Skip to content

Zero Knowledge Proofs: not a privacy panacea in blockchain

by Bernhard Elsner - April 25, 2024

Zero Knowledge Proofs: Not a Privacy Panacea in Blockchain

by Canton Network - April 25, 2024

Zero-Knowledge Proofs (ZKPs) are a breakthrough in the field of cryptography, offering the ability for one party to prove to another that a given statement is true, without revealing any additional information beyond the validity of the statement itself. This cryptographic method has become increasingly associated with blockchain technologies, particularly for its potential to enhance privacy and scalability. However, there is a significant amount of confusion surrounding the role of ZKPs, especially when it comes to differentiating their use in zk-Rollups from their application in privacy enhancements.

Understanding zk-Rollups: Scalability Over Privacy

zk-Rollups are a popular application of ZKPs in blockchain, primarily used to enhance scalability rather than privacy. Examples are StarkNet, zkSync, Polygon zkEVM to name just a few. In zk-Rollups, transactions are processed in a batch or "rollup" and then translated into a single proof, with a new state root hash. This proof, along with the state root hashes and transaction call data, are published on the main chain (e.g. Ethereum). The computation and storage of the state are off-loaded to a secondary layer (L2), allowing for increased transaction throughput by reducing the data that needs to be processed directly by the main chain. However, it is crucial to note that this does not enhance privacy: transaction data is visible on the L1 chain, and all participants in the L2 can see the entire state and transaction details.

Privacy Pools and Anonymity

Another application of ZKPs in blockchain is in privacy pools, such as those used in ZCash or Tornado Cash. Users can deposit tokens into a pool where they are mixed with the same type of asset of many other users. During withdrawals, a ZKP is used to prove that the user made a deposit and that that deposit has not yet been withdrawn, while crucially not revealing which specific deposit is being withdrawn. This breaks the on-chain link between source and destination addresses. This application does provide a form of privacy - specifically enhanced pseudonymization - but requires careful handling to avoid other methods of tracking and linking transactions, such as network analysis or correlating user behavior patterns. Past challenges like those leading to the sanctioning of Tornado Cash may be overcome in the future. But it is important to note that these techniques only provide anonymous/pseudonymous token holding and transfers through mixing with many other users, not general confidentiality for smart contracts.

Private Smart Contracts: A Work in Progress

There is a fair amount of research to use ZKP to maintain private state on general purpose smart contracts. These are contracts where the state (information about balances, game states, etc.) is kept hidden from all parties except those explicitly authorized. The ZKP is used here to confirm that operations on this hidden data are executed correctly, without revealing the data itself. Typical use case examples that are shown are:

  • Battleship - Each side of the board is private to one of the players. The problem ZKPs solve here is that when player A “shoots” a field on player B’s board, and B reports a hit or miss, A can ascertain that B is telling the truth without learning anything more about B’s side of the board.
  • Tokens - The mapping from account to quantity is private. During a transfer, the user uses a ZKP to prove that the quantities on inputs and outputs match without revealing any of the quantities.

Promising Yet Early-Stage

Projects that explore such general ZKP privacy include Midnight, Aztec, Aleo, and Zokrates.

All projects in this space are still in the developmental phase. Toy examples like the above demonstrate the potential of ZKPs but also highlight the challenges of implementing such complex cryptographic tools in practical, real-world scenarios. I discussed these in more depth in the blog “Some Hard Truths About Blockchain”. One of the scariest in my view is the non-auditability of bug exploits.

Conclusion: A Mixed Bag for Privacy

In conclusion, while zero-knowledge proofs have been successfully applied for scalability and specific privacy-enhancing applications like token mixers, they are not a universal solution for privacy concerns in blockchain. The use of ZKPs in contexts like zk-Rollups does not inherently protect transaction details from being public. Moreover, the general-purpose use of ZKPs in smart contracts for private transactions remains an area of active research and development, rather than a widely adopted solution. As such, it is essential to continue developing and refining these technologies to address their limitations and fully realize their potential in enhancing blockchain privacy.

In the meantime, blockchain technologies like R3’s Corda or Canton Network use traditional cryptography and consensus algorithms with selective transaction distribution to provide real, fine-grained confidentiality and privacy within blockchain applications.

Scenario 2 


Intraday repo financing: releasing tokenized cash as collateral for variation margin. Investors could use tokenized bonds held in a bond registry application as collateral when requesting intraday repo financing via the financing application. Investors could then meet variation margin calls using the cash made available by the repo. These were DvP transactions, swapping the digital bonds for tokenized cash.

  • scene1_Plain

Get a walkthrough, discover the apps, and find out how to participate in the follow-on working groups

Discover more about the Canton Network with our webinar: Canton Pilot Demo: Real-world asset tokenization with connectivity and control

About Canton Network

The Canton Network is the financial industry’s first privacy-enabled interoperable blockchain network designed for institutional assets, launched by Digital Asset with the participation of a group of leading financial institutions, infrastructure providers, technology firms, and consultants on 9 May 2023. The Canton Network’s design overcomes the shortfalls of existing smart-contract blockchain networks, and enables previously siloed systems in finance to become interoperable and synchronized in ways that had been impossible before. Offering the privacy and controls required for highly regulated organizations, the Canton Network creates a safe and sound environment in which assets, data, and cash can move freely across applications in real-time, unlocking new efficiencies and powering innovation.