Zero-Knowledge Proofs (ZKPs) are a breakthrough in the field of cryptography, offering the ability for one party to prove to another that a given statement is true, without revealing any additional information beyond the validity of the statement itself. This cryptographic method has become increasingly associated with blockchain technologies, particularly for its potential to enhance privacy and scalability. However, there is a significant amount of confusion surrounding the role of ZKPs, especially when it comes to differentiating their use in zk-Rollups from their application in privacy enhancements.

Understanding zk-Rollups: Scalability Over Privacy

zk-Rollups are a popular application of ZKPs in blockchain, primarily used to enhance scalability rather than privacy. Examples are StarkNet, zkSync, Polygon zkEVM to name just a few. In zk-Rollups, transactions are processed in a batch or "rollup" and then translated into a single proof, with a new state root hash. This proof, along with the state root hashes and transaction call data, are published on the main chain (e.g. Ethereum). The computation and storage of the state are off-loaded to a secondary layer (L2), allowing for increased transaction throughput by reducing the data that needs to be processed directly by the main chain. However, it is crucial to note that this does not enhance privacy: transaction data is visible on the L1 chain, and all participants in the L2 can see the entire state and transaction details.

Privacy Pools and Anonymity

Another application of ZKPs in blockchain is in privacy pools, such as those used in ZCash or Tornado Cash. Users can deposit tokens into a pool where they are mixed with the same type of asset of many other users. During withdrawals, a ZKP is used to prove that the user made a deposit and that that deposit has not yet been withdrawn, while crucially not revealing which specific deposit is being withdrawn. This breaks the on-chain link between source and destination addresses. This application does provide a form of privacy - specifically enhanced pseudonymization - but requires careful handling to avoid other methods of tracking and linking transactions, such as network analysis or correlating user behavior patterns. Past challenges like those leading to the sanctioning of Tornado Cash may be overcome in the future. But it is important to note that these techniques only provide anonymous/pseudonymous token holding and transfers through mixing with many other users, not general confidentiality for smart contracts.

Private Smart Contracts: A Work in Progress

There is a fair amount of research to use ZKP to maintain private state on general purpose smart contracts. These are contracts where the state (information about balances, game states, etc.) is kept hidden from all parties except those explicitly authorized. The ZKP is used here to confirm that operations on this hidden data are executed correctly, without revealing the data itself. Typical use case examples that are shown are:

• Battleship - Each side of the board is private to one of the players. The problem ZKPs solve here is that when player A “shoots” a field on player B’s board, and B reports a hit or miss, A can ascertain that B is telling the truth without learning anything more about B’s side of the board.
• Tokens - The mapping from account to quantity is private. During a transfer, the user uses a ZKP to prove that the quantities on inputs and outputs match without revealing any of the quantities.

Promising Yet Early-Stage

Projects that explore such general ZKP privacy include Midnight, Aztec, Aleo, and Zokrates.

All projects in this space are still in the developmental phase. Toy examples like the above demonstrate the potential of ZKPs but also highlight the challenges of implementing such complex cryptographic tools in practical, real-world scenarios. I discussed these in more depth in the blog “Some Hard Truths About Blockchain”. One of the scariest in my view is the non-auditability of bug exploits.

Conclusion: A Mixed Bag for Privacy

In conclusion, while zero-knowledge proofs have been successfully applied for scalability and specific privacy-enhancing applications like token mixers, they are not a universal solution for privacy concerns in blockchain. The use of ZKPs in contexts like zk-Rollups does not inherently protect transaction details from being public. Moreover, the general-purpose use of ZKPs in smart contracts for private transactions remains an area of active research and development, rather than a widely adopted solution. As such, it is essential to continue developing and refining these technologies to address their limitations and fully realize their potential in enhancing blockchain privacy.

In the meantime, blockchain technologies like R3’s Corda or Canton Network use traditional cryptography and consensus algorithms with selective transaction distribution to provide real, fine-grained confidentiality and privacy within blockchain applications.