Unlocking the Power of Privacy: How Developers Can Leverage Homomorphic Encryption and Zero-Knowledge Proofs
by Florian Kluge (@zktrivo)
Web3 is a movement towards decentralization, which means giving people more power over their data and belongings through secure, transparent systems that don’t require trust in any single entity. However, privacy remains a major challenge for Web3. Zero-knowledge technology is an attempt to address this issue by allowing users to prove a statement to a verifier without revealing any of the private data used to generate this statement, such as their credit score, identity, or auction bid.
Mina Protocol is a platform that enables users to execute smart contracts off-chain and send only a tiny proof to the network to verify the correct execution of the contract. This off-chain execution is also known as private execution since the user runs the program locally without revealing private inputs to this smart contract. However, applications and systems other than Mina rely on public execution and require some form of public state to function properly.
The SnarkyJS ecosystem can be easily extended to allow for a wide range of libraries, tools, and new cryptographic primitives such as homomorphic encryption.
This public execution presents a challenge because sensitive data must be made public to participate in these systems. For example, an auctioneer might choose a bid that benefits them the most, and a tally sequencer could attempt to influence the remaining voters based on the current progress of the tally. Ideally, such systems are private and anonymous, and maintain their integrity at all times, especially when operating on sensitive public data. To address this issue, homomorphic encryption and zero-knowledge proofs can be used. These technologies allow the computation and manipulation of data without revealing its contents, thus ensuring privacy and integrity in applications that rely on the public state. Luckily, the SnarkyJS ecosystem can be easily extended to allow for a wide range of libraries, tools, and new cryptographic primitives such as homomorphic encryption.
What is Homomorphic Encryption?
Homomorphic encryption is a powerful technology that allows us to execute operations on encrypted data while preserving its underlying structure. In simpler terms, it means that operations, like addition or multiplication, can be performed on encrypted data to obtain a result that mirrors the plaintext space after it is decrypted. This capability is what sets homomorphic encryption apart from traditional encryption where operations must be performed on plaintext data.
The term “homomorphic” comes from the ancient Greeks. It means “same form” and refers to the structure-preserving mapping between two groups. While homomorphic encryption may sound complex, it’s actually quite easy to understand. It’s worth noting that there are different types of homomorphic encryption: full or partial. For most use cases, partial homomorphic encryption that allows for the execution of a specific operation, such as addition or multiplication, is sufficient. Fully homomorphic encryption allows for operations on ciphertext using both addition and multiplication at the same time. By combining both operations, developers can build complex and powerful systems so that entire programs can run on encrypted data.
The SnarkyJS ecosystem provides access to various cryptographic schemes, including homomorphic encryption libraries. By utilizing homomorphic encryption with SnarkyJS, you can prove the encryption, decryption, and operations on data without revealing any information. This is particularly useful in zero-knowledge systems where maintaining privacy and anonymity is critical.
Overall, homomorphic encryption is a powerful tool that allows operations on encrypted data while preserving its structure. As the SnarkyJS ecosystem continues to expand, sophisticated homomorphic encryption libraries are expected to become available to provide even more powerful tools to create private and anonymous systems for the future.
Introducing the Elgamal Encryption System
Various partial homomorphic cryptosystems are available, some of which are widely known, such as RSA. However, Elgamal encryption is straightforward, easy to understand, and somewhat efficient within SnarkyJS. The Elgamal system was described by Taher Elgamal in 1985 and consists of three straightforward algorithms:
Key generation Alice decides on a group G of order q with generator g. She then samples a random element x, which becomes her secret key. To derive the public key, Alice calculates h = g^xand publicizes the values (G, q, g, h).
Encryption After Alice has released all values, a second entity Bob can encrypt a message M using Alice’s public key h. Bob encrypts the message by sampling a random ephemeral key y and computing two values c_1 = g^y and c_2 = m * h^y. The values (c_1, c_2)are the ciphertext Bob can send back to Alice for decryption.
Decryption To decrypt (c_1, c_2), Alice has to use her private key x. She computes s = c_1 ^ xand finally m = c_2 * s⁻¹(where s⁻¹is the inverse of s in G).
