top of page

Subscribe to our newsletter

Write a
Title Here

I'm a paragraph. Click here to add your own text and edit me. I’m a great place for you to tell a story and let your users know a little more about you.

© Indic Pacific Legal Research LLP.

For articles published in VISUAL LEGAL ANALYTICA, you may refer to the editorial guidelines for more information.

Writer's pictureAbhivardhan

Zero Knowledge Systems in Law & Policy

Despite the market volatility attributable to cryptocurrencies, the scope of Web3 technologies and their business models is yet unexplored, especially in the Indian context. Few companies like Polygon, Coinbase India, Binance and others are addressing that. In this article, the purpose of Zero Knowledge System as a method to conduct cryptographic proofs is explored, and some policy questions on whether some ideas and assertions of ZKS can be integrated into the domains of law & policy are addressed, considering the role of India as a leader of the Global South.


The Essence of Zero Knowledge in Web3


To begin in simple terms, a Zero Knowledge System is based on probabilistic models of proof verification and not deterministic models. It is one of the methods in cryptography used for entity authentication.. Let us understand it with the help of a diagram.


Zero Knowledge Systems

Imagine for a moment that you may be required to prove something to somebody. Anyone in obvious terms would say that to prove anything, something has to be revealed. Let us say you have to prove people that "I have something K in possession" without showing K in possession. Now, taking directly this into the digital context, it means that you have to prove that you have K without showing K to the person. In that case, you are a prover, and the person who is asking for a proof is a verifier. Such a system, through which you prove something without revealing the key information it is known as a Zero Knowledge System. Now, every Zero Knowledge System (ZKS) has three important features.


  • First, the rules of use of the system must be adhered, and the statement of proof must be true, so that the verifier does not require any third-party means to get the validity.

  • Second, the idea is not to achieve a 100% convincing and true statement but to prove to the verifier that the statement has a probability to be true. In many cases of ZKS, it may not be possible to prove a statement of proof to be 100% / exactly true in real life.

  • Third, the verifier would not know the key information behind the proof statement made by the prover.

The essence of having such a systemic effort is simple. When public and private blockchains under a distributed ledger system are used, cryptography may help in finding out the relevant details of the people who were involved in the cryptocurrency transactions, in the case of a public blockchain. However, the effort of ZKS is to remove identifiable information as the means of verification. In fact, in July 2022, Polygon, one of the most ambitious Web3 ecosystem companies, from Bengaluru (and Singapore) declared that they have developed a Zero-Knowledge Scaling Solution, which is fully compatible with Ethereum. In this update, it is explained how the solution works:

The ZK proof technology works by batching transactions into groups, which are then relayed to the Ethereum Network as a single, bulk transaction. The 'gas fee' for the single transaction is then split between all the participants involved, dramatically lowering fees. For developers of payment and DeFi applications, Polygon zkEVM's high security and censorship resistance makes it a more attractive option than other Layer 2 scaling solutions. Unlike Optimistic roll-ups where users have to wait for as long as seven days for deposits and withdrawals, zk-Rollups offer faster settlement and far better capital efficiency. [...] Polygon zkEVM is a Layer 2 scaling solution that enables developers to execute arbitrary transactions, including smart contracts off-chain rapidly and inexpensively while keeping all proofs and data provenance on the secure Ethereum blockchain.

In addition, Polygon had published a thesis on democratising ZKS. Recently, an infographic was published by Polygon about zkEVM:

Polygon Announces The World's First Zero-Knowledge (ZK) Scaling Solution Fully Compatible with Ethereum

Now, in terms of understanding probability theory in maths, Zero Knowledge Proofs may be distinguished into three variants, despite their bi-products of use could be multiple.

  • Perfect Zero Knowledge (Pzk)

  • Statistical Zero Knowledge (Szk)

  • Computational Zero Knowledge (Czk)

Pzk implies that when the proof of knowledge shows exact probability distribution of the likelihood, as if a simulator does. Szk happens to be when the simulator and the proof system's probability distributions are just statistically close, and not the same. The case of Czk applies when an algorithm is unable to distinguish between the proof system and simulator's distributions. This shows that simulations and proof systems when are tested, the chaos of bringing identifiable key information is out of options, and the process of verification is enabled. Recently, Cloudfare had also developed Zero Knowledge Proofs for Private Web Attestation with Cross/Multi-vendor Hardware.

