Subject: Why You Must Know About ZK --A Tool To Protect&Expand Our Freedoms, Free Speech&Privacy. With it, we can be steps AHEAD&win; without it, we can easily lose ground when unavoidable web3 replaces current

Date: Sep 4, 2022

Friends: If I tell you why ZK is important, and then give you a non-technical breakdown that's understandable to non-experts, will you read? Before this intimidating sounding (and so powerful it sounds like magic; yet that same was true of electricity when first discovered; and AI that can turn text to voice and vice versa, and quantum computing) To fit in the Subject line I called ZK a tool but it's a broad class of powerful existing and emerging technologies. My doctorate is in a very different area of mathematics but I have enough background (and have read enough) to know it is very real -- and promising. This extended (for not all but many readers) weekend is your chance to get ahead of the curve and feel comfortable about the basic meaning of a concept that is currently one of the best maybe best, candidate for powerful technology for this decade and beyond -- which can be used for good -- if we don't use it for good, the powers that be surely won't -- both defensively and to expand freedom


The grassroots Left and Right are both (too often) falling into the mistake of categorizing as "evil" some 'things' that (a) are coming whether we want to or not (b) will have evil aspects, they are 100% correct to warn about (c) But instead of focusing on the evil potential with 99% or 100% or our energy, we need to learn about tools that (i) mitigate the evil and even better (ii) let us create positive portions of these 'things' -- the 'things' being tech for safe storage and transfer of value and for decentralized decisionmaking (which corporations/governments will use for their ends but we can use to empower We The People) and what's this web 3.0 thing? 

Without further ado let me paste: (A) from my email to a major privacy vlogger yesterday and then include (B) what "What is ZK?" side bar of an ever growing 6-months in the making multi-part article for Citizen Activists..pardon typos etc -- you'll see why ZK is a powerful tool for fighting back

(A) Subject: "A solution for Digital ID, protecting privacy in impending Web 3.0 -- putting Decentralized ID in the hands of the people?Have you looked at Zero Knowledge tech, in particular, this Recursive subtype?(excerpts from vid transcript)"

Dear XXX 
I recently found your channel and subscribe

[...] In short, a week or so ago I watched a video in which you bemoaned our digital ID future which you gave the impression you thought was unavoidable (I thought it might have been the one on CBDCs but a quick text-search of youtube auto-transcript doesn't find "centralized" match, so maybe another video?) It seems to  me that zk-SNARKs (which I first found out about them, and STARKs, around 2017) may be a freedom/privacy-enhancing way forward; at least worth vigorously exploring no less than developing GNU and the Linux kernel were worth exploring, trying to improve, etc, 30+ years go.

Blockchain projects I'm aware of using zk include Algorand (led by MIT prof. who won the Turing Award, computer science's version of the Nobel prize, and co-inventor of zk-SNARKs); Chainlink; and a small but impressive and ambitious blockchain called Mina (the youtube channel Coin Bureau with over 2M subs, profiled Mina some time ago so not super tiny)

See the 4:04 minute video "Real World Use Cases that Mina Will Enable With ZK Technology | Mina Protocol" (v=rRwG8WkZYBE) but here's key part from youtube's auto-transcript:

2:40 Finally, with Mina, you can access any internet website or service privately — without creating an account and handing over your data. Instead, you could login securely with Mina. Other crypto projects claim to have “one-private-login” capabilities - but theirs are constrained within the crypto ecosystem. But Mina will work across the internet. Think about it -- how many times have you handed over your personal data (like your email and credit card info) to a company to use their services? Apple, for example, offers users a centralized login, but it’s not private or censorship resistant. Mina’s one private internet login solution is different. You’ll create Snapp-based login accounts on Mina using your email. The Snapp [zk-SNARK-based dApp] will prove to the website that you own the underlying email — without ever revealing your actual address -- giving you control of your own data again. These examples are only the beginning of what’s possible on Mina. If you care about decentralized, permissionless blockchain integrity and your data privacy -- then Snapps are the best place to start.

For eList readers, full url: https://www.youtube.com/watch?v=rRwG8WkZYBE

(a second good overview but not as directly related to alternatives to centralized ID as the above, is "What are Zero Knowledge Proofs? | Mina Protocol" ( v=GvwYJDzzI-g ). These two plus a 1-2 minute "what is Mina" are the two viewed videos on this still small project which to mee seems worth paying attention to) hesitate to include full URLs in a first email lest it be misclassified by Google intospamfolder

Direct full url: https://www.youtube.com/watch?v=GvwYJDzzI-g

I don't claim this technology (let alone Mina's implementation) is perfect;

Rather, I claim this technology-class (zk-SNARKS in general and these privacy-focused applications, and perhaps this subclass of zk-SNARK that has the "can recursively refer to itself without growing length of proof" -- see the second, "GvwY..."  URL above --  type of zero-knowledge proof technology, in particular) is worth exploring.

