Zero Knowledge Proof and its Applications in Bitcoin

After introducing zero knowledge proof (ZKP) through an example, we demonstrate how it can be used as a powerful tool to increase privacy and further develop many applications building atop. We have implemented a ZKP-based escrow for purchasing physical goods using bitcoin.

Zero Knowledge Proof

Where’s Waldo?

Finding Waldo

Peggy (the prover) tells Victor (the verifier) that she knows where Waldo is in a scene but she doesn’t want to show him where exactly he is. So, how can she prove to him that she has found Waldo without showing his exact position?

Peggy finds a large piece of cardboard and cuts a Waldo shaped hole right in the middle.

Cardboard with a Waldo shape cut

She then takes the Where’s Waldo scene (which is on a piece of paper) and tapes it to the back of the cardboard so that Waldo is occupying the Waldo shaped hole in the center. Victor should stand in front of the cardboard while Peggy is taping it up.

The back and the front of the cardboard

When Victor sees Waldo through the hole, he is convinced that Peggy’s claim is valid, while not knowing Waldo’s exact location. That is a zero knowledge proof.

Cardboard big enough to hide the puzzle

Applications in Bitcoin

Escrow via encrypt-and-swap¹

Then, Alice sends the fund to a shared public key S = A+B, to pay for the goods.

  • In the absence of a dispute, Alice sends a to Bob, who can move the fund.
  • In the presence of a dispute, the escrow chooses a winner. If the winner is Bob, he sends c to the escrow. The escrow decrypts c to get a and sends it back to Bob, who can redeem the fund. Likewise, Alice can take the fund if she is the winner.

There are several advantages compared with a traditional 2-of-3 multisig escrow:

  • Funds are locked in a normal bitcoin P2PKH address. Only parties involved know an escrow is involved, increasing privacy.
  • The escrow does not have to participate to deposit or withdraw funds when there is no dispute, potentially reducing its operating cost.

We have implemented the full protocol and the ZKP part of the code is listed below.

ZKP-based escrow full code

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
sCrypt

sCrypt (https://scrypt.io) is a company with a mission to provide integrated on-chain smart contracting solutions on Bitcoin Satoshi Vision