To make ZKPs more tangible we will elaborate on three applications. The first will be about anonymous verifiable voting followed by privacy on public Blockchains. The third application for auditing will be covered the most extensively. Author: Fabrice Gürmann
Corporate voting and elections are one of the longstanding pillars of shareholder participation. They rely on making critical governance decisions that directly or indirectly affect the direction of a company. Thus, it is of paramount importance that the voting process is secure, anonymous, uncensorable, and trustworthy. There should be no way for election results to manipulate, and voters should be certain that their ballot was counted and their identity remained secret in the process.
ZKPs are one solution to some of these problems. By recording vote commitments on a public Blockchain, the need for a trusted party and the possibility of censorship are eliminated. Using ZKPs, eligible voters can prove their right to cast a ballot without revealing their identity, making the voting system anonymous. In addition, ZKPs allow voters to request verifiable proof that their vote was included in the final tally by the entity reporting the results. This makes the vote results auditable by the electoral body, even if the votes themselves are not recorded on a public Blockchain.
Privacy on public Blockchains
Public Blockchains such as Ethereum, Cardano and Tezos deliver promising solutions. In order to unlock their full potential data privacy needs to be enabled. No company will work with a public Blockchain if everything is disclosed. ZKP provides the necessary privacy. In a supply chain the involved parties don’t want that every transaction is visible to the public. Hence certain privacy layers need to be implemented. This also applies to private Blockchains. A certain type of ZKP, zk-SNARKS, are a promising solution to privacy on public chains and the challenge of scalability.
The nature of audit and financial reporting continues to change due to impacts of digitalization, more stringent regulation, competition and the need to enhance trust in capital markets. The nature of the audit and financial reporting continues to evolve alongside this. Audits have become more complex and the increasing number of qualitative disclosures increase the importance of professional skepticism and judgment even more. To increase the quality of audits even more, it is relentless to obtain state of the art technology to reduce routinized workflows and provide even more focus on the analysis of the data obtained. This is where ZKP meet the new era of audits.
As described in the previous section, the main idea of ZKP are to prove that a computation has been executed correctly while keeping the actual data private, hence if the client can prove to the auditor that the computation of their journal entries has been performed correctly, we are able to automate and simplify a core aspect of financial audit: Verification.
Let’s explore this thought in a bit more detail. Let’s imagine the audit client has multiple machines in their inventory, which they use for operative purposes. As required by international accounting standards, those machines have to be depreciated over time, either on a linear or non-linear depreciation, hence the value is dynamically changed. For the sake of simplicity, the blog stipulates that there are only three types of states a machine can be in and that there is only one factor that impacting the book value, time. State A for a one year old machine, State B for a two year old machine and State C for a three year old machine.
Each machine and a commitment to its condition are recorded as a hash on the Blockchain. This is important to have grounded data as outlined above. The importance of grounded data is to ensure that any data that will be required for an input in a computation, is immutable, trusted and verifiable. Conclusively, the first stage has been reached as soon as every single machine and its condition have been recorded on the Blockchain.
In the second step, we can use the ZKPs to initiate verified computations based on the data we stored on the Blockchain. Put differently, if the client wants to derive the value of their inventory at the end of the year, they use verifiable computation schemes (with zero-knowledge) to prove the computation is correct without revealing the data. The auditor receives a proof which they can immediately use to verify the correctness of the computation. Think of it as a math problem. Once the prover shows the validator the solved problem with all the steps he took to come to the solution, the validator can verify the correctness. Tragically, all the steps to come to the solution have been revealed hence privacy of our data is absent. Additionally, all steps need to be verified by the validator, hence it is computational heavy. In ZKPs, we wrap the mathematical problem in a puzzle, which the prover can only solve correctly if he has the valid inputs. The proofer in turn will know that the puzzle can only be solved by the prover, if he used the valid inputs. Therefore, the prover can show the solution to the problem without revealing the steps to the validator, hence the data stays private. Furthermore, instead of recalculating the steps taken to solve the problem, the validator only needs to verify the solution provided which is less computationally heavy.
So how does this help in our audit?
First, the auditors are not required to check the calculation of the inventory, because they receive a proof that shows that the computation has been done correct. Thus, the beauty of ZKPs are that only true statements can be proved, hence there is no way to hide one machine from the auditor, without deleting the hash of each machine from the Blockchain, which is practically impossible on a public Blockchain. The direct effect on the work of auditors is that they can decrease their manual workload and automate the review of the composition of the entry on the financial year-end statement.
Nevertheless, the importance of auditors are still apparent. Even though we can prove that each machine held on the Blockchain is included in the calculation of the financial position, we cannot be assured that the client actually records each machine on the Blockchain. Furthermore, we have to verify manually that each of the machine is actually in the provided condition. Therefore, the grounding of the data needs manual assurance. If we would have not grounded the data well, we can also not rely on the subsequent computation. Hence, we insert garbage and receive garbage from the computation.
Conclusively, we believe that ZKPs are one of the technical advancements that can highly benefit the Blockchain’s current protocols. The ZKPs potential impacts for scalability and the desperately required need for privacy in many potential applications of Blockchain will be surely something to monitor, especially for trust related services such as Audit mandates.
Of course, besides these three use-cases there are many more potential applications. Earlier this year, we publicly announced the deployment of the world’s first implementation of zero-knowledge proof (ZKP) technology on the public Ethereum Blockchain. In the future, we expect to see a broader application of ZKPs in central and decentral environments. From audit to supply chain, it might deliver the necessary answer.
The views reflected in this article are the views of the author and do not necessarily reflect the views of the global EY organization or its member firms.
Please note that this is part of a continued series, for the first part please press here.