Not only worth exploring; worth trying to build/create a working implementation(s) that is both technologically good (secure etc works as hoped) and aligns with values; and supporting projects (if any; Mina may or may not be one; time will tell) that seem to meet threshold for both

The larger the number of "build the future you want" projects exist and where we succeed, the better shape we'll be when Web 3.0 is here; it'll arrive whether we want to or not.

Just like Web 2.0 has ugly parts (Big Tech) and useful part (independent vloggers including on alternative channels including some blockchain based ones)

Web 3.0 will have Good/Bad/Ugly parts -- let's maximize how many good tools/protocols/platforms/implementations/clients exist. GNU/Linux didn't fix everything in the world but it existing opens up freedom and so on. Likewise here.

In particular, in 1990, most of the noise fell into one extreme camp or the other: one telling us the internet was going to be useful or "niche" only; and the other hyping it as going to automatically make the world better. A much smaller third group, of which an even smaller group of us were active not just vocal, gave a more nuanced prognosis -- that the internet didn't guarantee anything but gave us new tools which *could* (and, *should*) be used for expand liberty (and if possible, peace, so the world stays in one piece etc)

I also know both from general/first-principles and that experience, that even if some ideal "win" happens as I hope for privacy and decentralization including for decentralized ID -- it won't be the end; the price of freedom is eternal vigilance as they say; it'll be back and forth (just like security vs malicious hackers arms race)..but the rights of the general public need early wins/tools in our corner, as you're clear aware, in these opening stages of Web 3.0, in these opening stages of digital currencies (the good, the bad and the ugly kinds of digital currencies; CBDCs being among those three ;-) and so on.

My interests are 'decentralized' (or I'm scatter-brained or eclectic in my passions) much more spread out than you, even having quit my tenured university job some years ago. Many things at the intersection of society and technology including AI, existential dangers and potential positives, blockchain in social applications, human survival in a world where an AI designed many thousands of chemical WMDs in a matter of hours (did you see that one?Science research publication) and more.

You have the important valuable  central Privacy focus (and your audience) to make a real difference; to dig into more of this than I likely can -- maybe even you eventually interviewing some folks, after first maybe away-from-spotlight dialog between you and key actors -- identifying worthy or at least potentially-worthy projects, whether Mina or others (Algorand is heavy duty and impressive but their Proof of State[sic] isn't this focus of Mina on privacy in decentralized login/Identity)..or videos in coming months, quarters, years, where you give update on what's promising, what's of concern; what are some strengths/weaknesses of these projects.

Why worth your time? If I'm right that zk-SNARKs and related tech are one of the most if not the most promising ways we preserve or even expand our privacy in the more to Web 3, then the question answers itself. If I'm mistaken, and you know of now or later find, something even more promising, I'd love to hear; seems promising enough to be worth digging deepers into the overlap of zk and privacy-preservation(and freedom preservation) in the emerging Web 3.0 (and a quick keyword search of your videos shows you're concerned with another area I've given thought to: computers-on-wheels that'll make privacy-violations by our cellphones look like Amateur Hour by comparison..!)

Your thoughts? Regards,
**HB**
P.S. Above are top video quotes; short video is also most recent video on Mina yt channel, "The Missing Key in Web3 — 7 of Crypto's Brightest Minds Weigh In | Part 2: Zero Knowledge in Web3" ] some quotes from different people there:

0:46 I don't want to go overboard and say that zero knowledge proofs and proving systems are a panacea, but they're pretty close, honestly. Both on the scalability side, so that individuals can run nodes that have the equivalent of full node security, and on the privacy side, because zero knowledge proofs can vary adeptly hide a great deal of transaction information while still informing other nodes that yes, you abided by the consensus rules of the protocol. [...]And with zero knowledge proofs, you can actually have all the benefits of operating in a blockchain context without sacrificing user privacy. And so being able to actually use sensitive information without revealing it to the world at large.

2:32 "And what zero knowledge makes possible, and you know, what is possible with zk-Apps, is actually to leave the data on a user’s device and not in the hands of some central database, or, you know, a company who's running that database. So that computation can occur just locally on the user's device, on their data, and they never have to actually send the data off device.

