A simple example of a Zero Knowledge proof ist this: Say there is circular hallway, separated by a locked door. To prove that I know how to unlock the door, I don't need to give you the key, nor do I need to show you how I unlock the door. We'd just start at the opposite side of the hallway (where the door isn't visible) and I'd go down the hallway to the left and I'll come back on the right side. I couldn't have pulled it off if I didn't know how to open the door. This is the way some protocols on the internet work. You will encrypt something and send it to me. I will decrypt it, and will tell you something about the content (like a checksum, or a task that I need to solve). An eavesdropper will only see and encrypted message and a checksum (or the result of the task), never will he see the message (the task), nor will he see the key, nor will he know what I did. In this case I have proven to be the person I claim to be (the one you exchanged a key with over another channel at a different time) without revealing anything to an eavesdropper. With secure asymmetric encryption (key pairs, where one key is public and one is private) this can be achieved without exchanging a secret key over another channel. You could encrypt something with my public key (that everyone may have) and ask me to tell you something about the content you just sent. If I can pull that off, I have proven to you, that I have the private key, with no one but me having any knowledge of the private key itself and no eavesdropper having knowledge about the actual content, the key or the challenge. A zero knowledge proof is basically giving someone a challenge that they could not solve without having a required knowledge, not revealing the required knowledge itself.

He proves he knows about the subject but gives us zero knowledge. That was the point right?

I did not expect the video to end so abruptly. I was expecting him to have a chance to explain the tallying of the votes.

I literally just had an exam on this... Next time please upload this one day earlier thank you

This explanation was easier to understand and more straightforward than all of the explanations offered in Wired’s “explained at 5 level of difficulty” video on ZKP!

When he first said secret, I totally thought he said cigarette

It's very frustrating that almost all such videos do a perfectly good job of explaining the abstraction, but then do literally nothing to explain the actual implementation. I had about 499 good abstractions, and now I have 500. Still don't know how it's actually done.

While this does explain the concept very well, I don't understand how the encrypted votes will be counted without revealing their content. Surely a voter has to decrypt their two envelopes before any protocol can add their votes to the totals, right? So why wouldn't that reveal what they voted?

The problem with e-voting is not the algorithm or the protocol behind it, it's the implementation of it. It doesn't matter if you have plans to build a perfect system if people keep making mistakes trying to build it.

I ended the video with zero knowledge too. Great Presentation. It is really insightful and well explained. Thank you

I can only understand this as a high level overview about the concept which ultimately requires the actual algorythm/crypto to be really understood.

Vote Red Pen! Crooked Blue Pen is supported by Big Ink! Draw a wall! Draw a wall!

Great video to convey the intuition of zero knowledge proofs, which I didn't know already. It'd be really helpful to see a basic encryption example to take the intuition another step towards full understanding. Thanks for the great content!

Encryption - It's said in the video that it's not part of scope, but I think it's essential. Who does the encryption when you put into envelope? I find it hard to "believe" that there would be a magic algorithm which would decrypt if and only if elections are finished and all envelopes are in hands of "good guys".

1 you could have distinguished the pens based on some other distinguishable aspect about the pens and not the color that only you are aware of...2 the pen need not be blue, some other color perhaps(may be it is green) hence still distinguishable from the red

I don't get the part around 7:16 ~ 7:48. I have trouble understanding both the speaker's English and the substance. Could someone enlighten me? What problem was he trying to solve and how do "copy and pasting someone else's ballot" and "voting on top" factor into it?

Finally a topic that is well presented without being common knowledge already. Best video of the year on this channel IMO!

This is just an example of how ZKP can work, but it doesn't explain how it works! Could we get a video with more mathematical explanation?

I don't know if someone has mentioned this before but wouldn't I have to show you that I indeed have a full deck of cards before proceeding? Or is that already assumed? Let's say it's not. How could we ensure that I have a fair and full deck of cards before proceeding

Man, that pen trick is so much clearer and more informative than the parable of Ali Baba's Cave that I've usually seen used to describe zero knowledge proofs.