Cloudfare's Zero-Knowledge Proofs for Private Web Attestation with Cross/Multi-Vendor Hardware

In this diagram above, it is explained how Cloudfare's WebAuthn feature works within the frame of Zero Knowledge Systems. This is not a public-level use case, because such a functionality is possible to be used in close-ended institutions where trust is high, such as financial institutions. Plus, the servers and certificate chains along with the hardware security key are close ended. This at least justifies another possibility of using ZKS. Now, the purpose of this article is to propose and check if the mathematical conception of ZKS, could be applicable in law and public policy. A design thinking approach has been applied to address this. In the next sections, the possibilities of integrating ZKS into law and public policy domains are addressed.


Legal Systems with Zero Knowledge


In law, you can divide the basis of integrating ZKS in two forms - hard law and soft law. Let us address hard law first. Hard law systems are defined by the model of positive law, top-down governance and a regulatory landscape which reflects public interests.


Zero Knowledge and Hard Law

Now, the transformation of modern legal instruments shows that top-down governance, justified by addressing rule of law concerns, matter. It may be assumed in an ordinary way that Zero Knowledge Systems are suitable to soft law governance and regulating propositions and may not fit into the realm of hard law. However, we have to understand that the same was proposed about Web2 technologies. Interestingly, in technology and IP law domains, that integration began with legal reforms in the realm of telecom law. Accepting a definition and some basic understanding of information and communication technologies (ICT) was important since that created a space of opening up to new legal understandings. The concept of cyberspace, an integral aspect of Web1 and Web2, is understood through multiple kinds of legal fiction, which may be even attributed to how international space law evolved. In addition, due to certain unsustainable Web3 business activities (FTX for example) - there are certain ideas in the realm of Web3, which must be harmonised for good. This is why we have to revisit two things before moving on to Soft Law - (1) making Web3 habitual to the hard law instruments and systems (which is Law 2.0); and (2) making an enriched and mature pathway to formalise the transition from Web2 to Web3 as an infrastructure, as well as a social ecosystem. Now, we could have opted for analysing the integration of distributed ledger (or blockchains) into law and public policy domains. However, limiting Law and Web3 research perspectives to crypto is unnecessary and unjust since the domain of Web3 offers innumerable possibilities. Also, there are multiple emerging methods of cryptography, from Proof-of-Work to Proof-of-Acceptance. Choosing Zero Knowledge Protocols / Proofs / Systems is a unique choice due to its special features and the logical uniqueness of the concept itself.


Making Web3 Habitable to Law 2.0

A Zero Knowledge Proof signifies that nothing which is identifiable and subject to validation, is disclosed to the verifier. In a hard law system, this may be considered contrarian to systems and their regulatory and judicial bodies, who consider that the proofs must be backed by things which are tangibly disclosed. Of course, Zero Knowledge Systems by design if are imposed bluntly like this on Law 2.0, would not work. The reason is that both ZKS and Law 2.0 as it exists, are not building interoperability and compatibility. Now, there is an interesting example from Firozabad, Uttar Pradesh, where the Uttar Pradesh Police has implemented a Public Grievance Management System for the city of Firozabad. Here is a Twitter thread by Sandeep Naliwal, the co-Founder of Polygon.

The basic premise behind the purpose of a blockchain-enabled grievance registration system is that FIRs are registered online and police authorities cannot deny that the grievances are registered. No lower-level officers can claim nothing was registered, and this could be regarded as a reformist move. Let us also understand how the Public Grievances Redressal System works as described by the Firozabad Police.

Firozabad Public Grievance Management System

This diagram clearly explains how FPGMS implemented by the Firozabad Police works. Now, such innovations, no wonder, are appreciated. However, these solutions are too generic, and yet only address some basic issues related to our systems. Although some district / state authorities may prefer such kinds of solutions, from a policy perspective, they are merely symbolic and nothing else. Yet, if such frugal innovations are preferred, it is appropriate. In addition, it may be assumed that using blockchains as such for these solutions could be a direct method to resolve many things, which is not true. Now, solutions like discussed above, may also be applied through Zero Knowledge Systems, where let us say certain public-to-government systems of engagement are designed in such a way that if treat an individual (not necessarily in the case of grievance redressal only but also in various cases) may choose one among a set of defined Zero Knowledge Protocols (ZKP) to engage with the government, while authentication (or entity verification) is done through ZKP where if the government is the verifier, then they can get probabilistic results to check if the proofs explain. However, such governance solutions may be unnecessary in application where technical expertise to access data and metadata for evidentiary and internal evaluation become necessary. Plus, you would also require algorithmic solutions to ensure this to happen, which again, thanks to the black box problem, could make things problematic. This means that Zero Knowledge Protocols cannot be used as outliers like that. Yes, when it comes to government identification documents, such as Aadhar, PAN and others, then at some critical level of urgency or due diligence, Zero Knowledge Systems can be enforced to ensure parity and privacy of individuals. However, there is another aspect of Zero Knowledge Systems which may be integrated into the legal domain. Let us say that a regulator has to designate levels of engagement with stakeholders, parties to a regulatory dispute or their counterparts, and they wish to develop certain Zero Knowledge Proofs where verification is essential to the level of engagement. In that case, it could be made possible. Let us break this proposition into 3 forms: (1) stakeholders; (2) parties to a regulatory dispute; and (3) their counterparts.


