apidays Paris 2022 - Why you shouldn't trust me, Keerthana Ganesh (AWS) & Shubham Patil (Natwest Digital Channels)
•
0 likes•3 views
apidays Paris 2022 - APIs the next 10 years: Software, Society, Sovereignty, Sustainability December 14, 15 & 16, 2022 Why you shouldn't trust me Keerthana Ganesh, Solutions Architect at AWS Shubham Patil, Android Developer at Natwest Digital Channels ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/ Deep dive into the API industry with our reports: https://www.apidays.global/industry-reports/ Subscribe to our global newsletter: https://apidays.typeform.com/to/i1MPEW
Recommended
Recommended
More Related Content
Similar to apidays Paris 2022 - Why you shouldn't trust me, Keerthana Ganesh (AWS) & Shubham Patil (Natwest Digital Channels)
Similar to apidays Paris 2022 - Why you shouldn't trust me, Keerthana Ganesh (AWS) & Shubham Patil (Natwest Digital Channels) (20)
More from apidays
More from apidays (20)
Recently uploaded
Recently uploaded (20)
apidays Paris 2022 - Why you shouldn't trust me, Keerthana Ganesh (AWS) & Shubham Patil (Natwest Digital Channels)
- 1. Why You Shouldn’t Trust Me Zero Knowledge proofs for those with Zero Knowledge Keerthana Ganesh and Shubham Patil
- 2. Who are we? An d ro id d e ve lo p e r a t Na twe st Ba n k in Lo n d o n Se c u rity So lu tio n s Arc h ite c t in th e se rvic e s se c to r in th e UK I like le a rn in g a b o u t th e e m e rg in g te c h n o lo g ie s in th e se c u rity sp a c e Sh u b h a m Pa til Ke e rth a n a Ga n e sh
- 3. 2023 SERIES OF EVENT New York May 16&17 Australia October 11&12 Singapore April 12&13 Helsinki & North June 5&6 Paris SEPTEMBER London November 15&16 June 28-30 SILICON VALLEY March 14&15 Dubai & Middle East February 22&23
- 4. ● Data created every day by an average person ≅ 350MB ● Ave ra g e n u m b e r o f p a s s wo rd s p e r p e rs o n in th e d e ve lo p e d wo rld ≅ 100 ● Th e s e p a s s wo rd s a re a ll s to re d s o m e wh e re , e ith e r a s p la in te xt o r a s a h a s h with e n cryp tio n ● Au th e n tica tio n is s im p ly a p ro ce s s o f cro s s re fe re n cin g ● Cre d e n tia ls , n o t p ro o f, a re tra n s m itte d ; m a kin g th e m lia b le to in te rce p tio n ● Se cu rin g APIs b e co m e s a le n g th y p ro ce s s Se c u rity to d a y
- 5. Some form of data has to be tra n sfe rre d , a n d th is is like h a n d in g yo u r ke y to so m e o n e a n d th e y h a ve a c o p y o f th a t ke y wh ic h is c h e c ke d a g a in st yo u rs.
- 6. Issues: Have to trust that the verifier isn’t malicious AND that they c a n b e tru ste d to ke e p th is se c re t se c u re … .we a ll kn o w h o w th a t g o e s. An o th e r issu e is th a t th is c re a te s a n a rm s ra c e - b e tte r e n c ryp tio n le a d s to b la c k h a t h a c ke rs tryin g to fin d b ig g e r e xp lo its wh ic h le a d s to g re a te r se c u rity wh ic h le a d s to g re a te r e xp lo its.
- 8. Proving facts requires only two words: True or False
- 9. Keep your keys on your person In s te a d o f le ttin g a n o th e r p a rty u n lo ck th e lo ck wh ile yo u wa tch , yo u o p e n it in fro n t o f th e m . No le a ka g e o f cre d e n tia ls No n e e d to s to re cre d e n tia ls in a fo rtifie d d a ta -ce n te r.
- 10. How? ● Ma ke ch a lle n g e s INTERACTIVE, n o t ju s t STATIC ● Cre a te a s e cu re e n viro n m e n t ● De fin e wh a t th e m in im u m p ro b a b ility is to b e s a tis fie d
- 11. Enter Z e ro Kn o wle d g e Pro o fs De fin e d in 1985 b y Mica li, Go ld wa s s e r a n d Ra ckh o ff ZKPs e xis t fo r ANY m a th e m a tica l p ro p o s itio n th a t ca n b e p ro ve n tru e o r fa ls e . Ba s ica lly a n y p ro o f ca n b e tu rn e d in to a ZKP
- 12. /*EMPHASIS **ANY mathematical proposition END EMPHASIS*/
- 13. What makes a ZKP a ZKP? 1. Co m p le te n e s s : Is it co n s is te n t? 1. So u n d n e s s : Is it ro b u s t? 1. Ze ro -kn o wle d g e … n e s s (?): Is it ze ro kn o wle d g e ??????
