摘自 https://medium.com/coinmonks/zk-snarks-a-realistic-zero-knowledge-example-and-deep-dive-c5e6eaa7131c?email=287494524%40qq.com
zk-SNARKs can be used in a wide array of areas, for example:
Verification of computation (centralized, decentralized)
Anonymous cryptocurrencies or cryptocurrencies that can enable use of zk-SNARKs in smart contracts, example: Zcash, Ethereum (protects user privacy)
Proof of provenance between public/private blockchains (a. Instead of recording all data of a transaction that occurs in a private blockchain onto a public blockchain, a proof can be stored on a public blockchain. This enables companies to keep their sensitive data secure, while proving provenance of a specific transaction.)
Authentication without passwords
Sharing information about one’s identity conditionally, for example: Alice is > 21 is true or false? (Age is not revealed), a zk-SNARK can be used to prove that Alice is over 21 while minimizing the trust needed between parties involved (ex: a. Sharing of PII, Health Data, Loan data)
Wider utilization of zk-SNARKs may change how data is stored. Perhaps companies may not need to keep as much data about their customers/users as they currently do. In the future, organizations could interact with blockchains and use zero-knowledge proofs to communicate with current processes, thus alleviating data leaks, further increasing privacy of user data, and reducing risk for organizations. Sharing of confidential data between people can also be further reduced. The applications of zero-knowledge proofs and self-sovereign identity will allow users to more fully protect their data, and further minimize data leakage as organization that own important aspects of one’s identity data will start to decline.
摘自 https://blog.decentriq.ch/zk-snarks-primer-part-one/
A ZKP allows a prover, let’s call her Peggy, to demonstrate beyond any reasonable doubt to a verifier, let’s call him Victor, that she knows some secret without revealing what the secret is. For example, Peggy might want to prove to Victor that she knows the factorization of a very large non-prime number without revealing the factors; or that she knows the solution to a given Sudoku puzzle without revealing it. More generally, ZKPs can be used as the building blocks for verifiable computation: a method of offloading computation from a weak client to a more computationally powerful worker, which enables the client to cryptographically verify the correctness of the computation that was carried out by the worker with a much smaller computational effort compared to executing the original program. This is an extremely powerful paradigm, which affects online privacy, scalability of DLT and mobile phone applications, as well as the security of cloud computing, among many other applications.Another very promising application of ZKPs lies in the field of machine learning. In this context, the technology can be used to prove possession of specific data without the need of full disclosure as well as to enable 3rd parties to verfiy that specific data has been used in the process of model training or prediction. OpenMined is a pioneering project that is actively working on multiple cryptographic primitives to create an ecosystem for private and secure machine-learning.
But what is a ZKP, really?
To oversimplify: represented on a computer, a ZKP is nothing more than a sequence of numbers, carefully computed by Peggy, together with a bunch of boolean checks that Victor can run in order to verify the proof of correctness for the computation. A zero-knowledge protocol is thus the mechanism used for deriving these numbers and defining the verification checks.
For on-chain applications it’s crucial that the generated proofs are as short as possible and ideally have a size independent of the problem instance as well as constant verification times.