Regulator and Policy Stakeholders: Engagement using ZKP

In case (1), let us say a competition regulator has to designate the level of engagement of the stakeholders. The rationale is clear: they would like to optimise engagement levels to designate necessities and priorities (and not to block the stakeholders from even engaging). If engagement is limited to analysis of comments and suggestions, then ZKP is not required. However, if the engagement is multi-sectoral, where stakeholders are same or different, or their focus areas converge - only to make things complicated, then ZKP can be applied to designate certain level-playing criteria for the stakeholders, such that multiple horizontal-level ZKPs (whose purposes of use intersect a lot) can be created. Many times, it is stated that multiple public-level stakeholders such as members of the media, civil society, etc., are found leaking critical information about any negotiations or consultations, deliberately. Although, some level of transparency is good (even there ZKPs may be designated), multiple horizontal-level ZKPs can be used to keep the stakeholders intimated that their proofs are under consideration and probabilistic grounds may be internalised, accordingly. However, this might work for internal and closed engagement. Yet, this is a proposition, which may be subject to thinking.

In case (2), it would not be appropriate to use ZKP to hide evidence or necessary information to be subject to disclosure. To make things interesting, we can apply one aspect of ZKP here. Let us say there is critical information which cannot be disclosed by a party. Then, the regulator can estimate the information which the party concerned has refused to disclose. In such a case, ZKPs may be used to garner certain probabilistic insights indirectly from the party concerned. This may not be useful until the key aspect of validation is clearer, but it could work if thought out well.


Regulator 1 versus Regulator 2 Trust-based Engagement

In case (3), regulators and their counterparts in other countries, sometimes due to sovereign interests or national security or secrecy concerns may suffer from a deadlock to engage and share relevant knowledge. In that case, to address the deadlock, cooperative Zero Knowledge Protocols may be created to generate trust-based engagement to break the deadlock. Here, probability may help regulators making decisions and encompassing their own approaches to take things forward or still.


Another aspect of using ZKP could be to encapsulate trust as a "channel" of engagement on certain critical issues, like nuclear deterrence and others. It is proposed that in a multi-polar world, where trust, metadata, knowledge and information can easily be weaponised, instead of being utterly protectionist or hawkish, governments may develop a "language" of zero knowledge-based engagement in certain affairs. ZKP could also be workable in the case of "AI Diplomacy". Interestingly, Corneliu Bjola had written on Diplomacy in the Age of Artificial Intelligence for the UAE's Emirates Diplomatic Academy.

Corneliu Bjola, Diplomacy in the Age of Artificial Intelligence (2020)

The diagram above from Bjola's paper on AI and Diplomacy clearly explains how structured and unstructured decisions may be logically dealt with. Here, ZKP can help a lot to designate what Zero Knowledge Proofs are designed, and how in a vertical / oblique hierarchy, they are established within a government functionary. This can also be understood from Figure 8, referring to the Social Informatics of Knowledge Embodiment.


Courtesy: Corneliu Bjola, Diplomacy in the Age of Artificial Intelligence (2020)

The hierarchy decided to designate an AI Robotic System is interesting. It starts from being a cooperator, until coopetition becomes a reality. Since the knowledge required at multiple levels, differs with purpose and human cognition is extended even at the top level, ZKP may be useful to create indispensable connectivity between kinds of knowledge, their sharing and evaluation-related viabilities. Here is an interesting diagram from Zoravar Daulet Singh's Power and Diplomacy: India’s Foreign Policies during the Cold War (2018), which can also be taken for reference to see where ZKP can be pushed through.


Power and Diplomacy: India’s Foreign Policies during the Cold War

If we compare the diagrams in Bjola's paper, the use of ZKP could be applied, to mitigate lack of coherence amidst behaviour patterns, which are congruent, consistent yet unlikely and incongruent that affect decision-making. Validation matters, so building alternative correlations among the kinds of behaviours could be possible.


