It's time to reintroduce the #zkPass, the composable identity protocol leveraging zero-knowledge attestation from Web2/Web3 based on MPC & ZKP.
A thread🧵about how it implements privacy-preserving, verifiable, compatibility, and anti-cheating features.
Web3 identity plays a crucial role in establishing a secure and decentralized online environment.
By utilizing Web3, users can take control of their identities and data, rather than relying on centralized data brokers that may put them at risk of data breaches.
1/14
The current Web3 identity solutions have limitations, including privacy concerns and compatibility issues with existing systems.
Many of these solutions require users to disclose personal information, potentially exposing them to identity theft risks.
2/14
In addition, businesses and individuals require assistance integrating these solutions with their existing Web2 systems.
As a result, there's a pressing need for a Web3 identity solution that is both privacy-preserving and easily integrated. That's where we come into play.
3/14
Let's start with a simple question: How do you prove who you are?
In the past few decades, we've grown accustomed to uploading personal data onto numerous platforms.
Not all these platforms are secure or trustworthy; some may even traffic your data without your knowledge.
4/14
We've implemented a revolutionary verification paradigm.
Users can generate zero-knowledge proofs #ZKP locally for data they have access to (e.g. My GovID in Australia, Singpass in Singapore.) without having to upload their legal identity documents to any 3rd party.
5/14
Not cool enough if we just enable users selectively prove their verifiable data to 3rd parties without uploading any docs.
e.g [Australian, Age>30, Stanford Graduate, Worked at Google] are your statements, but how to ensure the authenticity and validity of data arises?
6/14
To address this concern, we've re-engineered the standard TLS into MPC-TLS to prevent any cheating attempts by the prover.
MPC allows multiple participants to participate jointly in computation without revealing their privacy and the result to one or all participants.
7/14
We primarily employ Yao's Garbled Circuits and Oblivious Transfer protocol.
Furthermore, we're incorporating the most recent research papers to enhance the efficiency of MPC, including "Half gate," "Silent OT," and "Vector-OLE," among others.
8/14
In this process, the MPC node of the zkPass protocol will be assigned a mac_key share to guarantee the data's integrity, authenticity, and validity.
Additionally, the enc_key will remain accessible solely to the user throughout the entire process.
9/14
zkPass integrates seamlessly with all HTTPS sites without requiring them to make any adjustments or provide API licenses.
Provided that users have access to their accounts, they can locally generate dependable ZKPs and are unable to cheat during the MPC process.
10/14
By leveraging these key technologies, we have developed a method of integrating IRL identity data and on-chain data into Web3, resulting in four essential features.
zkPass's versatility allows it to be applied across various industries, making it a valuable solution with numerous potential use cases.
12/14
Some of the applications for zkPass include, but are not limited to, zkKYC, healthcare, education, decentralized due diligence, social networking, gaming, finance, and supply chain management, among others.
The possibilities are extensive.
13/14
What's next:
The zkPass protocol's MVP has been developed, and we plan to release a series of live verification examples in the coming days. Stay tuned!
14/14
The future is decentralized, and zkPass is paving the way. We're building a world where individuals control their data and privacy is respected.
More details of the new paradigm for identity verification based on the @zkPass Protocol.
A thread🧵TL;DR
[1/9]
Roles Definition
Prover[P] is the party that has to prove his/her identity. (e.g. individuals)
Verifier[V] is the party that has to verify the identity of P. (e.g. businesses)
Server[S] is the trusted data source eligible to verify the identity of P. (e.g. passport issuer)
[2/9]
Traditional Process
P submits the personal data to V, and V checks it through a centralized database of S.
P→V→S
The biggest problem in this structure is that V knows everything, your ID number, physical address, nationality, etc. Your privacy is NOT under your control.