Zero-knowledge proofs are one of the most significant developments in cryptography since the invention of public-key crypto in the 1970s. But what exactly are they, what are they useful for, and what is their relevance to Freenet?
What Are Zero-Knowledge Proofs?
In essence, zero-knowledge proofs (ZKPs) allow one party to prove that they have some secret information, but without revealing anything about the information itself. For example, you could prove that you have some data that satisfies a certain condition like hashing to a particular value, without revealing the data itself.
Why Are They Important?
Zero-knowledge proofs serve as the backbone of various privacy-preserving technologies and applications. One of the most notable examples is their use in anonymous cryptocurrencies like Zcash. In a standard blockchain like Bitcoin, transactions are visible to everyone to ensure that the same Bitcoins can't be spent twice, but this transparency compromises user
privacy. With ZKPs, Zcash allows users to transact without revealing the sender, receiver, or transaction amount, thus preserving anonymity while maintaining the blockchain's security.
Below we'll explore another application in anonymous reputation systems. This will allow users to establish trust or credibility within a network without exposing their transaction history.
Why are they Important for Freenet?
Freenet relies on a peer-to-peer network where data storage and computation happen on a machine you don't necessarily trust. Then how do you ensure that these untrusted peers are executing the code honestly and aren't tampering with the data, without revealing private information? Traditional cryptographic methods only go so far in verifying the integrity of these remote operations.
By using ZKPs, Freenet can run code on untrusted peers and cryptographically verify that these peers are behaving as expected—without exposing the data being processed or stored.
An Anonymous Reputation System based on Zero-Knowledge Proofs
This protocol serves as a conceptual framework for creating a trust system for transactions on Freenet, while preserving user anonymity. It is not intended as a comprehensive or rigorous design, but rather as a basis for discussion and further development.
1. Initial Agreement:
Alice and Bob agree to a transaction. They generate and exchange feedback tokens, in which each signs the other's public key together with a unique transaction ID. The protocol will be described below from Alice's perspective but typically it will be used in both directions.
The transaction proceeds as intended between Alice and Bob.
3. Alice generates a feedback receipt:
After the transaction, Alice prepares her feedback whether positive or negative. Using a zero-knowledge proof mechanism, she combines her feedback with Bob's token to generate a receipt. The receipt verifies:
- That Alice and Bob are not the same person
- That Alice has a valid feedback token from Bob
- That Alice is the one providing feedback
- That Alice and Bob are entitled to participate in the reputation system
The receipt does not reveal:
- Alice's identity
4. Alice logs her feedback:
Alice then logs her feedback on Bob's public feedback record on Freenet, which verifies the receipt generated by Alice. This record is non-repudiable, meaning that it cannot be modified by Bob.
The essence of this protocol is to allow users to provide transaction feedback anonymously. Zero-knowledge proofs ensure the feedback is genuine and linked to the correct transaction, keeping the process transparent yet private. This anonymity fosters a trustworthy environment for transactions on Freenet, making it a more reliable platform for users who prioritize privacy.
Zero-knowledge proofs are almost magical, but they also come with a drawback: computational cost. Generating a zero-knowledge proof can take seconds to minutes, depending on the proof's complexity. This delay is a hurdle in real-world applications where quick transactions are essential.
Despite these challenges, the technology is progressing rapidly. One noteworthy tool is RISC Zero, which allows you to write nearly any Rust code and transform it into a zero-knowledge proof. This is particularly suited to Freenet, which is implemented in Rust.