apidays Paris 2022 - APIs the next 10 years: Software, Society, Sovereignty, Sustainability
December 14, 15 & 16, 2022
Why you shouldn't trust me
Keerthana Ganesh, Solutions Architect at AWS
Shubham Patil, Android Developer at Natwest Digital Channels
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Deep dive into the API industry with our reports:
https://www.apidays.global/industry-reports/
Subscribe to our global newsletter:
https://apidays.typeform.com/to/i1MPEW
apidays Paris 2022 - Why you shouldn't trust me, Keerthana Ganesh (AWS) & Shubham Patil (Natwest Digital Channels)
1. Why You Shouldn’t Trust Me
Zero Knowledge proofs
for those with Zero Knowledge
Keerthana Ganesh and Shubham Patil
2. Who are we?
An d ro id d e ve lo p e r a t Na twe st Ba n k in
Lo n d o n
Se c u rity So lu tio n s Arc h ite c t in th e
se rvic e s se c to r in th e UK
I like le a rn in g a b o u t th e e m e rg in g
te c h n o lo g ie s in th e se c u rity sp a c e
Sh u b h a m Pa til Ke e rth a n a Ga n e sh
3. 2023 SERIES OF EVENT
New York
May 16&17
Australia
October 11&12
Singapore
April 12&13
Helsinki & North
June 5&6
Paris
SEPTEMBER
London
November
15&16
June 28-30
SILICON VALLEY
March 14&15
Dubai & Middle East
February 22&23
4. ● Data created every day by an average person ≅ 350MB
● Ave ra g e n u m b e r o f p a s s wo rd s p e r p e rs o n in th e d e ve lo p e d
wo rld
≅ 100
● Th e s e p a s s wo rd s a re a ll s to re d s o m e wh e re , e ith e r a s p la in te xt o r
a s a h a s h with e n cryp tio n
● Au th e n tica tio n is s im p ly a p ro ce s s o f cro s s re fe re n cin g
● Cre d e n tia ls , n o t p ro o f, a re tra n s m itte d ; m a kin g th e m lia b le to
in te rce p tio n
● Se cu rin g APIs b e co m e s a le n g th y p ro ce s s
Se c u rity to d a y
5. Some form of data has to be
tra n sfe rre d , a n d th is is like
h a n d in g yo u r ke y to so m e o n e
a n d th e y h a ve a c o p y o f th a t
ke y wh ic h is c h e c ke d a g a in st
yo u rs.
6. Issues: Have to trust that the verifier isn’t malicious AND that they
c a n b e tru ste d to ke e p th is se c re t se c u re …
.we a ll kn o w h o w th a t
g o e s.
An o th e r issu e is th a t th is c re a te s a n a rm s ra c e - b e tte r e n c ryp tio n
le a d s to b la c k h a t h a c ke rs tryin g to fin d b ig g e r e xp lo its wh ic h
le a d s to g re a te r se c u rity wh ic h le a d s to g re a te r e xp lo its.
9. Keep your keys on your person
In s te a d o f le ttin g a n o th e r p a rty u n lo ck th e lo ck wh ile yo u wa tch , yo u
o p e n it in fro n t o f th e m .
No le a ka g e o f cre d e n tia ls
No n e e d to s to re cre d e n tia ls in a fo rtifie d d a ta -ce n te r.
10. How?
● Ma ke ch a lle n g e s INTERACTIVE, n o t ju s t STATIC
● Cre a te a s e cu re e n viro n m e n t
● De fin e wh a t th e m in im u m p ro b a b ility is to b e s a tis fie d
11. Enter Z e ro Kn o wle d g e Pro o fs
De fin e d in 1985 b y Mica li, Go ld wa s s e r a n d Ra ckh o ff
ZKPs e xis t fo r ANY m a th e m a tica l p ro p o s itio n th a t ca n b e p ro ve n tru e
o r fa ls e .
Ba s ica lly a n y p ro o f ca n b e tu rn e d in to a ZKP
13. What makes a ZKP a ZKP?
1. Co m p le te n e s s : Is it co n s is te n t?
1. So u n d n e s s : Is it ro b u s t?
1. Ze ro -kn o wle d g e …
n e s s (?): Is it ze ro kn o wle d g e ??????
