What are zero-knowledge proofs? A complete guide

Zero-knowledge proofs (ZKPs) are a highly secure form of proving knowledge without transmitting the data itself. ZKP is often overlooked in discussions about privacy, despite its role in anonymity and data security.

Regardless of its relative public obscurity, the technology, scalability, and security benefits, when combined with encryption, create a highly secure environment for data.

This article will walk you through what ZKP is, how it works, and where it’s used, so you’ll understand how ZKPs differ from traditional encryption protocols and why they matter in privacy and security discussions.

Note: ExpressVPN provides consumer privacy tools, while zero-knowledge proofs are a cryptographic system used in different contexts. We cover this topic as part of the broader conversation on digital privacy. ExpressVPN also accepts cryptocurrency as a payment option, as some customers prefer this for additional payment privacy.

Zero-knowledge proofs explained: Proving without revealing

Imagine a circular cave with two entrances and a magic door in the middle that opens only with a secret word. A person claims to know the word but refuses to share it. They enter the cave from one side (you don’t know which) and exit from the one you ask them to.If they succeed repeatedly, despite random requests, it becomes statistically highly improbable that they’re guessing and entering the cave from the same side you’ll then ask them to come out from. This proves they know the word (and can therefore open the door in the middle of the cave if needed to get to the other side) without ever revealing it.

This is a classic example of a zero-knowledge proof: a challenge that allows someone to prove they know a secret, like a password, cryptographic key, or puzzle solution, without sharing the actual information.

The prover solves challenges that could only be solved correctly if they knew the secret they claim to know. This mechanism prevents leaks, tampering, or impersonation and makes ZKP ideal for use in secure identification where data exposure must be avoided entirely.

Zero-knowledge proof setup and process

ZKP always involves two roles: that of the prover and that of the verifier. The prover knows a secret and wants to convince the verifier that this is so without revealing the secret.

This is done through a challenge-response model. The verifier issues a random challenge based on a known problem. The prover responds by correctly solving the challenge. Depending on how the challenge is designed, this can mean two things:

1. There is only one explanation: the prover knows the underlying secret.
2. There are two explanations (like in our cave example above): the prover knows the underlying secret, or they’ve guessed the solution by accident. By repeating the challenge multiple times, however, the probability of deception shrinks until it becomes negligible (more on that below), and the only remaining explanation is that the prover does indeed know the underlying secret.

Interactive vs. non-interactive proofs

The first type of ZKP is called non-interactive. That’s because it only requires one round of communication.

Non-interactive proofs, such as zk-SNARKs, eliminate the threat of fooling the verifier by using cryptographic hash functions and public parameters (predefined values or pieces of information that both the prover and verifier know and agree on before the proof process starts) to prevent cheating, so the verifier can trust the result without further back-and-forth.

Because they don’t require both parties to be online at the same time, non-interactive proofs are more scalable and work well in decentralized systems where live communication isn’t practical.

The second type is called interactive. It requires multiple rounds of communication because there is technically a chance for the prover to guess the answer, but this chance quickly becomes astronomically low after just a few repetitions of the challenge. Let’s see how this works.

Imagine that a dishonest prover has a 50% chance to fool the verifier in one round of verification (as in our example with the cave, where there are two exits). Across 40 rounds of verification, this 50% chance (or 0.5 probability) becomes a 0.0000000000009094947% chance, which is less than 1 in a trillion.

Real-world use cases of zero-knowledge proofs

Zero-knowledge proofs might sound like abstract, brainy puzzles, and when they were first introduced by cryptographers in the 1980s, they were largely just that: a theoretical breakthrough. But over time, advances in computing and cryptographic research turned this idea into a practical tool.

Starting in the 2010s and accelerating throughout the 2020s, zero-knowledge proofs began solving real-world problems, especially in areas where privacy and security matter most. From securing blockchain transactions to protecting sensitive identity data, they’re now at the heart of technologies that prove something is true without revealing the underlying information. Let’s take a look at how zero-knowledge proofs are being used today.

• Blockchain and cryptocurrencies: Zero-knowledge proofs have become widely adopted and used in privacy-focused cryptocurrencies and blockchain scaling solutions. ZKPs also support smart contract execution and fraud proofs while preserving confidentiality, reducing transaction costs, and improving scalability across decentralized networks.
• Decentralized identity verification: ZKPs enable users to prove attributes, like age, citizenship, and credentials, without exposing personal data. Solutions like IDen3 use ZKPs for self-sovereign identity systems. In these, users maintain control over their information and only share what’s necessary. This keeps user data secure while helping to maintain compliance with data regulation laws like the GDPR.
• Secure voting systems: Researchers have explored the use of zero-knowledge proofs in end-to-end verifiable voting systems, where voters can confirm their vote was counted without revealing its contents. In theory, ZKPs can help protect anonymity, integrity, and auditability in digital elections and may serve as a safeguard against vote tampering.
• Verifiable computation in cloud services: ZKPs allow cloud providers to prove that they’ve performed computations correctly without revealing the input or output data. It’s essential in services within fields like the healthcare industry. It lets clients outsource computation while maintaining confidentiality, data control, and proof of correctness.

