Proving a secret is true without revealing it

HostIt feels like every time we need to prove who we're, we end up giving away way more than we want to. Think about showing a card to a bouncer to prove you're old enough to buy a drink. You have to show them your home address and your full name just to prove one tiny fact about your age.

HostIs there a way to prove that something is true without actually handing over the facts themselves?

GuestIt sounds like magic, but it's a real way of thinking about how we share things. In the world of math and code, we call this a zero knowledge proof. The goal is to let someone know that you have a piece of data without ever letting them see the data itself. You're giving them proof, but zero knowledge of the secret.

HostThat sounds like a riddle. If I don't tell you the secret, how can you possibly be sure I have it?

GuestWell, imagine I have a friend who can't tell colors apart. To him, every ball looks like a shade of grey. I have two balls, one red and one green, but he thinks they're identical. I want to prove to him that they're different colors, but I don't want to tell him which one is red.

HostOkay, I'm listening. How do you do it?

GuestI give him both balls and tell him to put them behind his back. I tell him he can either switch them between his hands or keep them where they are. Then he shows them to me again and asks, did I switch them? Since I can see the colors, I know the answer. If he switched them, the red one is now in his other hand.

HostBut he might just think you got lucky. It's a fifty fifty shot, right?

GuestExactly. One time doesn't prove anything. But if we do it again, and again, and again, the odds of me guessing right every single time by luck become tiny. If we do it twenty times and I get it right every time, he has to believe that I can see a difference between those balls, even though he still only sees grey. I proved I have the knowledge without him ever learning a single thing about the colors themselves.

HostSo the proof isn't about showing the thing, it's about passing a test that would be impossible to pass if you were lying.

GuestYes, and that's the heart of it. It's about a series of challenges. Think about a game like Where's Waldo. You want to prove to me that you found him on a giant, crowded page, but you don't want to show me where he's because you want me to find him myself later.

HostSo I can't just point at the page.

GuestRight. Instead, you could take a huge sheet of cardboard that's twice as big as the book. You cut a tiny little hole in the middle of the cardboard that's only big enough to show Waldo's face. Then, you slide the map behind the cardboard until Waldo shows up in that little hole. I can see Waldo, so I know you found him. But because the cardboard is so big, I have no idea where on the map you're looking. I have the proof, but I still have none of your secret knowledge.

HostI see how that works for a game, but we aren't usually carrying around giant sheets of cardboard. How does this work when I'm trying to log into a website? I thought the whole point of a password was that you send it to the site and they check it.

GuestThat's how most things work right now, and it's a huge problem. It means the website has to keep a giant list of everyone's passwords. If a hacker gets into that list, they have everything. But with this new way of thinking, you wouldn't send your password at all. Instead, your computer and their computer play a quick game of hide and seek with math. Your computer proves it knows the password by solving a puzzle that can only be solved if you have the right key.

HostWait, if the site doesn't have my password, how do they know the puzzle was solved correctly?

GuestThey have a public piece of the puzzle. Imagine a lock that anyone can see, but only your password can turn the key. You show them that you can turn the key without ever letting them take the key out of your hand or make a copy of it. You're basically saying, look, I can open this door. You don't need to know what my key looks like to see that the door is open.

HostBut if we use this for everything, doesn't it make things way more complicated? If I have to do a test twenty times just to buy something, that sounds like a lot of work for my phone or my computer.

GuestIt used to be very slow, but the math has gotten much faster. We have found ways to do these proofs where you only have to send one message. It's like the cardboard example. You just show the hole in the paper once and you're done. It's becoming a huge deal for things like digital money or medical records. You could prove you have enough money for a house without the bank seeing every single thing you ever bought. Or you could prove you've had a vaccine without the person at the door seeing your whole medical history.

HostIt feels like a way to get back some of the privacy we lost when everything went digital.

GuestIt really is. It shifts the power. Right now, to prove things, we have to trust big companies with all our data. We give them the data and pray they don't lose it. With these proofs, the truth stays with you. You keep the secret, and you only share the fact that the secret is true.

HostIt's wild that the best way to keep a secret safe is to find a way to never share it in the first place, even when you need to use it.

GuestThe most secure piece of data is the one that never leaves your own pocket.

HostMaybe one day we can walk into a club and prove we're old enough to be there without that bouncer ever needing to see our home address or our middle name.