16. Analysis
1. Co m p le te n e s s : If I kn o w th e d iffe re n ce b e twe e n th e o b je cts - I will
a lwa ys co n vin ce th e ve rifie r.
1. So u n d n e s s : If I kn o w th e d iffe re n ce , it’s e xtre m e ly u n like ly I’ll
co n vin ce a ve rifie r.
1. Ze ro -kn o wle d g e …
n e s s (?): No m a tte r h o w m a n y ro u n d s th e ve rifie r
a s ks fo r, th e y wo n ’t e ve r g e t a cce s s to th e ke y.
18. Interactive vs Non -in te ra c tive
In te ra ctive - A co m p u ta tio n h a s to b e p e rfo rm e d b y th e p ro ve r fo r
e ve ry ve rifie r. Be s t wh e n p o te n tia l n o o f ve rifie rs is s m a ll.
No n -in te ra ctive - Th e ve rifie r ca n d o th e p ro o f th e m s e lve s , n o n e e d
fo r p ro ve r to d o a n yth in g . Be s t wh e n th e re m ig h t a lo t o f ve rifie rs th a t
n e e d to b e s a tis fie d .
20. The killer app - Se cu re Mu lti-Pa rty Co m p u ta tio n
● ZKPs , in e s s e n ce , a re ju s t
p ro o fs o f co m p u ta tio n .
● In a d d itio n to p ro vin g
kn o wle d g e , we ca n p ro ve th a t
we p e rfo rm e d s o m e th in g
h o n e s tly.
● Allo ws fo r m a n y p a rtie s to
co lle ctive ly co m p u te a s o lu tio n ,
with o u t kn o win g th e in p u ts
fro m o th e rs .
● Le s s re s o u rce s n e e d e d fo r API
s e cu rity.
Alice’s private
data x1
Bob’s private
data x2
f(x1,x2)
Alice Bob
21. SMPC examples:
● Pro c e ssin g p riva te a u c tio n s.
● Me d ic a l re se a rc h in vo lvin g p a tie n t’s
p riva te d a ta .
● Ta rg e te d a d ve rtisin g with o u t
kn o win g p riva te d a ta .
● Su p p ly c h a in s th a t a re p riva te a n d
ve rifie d .
22. APIs as hardware?
● As SMPC g a in s wid e r a d o p tio n , APIs will p la y a m a jo r a s c o n n e ctio n s
b e twe e n n o d e s .
● O n e c o u ld s a y APIs will e vo lve in to a typ e o f h a rd wa re co n n e ctio n
b e twe e n d is trib u te d co m p u ta tio n n e two rks .
● Ne w d a ta fo rm a ts will e m e rg e , th a t m a y m a ke m o d e rn e q u iva le n ts like
J SO N o b s o le te .
● Sin ce o th e r p a rtie s in th e c o m p u ta tio n c a n n o t s e e yo u r in p u ts , s e c u rity is
in b u ilt
24. Limitations
● Th e p ro to co ls u s e d a re s o in te n s ive th a t th e y re q u ire e ith e r a
la rg e n u m b e r o f in te ra ctio n s b e twe e n th e Pro ve r a n d th e Ve rifie r
o r re q u ire a lo t o f co m p u ta tio n . Th a t m a ke s it d ifficu lt to ru n o n
s lo w o r m o b ile d e vice s .
● Ap a rt fro m s im p le p ro o fs fo r ch e ckin g th e va lu e s o f n u m b e rs in a
ra n g e (tra n s a ctio n s e tc), cu rre n t p ro to co ls ta ke to o lo n g to
g e n e ra te p ro o fs .
26. Sources
h ttp s :/ / s lid e p la ye r.co m / s lid e / 15397042/
h ttp s :/ / m e d iu m .co m / co in m o n ks / wa lkth ro u g h -o f-a n -in te ra ctive -ze ro -
kn o wle d g e -p ro o f-fo r-su d o ku -p u zzle -a c563588f1a 8