zkPass Protocol

[0406Antoxa1982]

A Technical Overview of zkPass Protocol

zkPass, a privacy-preserving protocol for private data verification. It is built on the foundation of Multi-Party Computation (MPC), Zero-Knowledge Proofs (ZKP), and three-party Transport Layer Security (3P-TLS). zkPass provides TransGate, which enables users to selectively and privately validate their data on any HTTPS website to the web3 world.

It can cover various data types such as legal identity, financial records, healthcare information, social interactions, work experience, education and skill certifications, etc. All these types of verifications can be done securely and privately without the need to disclose or upload any sensitive personal data to third parties.

zkPass can be readily incorporated into multiple application scenarios, including composable decentralized identity passes, DeFi lending protocols relying on off-chain credit, privacy-ensured healthcare data marketplaces, and dating apps featuring verifiable zkSBTs, etc. Wherever there is a need for trust and privacy, zkPass can provide a solution.

Users control the private Data without leaking sensitive personal information, avoiding unpredictable potential criminal convictions and offenses.

This post gives an overview of zkPass Protocol’s overall architecture and how it works.

Symbols and Definitions

P: Prover (Individuals)

V: Verifier (Business)

S: TLS server

Q: P-initiated query

R: Data replied by S

enc_key: The key of the encrypted data in TLS

mac_key: The MAC key in TLS

t: Digest

Overview Solutions

In the traditional data validation and confirmation process, the Prover submits their information to the Verifier. The Verifier retrieves this data and performs authentication checks in collaboration with the DataSource. Thus, the Verifier serves merely as an intermediary or broker in this model.

Each party faces unique challenges in this scenario: for the Prover, there’s a risk of disclosing excessive personal information; for the DataSource, while it’s a trusted data provider, it’s incapable of offering personalized verification services; and for the Verifier, they’re privy to all the customers’ private data, gaining total access, which presents significant potential risks of data leakage.

We propose a new approach that repositions these three entities, positioning the Prover between the Verifier and the DataSource. Rather than the traditional method, the Prover uses their access token to directly locate and retrieve their data from the DataSource, subsequently generating a Zero-Knowledge Proof (ZKP) for the Verifier to check. This process ensures the Verifier remains unaware of the Prover’s personal information.

In order to implement this structure, we incorporate 3P-TLS, MPC, and IZK technologies.

3P-TLS

Transport Layer Security (TLS) is the secure protocol for HTTPS, supported by almost all Data-Sources. It is a two-party protocol designed for a client/server structure. We have built the 3P-TLS protocol based on the elliptic curve DH protocol and combined it with MPC and Oblivious Transfer (OT) to prevent cheating.

MPC

One challenge we face is that the Prover may forge proof information provided by the DataSource to deceive the Verifier. The solution to this problem is through MPC, where both the Prover and the Verifier hold half of a session MAC key, which is a data integrity key used to maintain data integrity. Since the Prover cannot forge or tamper with information responses provided by the DataSource, it cannot deceive the Verifier. MPC can also prevent the Verifier from knowing any private information about the Prover. During the MPC handshake, there is no encryption key (data confidentiality key) for the Verifier, so it cannot decrypt any data and therefore does not know any private information about the Prover.

IZK

After obtaining information from the DataSource, the Prover needs to prove certain statements of the response in a secure and private manner. We use Zero-Knowledge Proofs (ZKP) to achieve this goal. More specifically, we use interactive commit and prove zero-knowledge proofs (ICP-ZKP) to deal with the large scale of the circuit. The Prover gives the commitment as c = commit(m, r), where m is the message and r is the randomness. Then the Verifier checks that commit(m, r) = c. The commitment does not reveal any information about m, and the Prover can’t find different m’ and r’ (and m’’ and r’’) such that commit(m’, r’) = c and commit(m’’, r’’) = c. During the protocol, the Prover needs to commit its private witness, then prove the input wires and the computation of each gate one by one, and continue to commit the output wires until the final one.

Future Direction

The fields of MPC and ZK related technologies are constantly evolving, with significant advancements being made each year. To ensure the continuous optimization of the zkPass protocol, we are actively staying abreast of the latest technologies. Here are some noteworthy references that we are considering: [FNO14], [NNOB11], [HK20], [HYDK22], [ADST21], [BDOZ10], [FKL+21], [DIO20], [JKO13], [GAZ+21].

