This system aims to overcome three main barriers of current transactions and asset transfers on a public blockchain:
Although still only a prototype version, and set for live production offering in 2019, this technology could prove hugely significant.
To consider this in greater detail it’s useful to first look at the difference between public and private blockchains and what zero-knowledge proofs are exactly.
The biggest difference between public and private blockchains lies in who is allowed to join and participate in the network.
Public blockchains are open to everyone and anyone can, theoretically, join the network, download the protocol, and read and write transactions on its decentralized network. The most well-known public blockchains are Bitcoin and Ethereum. Transactions are verified by thousands upon thousands of independent computers around the world, or nodes, to maintain an ecosystem of trustless consensus. The more decentralized the network is, the more secure and resilient it becomes.
However, this security comes at a cost. Each transaction has to be confirmed by every node and to reach consensus, nodes have to perform resource-intensive calculations to solve complicated cryptographic equations, also known as proof-of-work. This decreases transaction times and increases transaction costs, significantly reducing reliability during times of high network activity.
Another problem of public blockchains is privacy. Transactions on a public network can’t initially be linked to the person behind them but transaction information, such as amount, date, sender and receiver address is publically available for anyone who has access to the network. Pseudonymous addresses can be tracked and followed until the user transacts over a centralized cryptocurrency exchange, at which point their real identity is compromised.
Private blockchains, on the other hand, are only open to parties who have been invited to join the closed network. They are also referred to as permissioned blockchains because to become a network participant, the user will have to be granted permission by the network starter through a set of rules or conditions.
A fully private blockchain is where write permissions are usually controlled by one organization, while private blockchains can also take the form of a consortium, where consensus is reached through a group of pre-selected nodes.
Private and consortium blockchain networks are well-suited to enterprise adoption, especially in the finance industry, because transactions are private and only visible to the limited amount of network participants.
Examples of private and consortium blockchain networks include Hyperledger, private blockchain infrastructure, and R3, a global banking and financial institution blockchain consortium based on their distributed ledger technology product, Corda.
Once again, this privacy of private blockchains comes at a cost. The network is less decentralized and therefore less secure and less resilient to attacks.
Zero-knowledge proofs have been defined in a 1988 published paper by researchers from MIT and the University of Toronto as “those proofs that convey no additional knowledge other than the correctness of the proposition in questions.”
In cryptography and the blockchain world, ZKP is known as a method that allows one party to prove to another party that a statement is true without giving up any additional information. There are three aspects to ZKPs:
ZKPs allow for greater privacy on public blockchains by enabling nodes, or network participants, to verify the existence and validity of transactions, and therefore maintain distributed consensus, without actually being able to see or make public any of the transaction details, guaranteeing privacy.
This is why the EY Ops Chain PE prototype is so significant. Public blockchains typically offer better security and liquidity through greater decentralization, while private blockchains offer complete protection of customer information.
The EY solution, through the usage of ZKPs, allows the company to harnesses the security and resilience of a public blockchain, such as Ethereum, keeping the consensus algorithm intact, maintaining complete privacy over transaction information and, therefore, leveraging the benefits of both worlds.
According to Paul Brody, EY Global Innovation Leader, Blockchain, this is exactly the desired outcome.
"EY Ops chain PE is a first-of-its-kind application and a major step forward that empowers blockchain adoption. Private blockchains give enterprises transaction privacy, but at the expense of reduced security and resiliency. With zero-knowledge proofs, organizations can transact on the same network as their competition in complete privacy and without giving up the security of the public Ethereum blockchain."
Moreover it could fuel growth in enterprise blockchain adoption by “greatly reducing the expensive and time-consuming process of setting up private networks and on-boarding business partners one at a time."
James Wester, research director of Worldwide Blockchain Strategies at International Data Corporation (IDC), a global provider of market intelligence and advisory services, agrees that the application of ZKP’s to public blockchains will encourage growth and enterprise adoption.
"The development of tools that enhance the capabilities of public blockchains will spur enterprise adoption of public blockchains and are crucial to the growth of blockchain technologies in general. The ability to ensure privacy while retaining the security and resilience of public blockchains is an important consideration. It offers an opportunity for enterprises to begin building real-world solutions on public blockchains and is an important step in the evolution of the technology."
Ethereum has long been looking at using a version of the ZKP protocol, called Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (ZK-SNARK), pioneered by ZCash, as part of the Byzantium upgrade which, in turn, is part of the Metropolis hard fork.
Vitalik Buterin, co-founder of Ethereum, also more recently stated in an ETH Research post that the network could potentially scale to 500 transactions per second by using ZK-SNARK to mass-validate transactions.
However, he admitted that ZK-SNARK transactions on the Ethereum blockchain would be very expensive and computationally intensive, perhaps insinuating that it’s not quite ready yet for mainstream enterprise adoption.
“FWIW [For what it is worth] I do agree this whole thing is expensive in terms of prover time, though given that I expect the relayers will be GPU farms so it’s less of an issue than it is in, say, Zcash where regular nodes need to be able to make proofs in a few seconds.”
Another issue of ZK-SNARK transactions on the Ethereum blockchain, according to a white paper released by members of the Blockchain team from multinational Dutch bank, ING, – who also launched a zero-knowledge tool – is that it is notably less efficient.
“ZK-SNARKS are generic; they can verify any function which is particularly relevant for Ethereum which provides the Turing-complete EVM, allowing developers to build any type of logic. Generic ZKPs like ZK-SNARKs, however, come at a price. They are notably less efficient than specific zero-knowledge proofs.”
Detailed technical information is still not available on EY’s Ops Chain PE system but the press release specifically stated that the technology will allow companies to privately and securely create and sell product and service tokens on a public blockchain with private access to their transaction records without breaking the consensus algorithm, i.e. Ethereum’s proof of work consensus algorithm remains intact.
Were E&Y able to do what Ethereum could not, that is, to come up with a scalable, cost-effective solution to private transactions and asset transfers on a secure and resilient public blockchain? E&Y’s positive comments in their press release about enabling growth in enterprise public blockchain adoption would suggest that they did.
A number of questions still remain open: whether E&Y’s ZKP solution is more specific to overcome the barriers of Ethereum’s more generic proposal of using ZK-SNARKS for private transactions, and if so, how would it be different to the ZK-SNARK protocol.