A simple example of a Zero Knowledge proof ist this: Say there is circular hallway, separated by a locked door. To prove that I know how to unlock the door, I don't need to give you the key, nor do I need to show you how I unlock the door. We'd just start at the opposite side of the hallway (where the door isn't visible) and I'd go down the hallway to the left and I'll come back on the right side. I couldn't have pulled it off if I didn't know how to open the door. This is the way some protocols on the internet work. You will encrypt something and send it to me. I will decrypt it, and will tell you something about the content (like a checksum, or a task that I need to solve). An eavesdropper will only see and encrypted message and a checksum (or the result of the task), never will he see the message (the task), nor will he see the key, nor will he know what I did. In this case I have proven to be the person I claim to be (the one you exchanged a key with over another channel at a different time) without revealing anything to an eavesdropper. With secure asymmetric encryption (key pairs, where one key is public and one is private) this can be achieved without exchanging a secret key over another channel. You could encrypt something with my public key (that everyone may have) and ask me to tell you something about the content you just sent. If I can pull that off, I have proven to you, that I have the private key, with no one but me having any knowledge of the private key itself and no eavesdropper having knowledge about the actual content, the key or the challenge. A zero knowledge proof is basically giving someone a challenge that they could not solve without having a required knowledge, not revealing the required knowledge itself.

He proves he knows about the subject but gives us zero knowledge. That was the point right?

I did not expect the video to end so abruptly. I was expecting him to have a chance to explain the tallying of the votes.

I literally just had an exam on this... Next time please upload this one day earlier thank you

It's very frustrating that almost all such videos do a perfectly good job of explaining the abstraction, but then do literally nothing to explain the actual implementation. I had about 499 good abstractions, and now I have 500. Still don't know how it's actually done.

This explanation was easier to understand and more straightforward than all of the explanations offered in Wired’s “explained at 5 level of difficulty” video on ZKP!

Vote Red Pen! Crooked Blue Pen is supported by Big Ink! Draw a wall! Draw a wall!

While this does explain the concept very well, I don't understand how the encrypted votes will be counted without revealing their content. Surely a voter has to decrypt their two envelopes before any protocol can add their votes to the totals, right? So why wouldn't that reveal what they voted?

When he first said secret, I totally thought he said cigarette

Great video to convey the intuition of zero knowledge proofs, which I didn't know already. It'd be really helpful to see a basic encryption example to take the intuition another step towards full understanding. Thanks for the great content!

The problem with e-voting is not the algorithm or the protocol behind it, it's the implementation of it. It doesn't matter if you have plans to build a perfect system if people keep making mistakes trying to build it.

This video gives zero knowledge about how zero knowledge works.

I can only understand this as a high level overview about the concept which ultimately requires the actual algorythm/crypto to be really understood.

Finally a topic that is well presented without being common knowledge already. Best video of the year on this channel IMO!

Ok, I just saw this same "demo," but with candy clouds instead of pens. My immediate thought was, "What if the pens ARE the same color, and that's what we want to prove?" Suddenly the swap test fails. So it feels like a particularly trivial example is being chosen. I want to see a deep dive demo into how this idea ACTUALLY WORKS - something that would give me some shot at being able to apply it to anything I wanted to apply it to.

Encryption - It's said in the video that it's not part of scope, but I think it's essential. Who does the encryption when you put into envelope? I find it hard to "believe" that there would be a magic algorithm which would decrypt if and only if elections are finished and all envelopes are in hands of "good guys".

I ended the video with zero knowledge too. Great Presentation. It is really insightful and well explained. Thank you

1 you could have distinguished the pens based on some other distinguishable aspect about the pens and not the color that only you are aware of...2 the pen need not be blue, some other color perhaps(may be it is green) hence still distinguishable from the red

5:04 - Tom Scott will disagree with you!

Man, that pen trick is so much clearer and more informative than the parable of Ali Baba's Cave that I've usually seen used to describe zero knowledge proofs.