OT: Oblivious Transfer

Traditional OT protocols like IKNP/KOS15, which we currently use, require a security parameter (𝑘) bits of communication for each OT. However, we propose building a new maliciously secure OT extension based on VOLE that only needs (log 𝑘) bits. For any (𝑛), this improvement comes at the expense of requiring (2𝑛) times the computation.

GC: Garbled Circuits

Existing GC evaluation methods such as [ZRE14] and [KS08] evaluate GC functions gate-by-gate using encrypted truth tables. The GC evaluator decrypts the corresponding output label based on input labels. However, interactive protocols offer more sophisticated techniques. For example, we can expose a (masked) private value to a party, allowing them to perform local computation and feed the resulting cleartext value back into the MPC.

IZK (Interactive Zero-Knowledge) Protocols

VOLE-based IZK ([WYKW20]/[YSWW21]) suffers from high communication overhead, often linear to the circuit size. We are constructing new ZK protocols with communication sublinear to the circuit size while maintaining a similar level of computational efficiency.


zkPass Official Links:

Website: https://zkpass.org/

Twitter: https://twitter.com/zkPass

Discord: https://discord.gg/zkpass

Medium: https://medium.com/zkPass

GitHub: https://github.com/zkPassOfficial

[0406Antoxa1982]

Introducing zkPass: Privacy-preserving Protocol for Private Data Verification

based on Multi-Party Computation (MPC), Zero-Knowledge Proofs (ZKP), and three-party Transport Layer Security (3P-TLS)



We’re working on an innovative infrastructure to help create a decentralized society. Our solution offers strong privacy protection, verification, compatibility, and anti-cheating features that cater to individuals, businesses, and developers. With zkPass, users can take full control of their private data and interact with the Web3 ecosystem in a secure, efficient, and trustworthy way.

TL;DR

Over the past few months, we have been reviewing various papers and discussing the future of Web3. Inspired by the vision of “Decentralized Society: Finding Web3’s Soul.”(by E. Glen Weyl, Puja Ohlhaver, Vitalik Buterin), we believe an identity infrastructure for a decentralized society is not only possible but necessary.

With this vision in mind, we are reintroducing zkPass, a privacy-preserving protocol for private data verification. It is built on the foundation of Multi-Party Computation (MPC), Zero-Knowledge Proofs (ZKP), and three-party Transport Layer Security (3P-TLS).

In this blog, we’ll give you an overview of the zkPass project, including how it works, its key features, and potential use cases. zkPass has the potential to transform the way we interact with each other, ushering in a new era of trust, privacy, and security.



What zkPass Can do

zkPass provides TransGate, which enables users to selectively and privately validate their data on any HTTPS website to the web3 world. It can cover various data types such as legal identity, financial records, healthcare information, social interactions, work experience, education and skill certifications, etc. All these types of verifications can be done securely and privately without the need to disclose or upload any sensitive personal data to third parties.

zkPass can be readily incorporated into multiple application scenarios, including composable decentralized identity passes, DeFi lending protocols relying on off-chain credit, privacy-ensured healthcare data marketplaces, and dating apps featuring verifiable zkSBTs, etc. Wherever there is a need for trust and privacy, zkPass can provide a solution.

Key Technologies

MPC (Multi-Party Computation)

MPC enables multiple participants to participate jointly in computation without compromising their privacy and reveals the result to one or all participants. This is mainly accomplished using Yao’s Garbled Circuits and Oblivious Transfer protocol. Furthermore, we’re leveraging the latest research papers to optimize the efficiency of MPC, such as “Half Gate,” “Silent OT,” and “Vector-OLE.”

ZKP (Zero Knowledge Proof)

In Non-interactive Zero-Knowledge (NIZK) Proof systems, such as zk-SNARK and zk-STARK, computations are represented as circuits, and the gate constraints within the circuit are depicted as a set of polynomials. If a computation requires multiple circuits, all these circuits need to be amalgamated into a single, large circuit that is then submitted. Despite the trust assumptions associated with this approach, it necessitates a very large memory space which is typically not feasible within browser environments.
To tackle the issue, we employ VOLE (Vector Oblivious Linear Evaluation)-based IZKP. Its linear nature allows us to submit circuits individually, effectively balancing memory size. Moreover, IZKP doesn’t require a trusted setup, thereby enabling the generation of zero-knowledge proofs in a browser environment.