And that’s it. Three tiny algorithms are enough to construct a partial homomorphic encryption system like Elgamal. But where’s the homomorphism part? Remember how Bob calculates(c_1, c_2)_1? If Bob, or someone entirely else, encrypts a new set of data(c_1, c_2)_2, both ciphertexts can be multiplied by each other. After the result is decrypted, you get the expected product of numbers.
Let Bob encrypt the value 5 into (c_1, c_2)_1 = cipher1and Alice the value 10 into (c_1, c_2)_2 = cipher2, you can now multiply both ciphers (c_1, cipher1 * cipher2 = cipher3. After decrypting cipher3, you get the result 50, since 5 * 10 = 50 — isn’t that amazing?
Combining Homomorphic Encryption and Zero-Knowledge Proofs
By now, you may realize this small partial homomorphic encryption scheme is very powerful. But what’s the matter with zk-SNARKs and how can we leverage both technologies? Well, it’s quite obvious! zk-SNARKs let us prove the correct execution of computation, encryption, decrypting, and operating on ciphertext is, after all, just another computation. You can, for example, prove that Alice correctly derived a public key from a secret key and therefore has knowledge of a secret key x. You can also prove the correct execution of both encryption and decryption algorithms! But things get interesting after you prove correct computation on encrypted public data. You can now prove a statement, encrypt data, and release it publicly without leaking information. You can also prove that the entire process was executed as expected!
Homomorphic Encryption and Zero-Knowledge in Action: Anonymous and Private Voting Systems
To briefly conceptualize the use cases that zero-knowledge technology and homomorphic encryption unlock, look at a private and anonymous voting scheme. If you are interested in learning more, see the Zero-Knowledge Proofs for Voting blog post. With a voting app, you never want to reveal a user’s vote and you want to make public only the final result of the vote, not the contents of individual votes. Additionally, you don’t want to trust a centralized entity with this sensitive information, so you have to hide the details somehow. Not only can zero-knowledge proofs be used to prove a user’s identity without revealing any private information, but they can also be used to prove the correctness of the tallying process. Every voter can generate a zero-knowledge proof of their identity and their vote. Every voter can also encrypt their choice using a homomorphic encryption scheme like Elgamal. The proof aggregators or tally sequencers hide the contents of individual votes unless they are decrypted using the secret key. During the tallying process, votes can be aggregated without knowing the contents of the votes. This zero-knowledge voting application prevents tally sequencers or public blockchains from observing intermediate voting results, vote weights, or other information leakage. You can also use zero-knowledge proofs to prove the correctness of the tally process. To ensure that only valid votes are tallied and added, you can generate a proof of the aggregation phase.
Wrapping It Up
zk-SNARKs are a powerful cryptographic tool, especially in combination with easy-to-use toolkits like SnarkyJS. However, zero knowledge doesn’t solve all problems. Sometimes you have to rely on other cryptographic primitives like homomorphic encryption to dive into a whole new set of use cases that were not previously possible. Because of the developer-friendly focus of SnarkyJS, it is easy to implement other cryptographic primitives that are compatible with the underlying proof system. As the ecosystem surrounding Mina, zkApps, and SnarkyJS grows, more developers are building useful primitives and leveraging them to build novel use cases. SnarkyJS is extensible. Developers are free to build, compose, and use libraries within the ecosystem. Encouraging and building a flourishing ecosystem is the key to a successful zero-knowledge-powered zkApp community.
Do these possibilities hold your interest? Well, that’s perfect. You can start using Elgamal as a partially homomorphic encryption scheme in a smart contract on Mina today. Just import this SnarkyJS-Elgamal library into your existing SnarkyJS project with npm i snarkyjs-elgamal and review the examples and in-depth explanations in the SnarkyJS-Elgamal GitHub repository.
Are you interested in cryptography and have the urge to start developing your own awesome cryptography library for the SnarkyJS ecosystem? Get started by using the zkApp CLI to scaffold your SnarkyJS application. Follow the SnarkyJS Contributor Guidelines so your package can be added to the list of community-maintained packages in the official repository. Join the zero-knowledge movement today.
