Editing Zero-knowledge proof (section)

== Applications ==

=== Authentication systems ===
Research in zero-knowledge proofs has been motivated by [[authentication]] systems where one party wants to prove its identity to a second party via some secret information (such as a password) but does not want the second party to learn anything about this secret. This is called a "zero-knowledge [[proof of knowledge]]". However, a password is typically too small or insufficiently random to be used in many schemes for zero-knowledge proofs of knowledge. A [[zero-knowledge password proof]] is a special kind of zero-knowledge proof of knowledge that addresses the limited size of passwords.{{citation needed|date=June 2021}}

In April 2015, the one-out-of-many proofs protocol (a [[Proof of knowledge#Sigma protocols|Sigma protocol]]) was introduced.<ref name=":1" /> In August 2021, [[Cloudflare]], an American web infrastructure and security company, decided to use the one-out-of-many proofs mechanism for private web verification using vendor hardware.<ref>{{Cite web|date=2021-08-12|title=Introducing Zero-Knowledge Proofs for Private Web attestation with Cross/Multi-Vendor Hardware|url=https://blog.cloudflare.com/introducing-zero-knowledge-proofs-for-private-web-attestation-with-cross-multi-vendor-hardware/|access-date=2021-08-18|website=The Cloudflare Blog|language=en}}</ref>

=== Ethical behavior ===
One of the uses of zero-knowledge proofs within cryptographic protocols is to enforce honest behavior while maintaining privacy. Roughly, the idea is to force a user to prove, using a zero-knowledge proof, that its behavior is correct according to the protocol.<ref name="knowledgecomplexity">{{Citation | last1=Goldwasser | first1=S. | last2=Micali | first2=S. | last3=Rackoff | first3=C. | title=The knowledge complexity of interactive proof systems | url=http://people.csail.mit.edu/silvio/Selected%20Scientific%20Papers/Proof%20Systems/The_Knowledge_Complexity_Of_Interactive_Proof_Systems.pdf | doi = 10.1137/0218012 | year=1989 | journal=SIAM Journal on Computing | issn=1095-7111 | volume=18 | issue=1 | pages=186–208}}</ref><ref>{{Cite book|last1=Abascal|first1=Jackson|last2=Faghihi Sereshgi|first2=Mohammad Hossein|last3=Hazay|first3=Carmit|last4=Ishai|first4=Yuval|last5=Venkitasubramaniam|first5=Muthuramakrishnan|title=Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security |chapter=Is the Classical GMW Paradigm Practical? The Case of Non-Interactive Actively Secure 2PC |date=2020-10-30|chapter-url=https://doi.org/10.1145/3372297.3423366|series=CCS '20|location=Virtual Event, USA|publisher=Association for Computing Machinery|pages=1591–1605|doi=10.1145/3372297.3423366|isbn=978-1-4503-7089-9|s2cid=226228208 }}</ref> Because of soundness, we know that the user must really act honestly in order to be able to provide a valid proof. Because of zero knowledge, we know that the user does not compromise the privacy of its secrets in the process of providing the proof.{{citation needed|date=June 2021}}

=== Nuclear disarmament ===
In 2016, the [[Princeton Plasma Physics Laboratory]] and [[Princeton University]] demonstrated a technique that may have applicability to future [[nuclear disarmament]] talks. It would allow inspectors to confirm whether or not an object is indeed a nuclear weapon without recording, sharing, or revealing the internal workings, which might be secret.<ref>{{cite web|title=PPPL and Princeton demonstrate novel technique that may have applicability to future nuclear disarmament talks - Princeton Plasma Physics Lab|url=http://www.pppl.gov/news/2016/09/pppl-and-princeton-demonstrate-novel-technique-may-have-applicability-future-nuclear|url-status=dead|archive-url=https://web.archive.org/web/20170703142802/https://www.pppl.gov/news/2016/09/pppl-and-princeton-demonstrate-novel-technique-may-have-applicability-future-nuclear|archive-date=2017-07-03|website=www.pppl.gov}}</ref>

