Individuals are moving more and more of their lives online. But this added convenience is coming at a cost – identity theft and fraud continue to rise. The need for robust and secure identity verification methods is becoming more and more apparent, and organizations everywhere are starting to explore non-traditional, cryptographic solutions such as zero-knowledge proof (ZKP).
In this blog post, we’ll explore the history and function of ZKP’s, and talk about how they can help safeguard both individuals and businesses when it comes to identity verification.
What are Zero-Knowledge Proofs?
The concept of zero-knowledge proofs first emerged in a 1985 paper titled “The knowledge complexity of interactive proof systems”. The most commonly used definition that exists today is:
A zero-knowledge protocol is a method by which one party (the prover) can prove to another party (the verifier) that something is true, without revealing any information apart from the fact that this specific statement is true.
A zero-knowledge proof requires three components:
- A Prover: The person in possession of the specific knowledge that an organization wants to confirm. In the context of this blog post, it is the prover’s identity.
- A Verifier: The organization that needs to be convinced that the prover is who they say they are.
- A Protocol: The set of rules and steps that both the prover and verifier follow in order to exchange and verify the specific knowledge. This protocol ensures that the verifier can be convinced of the prover's knowledge without gaining any information about the information itself.
Here’s how the protocol works:
- A commitment: The verifier provides the prover with a set of questions. These questions are so specific that they can only be answered by someone with the required knowledge – so the answer will be the “proof”.
- A challenge: The prover selects a question to answer.
- A response: The prover answers the question, therefore proving their identity without disclosing any sensitive identification data.
- The verifier can proceed with additional questions if multiple layers of proof are required. The more questions are asked, the less likely it is that the prover is faking their identity.
Unlocking the Potential of Zero-Knowledge Proofs
Zero-knowledge proofs have immense potential when it comes to mitigating identity theft and fraud. Here’s why.
Zero-knowledge proofs enable decentralized identity (also known as self-sovereign identity or SSI). From an information-sharing perspective, it means that one person (the prover) is able to prove a specific piece of information to another person (the verifier) without disclosing the actual information itself, thereby keeping it private.
Let’s consider a loan application process:
- A prospective loan applicant begins their journey to apply for a new loan.
- They are asked to complete a rigorous Know Your Client (KYC) process which includes providing proof that their income is above a specific threshold; for this example, let’s say the applicant needs to prove that their income is above $50,000 per year.
- The applicant uploads their T4 or a statement of employment income into the lendor’s database, making all of the information included in the uploaded document (including sensitive information such as Social Insurance Number (SIN) and other personal details) vulnerable to identity theft or fraud.
Zero-knowledge proofs eliminate this problem. Here’s how:
- The prospective loan applicant begins their application. But instead of uploading all of their private information into the lendor’s database with a T4 document, they prove their income using a ZKP protocol:
- The applicant obtains a cryptographic proof from their employer that proves their income is above $50,000 without revealing the actual amount. The proof is signed with the employer's private key to ensure authenticity.
- The applicant submits this proof to the lender in the loan application workflow.
- The lender verifies the ZKP Proof using a ZKP verification tool, that verifies both the authenticity of the sender as well as the authenticity of the information provided.
- The lender is assured that the applicant’s income meets the application threshold, while the applicant’s personal and private information remains safe, secure and under their own control.
Pioneering a New Era of Identity Verification
The adoption of zero-knowledge proofs presents a unique opportunity for collaboration between the public and private sectors in Canada:
- Government Initiatives: Public sector agencies can leverage zero-knowledge proofs to enhance the security and efficiency of government services, such as identity verification for online transactions and access to e-government platforms.
- Industry Partnerships: Private sector organizations, including financial institutions, healthcare providers, and technology companies, can collaborate with government agencies to establish interoperable standards for digital identity verification and verifiable credentials.
- Research and Development: Joint efforts in research and development can drive innovation in cryptographic techniques, paving the way for even more robust and scalable digital trust solutions.
As the digital landscape continues to evolve, the adoption of zero-knowledge proofs holds immense promise for transforming the way we verify identity online. By embracing this innovative technology, both public and private sectors in Canada can work together to safeguard the interests of citizens while fostering a more secure and trustworthy digital ecosystem.