SNARKs and their broad use cases
By O(1) Labs
Previously in this series, we covered why we think SNARKs are the technology of the decade, along with some predictions and people to watch. This week, we're going to dive deeper into SNARKs and what they can be used for.
What is a SNARK?
To recap, zk-SNARKs are a specific type of zero-knowledge proofs, which take this paradigm shift even further and confer additional benefits. zk-SNARK stands for "Zero-knowledge Succinct Non-interactive Argument of Knowledge". Let's break down this acronym into its child components and see what they mean:
zero knowledge — this means that hidden inputs will not be revealed to the verifier. In other words, the verifier doesn't learn anything about the solution, only whether the solution was true or not.
succinct — this is the first additional benefit that SNARKs give — the proofs that are generated are small in size, in the order of a couple hundred bytes.
non-interactive — this is the second additional benefit — the two parties (prover and verifier) need not interact. Imagine if I could share the proof anonymously with an absolute stranger over the internet, and they would also be convinced.
argument of knowledge — this guarantees that as the prover, I know that there is a solution for the computation, and that I, specifically, know the solution. Practically, this means I couldn't generate a proof without having actually done the task.
If this is not clicking immediately, don't fear — it is a paradigm shift in thinking about what computations are, and we will be looking at this concept from other angles. It may help to also gain a sense of why this technology is useful, and why now.
Why are SNARKs useful?
So far so good. SNARKs seem pretty cool from the description above, but what are the practical uses of this new cryptographic tool? Broadly speaking they offer two main benefits to software applications:
privacy — the zero-knowledge property permits hiding sensitive or confidential data involved in a computation while still proving statements about it. Examples:
proving that your credit score is above 800, without revealing your credit score
proving that you did not transact with a blacklisted entity, without revealing your transactions
proving to an insurer that you do not have a certain gene, without revealing your entire genome
scalability — short verification times allow verifiers to quickly know that a computation was performed honestly without having to rerun the computation. This can be thought of as outsourcing a computation, while also retaining a "certificate" of it having been done. Examples:
receiving a proof that a very computationally expensive program yielded a certain result, without having to re-run the program (imagine the computation from Hitchhiker's Guide to the Galaxy that takes 7½ million years to compute)
receiving a proof that a blockchain is valid without having to replay all transactions from genesis. Additionally, now verifiers can store the proof, without having to retain the data in the blocks
Because SNARKs are still very new and the field is moving quickly, it's early days in terms of imagining what we can build. Hence, the state of the art is constantly improving. Next week, we'll explore the tradeoff space for SNARKS, so that we can better understand the research, and use the SNARK that's right for our use case.