Build fluency in the vocabulary of proving a statement true without ever revealing the secret behind it.
0 / 5 completed
1 / 5
At standup, a dev mentions proving to another party that a statement is true, such as knowing a secret password, without revealing the secret itself or any other information beyond the statement's truth. What is this cryptographic technique called?
A zero-knowledge proof is exactly this: a zero-knowledge proof lets one party prove to another that a statement is true, such as knowing a secret password or satisfying some condition, without revealing the secret itself or any information beyond the bare fact that the statement is true. A hash collision is an unrelated hash-table concept about two keys sharing a bucket. This prove-without-revealing approach is exactly why zero-knowledge proofs let a system verify a claim while keeping the underlying secret completely private.
2 / 5
During a design review, the team uses a zero-knowledge proof to let a user verify they know a password, specifically because proving the statement true without revealing the password itself avoids ever transmitting or storing the actual secret. Which capability does this provide?
A zero-knowledge proof here provides Verification without ever exposing the underlying secret, since the proof convinces the verifier the statement is true while the secret itself never has to be transmitted, stored, or revealed at any point in the exchange. Transmitting the secret directly to the verifier means the secret's confidentiality now depends entirely on the verifier's own security, which is exactly the exposure a zero-knowledge proof avoids. This prove-without-exposing behavior is exactly why zero-knowledge proofs are favored whenever verification is needed but the secret itself must stay private.
3 / 5
In a code review, a dev notices an authentication feature verifies a user knows a secret by having the user send the secret itself over the wire for direct comparison, instead of using a zero-knowledge proof that verifies the claim without ever transmitting the secret. What does this represent?
This is a missed zero-knowledge-proof opportunity, since proving knowledge of the secret without transmitting it would verify the claim just as effectively while never exposing the secret to interception or server-side storage risk. A cache eviction policy is an unrelated concept about discarded cache entries. This transmit-the-secret pattern is exactly the kind of exposure risk a reviewer flags once the secret's confidentiality genuinely matters.
4 / 5
An incident report shows a leaked authentication log exposed users' actual secrets, because the system verified knowledge of a secret by transmitting and logging the secret itself instead of using a zero-knowledge proof. What practice would prevent this?
Switching to a zero-knowledge proof verifies the claim without ever transmitting or logging the underlying secret. Continuing to transmit and log the secret itself for verification regardless of how sensitive the secret actually is is exactly what caused the issue described in this incident. This zero-knowledge approach is the standard fix once a leaked log or interception risk makes transmitting the raw secret unacceptable.
5 / 5
During a PR review, a teammate asks why the team reaches for a zero-knowledge proof instead of simply hashing the secret and comparing hashes, given that hashing already avoids storing the secret in plain text. What is the reasoning?
A zero-knowledge proof lets the verifier confirm the claim is true without the prover ever sending anything derived from the secret over the network during that exchange, while hash comparison still requires transmitting a value tied to the secret and trusting the verifier to store and compare hashes securely. This is exactly why zero-knowledge proofs are chosen for the strongest privacy guarantees, while hashing remains a simpler, widely used baseline for password verification.