I quite like the internet; I think it’s changed the world for the better overall. And therefore I quite like its inventor, Sir Tim Berners Lee. Smart guy, made it happen, well played sir.
His new project is called Solid, and there are some aspects of it that are attempting to achieve the same outcomes as blockchain - most notably that individuals, rather than large companies, should own their online data. I listened to a podcast recently where Tim was discussing Solid, and naturally the interviewer asked him about his views on Blockchain.
“The same data has to be put on every single node on the blockchain. So your medical data has now been put on every node on the blockchain. So it’s completely public, your medical data is public. It’s also expensive, because of Gas fees. You have to pay Bitcoin to er.. to er.. put something on the Bitcoin.”
“And also it’s SLOW. The whole block chain process …. is slow.”
“So….. it’s public. Which is not what you want for you medical data. It’s expensive. And it’s slow.”
Now I’m not in the business of arguing with legends, and I’d like to caveat what I’m about to say with the statement that Sir Tim definitely knows a ton more about blockchain and technology than I do. Hopefully that goes without saying. But I’d just like to tentatively raise my hand a tiny little incy bit and ask / suggest / beg for forgiveness your most praise worthy technologist upon high for proposing / intimating / suggesting that Tim might have forgotten about the secret weapon of blockchain whilst making his comments. Zero Knowledge Proofs (ZKPs).
ZKPs make blockchains totally private, fast and cheap. So they’re important, which is why I want you to understand them - and why I’m taking on the almost impossible task of explaining an almost impossible concept in typed out words in a blog that you’ve probably stopped reading by now cos you hate me for disagreeing with Sir Tim. But what the heck…
[As with most of my blogs, the below is simplified a little for ease of explanation].
ZKPs involve two parties. A prover (call him Dave) and a verifier (call her Kate). I dunno, whatever…!
Now Dave has some data that he wants to prove to Kate that he knows (yes, Sir Tim, it could be a medical record). He wants Kate to know that he knows something, but he doesn’t want to tell her what he knows because it’s secret. But Kate is the verifier, she’s the one that’s going to sign off to the whole world that Dave is the rightful owner of this data and that he knows things about it that he can totally prove. And Kate’s going to get cussed hard if she verifies this thing and Dave turns out to not know shit… Impossible, right. How the heck is that gonna work?!
This is where, obviously, we need a Wally. I’m gonna try this… it might not work.. just go with me… Hi Wally.
Let’s say Dave is sitting in a room with Kate, and he pulls out an A4 size piece of paper with a Where’s Wally? picture on it. Like this.
Now, he doesn’t want Kate to have all the information in the picture, he kinda just lets her glance at it. He wants to prove to Kate that he knows where Wally is in the picture, but he doesn’t want her to know where he is. So he goes and gets an A3 piece of paper (that’s larger than A4 just in case), and puts a little hole in the paper in a random spot. He then places the hole right above Wally’s head, and gets her to look through the hole. There’s Wally!
He takes the A3 paper again, makes another hole in a random spot, moves the Where’s Wally image on the A4 paper around a bit behind the A3 piece, lines it up, and boom! She looks through, and sees Wally’s face.
And this carries on for a bit until they both get bored and Kate decides yep, fair enough, that first one wasn’t luck, Dave definitely knows where Wally is.
Now she knows nothing about the picture. She has no knowledge of what’s in that picture, or where Wally is in it. But she knows for certain that Dave knows where Wally is.
She has proof, with zero knowledge, that something is true.
Here’s another example:
Imagine your friend Gary is red-green colour-blind (while you are not) and you have two balls: one red and one green, but otherwise identical. To Gary, the balls seem completely identical; quite frankly, he’s skeptical that the balls are actually different. You want to prove to Gary that the balls are in fact different, but nothing else. In particular, you don’t want to reveal which ball is the red one and which is the green.
You give the two balls to Gary and he puts them behind his back. Next, he takes one of the balls and bring it out from behind his back and shows it to you. He then places it behind his back again and then chooses to reveal just one of the two balls, picking one of the two at random with equal probability. "Did I switch the ball?", he asks. This whole procedure is then repeated as often as necessary.
By looking at the balls' colours, you can, of course, tell him with certainty whether or not he switched them. On the other hand (s’cuse the pun), if the balls were the same colour and hence indistinguishable, there is no way you could guess correctly with probability higher than 50%.
Since the probability that you would have randomly succeeded at identifying each switch/non-switch is 50%, the probability of having randomly succeeded at all switch/non-switches approaches zero - i.e you’d get it right all the time. If you and Gary repeat this multiple times, he should eventually become convinced that the balls are indeed differently coloured.
He has proof, with zero knowledge, that something is true. But he doesn’t know what it is. The reason for giving this second example is it’s a little more like how ZKPs work; there’s a process of iteration that starts with a likley probability that trends towards zero such that the thing that hasn’t been revealed (what colour each of the balls is) hasn’t been revealed, but that they are different must be true.
As with pretty much all of my blogs, we return to the inevitable, most frequently asked question: why the heck should I care?!
Fair play.
Well let’s start with Tim’s main issue about your medical records being public. Hashing, combined with public and private key cryptography and ZKPs mean that data can be stored on nodes in the blockchain without being made public. That’s kind of just that.
For the bits on speed and cost, we have to delve a little more into how blockchains work and we’ll do that by focusing on Ethereum.
Here’s a picture of a forest just to keep it fresh and light.
Ethereum is the MVP of the blockchain world, it’s the main man, the leader of the field. This is in part because it creates the secure, global, digital, peer to peer transfer of value that we know and love about blockchains, but it is also able to execute smart contracts, which I wrote about before here.
That’s all super fresh and we’re all pumping our hands in the air chanting ‘Go Vitalik’ (even if you do look a little weird).
The problem with this right now is that all this data and all this stuff that the blockchain is doing to execute smart contracts makes it kinda slow and kinda expensive (I bow to you, oh Tim of Webbery).
What would be super helpful is if some of the data computations could be done outside of the Ethereum blockchain without sacrificing security and speed. This would mean that the main blockchain would only need to store a smaller amount of data about the block, rather than storing all the details of each individual transaction. It’s kind of like having your fish filleted in the fishmonger before you make your fish pie. Less work when you get home and it’s quicker.
This is actually being done at the moment by something called Zero Knowledge Roll Ups (or zk-rollups). This process verifies a batch of transactions without revealing any of the details of those transactions using ZKPs - it's like bundling up a bunch of small transactions into one big package, and then using a special technique to make sure that package is safe and secure. This is then passed on to the Ethereum blockchain which provides the security via its consensus mechanism.
So a zk-rollup is a way to make blockchain transactions faster and cheaper without sacrificing security. It works by grouping together multiple transactions into a single batch, which is then verified by a smart contract on the blockchain.
This makes zk-rollups much more efficient than traditional blockchain transactions, since they require much less storage space and computational power. And because they use zero-knowledge proofs, they are just as secure as regular blockchain transactions.
So there you have it. I raised my hand. I made my point. I’m sure Sir Tim knows something I don’t know. But if I’d been the interviewer, I might have asked ‘what about Zero Knowledge Proofs?’.