Zero-knowledge (ZK) proofs are powerful tools in cryptography that may sound daunting, but the main concepts are actually quite intuitive.

A proof of some statement is a zero-knowledge proof if it does not reveal any additional information, other than the statement being true.

Reclaim uses ZK proofs specifically for selective revealing: a user has same sensitive data, and only wants to reveal some selected information from the data.

The simplest form of selective revealing is redaction, where only some of the data is revealed and the rest is hidden. For example, in the following figure the original data is the document on the left. The document on the right has been redacted, so that only part of it remains readable. The user could then generate a ZK proof that the readable parts of the redacted document are real, without revealing the full document.

As another example, suppose a user has data that reveals their exact age, but they only want to reveal that they are at least 18. They can generate a ZK proof that the age given in their data is at least 18, without revealing what their exact age is. They can then share this proof to any interested party, just like sharing a regular file, and the interested party can verify that the proof is correct.

There has been an explosion of theoretical and practical work on ZK proof technology, as they have such far-reaching privacy applications. In theory ZK proofs could be generated for any function of the private data, but research is ongoing on their security and computational tractability.

So how exactly does Reclaim use ZK proofs? First, the user chooses what website they want to pull their data from, and an attestor attests to the encrypted data that the website returned. (For details on this step, see here). So now the user has in their possession the encrypted data with the attestor’s signature, as well as the key that decrypts the data. The user can then generate a ZK proof revealing the selected information from the encrypted data, without revealing the full unencrypted data or the encryption key.

In simpler terms, the ‘proof of provenance’ step ensures that the full data actually came from the correct source. Then the ZK proof step allows the user to only reveal the parts of the data that they want to reveal.

For example, suppose the user is getting data from their banking website. This data contains a lot of sensitive information, but the user only wants to reveal that they have at least $1000 in their account. So they hide all the information in the data other than their bank balance, obscure the exact balance to only say that it’s at least $1000, and generate a ZK proof that this selectively revealed data matches the original data.