[...]3:00 Mina is the only layer one protocol that has shipped recursive zero knowledge proofs that enable that kind of full node security with a very, very low footprint for participants.

[...]3:41 Our zero knowledge application platform will be the first widely deployed, easy to use way for people to write zero knowledge [decentralized] applications. [...] 4:01 And particularly with Mina being available in JavaScript, TypeScript, these languages that are super accessible and easy to learn for everyone.

Second and last item:
(B) A Friendly non-technical (with links to technical PDFs) intro to What the (bleep)  Zero Knowledge Proofs are and what zk-SNARKS Are -- please pardon typos; is from draft article I'm writing

[I won't keep you waiting: zk-SNARKS are (zero-knowledge based) Succinct Non-interactive ARguments of Knowledge, in case you're curious. "Succinct" mean  (quick to verify, small space, even if proving very complex/big thing) Non-interactive means, they don't have to go back and forth with you; the one-time piece of info lets you verify the truth.] This advanced math technology makes possible things like, quoting Princeton PDF:

  Other interesting NP statements. Once we can prove any language in NP we can have protocols like this:

 • Alice sends Bob a number n and proves in ZK that it n = pq for two primes p, q with p (mod 4) = q (mod 4) = 3

. • Suppose that the encryption of Alice’s tax return data is available on the web, and Alice wants to persuade Bob to give her a grant without opening all of the encryption. She can prove in zero knowledge that the bottom line is that she earned less than 10K [without revealing ANYTHING else to him]

[...] https://www.cs.princeton.edu/courses/archive/fall07/cos433/lec16.pdf

Wait we promised non-technical, and the first is math...the second is non-technical but can we understand better, simpler? Yes see the draft below which gives many non-technical analogies...we will with Where is Waldo example making sense of how "ZK" can really be done and is not impossible -- so that Where is Waldo example and 2 or so other non-technical examples below!

 Skip this paragraph until after reading the examples below:

A June 20, 2022 video on Algorand State Proofs (ASPs) which accomplish two main things: secure and easy verification of Algorand's state by 'outside' entities (other blockchains but also their own nodes when joining/re-joining after a time offline) and adding long-term quantum security to the chain; with with the timing of the implementation specified at 14:54 as "going to be deployed early this (2022) summer" (the video, where the expert suggests it may be "15 to 20 years" before quantum computes are powerful enough for this to be needed, follows up on a March 2022 Medium post, which in part states "Algorand State Proofs fortify cross-chain applications with Post-Quantum security. By using advanced cryptography, ASPs can withstand attacks by powerful quantum computers").

Skim this next paragraph and then dive into the real-world examples with Where is Waldo and other down to earth non-math examples!

A third advantage fo these ASPs is "ultra-compression" into tiny verifiable proofs using so-called zk-SNARKS, which stands for "Zero-Knowledge Succinct Non-Interactive Argument of Knowledge", and while these terms go back way before Algorand — the "zk" since 1988 and zk-SNARKS since 2012 — these are, besides initially rather funny-sounding, aretechnical and can be either intimidating or sound like mathematical 'magic'. Yet they are not; at least, not more so than electricity is magic, or to use a closer analogy, no more magic than the RSA cryptography (and upon which related/fancier versions are based)d without which our emails could all be read by any hacker — and without other types of mathematical magic that makes it too hard for hackers to break into our bank accounts, since it would take the most powerful computers on Earth a massive number of years to decrypt (variants with a "T" for "Transparency" so the public is even more protected from abuse, there are zk-STARKS (PDF; technical paper)) 


But without getting too technical, let us at least partly demystify what the so-called magic is and at least outline why it works:


How Do "ZK" or Zero-Knowledge Proofs Work? How can they even work? Some examples


i.How can you prove to a friend that the hidden card you picked from a deck of cards is red, while giving them "zero knowledge" about anything else about it?

You let the verifier pick which store to go with you to buy a deck of cards (so you couldn't pick a rigged deck) and they see you open the deck. You take out one card and put it on face down on a special little table. You want to prove to them that that card is red, without giving them any other info. How?

Take out all the black cards and show them all..while keeping the other red cards in your hand facing away. You, the Prover, have just proved to the Verifier that the special chosen card is indeed red, since you showed them the 26 black cards..but you didn't show them any of the remaining red card so they learned nothing else..they can't rule out even a single red card as being the chosen one.

