Zero-Knowledge Proofs
How to Prove You Know a Secret Without Revealing It
There is a way to convince someone you know a password without ever telling them what it is — and it works mathematically, not on trust.
The Idea
Most of what we call 'verification' is actually disclosure. You prove your age by showing your birthdate. You prove your income by handing over documents. You prove you know a password by sending the password. The thing being proven and the evidence for it are, in almost every case, the same thing — which means every act of verification leaks information. Zero-knowledge proofs break this assumption entirely. They are a cryptographic method that allows one party (the prover) to convince another party (the verifier) that a statement is true, without revealing anything beyond the truth of that statement itself. Not how it's true. Not any underlying data. Just: yes, this checks out. The concept emerged from a landmark 1985 paper by Shafi Goldwasser, Silvio Micali, and Charles Rackoff. Their insight was counterintuitive: information and proof can be separated. A proof doesn't have to contain the thing it's proving. For a zero-knowledge proof to be valid, it must satisfy three properties. It must be complete — if the statement is true, an honest prover can always convince the verifier. It must be sound — a dishonest prover cannot fake a valid proof. And it must be zero-knowledge — the verifier learns nothing except that the statement is true. What's remarkable is that this isn't a philosophical sleight of hand. It's mathematics. The verifier can be fully, cryptographically certain of the answer without receiving any data they could misuse.
In the World
The classic illustration is the Ali Baba cave — a thought experiment where a circular cave has a single door in the middle requiring a secret passphrase. A prover claims to know the passphrase. Rather than saying it aloud, they enter the cave from one side while the verifier waits at the entrance. The verifier then shouts which side they want the prover to exit from. If the prover actually knows the passphrase, they can always emerge from the correct side — by either walking back or unlocking the door. If they don't know it, they can only guess correctly half the time. Repeat this enough times, and the probability of consistent lucky guessing drops to near zero. The verifier becomes certain. The passphrase was never spoken. This stops being a thought experiment when you look at how Zcash, a privacy-focused cryptocurrency, uses a variant called zk-SNARKs. When you send a transaction on Zcash, the network needs to verify that you actually have the funds and aren't double-spending — without revealing your balance, your identity, or the transaction amount. A zero-knowledge proof does exactly this: the network confirms the transaction is valid while learning nothing else. More recently, zero-knowledge proofs have entered the identity space. The startup Worldcoin — founded by Sam Altman among others — uses them so that users can prove they have a unique, verified human iris scan without the verification system ever storing or seeing the scan itself. Whether you trust the project or not, the cryptographic mechanism is doing something genuinely novel: proving humanity without proving identity.
Why It Matters
The reason this is worth carrying around in your mind is that it reframes a problem most people assume is unsolvable: how do you establish trust without surrendering privacy? We've been trained to think of these as opposites. To be verified, you must be exposed. To be trusted, you must be transparent. Zero-knowledge proofs suggest that this trade-off is not fundamental — it's just a limitation of the tools we've been using. As digital identity becomes more consequential — for voting systems, healthcare access, financial services, border control — the question of what information must flow in order to verify a claim becomes a question with serious stakes. Right now, systems are built around collecting more than they need, because that's the easiest way to be sure. Zero-knowledge proofs offer a different architecture: prove only what is necessary, retain nothing else. This matters even if you never write a line of cryptography. The next time you're asked to provide more information than a system logically needs — your full birthdate when only your age matters, your entire address when only your city is relevant — you're experiencing the gap that this technology exists to close.
A Question to Ponder
If it became technically possible to verify almost anything without disclosing the underlying data, which institutions or systems would resist adopting it — and why?
Get a new one of these every morning.
Start learning with Thinkable