Last year my wife and I suspected we might have gotten each other the same Christmas gift, but didn’t want to spoil the surprise in case we didn’t. So we compared SHA256 hashes... and sure enough they both came out cb17007d (theragun)
But it isn't zero-knowledge. If it was zero-knowledge, you would be able to know what you had the same gift/crush, but it would be impossible to prove to someone else.
Mere hashing doesn't do that. For the crush example (This site), your crush could show everyone the link and their name. For that matter, someone could enter the names of everyone you knew in turn, until you were outed.
Non interactive zero knowledge allows one proof to be checked by many verifiers. I think folks would still consider that to be a zero knowledge proof no?
That said, yeah this hashing example is not zero knowledge because, among other things, the hash is not hiding.
It's been a while since I read about zero-knowledge proofs, so I wasn't aware of the non-interactive kind. But I read up on them, and as I understand, you have to pre-commit to a finite set of participants in the protocol who can verify that you have the proof.
Which makes sense: If the evidence (that you have a mathematical proof) could be convincingly shared with absolutely everyone, it wouldn't be zero-knowledge any longer. The whole point of zero-knowledge proof is that the evidence is only useful for the recipient(s).
My favorite analogy is someone has a Wheres Waldo photo. They can prove to you they know where Waldo is by getting a piece of paper (the size of the photo) with a cut out around Waldo. When they hold it up and show you Waldo through the cutout you have zero knowledge about his location.
If the mask paper is the same size as the waldo photo, one can trivially tell where waldo is by just looking at the location of the cutout
I think for this to work, the piece of paper with the cutout must be much larger than the full waldo photo. The actual cutout would always be in the center of this mask paper. Then the waldo photo can be moved around behind this mask.
But then you cannot prove anymore that you know where Waldo is, no?
Previously, the proof relied on the alignment between the picture and mask being constant, but this is no longer the case. Now wherever Waldo actually is, every mask fits since you can just freely move around the picture.
To align the cutout with Waldo, you need to know where he is. Since the entire picture would be hidden behind the mask, the other person won't know where in the picture that location is, but by aligning the mask cutout you can prove _your_ knowledge about Waldo's location.
As the sibling comment says, neither gp comment nor this post are zero-knowledge.
But in addition to the definition given in sibling comment, here's another necessary condition of a zero-knowledge proof: it must be possible to forge transcripts (i.e., one party writing both sides of the interaction) of a zk proof even without possessing the secret.
There are a couple of science and science fiction authors that started posting hashes or signatures for their predictions for the future, and then post it after events played out.
I think the idea is that unlike pundits predicting the future, you don't want your particularly clever friend speculating out loud ten minutes into the suspense movie what they think is going on because they either guess the ending, or their guess makes you figure out the ending, and then it's 70 minutes of sitting there reading all of the other foreshadowing and not getting to enjoy any of it.
Yeah I'm not sure what's the best protocol that's actually zero-knowledge here, but since we both trusted each other to only want to find out whether or not our gifts were the same, and otherwise to not spoil the surprise, this did the job.
You could just write a script that lets you write an input and your spouse writes an input and then compares the two inputs without showing them - no need for hashing at all.
Sure, but the example is contrived, as it serves to illustrate the point in an easily digestible (heh) way. In real world applications, both the possible messages and the possible hashes would be way too large to brute force.
We both hashed "theragun" in all lowercase. We actually bought each other two different models of Theragun but it was pretty natural to refer to them with that string.
