Ali Baba's Cave

What just happened?

Peggy convinced Victor she knows the secret word to open a magic door inside a circular cave — without ever telling him what it is. Victor stands at the entrance, Peggy walks in and takes a random path (A or B) to the door at the back. Victor then shouts which side he wants her to come out from. If she knows the secret, she can always open the door and exit from whichever side he asks. If she doesn't know it, she's stuck on the wrong side half the time.

How this maps to zero-knowledge proofs

Completeness: If Peggy really knows the secret, she can always satisfy Victor's challenge. She never fails.

Soundness: If Peggy is faking, she has a 50% chance of getting lucky each round. After N rounds, the probability of faking all of them is (1/2)^N. After 7 rounds, that's less than 1%. After 20, it's about one in a million.

Zero-knowledge: Victor learns nothing about the secret itself. He only sees Peggy enter and exit. Even if he recorded every round on video, the recording wouldn't convince anyone else — Victor could have faked it by colluding with Peggy on which side to call.

Why repeated rounds matter

A single successful round doesn't mean much — a faker gets lucky half the time. But each passed round halves the probability of faking. The confidence grows as 1 − (1/2)^N. This exponential growth is why you don't need many rounds: 10 rounds gives 99.9% confidence, 20 rounds gives 99.9999%.

Where this shows up

The cave is a toy example, but the same structure appears in real protocols. zkSNARKs and zkSTARKs let you prove you executed a computation correctly without revealing the inputs. ZK-rollups use this to batch thousands of transactions off-chain and post a single proof on-chain. Authentication systems can verify you know a password without the server ever seeing it. The core idea — proving knowledge without revealing it — shows up everywhere once you start looking.