In the presentation below, Laurence Kirk, CEO of Extropy.io, presented on Zero-Knowledge Proof and how it could be applied to Oracles, focusing on the challenges in data verification and privacy standards.
Below are major highlights from his presentation.
What Is Extropy?
Extropy is a consultancy firm that offers auditing and software development services for , Distributed Ledger Technologies and Cryptography. The company was founded in 2015 by Laurence Kirk to make blockchain knowledge more easily available to everyone. In line with this objective, they offer many free technical tutorials on topics such as smart contract development, Zero-Knowledge Proofs, Advanced EVM and Business aspects of the Blockchain.
Zero-knowledge proofs (ZKPs) first appeared in an MIT paper published in 1985. It was defined as a method by which one party (the prover) could prove to another party (the verifier) that something is true without revealing any private information (the witness). The concept is beneficial for scenarios in which privacy and security are essential, making it perfect for privacy-preserving blockchain applications, creating decentralised identifiers (DIDs) and scaling solutions.
The earliest versions of ZKPs involved repeated interaction between the prover and verifier, but in 1988, the non-interactive ZKP was introduced. It was from this breakthrough that zero-knowledge Succinct Non-interactive Argument of Knowledge (zk-SNARK) and the zero-knowledge Scalable Transparent Argument of Knowledge (zk-STARK) was designed. Both methods are fairly similar, but SNARKS are succinct, meaning that the zero-knowledge proof is smaller than the witness and can be verified within a few milliseconds. Zcash was the first widespread application of zk-SNARKs. On the other hand, STARKS require a less complex setup. They are also scalable and resistant to quantum attacks.
Decentralised IDs, Verifiable Credentials and ZKPs
In a survey conducted on data collection and privacy, 93% of Americans considered it important to be able to control access to their personal data. With statistics like this, it is no surprise that the adoption of decentralised identity (DID) systems has risen.
The decentralised identity system consists of four main pillars: Blockchain, Decentralized Identity wallet, Identifiers and Verifiable Credentials (VC). Decentralised Identity wallets are apps like Civic Pass that allow users to create their decentralised identifiers and manage their Verifiable Credentials. DIDs are unique alphanumeric identifiers containing details like public key and verification information. Lastly, Verifiable Credentials are secure digital credentials used to prove certain user information. The first VC has to be issued by real-world centralised bodies, but after this, users can use claims contained in that credential to obtain further VCs, which will be connected to their core DID and stored in their wallet. The most important feature of DID systems is that users, rather than the providers of the wallet, are in complete control of their data and decide how it is shared and to whom.
In 2018, a set of data privacy laws, the GDPR, were formulated to give European consumers more control over how their personal data is handled and disseminated by companies. One of the stipulations was that blockchains should be “privacy-preserving by design”. The immutability and broad availability of data on public blockchains is an obvious challenge for developers who struggle to provide secure data without infringing on their users’ privacy.
This is where Zero-Knowledge Proofs come in. ZK systems provide a means of verifying claims regarding the possession of data without exposing it and this, in turn, enhances privacy and security of the system. While DIDs aren’t perfect yet, they provide autonomy and security in a way that centralised IDs do not.
Challenges Experienced in Using Zero-Knowledge Proofs with Oracles
Firstly, some approaches to oracles require specific hardware, such as secure enclaves, to provide a trusted execution environment (TEE). TEEs feature built-in cryptography that helps to verify the accuracy of certain computations. Furthermore, anonymity and the lack of staking can be a disadvantage when providing data. Checks must be put in place to prevent misuse of power and to punish bad actors on the network. Another thing to be improved upon is the resistance against Sybil attacks. The goal of a Sybil attack is to gain control of a network by creating multiple fake identities and using them to gain a majority of influence. This allows the attacker to manipulate the network and undermine its integrity or reputation.
Addressing these Challenges
During his presentation, Laurence highlights the work being done to address some of the challenges mentioned above, as well as to further accelerate the applications of ZKPs. First, he describes an experiment conducted by the Extropy team using ZK-STARKS to check and prove the correctness of oracle computations. The Solana ecosystem has also developed proof-of-history (PoH) which focuses on the ordering of transactions in blockchains. Solana’s PoH is a cryptographic clock that guarantees when a transaction occurs by timestamping data. Verifiable Random Functions (VRF) is another key aspect of cryptography that makes use of ZKPs to generate tamper-proof and verifiable randomness in blockchain. Some use cases that can be powered by combining VRF with oracles include blockchain lotteries, fair NFT distribution and new in-game features like loot boxes and reward programs for on-chain gaming.
Besides these technological advancements, Laurence also mentions some protocols that are working on certain privacy preserving aspects to protect or validate their data, including;
- DECO: A privacy-preserving oracle protocol that allows private data from unmodified web servers to be relayed safely.
- Interep: An anti-Sybil identity layer for bridging web2 users to Web3.
- Town Crier: An oracle providing confidential and trusted data sources.
- Tellor: A transparent and permissionless oracle protocol to get any data on-chain quickly. Learn more about Tellor from their talk at BOS22.
- Semaphore: A protocol that allows Ethereum users to prove their membership without revealing their original identity.
- Chainlink 2.0: An oracle network with a special focus on hybrid smart contracts that make use of real world data. Learn more about Chainlink from their talk at BOS22
Laurence concluded the talk by noting that while integrating ZKPs and Oracles would be incredibly challenging, it also has the potential to enable many exciting new use cases. And he expressed optimism about protocols working towards that goal. Laurence pointed out that the current solutions were focused on DeFi and finances. The ultimate test of ZKPs and Oracles would be when they are integrated into the Healthcare sector.
The Blockchain Oracle Summit was the world’s first conference to focus solely on the crucial role of oracles in the larger blockchain ecosystem and their limitations. Leading speakers from around the globe gathered in Berlin to share their work and experience building and using oracle solutions.