TLS: Transport Layer Security

TLS is one of the most widely used protocols for secure communication over the Internet. It encrypts data from plaintext to ciphertext and vice versa, providing data security and privacy by encrypting traffic to prevent sensitive data from being leaked by third parties. The process consists of two sub-protocols: handshake and record layer. The goal of the first sub-protocol is to negotiate a secure key between two endpoints, while the second uses an agreed key to protect communication.



User Flow



Users (Provers) no longer need to upload documents or share private information with third parties. In the past, uploading passports, driver’s licenses, and education certificates to platforms were standard, but that is no longer necessary.

Users can generate zero-knowledge proofs locally by accessing their accounts in various trusted data sources (e.g., MyGovID in Australia or Singpass in Singapore.) and returning responses from the on-chain smart contract designation. In this process, the MPC node of the zkPass protocol obtains a mac_key share to ensure data integrity, authenticity, and validity. However, the Enc_key is only available to the user from the beginning to the end. This is achieved by redesigning the standard TLS protocol into a 3-party TLS protocol.

This approach ensures that only the user can decrypt the data, and the MPC nodes can verify that the user cannot tamper with the data.

Key Features

1 Privacy-preserving: Prove your private data without uploading any personal privacy details.

2 Verifiable: Re-designed the standard TLS protocol into a three-party TLS to ensure provenance of private data.

3 Compatible: Seamless compatible with any HTTPS websites, no API or license required.

4 Anti-cheating: The decentralized network of MPC nodes divides the Session Key to verify the authenticity, integrity, and validity of the data, prevent malicious activities like identity theft and data tampering.

5 Memory-efficiency: VOLE-based IZK that realizes millisecond-level ZKP generation locally in the browser environment.

Use Cases

zkPass’s versatility makes it suitable for a wide range of industries. Its compatibility with a broad spectrum of data sources, including all Web2 HTTPS websites and Web3 applications, enables seamless integration with existing systems without requiring changes on the data source side. Some of the potential use cases for zkPass include, but are not limited to: zkKYC, healthcare, education, decentralized due diligence, social networking, gaming, finance, and supply chain management.



Online Identity Verification: With zkPass, users can easily verify their identity online without revealing personal information, which can help prevent identity theft and protect privacy.

Social App: With zkPass, users can anonymously prove their age, personal information, and the authenticity of their profiles without revealing sensitive personal data. By using zkSBTs, users can selectively disclose their tokens and specify that only people with certain zkSBTs can send private messages to them, preventing the proliferation of scam messages.

Decentralized Finance: zkPass can be used to verify identities and credentials for DeFi applications, ensuring that only authorized parties have access to sensitive financial data.

Job Applications: zkPass can verify job applicants’ qualifications, education, and experience without revealing personal information.

Online Marketplaces: zkPass can be used to verify the authenticity of sellers & buyers or publishers & applicants on online marketplaces, preventing fraud and abuse.

Summary and Outlook

Imagine a world where your private data no longer has to pass through many data brokers or third parties, but instead is in your own hands. A world where privacy is respected, and data is secure, authentic, and verifiable. This is the world that zkPass is creating.

zkPass is more than just a private data verification tool — it’s an infrastructure for a decentralized society. By utilizing MPC and ZKP technology, zkPass enables users to selectively share their verifiable private data with third parties without revealing sensitive information. Companies and individuals can verify identities and credentials without compromising personal data.

The versatility and compatibility of zkPass make it a valuable tool for a wide range of industries. From financial institutions to healthcare providers, zkPass can be used for secure, privacy-preserving private data verification. Moreover, with its advanced anti-cheating mechanisms, zkPass ensures that private data is tamper-proof and fraud-free.

