Zero Knowledge Proofs (ZKPs): The future of identity management

More and more, centralized databases are becoming the primary target of external attackers. As we have seen on several occasions, when a system is breached, cybercriminals can steal and expose the data of millions of people or sell it on the dark web, which can lead to its misuse.

In the case of Spain, the population is one of the most exposed, as it is currently one of the 5 most hacked countries in the world, with 15 leaks per minute every day, according to a report by the company Surfshark.

The theft and sale of data stolen from companies such as Santander, Ticketmaster or Iberdrola highlights the vulnerability of centralized databases and creates a problem that urgently needs a solution.

In today’s article, we will discuss how a Decentralized Identity (DID), together with Zero-Knowledge Proofs (ZKPs), could be used to respond to these attacks on decentralized databases.

Zero Knowledge Proofs (ZKPs) and decentralized identity

Zero-Knowledge Proofs make it possible to prove the possession of information without revealing the actual information. This is possible thanks to advanced cryptographic techniques that allow verifying the possession of information without revealing the content of that information.

This approach has direct and significant applications in the field of decentralized identity, since one of the main challenges of this system is the verification of identity without compromising the privacy of the individual.

This is where Zero-Knowledge Proofs come into play, since by using ZKPs in decentralized identity, the authenticity of an identity or the possession of certain attributes can be verified without revealing sensitive information.

In this way, the way ZKPs work allows the prover to prove the truth of a claim to a verifier while ensuring that no additional information about the claim is revealed.

An example of this would be proving that your bank balance is greater than a certain amount without having to reveal your total account balance. In this way, you can prove that you have the required amount without losing the privacy of your information.

To perform this process, either non-interactive and succinct zero-knowledge proofs, also known as zero-knowledge succinct non-interactive argument of knowledge (zk-SNARKs), or through scalable transparent arguments of knowledge, also known as zero-knowledge scalable transparent arguments of knowledge (zk-STARKS), would be generated.

zk-SNARKs vs zk-STARKs

Although both are zero-knowledge proofs that allow information to be verified without revealing additional data, there are important differences in terms of transparency, scalability, security, and efficiency.

Transparency and trust configuration

• ZK-STARKs: They do not require initial trust configuration. This means that there is no need for a secret configuration phase that could compromise the security of the system if it were compromised. The transparency of ZK-STARKs eliminates the risks associated with initial configuration.
• ZK-SNARKs: They require an initial trusted setup that generates a set of secret parameters that could compromise the security of the system if compromised. This can be a security risk if not handled correctly.

Scalability

• ZK-STARKs: They are designed to be highly scalable, capable of efficiently handling large amounts of data and complex calculations without significantly increasing verification time.
• ZK-SNARKs: Although also efficient, ZK-SNARKs may have scalability limitations compared to ZK-STARKs, especially when dealing with large data sets.

Proof size and efficiency

• ZK-STARKs: Generated proofs are larger than ZK-SNARKs, which can result in higher transmission and storage costs. However, these proofs are fast to generate and verify.
• ZK-SNARKs: They generate very small and compact proofs, which makes them efficient in terms of transmission and storage. They are also fast to verify, making them suitable for applications with bandwidth and storage limitations.

Cryptographic basis

• ZK-STARKs: They rely on hash functions to generate randomized proofs and challenges for the prover to answer. They also use randomization to ensure that the proofs are unique and non-reusable, making them resistant to quantum attacks.
  
  On the other hand, they use data structures such as Merkle Trees to allow the prover to make cryptographic commitments to certain values without revealing them, which is an essential part of the verification process.
• ZK-SNARKs: These are generally based on bilinear pairings over elliptic curves to construct concise and efficient proofs. Bilinear pairings are functions that allow mapping two points on an elliptic curve to a third point in a target group, while maintaining certain algebraic properties useful for verification.
  
  Cryptographic commitment schemes are also used to ensure that the inputs and solutions are fixed and cannot be changed once the commitment has been made. One commonly used scheme is the Pedersen commitment.

In summary, while both technologies provide solutions for verifying data in zero-knowledge environments, zk–STARKs excel in their transparency and scalability, and zk–SNARKs excel in their efficiency in terms of proof size and verification speed. The choice between one or the other depends on the specific requirements of the application in terms of security, scalability and efficiency.

Conclusion

Decentralized identity strengthened with Zero-Knowledge Proofs represents a breakthrough in the way we manage and protect our personal information in the digital age. By incorporating ZKPs, greater security and privacy can be ensured while avoiding the problems associated with centralized databases. This approach not only improves data security and privacy, but also returns control of identity to the individual.

If successful, decentralized identities will not only allow us to circumvent the privacy issues plaguing the Web 2.0 space, but will also create a higher standard for data protection, privacy, and user empowerment.

Resources:
[1] Introduction to ZKPs
[2] Who verifies the verifier in ZK?
[3] Zero-Knowledge Proof: Applications and Use Cases

Want to learn more about self-managed identity management? Don’t miss these resources!

• Part I: Embracing the era of self-sovereign digital identity
• Part II: From databases to decentralized identity

At Block&Capital, we strive to create an environment where growth and success are accessible to all. If you’re ready to take your career to the next level, we encourage you to join us.