of the original ZKP co-inventors. The range of participants was meaningful as community-wide collaboration will be important to ensure many different use cases and requirements are captured, whether for consumers, enterprises, or others.

The conference also offered a chance to discuss some of the upcoming research being worked on across the ecosystem. Identity mixers were a popular subject, covered by both IBM (for the Fabric blockchain) and the Sovrin Foundation (for Hyperledger Indy). Identity mixers provide greater anonymity by combining transactions to hide who owned certain data, and will be useful for both Fabric to provide privacy to enterprises, while Indy is specifically designed to provide privacy through decentralized identity.

Z-cash provided a great presentation on their upcoming release, Sapling. Adoption of ZKPs is still challenged as they tend to be slower and computationally intensive. Z-cash seeks to address some of these obstacles with new techniques including:

  • Improved performance over Sprout by using lightweight functions
  • Improved efficiency with Groth’s 3-element SNARK
  • Increased use of jubjub curve and Pederson commitments

Industry Standards and Next Steps
To address the different standards and challenges the field faces, the workshop split up into breakout groups working on security, implementations, and applications. Each of our groups set out to produce some frameworks that could be the basis for future discussions and workshops.

The Implementation team, which I joined, proposed a set of APIs useful for many ZKP constructions. We also came up with a list of proposed benchmark tests to verify correctness of implementations and interoperability. These benchmarks will be useful to ensure that even if there are many blockchains, there will be a minimum standard that can be used reliably across all of them.

All in all, the conference was a great start on standardizing ZKP adoption, though much work remains to be done. We applaud the initiative and look forward to participating in future workshops!

—-

Follow us at @PegaSysEng to stay tuned for updates on our protocol engineering team’s progress.