Zero-Knowledge Proofs (opens in new tab)

They use additive homomorphic functions, not fully homomorphic functions, which is the one you’re talking about. If you only support one type of operation instead of two (+ and x) then it’s pretty straight forward (even RSA was additively homomorphic)

Do you think cryptographic hash functions are a means to compression?

Zkps are just hashes that can hash the execution of code rather than hashing static data ("dynamic hashes"?)

If it's sufficient to store a proof that you own a large dataset instead of the dataset itself, that obviously takes less space

You’re most likely referring to recursive zero knowledge proofs or zero knowledge proof composition, where a proof can verify proofs that can verify proofs. Which I don’t explain here unfortunately :)

Multi party computation

IE compute F(x,y,z) where I have x, you have y, and dang has z, and none of us want each other to know what our values are.

Probably multi-party computation.

Eg:

(1) This is my credit score, certified by XYZ agency, so please don't ask for my SSN so that you can lose it in a public database leak tmrw

(2) Here's a bug in your program, please give me the bug bounty and I will tell you the bug (can help stop sketchy bug bounty programs.)

(3) Your Certificate Transparency Provider can prove that, for the latest root, there was no change in your certificate. (This has less to do with privacy and more to do with the succinct verification properties of the latest zkps)

(4) Construct postquantum-secure signatures (eg: the Picnic signature scheme)

Generally, ZKPs provide selective disclosure: I can prove to you that some fact about me or my accounts is true, without revealing to you any other information. The SSN example is one, you could generalize that to taxes, bank statements, Keybase attestations, etc.

Things like proving sufficient income to apartments without giving them my paycheck info, better privacy in credit reporting, more privacy-conscious advertising.

I worked with the Brave team to sketch out how the latter could be done in their system. It's 1 of 10 proposals and iirc half are using ZKPs to reduce information given to advertisers.

I would guess they are even Zero Knowledge Proofs of Knowledge. With the witness being the actual password.

On second thought, whilst that might be colloquially true. It might not meet the actual definition. An extractor might be hard to build.

Possibly Zero Knowledge Password Proof?

The same way people buy stuff like marijuana, prostitution, alcohol where all those things are illegal, except people who have those preferences are few and far in between, whereas everybody and their brother is afraid of inflation, debasement and be diluted by the government and the Fed with the excuse of economic recovery.

My prediction is that over time people would simply find a btc dealer and pay them with wire transfer and lie to their bank about the reason of the transfer

Same thing with Paypal, credit cards etc. Every regular business is a potential dark crypto exchanger where a person goes there (either physically or online) and there is a tacit deal that they'd pay money but the business won't provide them any goods or services, they'd send them cryptocurrencies instead.

That's what true decentralization looks like, a global opaque market where each transaction ought to be negotiated individually between 2 parties.

LocalBitcoins.com tried, but people preferred the convenience of exchanges such as coinbase, they'd have to learn the hard way when government cracks down on those.

That's really unstoppable, you can never shut it down

A huge benefit is also that there would not be an notorious and advertised global price which people can point at and become envious about those who bought bitcoin at 0,01$. Those people are the biggest opposition to BTC/crypto. Not the environmentally concened, but those who think they missed the boat and and now want to gang up on crypto to destroy other people's gains and re-establish parity. Many environmentally concerned are just envious people who use the environment as the excuse , but they really can't stand the wealth differential which emerged between themselves who missed the boat and the early adopters.ff

Monero doesn't.

Zcash does, and they are planned to be implemented on Ethereum

https://github.com/matter-labs/awesome-zero-knowledge-proofs is more up to date.

Here's one, a podcast that tracks developments in ZKPs: https://www.zeroknowledge.fm/

The Waldo example is more an explanation of "what" a ZKP is than "how" a ZKP works. Not a terrible starting point, but yep, definitely doesn't capture the complexity of the real deal.

The best example is to show the actual zero-knowledge protocol for something simple, e.g. graph isomorphism. The protocol is short enough that anyone looking at it can intuitively understand correctness, and from there it's not much further to verify the zero-knowledge property either.

The explanations for interactive proofs are compelling, but the non-interactive variants are confusing. I don't understand how an infinite series of queries can be replaced by a static construction.

If you've got some resources that you'd be willing to share, I'd appreciate it.

Can you decompress that 21KB to the entire transaction history? I.e does this qualify as real compression, or is it the equivalent of a hash?