zkPass Profile picture
Oct 8 10 tweets 4 min read
More details of the new paradigm for identity verification based on the @zkPass Protocol.

A thread🧵TL;DR Image
[1/9]
Roles Definition
Prover[P] is the party that has to prove his/her identity. (e.g. individuals)
Verifier[V] is the party that has to verify the identity of P. (e.g. businesses)
Server[S] is the trusted data source eligible to verify the identity of P. (e.g. passport issuer)
[2/9]
Traditional Process
P submits the personal data to V, and V checks it through a centralized database of S.

P→V→S
The biggest problem in this structure is that V knows everything, your ID number, physical address, nationality, etc. Your privacy is NOT under your control. Image
[3/9]
A Privacy-preserving Structure
(V←P)→S

We remove V as a data broker to prevent data breaches. On the zkPass protocol, P and V will work together as a client to communicate with S(three-party handshake). Then P generates a ZKP on the local client to prove the attributes. Image
[4/9]
However, we need to address several technical challenges to achieve the following features:

Three-party Handshake✅
Data Correctness✅
Anti-Cheating✅
Privacy-Preserving✅
[5/9]
Three-party Handshake✅
The standard TLS protocol works for two-party communication(we access data on any 'HTTPS' site).

We rebuild it as a three-party protocol based on the Elliptic-curve DH(Diffie–Hellman) protocol, combined with MPC & OT (Oblivious Transfer) Protocol. Image
[6/9]
Data Correctness✅
In performing multi-party computation, the certificate is used to identify whether the trusted data source is the same as the website specified in the smart contract created by the Verifier, which prevents phishing sites or forged sites.
[7/9]
Anti-cheating✅
After the three-party handshakes process, the mac_key will be slipped into different shares held by P and V respectively. If the data is tampered with, the integrity check of the message data will be rejected, so P and V will not be able to forge the data.
[8/9]
Privacy-Preserving✅
1⃣The enc_key is only held by P.
2⃣P will generate a ZKP of the responses returned according to the assertions specified in the smart contracts, which V uses as proof of whether P conforms to the attributes without revealing the specific data. Image
[9/9]
#Web3 has changed the way people interact with the Internet. @zkPass is dedicated to changing the way people verify their identities.

We've talked a lot about #PrivacyMatters. Will talk more about MPC and ZKP in the following tweets.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with zkPass

zkPass Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(