- 14. A few examples
- 15. Example 2: Swapping 2 objects
- 16. Analysis 1. Co m p le te n e s s : If I kn o w th e d iffe re n ce b e twe e n th e o b je cts - I will a lwa ys co n vin ce th e ve rifie r. 1. So u n d n e s s : If I kn o w th e d iffe re n ce , it’s e xtre m e ly u n like ly I’ll co n vin ce a ve rifie r. 1. Ze ro -kn o wle d g e … n e s s (?): No m a tte r h o w m a n y ro u n d s th e ve rifie r a s ks fo r, th e y wo n ’t e ve r g e t a cce s s to th e ke y.
- 17. A real problem that can be solved with ZKPs.
- 18. Interactive vs Non -in te ra c tive In te ra ctive - A co m p u ta tio n h a s to b e p e rfo rm e d b y th e p ro ve r fo r e ve ry ve rifie r. Be s t wh e n p o te n tia l n o o f ve rifie rs is s m a ll. No n -in te ra ctive - Th e ve rifie r ca n d o th e p ro o f th e m s e lve s , n o n e e d fo r p ro ve r to d o a n yth in g . Be s t wh e n th e re m ig h t a lo t o f ve rifie rs th a t n e e d to b e s a tis fie d .
- 19. Use Cases
- 20. The killer app - Se cu re Mu lti-Pa rty Co m p u ta tio n ● ZKPs , in e s s e n ce , a re ju s t p ro o fs o f co m p u ta tio n . ● In a d d itio n to p ro vin g kn o wle d g e , we ca n p ro ve th a t we p e rfo rm e d s o m e th in g h o n e s tly. ● Allo ws fo r m a n y p a rtie s to co lle ctive ly co m p u te a s o lu tio n , with o u t kn o win g th e in p u ts fro m o th e rs . ● Le s s re s o u rce s n e e d e d fo r API s e cu rity. Alice’s private data x1 Bob’s private data x2 f(x1,x2) Alice Bob
- 21. SMPC examples: ● Pro c e ssin g p riva te a u c tio n s. ● Me d ic a l re se a rc h in vo lvin g p a tie n t’s p riva te d a ta . ● Ta rg e te d a d ve rtisin g with o u t kn o win g p riva te d a ta . ● Su p p ly c h a in s th a t a re p riva te a n d ve rifie d .
- 22. APIs as hardware? ● As SMPC g a in s wid e r a d o p tio n , APIs will p la y a m a jo r a s c o n n e ctio n s b e twe e n n o d e s . ● O n e c o u ld s a y APIs will e vo lve in to a typ e o f h a rd wa re co n n e ctio n b e twe e n d is trib u te d co m p u ta tio n n e two rks . ● Ne w d a ta fo rm a ts will e m e rg e , th a t m a y m a ke m o d e rn e q u iva le n ts like J SO N o b s o le te . ● Sin ce o th e r p a rtie s in th e c o m p u ta tio n c a n n o t s e e yo u r in p u ts , s e c u rity is in b u ilt
- 23. Current Limitations and the Fu tu re
- 24. Limitations ● Th e p ro to co ls u s e d a re s o in te n s ive th a t th e y re q u ire e ith e r a la rg e n u m b e r o f in te ra ctio n s b e twe e n th e Pro ve r a n d th e Ve rifie r o r re q u ire a lo t o f co m p u ta tio n . Th a t m a ke s it d ifficu lt to ru n o n s lo w o r m o b ile d e vice s . ● Ap a rt fro m s im p le p ro o fs fo r ch e ckin g th e va lu e s o f n u m b e rs in a ra n g e (tra n s a ctio n s e tc), cu rre n t p ro to co ls ta ke to o lo n g to g e n e ra te p ro o fs .
- 25. Who still has zero kn o wle d g e o f ZKPs? ;)
- 26. Sources h ttp s :/ / s lid e p la ye r.co m / s lid e / 15397042/ h ttp s :/ / m e d iu m .co m / co in m o n ks / wa lkth ro u g h -o f-a n -in te ra ctive -ze ro - kn o wle d g e -p ro o f-fo r-su d o ku -p u zzle -a c563588f1a 8