Ok, I just saw this same "demo," but with candy clouds instead of pens. My immediate thought was, "What if the pens ARE the same color, and that's what we want to prove?" Suddenly the swap test fails. So it feels like a particularly trivial example is being chosen. I want to see a deep dive demo into how this idea ACTUALLY WORKS - something that would give me some shot at being able to apply it to anything I wanted to apply it to.

This reminds me of the way cryptographic keys are exchanged in WPA - what is actually exchanged is a key generated from some odd bits of data like the time, so you only prove that you know the key, without broadcasting it over wireless

By what method is it possible to irreversibly encrypt packets of single digit binary data where only the sum of those packets is then ascertainable?

But how would you sum the encripted numbers? Isn't decripting them to sum them up giving away information?

I don't get the 3rd,optional proof. You copy it and vote on top of it. What does that mean and how does it proof anything? Can Somebody explain?

5:04 - Tom Scott will disagree with you!

No matter which pen you vote for the stationary industrial complex still wins.

A part I don't think was entirely clear was the following: Given that the secrets/data are assumed to be encrypted, how can they prove something about information that's, by definition, not accessible (e.g. that each individual vote met the criteria of being binary, etc.)?

I came here after watching about ZNP from wired and get a bit confused. But this video cleared all my confusions and now I get the hang of it.

*The video description says "proove" [sic].* Just wanted to let you know...

Nice examples. For those who feel that the accent is confusing, just view the subtitles... Google seems to be able to understand his accent just fine!

I've learned about zkp on the example of the Alibaba door while learning about smart-contracts, i find this example far more simple that the example used in the video. if someone could enlighten me about non-interactive zero knowledge I would be thankful

After listening to this guy for 3 minutes, I rediscovered a so called "hit single" by an artist known as Loona, titled: "Latino Lover". It was a feint memory in my brain from my childhood and it came back alive... I'm not sure I'm thankful.

How does one sum up encrypted votes if they are encrypted?

I've been applying this method (sort of) my entire life without even knowing I realise now.

Wow. I totally didn't understand a thing about this subject before. And now, I think that I know even less. Perhaps you could do a follow up with a better explanation and some real practical examples.

What encryption technique does zkp use, I know it isn't in the scope of the video but I really want to know???

So zero knowledge proof is basically guessing on data? Like say for instance you are able to determine that the data that is being stored may or may not be used for third parties?

Im a bit confused. What exactly would the proofs be that the sum is one, the inputs are binary, and that I know whats inside?

I had a Linear Algebra exam today. This video title about sums it up..

So what's the difference between this and zk-snarks?

A problem with a lot of e-voting schemes is that even if you can't decrypt the vote individually, you can still copy the vote to a separate pile, add dummy votes until you can decrypt it, then count the difference from the dummy votes. One way you can mitigate this problem is to have some randomness to it. Say you have a 33% chance to vote for the other candidate. You hand over 3 votes, do a zero knowledge proof that all 3 votes aren't the same, then the voting booth chooses one at random. The more voters you have the less likely it is that the randomness will affect the outcome, however the risk of it happening does increase if it's a close election. Yet for an individual it's unlikely they would face any consequences if someone reads it, with the high risk of it being incorrect.

I'm not sure I understand how in the voting example there is a difference between "knowing the content of the vote" and knowing that 1) the votes are binary, 2) they sum up to 1, and 3) that you know what you're voting for

Yeah ok i sort of get it, to start of with i thought this was for web searches or to hide a trace of searches or page visits, i guess it could be. But then thought you are relying on encryption, and if the encryption couldn't be broke in the first place then why bother with what you have just said, or am i missing the point??

About e-voting: Is it possible for the voter to check his vote has been registered and counted correctly, WITHOUT the voter being able to proof to anyone how he voted(necessary for voter secret)?

You said that you present 26 cards, either red or black(depending upon the color you have) from the deck. Isn't that's also some knoweldge that you are providing it to the person in front ?