Types of zero-knowledge proofs

As zero-knowledge proofs have moved from theory to real-world use, several distinct types have emerged, each designed to balance performance, security, and scalability in different ways.

One major difference between these systems is whether they require something called a trusted setup, which is a one-time process that generates shared cryptographic parameters needed for the system to function.

In systems like zk-SNARKs or PLONK, this setup creates what’s known as a common reference string, part of which must remain secret. If that secret (often called “toxic waste”) is leaked or retained by someone involved in the setup, it could allow them to create fake proofs that appear valid.

Imagine a lottery system where everyone trusts that the dice are fair. If the dice were secretly weighted during setup, the whole system would be compromised. The same idea applies here: if the setup is tampered with, the integrity of the zero-knowledge proofs is at risk.

To reduce this risk, some projects use complex multi-party ceremonies to generate the parameters securely. Other systems, like zk-STARKs and Bulletproofs, skip the trusted setup entirely, offering what's known as transparent security, which removes the need to trust anyone at the outset.

Let’s take a closer look at the most widely used types of zero-knowledge proofs: zk-SNARKs, zk-STARKs, PLONK, and Bulletproofs.

• zk-SNARKs: Short for Zero-Knowledge Succinct Non-Interactive Argument of Knowledge, zk-SNARKs allow for extremely compact and fast-to-verify proofs. They require a trusted setup but are efficient and work excellently for things like blockchain scalability. That said, the need for initial parameter generation introduces some theoretical ways to bypass zk-SNARKs protection.
• zk-STARKs: Zero-Knowledge Scalable Transparent Arguments of Knowledge offer transparency and post-quantum security by eliminating the need for a trusted setup. zk-STARKs are larger in size than zk-SNARKs but scale better with increasing computational complexity. zk-STARKs are best used to create highly secure environments.
• PLONK: PLONK is a universal zk-SNARK system that supports a wide range of circuits (which represent a way to express a computation like verifying a transaction or checking a password as a set of mathematical constraints that define what a “correct” computation looks like) with a single trusted setup. PLONK is highly efficient, developer-friendly, and supports recursive proofs (where one ZKP can prove the validity of another proof). It strikes a balance between performance and flexibility.
• Bulletproofs: A type of non-interactive zero-knowledge proof that doesn’t require a trusted setup and produces relatively small proofs. Bulletproofs are typically used to secure confidential transactions in blockchain systems where they verify value ranges without revealing the amounts. They're slower to verify but offer strong privacy with minimal overhead. While lacking a trusted setup may sound like a disadvantage, it can benefit security by removing centralized trust assumptions.

The future of zero-knowledge proofs

With growing concerns over data privacy, security, and scalability in technology and blockchain systems, zero-knowledge proofs are emerging as a powerful tool that can address these challenges. Their ability to verify information without exposing sensitive details opens up exciting possibilities for the future of secure digital interactions.

Web3

Zero-knowledge proofs are becoming a foundational pillar of Web3 by enabling secure, private transactions and identity management without compromising decentralization. In cryptocurrency systems, they are being explored as one way to address transaction traceability challenges.

When you make a transaction with a traditional cryptocurrency, your transaction appears on a public ledger with identifiable wallet information posted publicly. This may verify the proof of transaction, but it creates issues because someone could use this identifiable information to track your purchases, tie crypto exchanges to your identity (easily), and, in some cases, even lead to a full loss of your wallet.

Web3 projects incorporate ZKPs to scale blockchain systems while maintaining user privacy. They allow for verifiable computation and anonymous authentication, without inflating blockchain size.

Emerging innovations

Zero-knowledge proofs could potentially be used to transform machine learning by enabling privacy-preserving computation and verification. In traditional machine learning, sensitive data is often shared with models or third parties, creating privacy risks. Zero-knowledge machine learning (ZKML) offers a solution by allowing a party to prove that a model was correctly trained or that an inference was performed accurately without revealing the underlying data, model details, or algorithms.

One important application of ZKML is verifying AI model predictions. For example, in healthcare, a provider could prove that a diagnostic prediction was generated by an approved model using a patient’s data without exposing either the patient’s information or the model’s proprietary details. Similarly, in finance, a loan-approval AI could provide a zero-knowledge proof confirming that its decision followed the correct model and input criteria, building trust with regulators and customers without disclosing sensitive financial data. These proofs help ensure prediction integrity and build confidence in AI systems used in critical decision-making.

Role in privacy-centric regulations

Zero-knowledge proofs support compliance with privacy regulations like GDPR and HIPAA by enabling data verification and authentication without revealing personal information.

ZKP tools offer alternatives to current systems that require collecting and storing personal data. For example, the US has passed laws in some states requiring ID verification to access pornography websites. Most of the current solutions rely on profit-driven third-party data collectors, which raises security implications.

ZKP solutions would allow people to verify their access rights without actually sharing personal information with the website in question.