More details of the new paradigm for identity verification based on the @zkPass Protocol.
A thread🧵TL;DR
A thread🧵TL;DR
[1/9]
Roles Definition
Prover[P] is the party that has to prove his/her identity. (e.g. individuals)
Verifier[V] is the party that has to verify the identity of P. (e.g. businesses)
Server[S] is the trusted data source eligible to verify the identity of P. (e.g. passport issuer)
Roles Definition
Prover[P] is the party that has to prove his/her identity. (e.g. individuals)
Verifier[V] is the party that has to verify the identity of P. (e.g. businesses)
Server[S] is the trusted data source eligible to verify the identity of P. (e.g. passport issuer)
[2/9]
Traditional Process
P submits the personal data to V, and V checks it through a centralized database of S.
P→V→S
The biggest problem in this structure is that V knows everything, your ID number, physical address, nationality, etc. Your privacy is NOT under your control.
Traditional Process
P submits the personal data to V, and V checks it through a centralized database of S.
P→V→S
The biggest problem in this structure is that V knows everything, your ID number, physical address, nationality, etc. Your privacy is NOT under your control.
[3/9]
A Privacy-preserving Structure
(V←P)→S
We remove V as a data broker to prevent data breaches. On the zkPass protocol, P and V will work together as a client to communicate with S(three-party handshake). Then P generates a ZKP on the local client to prove the attributes.
A Privacy-preserving Structure
(V←P)→S
We remove V as a data broker to prevent data breaches. On the zkPass protocol, P and V will work together as a client to communicate with S(three-party handshake). Then P generates a ZKP on the local client to prove the attributes.
[4/9]
However, we need to address several technical challenges to achieve the following features:
Three-party Handshake✅
Data Correctness✅
Anti-Cheating✅
Privacy-Preserving✅
However, we need to address several technical challenges to achieve the following features:
Three-party Handshake✅
Data Correctness✅
Anti-Cheating✅
Privacy-Preserving✅
[5/9]
Three-party Handshake✅
The standard TLS protocol works for two-party communication(we access data on any 'HTTPS' site).
We rebuild it as a three-party protocol based on the Elliptic-curve DH(Diffie–Hellman) protocol, combined with MPC & OT (Oblivious Transfer) Protocol.
Three-party Handshake✅
The standard TLS protocol works for two-party communication(we access data on any 'HTTPS' site).
We rebuild it as a three-party protocol based on the Elliptic-curve DH(Diffie–Hellman) protocol, combined with MPC & OT (Oblivious Transfer) Protocol.
[6/9]
Data Correctness✅
In performing multi-party computation, the certificate is used to identify whether the trusted data source is the same as the website specified in the smart contract created by the Verifier, which prevents phishing sites or forged sites.
Data Correctness✅
In performing multi-party computation, the certificate is used to identify whether the trusted data source is the same as the website specified in the smart contract created by the Verifier, which prevents phishing sites or forged sites.
[7/9]
Anti-cheating✅
After the three-party handshakes process, the mac_key will be slipped into different shares held by P and V respectively. If the data is tampered with, the integrity check of the message data will be rejected, so P and V will not be able to forge the data.
Anti-cheating✅
After the three-party handshakes process, the mac_key will be slipped into different shares held by P and V respectively. If the data is tampered with, the integrity check of the message data will be rejected, so P and V will not be able to forge the data.
[8/9]
Privacy-Preserving✅
1⃣The enc_key is only held by P.
2⃣P will generate a ZKP of the responses returned according to the assertions specified in the smart contracts, which V uses as proof of whether P conforms to the attributes without revealing the specific data.
Privacy-Preserving✅
1⃣The enc_key is only held by P.
2⃣P will generate a ZKP of the responses returned according to the assertions specified in the smart contracts, which V uses as proof of whether P conforms to the attributes without revealing the specific data.
[9/9]
#Web3 has changed the way people interact with the Internet. @zkPass is dedicated to changing the way people verify their identities.
We've talked a lot about #PrivacyMatters. Will talk more about MPC and ZKP in the following tweets.
#Web3 has changed the way people interact with the Internet. @zkPass is dedicated to changing the way people verify their identities.
We've talked a lot about #PrivacyMatters. Will talk more about MPC and ZKP in the following tweets.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