7:15 can someone explain the third ZKP

Sadly, being able to retain and exploit the extra information used in a typical transaction is viewed by the data aggregators not as a bug, but as a feature.

So what if I write a virus for your e-voting system that tells the user they are voting for the blue pen, but the software submits a vote for the red pen instead?

Can you make a video on Strings and Pattern Matching?

Alberto Sonnino is a good teacher.

Isn't it just homogeneous encryption (voting)?

How do you restrict one user to vote only once with anonymity ?

You take the blue pen and you forget about everything you've learnt you remain a part of the matrix, you take the red pen you stay in wonderland a bit longer, you go down the rabbit hole. What do you choose?

I had zero knowledge about this before I watched this.

The example of the red card is great but I still cannot understand how could I prove something like "I have more than 10k dollars in my bank account" without revealing how much money I do exactly have. The red card is related to the other 51 by some rules (there are exactly 26 card for each color, and so on), so I can give informations about the other variables related to my card, but the amount of money I have is not related to anything...

Is this a zero knowledge proof or a proof by contradiction? What is the difference?

This video gives zero knowledge about how zero knowledge works.

So what are the proofs for evoting? Tell us!

isn't this basically data validation? I mean this is boundary checking is it not?

he did great work on Narwhal which is used in the Sui blockchain

Wouldn’t the card example not be a true zero knowledge proof due to info leakage? As an observer would also gain info that the card is red

awesome intuitive examples!

Couldn't you tell the number of the card by seeing which number is missing?

Rules need to be in place as to how to play the game, and answer is constrained. It sounds out of the world because it is new but will become obvious and something people have been using it in the past albeit not applied to computers.

> watches computer science video > comments are about pen politics

Please guys, make a video about OPUS audio codec, it is quite interesting how it saves space

6:29 What if I want to cast a blanc vote?

Privace Anansi Technologies...?

put up subtitle

I don't understand one thing, he is color blinded, how he can know that you tell truth he shifted pens or not?

Who came up with that intuition explanation? Thats fire!

Never vote for le pen!

I still don't understand it...

But one thing about the cards example. This gives me a 100% certainty about you having a red card right? Don't ZKP have some probability in them? As you have to repeat the experiment many many times to gain enough confidence that person A knows a secret?

How can one possibly learn about zero knowledge proofs?

You should consider using a trepied.

hi~ this video was such an eye candy. however I'd love to see subtitles. I can say I understood pretty much but subtitles speed up the learning process. But! it was a such a great and informing video. I'm looking forward more on provable security by Antonio on YT.

Good explanations. I finally understand this. Thanks :-)

More from Signor Sonnino please. Doesn't matter what, I could listen all day. :)

is there an implementation example? programming language doesnt matter.

Excellent explanation ! Tks

Does anyone else agree that the opportunity for a matrix pun was missed by Computerphile?

Great vid man! Helped a lot. Greetings from Israel

Good video!

Computer Science Daddy 😍

John Snow knows math. I'm glad.

thanks! after watching this video, i feel like i have gained zero knowledge.

He talks about encryption as if it were hashing. Encryption is reversable. Hashing isn't.

It's like cracking enigma, you know it can't be x if you observe y. But you still don't know z

on a nearly future i want to make a machine able to proof just verifying. no way to know how to proof.

What stops someone to agregate a single vote with a bunch of known votes to read it?

I'm red green defficient and my world does not look like a bad music video from the early 1980s. A better simulation would be to wash out the color. For example for me green light is closer to white. For example when I was young I said, "mamma the light is white", for a green light because that is what I saw. If I stare at it I can see green. But it's not immediately apparent.

this is indeed a comment.

I cant wait for zksnarks.

This seems like an impossibility. If you give me your encrypted vote, all I'd need to do is generate a number of other votes (however many are necessary) and then figure out the sum. Since I know the generated votes and I know the sum, I now know the encrypted vote.

Sean you need a tripod for this camera

Handles cards like a magician :)

cough zksnarks

He looks like "Steven Strait" from Expanse