• Zero-knowledge proofs (ZKPs) have been discussed for over a decade in the Bitcoin space as a potential “long-term” feature.
• ZKPs can be used to cryptographically prove that some statement is true, or that one possesses certain information without revealing it.
• Ring signatures are an example of a very basic form of ZKP and work by providing a signature provably made by one key within a group of keys without revealing which one.
What Are Zero-Knowledge Proofs?
Zero-knowledge proofs (ZKPs) are something that have been discussed in this space for over a decade. Even Satoshi Nakamoto themselves was aware of them as a primitive that could be used, and the idea of applying them to Bitcoin was discussed as early as 2010 when they were still active. In my mind, they have always been one of the potential “long-term” features of Bitcoin that never really had a solid, concrete implementation but could wind up panning out and creating an enormous amount of value and utility for the work put into implementing them. Who wouldn’t think that cryptographically proving that some statement is true, or that you possess some information without revealing it, is very valuable? Especially when you can do so for very complicated things with relatively small proofs?
Why Is This Valuable?
Complicated and large smart contracts/scripts to lock bitcoin with in the end necessitate putting proportionally-large pieces of witness data on the blockchain in order to spend those coins. That can either be literally large amounts of data, or it can also be data that is expensive to compute and verify. This is a conventionally-held tradeoff of blockchains: The more complicated the condition you want to require to spend coins, the more expensive to verify or more data is required to spend them. ZKPs have always been held up as a way to change that, allowing highly-complicated script conditions to be proven with a small or constant amount of data that, when verified, shows definitively that those conditions were met.
How Do They Work?
This is because of the fundamental asymmetry between proving and verifying using ZKPs. To give a concrete example that is as simple as possible, ring signatures are a very basic form of ZKP. The idea is to provide a signature provably made by one key within a large group of keys without revealing exactly which one. By properly defining a signature algorithm, a single signature can be produced that can be verified against the entire set