Keep in mind this example and the others, are imagined scenarios in the real world to just illustrate the "zk" concept, while in crypto advanced algorithms are used instead, but let's get a flavor

ii. Where's Waldo?. In this real world analogy to zero knowledge demonstration, you've solved a Where's Waldo puzzle picture by finding Waldo..but you don't want to ruin your friend's fun (or they don't want it ruined) by revealing the location..but you still want to prove that you have found Waldo..sound impossible? Imagine putting a large posterboard, much larger than the book, over the picture and moving the book to a random location behind it with your friend looking away and then cutting a tiny hole through the posterboard, and positioning the book so just Waldo is shown. Then your friend is convinced you found Waldo. Keep in mind that actual zk-proofs use cryptography/mathematics/algorithms, and this is just ana analogy, to give us a sense of how one can possibly convince someone else that you know something without showing them the answer or the like. However, our third example, while still just a real-life analogy, will give us a somewhat more realistic real world analogy to how zk proofs work.

Imagine you have a color blind friend. They demand you convince them that you can tell apart red from green. But you don't wish to tell them which of their two pens is red and which is green (why not? Well, think of other real world analogies that might be more realistic but harder to illustrate with a story like this: you want to prove to a business to hire you to do a job, and you want to prove your competence, but you don't want to work for free; after all maybe this company just wants to pretend to want to hire 100 people and gets each interview to solve part of their work load for free, pretending it's just a test of the candidate's competence.

It would be great if you could prove to the potential employer that you can a certain skill but without actually doing free work for them. Similarly with two companies with one considering giving the other company a contract..a zk proof would allow that company to prove it can accomplish the contract at or above a certain quality level, without doing free work for the first company.

These are just some examples that help convince us that yes, there's very realistic real-world examples that are analogous to "convince my friend that I can tell Red from Green without telling them which pen is which". 

Below we'll mention how zk proofs can also help us have more privacy, in fact total privacy, away from the prying eyes of financial institutions, while still passing their requirement for creditworthiness, without giving away our credit score or income, but only proving, a single fact: that we meet or exceed their loan requirements (even back in 2007 before the recent waves of advances in the field, academics gave examples of zk proofs to a grant agency that your income was below some level, without showing them your full tax return; see 'other interesting NP statements' near bottom of page 1 of these 2007 Princeton lecture notes, for example. Warning: like most PDF links, highly technical) But first, let's return to our example with colored pens.

As you stand facing one another, your colorblind friend holds a red pen in one hand and a green in the other hand. They then ask you to turn around. Maybe even a solid curtain is drawn between you. Your friend either does nothing, or switches the pens. Then the curtain is removed, and you easily tell your friend whether they switched pens or not: after all, if the red pen was on your left and the green on your right, you just have to see if the order is the same or has switched. This is some evidence that you can tell the two colors apart, but maybe you were lucky, right? You had a 50% chance of guessing correctly, after all.

But now the same thing is repeated: the curtain is drawn, you friend either switches or doesn't switch the pens, and the curtain is opened again; and again you correctly, easily tell your friend whether or not they switched the pens. Random guessing for a string of two such trials only works 25% of the time.

For 10 such trials, the odds of always correct answers from just guessing has a less than 1/1,000 chance of success.

After enough trials, your friend is convinced you can tell the colors apart, without your ever having to tell them which is which!

Recall again that this is not only a physical world analogy to what happens with advanced complex algorithms, but also that more realistic examples in the physical world exist than 'I don't wanna tell them which pen is which color' as we saw before: not wanting to give away one's skill or knowledge between a person and a potential employer or between two businesses; or not wanting to give one ounce more personal financial information than the minimum we need to, to prove we're eligible for a produce, service or loan, for example.

It turns out that giving a zk-proof that you own, say, at least 3 Ether (units of Ethereum), can be accomplished in a similar probabilistic way that you convinced your colorblind friend that you could distinguish between two colors; each challenge question successfully met, increases the odds that you didn't just answer correctly by luck and enough such demonstrations —and the algorithm you set in motion and theirs can repeat a very large number of times, rather quickly— makes it eventually vanishingly unlikely that the tests were met by luck.

There are multiple zero knowledge related technologies (algorithms and implementations) so for a taste of what discussions concerning various types of zk technologies, with each having pros and cons, here's one posted in 2021 (things have been improving since then though certainly even today none exist without any drawback) whose basic points are relatively understandable by us non-experts.

Keep in mind that zk SNARKS as used in Zcash for example, no longer need or use, but used to need, a complex many person initiation to make it ultra unlikely that the tiniest electronic fingerprints (or cryptography toxic waste) exists that would be enough to crach things open.

