A music service based on zero-knowledge proofs

When a technology is new, it allows us to imagine all kinds of utopias. It also means we often don’t quite understand it yet. While I try to explain a little how zero-knowledge proofs work, I’ll also compose a utopia that will make even the most ardent Equitable Remuneration supporter come running for this utopian door.

Zero-knowledge, the shortest history

Zero-knowledge protocols are techniques that we can use to verify a message, ownership, data, etc. without revealing any residual data outside of that verification. In other words, one person, or computing system, convinces another person, or computing system, that what they say, or transmit, is true. One entity convinces another entity instead of sharing actual data in what can almost be thought of as a game. Take the Ali Baba and the cave explanation which showcases how the Prover can prove without revealing the secret and the verifier can trust through a simulation by prior agreement. The ‘zero-knowledge’ stems from the part where the secret isn’t revealed but the verification takes place nonetheless. Or take the ‘hats’ solution, which helps to explain how each question that has a yes/no answer can be brought back to a ‘graph three-coloring’ problem.

Each connector never attached to the same color on both ends
The solution is a secret
The verifier randomly selects one connector in each round of the game

This example comes from cryptographer Matthew Green who, in 2014, wrote a non-mathematical explanation of zero-knowledge proofs. In the end, the ‘game’ has to be played until the verifier is satisfied that the prover isn’t lying, or actually has the knowledge they claim to have. You can play around with this as the verifier in this interactive demonstration.

Privacy

If we think about our personal data and how it’s shared on the internet this can begin to have real-world impact. Instead of actually entering your password somewhere you prove you can enter without revealing information. This is where zero-knowledge protocols first played out. Instead of typing a combination of letters, numbers and symbols, you convince the other that you know the password without typing it. This sounds abstract, so let’s try to make it less abstract. Zero-knowledge protocols are cryptographic and we can turn to a paper called Applied Kid Cryptography, from 1999. In it, the authors take two kids playing Where’s Waldo where one, Alice, sees Waldo before Bob, the other. Alice then has to prove to Bob that she knows where Waldo is without showing him where he actually is. Their solution is to take a big piece of cardboard, much larger than the board, and to let Alice cut out where Waldo is when it covers the page. Then, Alice lets Bob look and he sees Waldo, but nothing else of the drawing. The secret of where Waldo is on the picture isn’t given, but Alice does show Waldo. In a very simplified way, this is what happens when two computers or programs ‘talk’ to each other in a zero-knowledge protocol. Anything more complicated than this example will require more than one verification to prove something to the verifier. So instead of entering a password zero-knowledge protocols simply rely on very different verification processes.

That utopian music service

There’s some real-world practices surrounding zero-knowledge protocols. Packy McCormick and Jill Carson wrote about a few applications, specifically within blockchain tech, but also for cloud infrastructure. For blockchains, zero-knowledge protocols can lead to a drastic drop in computing power for each new transaction.

“Rather than verify the whole ledger, now you can just verify the proof. That proof will never be more than the size of a few tweets, meaning it can be done by anyone — even from a cell phone at your parents’ house.”

Packy McCormick & Jill Carson

Running with this idea of just needing to verify the proof we can make the move towards my music service utopia. It starts with all music stored within the cloud and accessible for everyone. So far, not so different from any streaming service we have today. However, plays are tracked by zero-knowledge protocols and attributed to the rightsholders directly within the same verification process. There’s no need for any intermediaries, so all rightsholders are always the artists involved. They all link up directly with the cloud to provide their music and they prove they’re the creator of said music through zero-knowledge protocols. No sensitive data exchanges hands and nobody gains access to even the metadata attached to the music.

Of course, the metadata is available to the listener, yet their transaction to gain access to the music remains anonymous. Through the music service they pay directly to the artist(s) they listen to and this payment isn’t part of a subscription but represents the value the listener places on the music at that time. It is, again, a zero-knowledge protocol, that determines this value. The artist or band can set the amount they want to receive for a play or a purchase and the listener can prove they want to pay this before they gain access. Conversely, any fan who wants to join to a community around their favorite artist can gain access by proving – convincing a verifier of – any numbers of things. From direct monetary contribution to the possession of social tokens to something as simple as knowledge about the artist or band.

In other words, a music industry built upon zero-knowledge protocols can become the most direct artist-to-fan and fan-to-artist service imaginable. It has the potential to cut out everything that potentially stands between those two. No more labels, no more collective rights organizations, only interactions verified and proved to convince both fan and artist they should connect.