In this presentation, we will introduce the basic concepts of Zero-Knowledge proofs. We will see how the privacy of personal data can be achieved using Zero-Knowledge proof. We will refer to two research that we conducted within the 3327 team, which deal with the privacy and anonymity of users. One of them is MACI (Minimal Anti-Collusion Infrastructure), which is a project developed by Ethereum that should enable a voting system that is completely resistant to collusion. As this has not been achieved at the moment, our research has shown how, using Zero-Knowledge proof, the privacy and anonymity of each voter can be completely preserved.
[Cryptica 22] Personal data protection using Zero-Knowledge proofs - Marija Mikic
1. Personal data protection using Zero-Knowledge proofs
Speaker: Marija Mikic
Team and company: 3327; MVP Workshop
2. // Personal data
Personal data is any information that relates to an identified or identifiable living individual.
An examples of personal data:
● a name and surname;
● a home address;
● an email address such as name.surname@company.com;
● an identification card number;
● an Internet Protocol (IP) address.
3. // Blockchain
Blockchain ensures a high level of security, anonymity and integrity of data
and all this without the interference of a third party. One of the areas of use of
blockchain is the protection of personal data.
4. // Blockchain vs centralized systems
● In a centralized system, users cannot fully control their personal data.
● Blockchain enables complete data control. It is more secure than
centralized systems.
5. // Zero-Knowledge proofs
Blockchains provide security, but not privacy. A typical type of blockchain is
transparent and not fully anonymized. Zero-Knowledge proofs (ZKP)
ensures privacy for blockchains.
With ZKP we can anonymize not only the transactions but also the sender,
recipient and other details.
6. // Intro: Zero-Knowledge proofs
ZKP is a cryptographic method by which we can prove that any information
we have without revealing it: proof without knowledge (Zero-Knowledge
proof).
Examples:
The Ali Baba cave Colour-blind friend
7. // Intro: Zero-Knowledge proofs
In this method, there are two people: the prover and the verifier. The prover can
prove the verifier that the given statement is true, while the prover avoids
conveying any additional information other than the fact that the statement is
indeed true.
8. // One more ZKP example
Storing hash of passwords in the database:
Users can prove that they know the password entering their password as an
input.
The system compares the hash of input with information stored in the database.
This means the verifier does not know the password but the hash of it.
9. // ZKP and Personal Data
Protection
In this part, we will present the results of some researches of the team 3327,
which are directly related to this topic:
● DID (Decentralized IDentifiers) and VC (Verifiable Credentials);
● ID card and passport using ZKP;
● Anonymity in MACI (MACI - Minimal Anti-Collusion Infrastructure; Ethereum
project)
10. // DID and VC
● DID (Decentralized IDentifiers) and VC (Verifiable Credentials) play an important
role in creating and standardizing digital personas.
● The issue with the verifiable credentials is that they reveal the entire identity
document to the other party, even if the requirements are only bound to specific
fields.
● There are suggestions on using zero-knowledge proofs for creating privacy-
keeping verifiable credential presentations.
11. // ID card and passport using ZKP
It is often the case where we have to show our identity card to prove to someone that
our unique identity number is indeed the valid one. By showing the ID card, we also
show additional private information that the requester did not require.
The reason for this is that multiple private information is located on the same
document, which cannot be separated, as the parts of the document would be
unverifiable without the original document. Extracting verifiable pieces of
information while hiding the unwanted parts is a perfect use case for using zero-
knowledge proofs.
12. // MACI
The initial idea related to the MACI project came from Vitalik Buterin, the co-founder
of Ethereum.
MACI reduces bribery and disables censored voting. This means that no one can vote
on behalf of another while making it impossible for someone to falsify the outcome
and the number of votes.
13. // Intro: MACI
● So how exactly does MACI work?
● Who can see how voters voted?
● Is it possible to cancel the vote (if, for example, the voter was blackmailed)?
14. // Intro: MACI
At MACI, we can distinguish between voters and voting coordinators. Users vote on
the blockchain via MACI smart contracts. It is necessary for voters to sign up first by
sending the public key they wish to vote for a MACI smart contract. Their public key
plays a role in their identity.
16. // A problem that MACI does not
solve
The downside is that the coordinator can see how someone voted, so if they are
dishonest they can pass on the information. The upside is that the coordinator can't
add an extra vote or change someone's vote.
17. // Anonymity in MACI
In order to create the perfect voting system we:
● used one more type of encryption and re-randomization;
● allowed two more types of messages;
● defined two more sets;
● proposed a protocol change.
18. // Anonymity in MACI
In this way, it was shown that it is possible to create a voting system that is
completely resistant to blackmail of any kind, censoring of votes, manipulation of
votes and the outcome of the vote itself, and at the same time complete privacy
and anonymity of voting has been achieved.