That's no longer needed, but that's what the "trusted setup" refers to.

Don't worry about the meaning of those "collision resistant hash functions" (or peek at wikipedia) but notice how the rest of the elements of the analysis, like the size of the data or computational intensity or whether the tech is robust enough to withstand the quantum computers that eventually, will arrive, is not hard to follow as they discuss (OffShift link) and compare zk-SNARKS, zk-STARKS, and a related zk technology called Bulletproofs (Stanford link) in the excerpt below:
Most people who see SNARKs and STARKs side-by-side notice that STARKs are the more efficient version of the two systems. STARKs don't have to rely on a trusted setup, reducing the complexity of launching the network and eliminating any risk of collusion. They use a leaner cryptographic methodology that relies on collision-resistant hash functions as well, serving the additional benefit of making zk-STARKs quantum resistant. Such protection is possible because STARKs don't assume an attacker won't everage infinite processing power.

While zk-STARKs are more efficient than zk-SNARKs, they have one major drawback: the proof size for a zk-STARK is thousands of times larger than that of a zk-SNARK, which benefits from tiny proof sizes. This is no small matter. When transactions aren't burdened with the effort of proving the precise details of past transactions, and only effectively have to answer 'true' or 'false,' the computational requirements of a network are drastically reduced. Some networks like Filecoin are even leveraging zero knowledge *primarily* for its computation-conserving benefits, and only secondarily for its privacy component. The fact that zk-STARKs are thousands of times larger than zk-SNARKs eliminates one of the core benefits of the technology.

..Both SNARKs and STARKs have pioneered the zero knowledge ecosystem, but both struggle with drawbacks and minimal room for optimizations. Bulletproofs offer a performant compromise of the two: they require no trusted setup, and generate little to no network congestion. Finally, the size of a Bulletproof is a fraction of the size of a STARK proof

The Stanford link above states "However, verifying a bulletproof is more time consuming than verifying a SNARK proof." which is why the OffShift excerpt speaks of a "compromise" rather than claiming Bulletpoints are absolutely better than the first two.

ADD: zk-SNARKS can be used to prove to a bank (or any other party, maybe your rich neighbor) that you have high enough a credit score and income, to qualify for a loan, all without revealing your credit score, or income, or social security number; just a cryptographically guaranteed fact that the loaner would get that you meet-or-exceed their requirements and no more information than that!

Chainlink: "What Are Zero-Knowledge Proofs (ZKPs)?"
"What are Zero Knowledge Proofs? | Mina Protocol"
(World's smallest blockchain, using powerful cryptography allowing provably secure reference to previous stpes without larger size)


Chainlink: "What Are Zero-Knowledge Proofs (ZKPs)?
https://www.youtube.com/watch?v=7VmI8fRYHMQ

So it's not just this smaller project Mina (though their use of *recursive* (self-reference without growing in size no matter how many iterations) zk-SNARK use is impressive) but also Chainlink (above link), and Algorand, a blockchain started by an MIT professor who is a winner of computer science's version of the Nobel Prize, namely the Turing award.

In the coming months/quarters/years, we may refer to this post by subject line -- please let me know if anything could be cleared up (I might have pasted a broken sentence or two or even with a math error -- shudder -- but think it's mostly the cleaned up draft not first drafts pasted above) as you eventually will start hearing about it -- probably from the not-so-good uses by corporations/governments -- so you'll be tempted to say "it's all evil" (or fall for, "it's a panacea") but this shows it's a general tool and like today's internet (aka "Web 2.0") it will have good and bad uses -- but more powerful tools means the GOOD uses can be more and more empowering (just like today's Web 2.0 let us vlog against the establishment, while text-only internet days were still a huge step ahead of pre-internet, but let us only use text/email/text-discussion-boards)

But zk uses math for privacy for a win (or in the vicinity of it anyway) of a best of all worlds of decentralized openness AND personal privacy. Instead of "Worst of all worlds" that many if not all corporate/government projects will be. Please re-read if you need, but send us input by all means; the playing-cards and Where's Waldo do give a down to earth sense. And the "colorblidn friend" example above. Re-read and it makes sense..or most of it, right? :-) We had inspiring quotes and news updates for this extended weekend we were tempted to post instead of this..but decided ultimately this is too big not to include as the main item for this special weekend when many have more time.

Namaste, my sisters and brothers -- we can make progress towards a better world :-)



Min Explained 12 part video Playlist from Mina Protocol (keywords: blockchain, crypto) Or start playlist with first video playing.