You take the blue pen and you forget about everything you've learnt you remain a part of the matrix, you take the red pen you stay in wonderland a bit longer, you go down the rabbit hole. What do you choose?

This reminds me of the way cryptographic keys are exchanged in WPA - what is actually exchanged is a key generated from some odd bits of data like the time, so you only prove that you know the key, without broadcasting it over wireless

This is just an example of how ZKP can work, but it doesn't explain how it works! Could we get a video with more mathematical explanation?

I don't know if someone has mentioned this before but wouldn't I have to show you that I indeed have a full deck of cards before proceeding? Or is that already assumed? Let's say it's not. How could we ensure that I have a fair and full deck of cards before proceeding

I don't get the part around 7:16 ~ 7:48. I have trouble understanding both the speaker's English and the substance. Could someone enlighten me? What problem was he trying to solve and how do "copy and pasting someone else's ballot" and "voting on top" factor into it?

I don't get the 3rd,optional proof. You copy it and vote on top of it. What does that mean and how does it proof anything? Can Somebody explain?

Wow. I totally didn't understand a thing about this subject before. And now, I think that I know even less. Perhaps you could do a follow up with a better explanation and some real practical examples.

I came here after watching about ZNP from wired and get a bit confused. But this video cleared all my confusions and now I get the hang of it.

By what method is it possible to irreversibly encrypt packets of single digit binary data where only the sum of those packets is then ascertainable?

Nice examples. For those who feel that the accent is confusing, just view the subtitles... Google seems to be able to understand his accent just fine!

*The video description says "proove" [sic].* Just wanted to let you know...

After listening to this guy for 3 minutes, I rediscovered a so called "hit single" by an artist known as Loona, titled: "Latino Lover". It was a feint memory in my brain from my childhood and it came back alive... I'm not sure I'm thankful.

But how would you sum the encripted numbers? Isn't decripting them to sum them up giving away information?

Alberto Sonnino is a good teacher.

A part I don't think was entirely clear was the following: Given that the secrets/data are assumed to be encrypted, how can they prove something about information that's, by definition, not accessible (e.g. that each individual vote met the criteria of being binary, etc.)?

I had a Linear Algebra exam today. This video title about sums it up..

I'm not sure I understand how in the voting example there is a difference between "knowing the content of the vote" and knowing that 1) the votes are binary, 2) they sum up to 1, and 3) that you know what you're voting for

> watches computer science video > comments are about pen politics

I've been applying this method (sort of) my entire life without even knowing I realise now.

A problem with a lot of e-voting schemes is that even if you can't decrypt the vote individually, you can still copy the vote to a separate pile, add dummy votes until you can decrypt it, then count the difference from the dummy votes. One way you can mitigate this problem is to have some randomness to it. Say you have a 33% chance to vote for the other candidate. You hand over 3 votes, do a zero knowledge proof that all 3 votes aren't the same, then the voting booth chooses one at random. The more voters you have the less likely it is that the randomness will affect the outcome, however the risk of it happening does increase if it's a close election. Yet for an individual it's unlikely they would face any consequences if someone reads it, with the high risk of it being incorrect.

Sadly, being able to retain and exploit the extra information used in a typical transaction is viewed by the data aggregators not as a bug, but as a feature.

Who came up with that intuition explanation? Thats fire!

How does one sum up encrypted votes if they are encrypted?

I had zero knowledge about this before I watched this.

Im a bit confused. What exactly would the proofs be that the sum is one, the inputs are binary, and that I know whats inside?

I've learned about zkp on the example of the Alibaba door while learning about smart-contracts, i find this example far more simple that the example used in the video. if someone could enlighten me about non-interactive zero knowledge I would be thankful

So zero knowledge proof is basically guessing on data? Like say for instance you are able to determine that the data that is being stored may or may not be used for third parties?

Wouldn’t the card example not be a true zero knowledge proof due to info leakage? As an observer would also gain info that the card is red

Never vote for le pen!

Is this a zero knowledge proof or a proof by contradiction? What is the difference?