=== Blockchains ===
Zero-knowledge proofs were applied in the [[Zerocoin protocol|Zerocoin]] and Zerocash protocols, which culminated in the birth of [[Zcoin]]<ref name="Hellwig 2020"/> (later rebranded as [[Firo (cryptocurrency)|Firo]] in 2020)<ref>{{cite web |last1=Hurst |first1=Samantha |title=Zcoin Announces Rebranding to New Name & Ticker "Firo" |date=28 October 2020 |url=https://www.crowdfundinsider.com/2020/10/168504-zcoin-announces-rebranding-to-new-name-ticker-firo/ |publisher=Crowdfund Insider |access-date=4 November 2020 |archive-url=https://web.archive.org/web/20201101141745/https://www.crowdfundinsider.com/2020/10/168504-zcoin-announces-rebranding-to-new-name-ticker-firo/ |archive-date=1 November 2020}}</ref> and [[Zcash]] cryptocurrencies in 2016. Zerocoin has a built-in mixing model that does not trust any peers or centralised mixing providers to ensure anonymity.<ref name="Hellwig 2020"/> Users can transact in a base currency and can cycle the currency into and out of Zerocoins.<ref>{{cite book|last1=Bonneau|first1=J|last2=Miller|first2=A|last3=Clark|first3=J|last4=Narayanan|first4=A|title=2015 IEEE Symposium on Security and Privacy|chapter=SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies|date=2015|chapter-url=https://ieeexplore.ieee.org/document/7163021|location=San Jose, California|pages=104–121|doi=10.1109/SP.2015.14|isbn=978-1-4673-6949-7|s2cid=549362}}</ref> The Zerocash protocol uses a similar model (a variant known as a [[non-interactive zero-knowledge proof]])<ref>{{cite web|last1=Ben-Sasson|first1=Eli|last2=Chiesa|first2=Alessandro|last3=Garman|first3=Christina|last4=Green|first4=Matthew|last5=Miers|first5=Ian|last6=Tromer|first6=Eran|last7=Virza|first7=Madars|title=Zerocash: Decentralized Anonymous Payments from Bitcoin|url=http://zerocash-project.org/media/pdf/zerocash-extended-20140518.pdf|publisher=IEEE|access-date=26 January 2016|date=18 May 2014}}</ref> except that it can obscure the transaction amount, while Zerocoin cannot. Given significant restrictions of transaction data on the Zerocash network, Zerocash is less prone to privacy timing attacks when compared to Zerocoin. However, this additional layer of privacy can cause potentially undetected hyperinflation of Zerocash supply because fraudulent coins cannot be tracked.<ref name="Hellwig 2020">{{cite book |last1=Hellwig |first1=Daniel |last2=Karlic |first2=Goran |last3=Huchzermeier |first3=Arnd |title=Build Your Own Blockchain |series=Management for Professionals |date=3 May 2020 |publisher=SpringerLink |isbn=9783030401429 |page=112 |chapter-url=https://link.springer.com/chapter/10.1007/978-3-030-40142-9_5 |access-date=3 December 2020 |chapter=Privacy and Anonymity|doi=10.1007/978-3-030-40142-9_5 |s2cid=219058406 }}</ref><ref>{{Cite news|url=https://www.technologyreview.com/s/609448/a-mind-bending-cryptographic-trick-promises-to-take-blockchains-mainstream|title=A mind-bending cryptographic trick promises to take blockchains mainstream|last=Orcutt|first=Mike|work=MIT Technology Review|access-date=2017-12-18|language=en}}</ref>

