Let's explain ZK: 📚 ZK stands for Zero Knowledge and it unlocks 2 super-powers: Privacy and Scale. ZK is close to my heart, both as a co-inventor of ZK-STARKs and as a co-founder of 2 ZK projects: @Zcash (focused on privacy) and @StarkWareLtd (focused on scale and now privacy)

@Zcash @StarkWareLtd How does ZK work? There are two types of entities: a Prover and a Verifier The Prover does the heavy lifting : - Registering the data from all txs - Processing the data - Updating the state of the system (meaning the balance after all txs) - Generating a state update and a proof

@Zcash @StarkWareLtd A typical statement from the Prover says "I, the Prover, have started with state A, processed 1,000,000 txs, and based on those, reached state B". The proof is a sequence of numbers and hashes that can be checked to prove the integrity of the whole statement.

@Zcash @StarkWareLtd The Verifier (which typically sits onchain) checks the proof, using math and cryptography to check if the statement is true before it's accepted. The theorems we’ve proved over the years says that the Verifier always accepts true statements and never accepts false statements.

@Zcash @StarkWareLtd A malicious Prover who might try to convince a Verifier to accept a false statement has to do a similar amount of work to finding a collision in a cryptographic hash function, which cannot be done before our Sun cools down.

@Zcash @StarkWareLtd Why is ZK good for Privacy? The Verifier doesn't check the correctness of the statement by processing the data it attests for. That's why data can be verified as valid while kept hidden from the Verifier.

@Zcash @StarkWareLtd Why is ZK good for scale? The Verifier doesn't need to re-do the computation the Prover did. The prover can process 1 million txs, but the Verifier won't have to repeat it to verify the correctness of all these txs. Checking the proof will be enough to ensure their validity.