A zero-knowledge proof can prove with a high degree of probability that one knows a secret without betraying the secret. This detection usually happens according to a question-and-answer protocol and has many applications in cryptography. One party tries to prove, the other party verifies. The verifier convinces the verifier with a certain probability that he knows a secret without disclosing information about the secret itself. The zero-knowledge proof is also called knowledge-free proof, knowledge-free protocol, zero-knowledge proof or zero-knowledge protocol.
Zero-knowledge protocols are used, among other things, for authentication. In the case of some cryptocurrencies such as Zcash or certain mobile payment services, they increase the anonymity of payment transactions.
Features
In practice, however, they are rarely used for authentication, as they usually require a high level of interaction, i.e. the exchange of many messages, for a sufficient level of security and are vulnerable to replay attacks. The standardized authentication protocols used in practical applications are instead based on digital signatures. However, there are also constructions that convert certain zero-knowledge protocols into non-interactive variants.
---
Zero-knowledge protocols are an extension of interactive evidence systems. In addition to the conditions of completeness and reliability of the interactive evidence systems, there is also the zero-knowledge property, which ensures that the verifier does not obtain any information about the secret.
In the case of a zero-knowledge protocol, a zero-knowledge protocol must meet three conditions:
- Completeness
- Reliability
- Zero-knowledge property: From the interaction between the prover and the verifier, no more knowledge may be gained than the (in)validity of the statement to be proved. A third party who follows the interaction between the prover and the verifier does not even know whether the prover even knows the secret (or whether the interaction was arranged).