In 2018, Bulletproofs were introduced. Bulletproofs are an improvement from non-interactive zero-knowledge proofs where a trusted setup is not needed.<ref name="Bulletproofs">{{cite book |last1=Bünz |first1=B |last2=Bootle |first2=D |last3=Boneh |first3=A |title=2018 IEEE Symposium on Security and Privacy (SP) |chapter=Bulletproofs: Short Proofs for Confidential Transactions and More |date=2018 |pages=315–334 |doi=10.1109/SP.2018.00020 |location=San Francisco, California|isbn=978-1-5386-4353-2 |s2cid=3337741 |doi-access=free }}</ref> It was later implemented into the [[Mimblewimble]] protocol (which the Grin and Beam cryptocurrencies are based upon) and [[Monero (cryptocurrency)|Monero cryptocurrency]].<ref>{{cite web |last1=Odendaal |first1=Hansie |last2=Sharrock |first2=Cayle |last3=Heerden |first3=SW |title=Bulletproofs and Mimblewimble |url=https://tlu.tarilabs.com/cryptography/bulletproofs-and-mimblewimble/MainReport.html#current-and-past-efforts |publisher=Tari Labs University |access-date=3 December 2020 |archive-url=https://web.archive.org/web/20200929160834/https://tlu.tarilabs.com/cryptography/bulletproofs-and-mimblewimble/MainReport.html |archive-date=29 September 2020}}</ref> In 2019, Firo implemented the Sigma protocol, which is an improvement on the Zerocoin protocol without trusted setup.<ref>{{cite news |last1=Andrew |first1=Munro |title=Zcoin cryptocurrency introduces zero knowledge proofs with no trusted set-up |url=https://www.finder.com.au/zcoin-cryptocurrency-introduces-zero-knowledge-proofs-with-no-trusted-setup |access-date=30 July 2019 |publisher=Finder Australia |date=30 July 2019 |archive-url=https://web.archive.org/web/20190730210721/https://www.finder.com.au/zcoin-cryptocurrency-introduces-zero-knowledge-proofs-with-no-trusted-setup |archive-date=30 July 2019}}</ref><ref name=":1">{{cite book |last1=Groth |first1=J |last2=Kohlweiss |first2=M |title=Advances in Cryptology - EUROCRYPT 2015 |chapter=One-Out-of-Many Proofs: Or How to Leak a Secret and Spend a Coin |series=Lecture Notes in Computer Science |date=14 April 2015 |volume=9057 |pages=253–280 |doi=10.1007/978-3-662-46803-6_9 |publisher=EUROCRYPT 2015 |location=Berlin, Heidelberg|hdl=20.500.11820/f6ec5d8f-cfda-4f56-9bd0-d9222b8d9a43 |isbn=978-3-662-46802-9 |s2cid=16708805 |chapter-url=https://www.research.ed.ac.uk/en/publications/f6ec5d8f-cfda-4f56-9bd0-d9222b8d9a43 |hdl-access=free }}</ref> In the same year, Firo introduced the Lelantus protocol, an improvement on the Sigma protocol, where the former hides the origin and amount of a transaction.<ref>{{cite journal |last1=Aram |first1=Jivanyan |title=Lelantus: Towards Confidentiality and Anonymity of Blockchain Transactions from Standard Assumptions |journal=Cryptology ePrint Archive |date=7 April 2019 |issue=Report 373 |url=https://eprint.iacr.org/2019/373 |access-date=14 April 2019}}</ref>

=== Decentralized Identifiers ===
Zero-knowledge proofs by their nature can enhance privacy in identity-sharing systems, which are vulnerable to data breaches and identity theft. When integrated to a [[Decentralized identifier|decentralized identifier]] system, ZKPs add an extra layer of encryption on DID documents.<ref>{{Cite journal |last1=Zhou |first1=Lu |last2=Diro |first2=Abebe |last3=Saini |first3=Akanksha |last4=Kaisar |first4=Shahriar |last5=Hiep |first5=Pham Cong |date=2024-02-01 |title=Leveraging zero knowledge proofs for blockchain-based identity sharing: A survey of advancements, challenges and opportunities |journal=Journal of Information Security and Applications |volume=80 |pages=103678 |doi=10.1016/j.jisa.2023.103678 |issn=2214-2126|doi-access=free }}</ref>