The future is decentralized, and zkPass is leading the way. With its privacy-preserving technology and secure verification methods, zkPass is creating a world where individuals control their private data, and privacy is respected.


zkPass Official Links:

Website: https://zkpass.org/

Twitter: https://twitter.com/zkPass

Discord: https://discord.gg/zkpass

Medium: https://medium.com/zkPass

GitHub: https://github.com/zkPassOfficial

[0406Antoxa1982]

zkPass Pre-alpha Testnet Opens for Public Testing



Dear Community,

We are excited to announce that our Pre-alpha Testnet is now open for public testing with no more whitelisted access! zkPass is a privacy-preserving protocol for private data verification. It is built on the foundation of Multi-Party Computation (MPC), Zero-Knowledge Proofs (ZKP), and three-party Transport Layer Security (3P-TLS). We believe our innovative approach will revolutionize the way users protect and validate data on a variety of platforms.

We launched TransGate — a gateway empowering users to selectively and privately validate their data from any HTTPS-based website. This encompasses diverse data types, spanning legal identity, financial records, healthcare information, social interactions, work history, education, and skill certifications. zkPass achieves these verifications securely and privately, obviating the necessity to reveal or upload sensitive personal data to third parties.

The Power of Scalability

zkPass can be readily incorporated into multiple application scenarios, including composable decentralized identity passes, DeFi lending protocols based on off-chain credit, privacy-ensured healthcare data marketplaces, and dating apps featuring verifiable zkSBTs, etc. Wherever there is a need for trust and privacy, zkPass can provide a solution.

By employing cryptographic technologies like MPC, ZKP, and others, zkPass enables users to validate their private data through the verification of their HTTPS-based web session — eliminating the need for file uploads or the exposure of sensitive details. For example, through zkPass, Alice can prove:

-  Based on her server response to the Steam/GOG website, she has purchased 10+ games with 100+ hours of gameplay and is not required to disclose any other private information about her account to a third party.

-  Based on her server response with the Harvard Alumni website, she has a Bachelor’s degree and is an alumnus of Harvard University, but does not disclose any of her other superfluous personal data.

-  Based on her server response with the Porsche website, she owns a Porsche, but does not disclose her frame number, purchase order, or other private data.

-  Based on her server response with the bank’s website, she owns assets greater than $100K, but does not disclose any of her specific account assets, transfer records, or other private data.

Use Cases:



-  The Metaverse/GameFi program is looking for gaming ambassadors to participate in a test and offer a reward, and they can easily verify that Alice is their target user.

-  Alice can seamlessly access the Alumni DAO via her zkPass zkSBT while ensuring privacy and trustworthiness.

-  Alice leveraged her RWA ZKPs to establish a reputation for high ratings, which allowed her to access a DeFi lending platform and secure lower mortgage and borrowing rates, ultimately boosting her capital efficiency.

By redesigning the TLS protocol to Three-party TLS, zkPass makes it seamless for any HTTPS-based website to be used as a trusted data source for provenance of zero-knowledge metadata without having to authorize any APIs.

Open Invitation to Shape the Future

zkPass launched its Pre-alpha Testnet in July, receiving an overwhelming response with over 200,000 waitlist signups. Currently, tens of thousands of whitelisted users have already generated more than 100,000 zero-knowledge proofs, each representing their respective private data, identity, or ownership.

User feedback holds immense importance as it helps refine and enhance their solution. The public release of the Pre-alpha Testnet extends a warm invitation to technology enthusiasts, privacy advocates, and individuals who deeply value secure data practices. This invitation aims to shape the future landscape of data privacy alongside zkPass collectively.

Participating in the Pre-alpha Testnet not only grants users early access to an advanced solution but also empowers them to actively contribute towards its improvement. This collaborative effort is a key driver in tailoring zkPass into a privacy-focused protocol that empowers users in an increasingly data-centric world.

How to Get Involved

Getting involved in zkPass’s Pre-alpha Testnet is simple:


1.  Install the TransGate Extension on Chrome Web Store ( https://chrome.google.com/webstore/detail/zkpass-transgate/afkoofjocpbclhnldmmaphappihehpma?utm_source=ext_sidebar&hl )

2.  Visit pre.zkpass.org ( https://www.zkpass.org/home )  and be a part of the Pre-alpha Testnet and experience firsthand the power of private data validation.

3.  Check out more tutorial details on their doc wiki and engage with the zkPass community, share your insights, and be an integral part of shaping this groundbreaking technology.


zkPass Official Links:

Website: https://zkpass.org/

Twitter: https://twitter.com/zkPass

Discord: https://discord.gg/zkpass

Medium: https://medium.com/zkPass

GitHub: https://github.com/zkPassOfficial