The Web2-to-Web3 (2to3) Transition through Law 2.0

Achieving and contributing the Web2 to Web3 transition in systems and ethics, within the framework of Law 2.0 could be an interesting and pertinent proposition, if we can use Zero Knowledge Systems for the same purpose. For closed systems, as the case with Cloudfare was explained, verification could be considered when the key information required is embedded in the closed systems and institutions. For open systems, for example, a digital public square, convergences can be achieved by technological hedging. Legal systems have to recognise the ontological and practical purpose of these multiple horizontal-level efforts and recognise their value. Now, Law 2.0 implies a harmonious and naturalised integration of technologies into the legal fiction. The impact of such integration could be positive as governance priorities may shape up quite suitably. Balaji Srinivasan's The Network State (2022) discusses the concept of Network State in that aspect, quite clearly.


Zero Knowledge and Soft Law

When it comes to Soft Law, Zero Knowledge Systems can easily be integrated, due to the nature of Law 3.0 as a proposed field. Validation can be achieved among self-regulating companies which can be then addressed by the government at a centralised level. From a theory point-of-view, ZKP may not be needed to achieve complete decentralisation, since centralisation is a part of governance considerations. Now, let us estimate where such validation-requiring Zero Knowledge Proofs can be used. For starters, ZKP can be easily used to build peer-to-peer self-regulating standards. Taking cue from Law 2.0 on Regulator's levels of engagement, while certain critical information is not visible or disclosed, the Protocols can be established to analyse the horizontal-level impact of the self-regulating standards already proposed by the government. Since the legal interpretation exists, ZKP enables to provide peer-to-peer company-related insights, through probability. Obviously, not all standards can be enforced directly and making interpretation complicated by not having an informed or optimised legislative intent can be mitigated, from a procedural aspect. Another use of ZKP could be possible in the fintech industry to avoid predatory retail and credit loan offers from being recommended, which depends on the Central Bank (in India's case, the RBI).



Unbundling Policy Dynamics with Zero Knowledge


Now, as compared to law, policy dynamics are amorphous in nature. In addition, while policy dynamics are intersectional to multiple domains, related or unrelated, political consensus & motivation shape political trust. Zero Knowledge Systems can be used to generate policy innovations beyond governance mechanisms and digital public infrastructure. Let us then address political trust quickly.


In politics, people-to-government engagement is a generic aspect of building trust. Political trust can also be built by endorsing public-private partnerships and cooperative societies, since the commercial focus may crystallise the avenues of political consensus. Then, substantive propositions and solutions can also germinate trust. Since interconnectedness is a tangible element of Web2 technologies and their necessities, ZKP can be used to protect that interconnectedness or interoperability, whichever the objective deems fit. The reason is that interoperability may not imply absolute cohesion of data and information, while interconnectedness implies that a mesh of counter-dependencies or codependency exists. We can see this aspect behind the proposition of zero-knowledge taxes made by Matthew Niemerg for Yahoo Finance:

“Zero-knowledge taxes” describes a situation in which taxes can be filed and verified with zero-knowledge proofs. This could operate through a trusted, third party application that analyzes a user’s wallets and calculates taxable events, resulting in a net summary of the individual’s taxes for the year. That summary tax payment, along with the proof itself, is submitted to the regulating entity, which can verify through the proof that the tax summary is accurate without needing to see every transaction leading up to the summary.

Although there are multiple issues and risks with the model because while privacy matters, you can read Sanad Arora's article on Central Bank Digital Currencies to understand where do the privacy concerns lie and can be managed. Another example of applying Zero Knowledge Proofs in policy could be protecting information to promote nuclear disarmament talks.

To avoid revealing information about the composition and configuration of the cubes, bubbles created in this manner were added to those already preloaded into the detectors. The preload was designed so that if a valid object were presented, the sum of the preload and the signal detected with the object present would equal the count produced by firing neutrons directly into the detectors – with no object in front of them. The experiment found that the count for the “true” pattern equaled the sum of the preload and the object when neutrons were beamed with nothing in front of them, while the count for the significantly different “false” arrangements clearly did not.

Conclusion

This article consists of propositions, which are theoretical. The reason is that Zero Knowledge Systems require more testing in real life, from a case-to-case perspective. At least through the efforts of this article, we can think and revisit our approaches to decentralising and centralising digital governance. Comments and counterpoints will be appreciated.







Comments