So what if I write a virus for your e-voting system that tells the user they are voting for the blue pen, but the software submits a vote for the red pen instead?

Isn't it just homogeneous encryption (voting)?

The example of the red card is great but I still cannot understand how could I prove something like "I have more than 10k dollars in my bank account" without revealing how much money I do exactly have. The red card is related to the other 51 by some rules (there are exactly 26 card for each color, and so on), so I can give informations about the other variables related to my card, but the amount of money I have is not related to anything...

Good video!

So what's the difference between this and zk-snarks?

awesome intuitive examples!

Couldn't you tell the number of the card by seeing which number is missing?

How do you restrict one user to vote only once with anonymity ?

I don't understand one thing, he is color blinded, how he can know that you tell truth he shifted pens or not?

You said that you present 26 cards, either red or black(depending upon the color you have) from the deck. Isn't that's also some knoweldge that you are providing it to the person in front ?

So what are the proofs for evoting? Tell us!

What encryption technique does zkp use, I know it isn't in the scope of the video but I really want to know???

Rules need to be in place as to how to play the game, and answer is constrained. It sounds out of the world because it is new but will become obvious and something people have been using it in the past albeit not applied to computers.

You should consider using a trepied.

Does anyone else agree that the opportunity for a matrix pun was missed by Computerphile?

No matter which pen you vote for the stationary industrial complex still wins.

What stops someone to agregate a single vote with a bunch of known votes to read it?

Yeah ok i sort of get it, to start of with i thought this was for web searches or to hide a trace of searches or page visits, i guess it could be. But then thought you are relying on encryption, and if the encryption couldn't be broke in the first place then why bother with what you have just said, or am i missing the point??

More from Signor Sonnino please. Doesn't matter what, I could listen all day. :)

isn't this basically data validation? I mean this is boundary checking is it not?

He looks like "Steven Strait" from Expanse

Great vid man! Helped a lot. Greetings from Israel

hi~ this video was such an eye candy. however I'd love to see subtitles. I can say I understood pretty much but subtitles speed up the learning process. But! it was a such a great and informing video. I'm looking forward more on provable security by Antonio on YT.

How can one possibly learn about zero knowledge proofs?

Good explanations. I finally understand this. Thanks :-)

I'm red green defficient and my world does not look like a bad music video from the early 1980s. A better simulation would be to wash out the color. For example for me green light is closer to white. For example when I was young I said, "mamma the light is white", for a green light because that is what I saw. If I stare at it I can see green. But it's not immediately apparent.

It's like cracking enigma, you know it can't be x if you observe y. But you still don't know z

About e-voting: Is it possible for the voter to check his vote has been registered and counted correctly, WITHOUT the voter being able to proof to anyone how he voted(necessary for voter secret)?

thanks! after watching this video, i feel like i have gained zero knowledge.

is there an implementation example? programming language doesnt matter.

How do we prove that a milk colored sky is not blue?

He seems happy

Can you make a video on Strings and Pattern Matching?

I still don't understand it...

0:51 I quit smoking 3 days ago and now I'm like *"TELL ME ABOUT THE CIGARETTE! I WANT TO KNOW"* I can't watch Quentin Tarantino movies now and now cigarettes took this channel from me too??? WHAT ELSE DO I HAVE TO DO TO QUIT???

I have to admit that some brain sparks happened when I watched this video, but in the end I still didn't really understood it :/

Computer Science Daddy 😍

So how do I zero knowledge prove that my vote was binary and the sum was 1 ?

John Snow knows math. I'm glad.

computerphile is unique

Excellent explanation ! Tks

He talks about encryption as if it were hashing. Encryption is reversable. Hashing isn't.

7:15 can someone explain the third ZKP

I cant wait for zksnarks.

this is indeed a comment.

Privace Anansi Technologies...?

Please guys, make a video about OPUS audio codec, it is quite interesting how it saves space

cough zksnarks

on a nearly future i want to make a machine able to proof just verifying. no way to know how to proof.

He hired three people to do this video lol