In today’s digital era, ensuring data privacy during verification is pivotal for building user trust and meeting regulatory standards. Platforms like zkPass emphasize this to foster a secure and trustworthy digital environment.

Motivated by the vision of a “Decentralized Society” and the transformative potential of Web3, the tech community identified a pressing need for an infrastructure that could securely verify private data without compromising individual privacy.

This realization led to the conceptualization of solutions that prioritize user control over their data, fostering secure and trustworthy digital interactions.

Future of Digital Verification and Data Privacy

zkPass is a key digital verification protocol that addresses data privacy and security challenges, offering a privacy-centric method for private data validation.

It is built on the foundation of Multi-Party Computation (MPC), Zero-Knowledge Proofs (ZKP), and three-party Transport Layer Security (3P-TLS). zkPass provides TransGate, which enables users to selectively and privately validate their data on any HTTPS website to the web3 world.

The brilliance of zkPass lies in its ability to let users validate a plethora of data types on any HTTPS website, seamlessly connecting the traditional web with the decentralized web3 framework.

This means that whether you’re confirming your legal identity, financial history, or educational credentials, zkPass facilitates this without the need to disclose the actual data.

In conventional data validation frameworks, the Prover submits data to the Verifier, who then collaborates with the DataSource for authentication. This model inherently has vulnerabilities: the Prover risks overexposure, the DataSource, despite being a trusted entity, lacks the capability for granular verification, and the Verifier, having unrestricted access, poses data leakage threats.

zkPass introduces a paradigm shift in this architecture. Instead of the traditional flow, zkPass enables the Prover to interact directly with the DataSource using a specific access token. The Prover then generates a Zero-Knowledge Proof (ZKP) for the Verifier’s assessment, ensuring data confidentiality.

This streamlined process, devoid of unnecessary data exposure, is facilitated by integrating advanced technologies: 3P-TLS for secure data transmission, MPC for collaborative computations without revealing individual inputs, and IZK(Interactive Zero-Knowledge) for efficient zero-knowledge proof generation.

Architecture is designed to eliminate third-party intermediaries, ensuring that verification processes are not only secure but also devoid of potential data misuse.

By redefining the standards of digital verification, zkPass offers a solution that is both robust in its technical foundation and user-centric in its approach.

3P-TLS

Transport Layer Security (TLS) is one of the most widely used protocols for secure communication over the Internet. It encrypts data from plaintext to ciphertext and vice versa, providing data security and privacy by encrypting traffic to prevent sensitive data from being leaked by third parties.

The process consists of two sub-protocols: handshake and record layer. The goal of the first sub-protocol is to negotiate a secure key between two endpoints, while the second uses the agreed key to protect communication.

One of the key features of zkPass is its ability to allow users to prove their private data without uploading any personal privacy details. This is achieved by redesigning the standard TLS protocol into a 3-party TLS protocol.

zkPass has engineered the 3P-TLS protocol utilizing the elliptic curve Diffie-Hellman (DH) mechanism, integrating it with Multi-Party Computation (MPC) and Oblivious Transfer (OT) techniques to prevent cheating.

This approach ensures that only the user can decrypt the data, and the MPC nodes can verify that the user cannot tamper with the data.

In essence, zkPass leverages 3P-TLS to ensure the provenance of private data, making it compatible with any HTTPS websites without requiring any API or license.

It also ensures data integrity, authenticity, and validity by dividing the Session Key to verify the data, preventing malicious activities like identity theft and data tampering.

Multi-Party Computation (MPC)

Multi-Party Computation (MPC), sometimes referred to as Secure Multi-Party Computation (SMPC), is a cryptographic technique designed to protect digital assets or safeguard information cryptographically.

With the rise of digital solutions, MPC has gained significant attention due to its potential in ensuring data privacy and security.

MPC allows multiple parties, each holding fragments of private data, to collaboratively compute a specific result using MPC-based algorithms.

This computation is achieved without revealing the nature or content of their individual inputs or any other secret information related to the process.

Essentially, MPC enables entities to collaborate and derive a result without exposing their individual data.

How Does MPC Work?

MPC operates on two primary requirements:

• Integrity: If participants deviate from the protocol or reveal their secret information, the MPC protocol ensures that dishonest participants cannot force honest parties to disclose their confidential information or influence the computation’s outcome.
• Privacy: The execution of the protocol does not allow any party to deduce another party’s secret information. The result of the computation remains oblivious to the private data held by the participants.

To illustrate, consider a scenario where multiple entities possess pieces of information.

When combined, this information can reveal a secret or approve a transaction. MPC ensures that this combination is achieved without disclosing details about each entity’s individual data.

MPC provides a robust framework for secure data collaboration. Users can engage in joint computations, validate transactions, or verify credentials without revealing their individual data.

This ensures that while zkPass can authenticate and process user requests, the underlying data remains concealed, offering both security and privacy.

Zero-Knowledge Proof

Zero-Knowledge Proof (ZKP) is a cryptographic protocol that ensures data privacy and security.

The essence of ZKP is that it allows one party (the prover) to prove to another party (the verifier) that a specific statement is true without revealing any information other than the veracity of the statement.

How Does It Work?

ZKP operates on three foundational criteria:

• Completeness: If the statement is true and both the prover and verifier act honestly, the proof will always be accepted.
• Soundness: A dishonest prover cannot trick an honest verifier into accepting a false statement.
• Zero-Knowledge: The verifier gains no knowledge about the statement other than its truth or falsity.

In essence, a ZKP consists of three stages: witness, challenge, and response.

The “witness” is the secret information the prover wants to prove they possess. The “challenge” is a question posed by the verifier, and the “response” is the answer provided by the prover.

This interaction is repeated multiple times until the verifier is convinced of the prover’s knowledge.

ZKP offers a robust mechanism for secure authentication. Instead of traditional methods where users might have to reveal sensitive information for verification, with ZKP, the system can confirm the authenticity of a user’s data without ever seeing or storing the actual data.

This not only enhances security but also ensures data privacy, a paramount concern in today’s digital age.

Over the years, ZKP has evolved, giving rise to non-interactive zero-knowledge proofs where the prover and verifier don’t need multiple interactions.

This advancement has made ZKPs more efficient and versatile, paving the way for their integration into various real-world applications, including zkPass.

Closing Note

The realms of Multi-Party Computation (MPC) and Zero-Knowledge (ZK) technologies are in a state of dynamic progression. Every year witnesses groundbreaking innovations that redefine the landscape. In zkPass’s commitment to perpetually refine its protocol, it is diligently monitoring the latest technological breakthroughs.