A brief analysis of ZkPass's paradigm shift in Web3.0 authentication

Author: zkPass
 
In the Internet age, we shape our identities through domain names, online names, emails, etc., and store information such as social relationships, reputation, and academic qualifications in the centralized Web2 network world. At the same time, centralized Web2 entities can also control how we access the outside world and master our password data, which often becomes an inducement for cybercrime.
In contrast, in the Web3 world, apart from the on-chain address and corresponding on-chain activities, there is no way to know the true identity of the other party. If the identity information of Web2 can be integrated into Web3, Web3 users will have more "soul". However, the blockchain itself is isolated from the data of the real world, and 99.99% of social capital data is stored in the real world Internet. How can it be introduced into Web3 to enrich the "soul" of Web3 users?
 
Decentralized society, privacy, soul, zkPass
 
When introducing Web2 social identity into Web3, we also face the problem of trust and privacy. The paper "Decentralized Society: Finding the Soul of Web3" mentioned that "privacy is a key challenge for DeSoc. On the one hand, too many public SBTs may leak too much information about the soul, exposing it to the danger of social control.
On the other hand, too many purely private SBTs could also allow private communication channels to circumvent relevance-degrading adjustments in governance and social collaboration, which raises important questions about incentive compatibility. Closely related to the issue of privacy is the issue of deception: Souls could misrepresent their social connections while collaborating in private or side channels.
Based on this, zkPass explores the use of multi-party computation (MPC) and zero-knowledge proof (ZKP) to solve the privacy and cheating problems encountered by decentralized communities. Zero-knowledge proof proves the characteristics of the soul by calculating SBT, and introduces multi-party computing technology (obfuscated circuits) to further expand it, so that such tests have double privacy: the verifier does not need to reveal who they are to the verifier, and the verifier does not reveal its verification mechanism to the verifier. Both parties perform calculations together and only know the output results.
 
The Current State of Traditional Authentication
 
We can see that traditional identity authentication generally involves a three-party relationship, namely, Prover, that is, the party that wants to prove its identity, which we usually understand as an ordinary user; Verifier, that is, the party that wants to verify the identity of Prover, which we can imagine as a project trading platform or KYC service platform, etc.; Server, is the trusted data source used by Verifier in the process of verifying the identity of Prover, which we can simply understand as a Web2 data source.
In the verification process, all three parties have certain problems to a greater or lesser extent. For example, data falsification or over-disclosure on the user side, data leakage or private sale that may be caused by the verification party holding all data, and the non-customizable service of web2 data source. If you want to provide an ideal identity verification, how should you do it?
 
zkPass Authentication Protocol
 
In zkPass, we rearrange the positions of the three parties, put the user end at the center of verification, and then combine multi-party privacy computing and zero-knowledge proof technology, reconstruct the TLS protocol, and introduce zk-SBT to rebalance privacy security and trust issues. Users do not need to trust any intermediary agency and can authenticate their identity without permission.
Specifically, during the entire verification process, individual users only need to directly access the web2 data source through their own authorization tokens, generate zero-knowledge proof zk-SBT, and then provide the zero-knowledge proof generated locally to the enterprise platform for verification. Even if the platform passes the verification, it does not know any real identity information of the user except the yes or no result. This can solve the risk of privacy leakage in a decentralized society and prevent users from misrepresenting their social capital. The overall technical architecture is shown in the figure below:
From the above content, we can summarize that zkPass has the following characteristics:
1) Privacy
Different from the traditional identity recognition system, users do not need to submit documents or identity documents issued and regulated by a centralized third party. The entire verification process is cryptographically encrypted and there is no risk of information leakage.
2) Scalability
Traditional identity authentication is relatively simple, and different products are required to conduct business for different authentication needs. For example, large KYC service providers must conduct lengthy business negotiations with web2 data providers for each additional authentication business. zkPass has reconstructed TLS (Secure Transport Layer Protocol), and 99.9% of Web2 and Web3 data sources can be accessed without API authorization and calls to complete data acquisition. It has a wide range of compatible data sources, strong protocol compatibility, and can provide one-stop customized services according to needs (such as verifying legal identity, academic qualifications and asset certificates at the same time);
3) Verifiability
A person's educational certificates, work history, bank credit, affiliation, asset balance and other social capital can all be traced back through verified zk credentials to ensure their authenticity, and the credentials can be reused.
4) Anti-fraud
Directly find the fields corresponding to the required verification information from the data source and perform the encryption algorithm. The user, i.e. the prover, holds the data confidentiality key and the data integrity key share, and the enterprise verifier holds the other half of the data integrity key. The data confidentiality key here is used to encrypt and decrypt information. The enterprise verifier does not hold it, so it has no way of mastering user information. The data integrity key is held by both parties in half, which means that the user knows that the identity information that should belong to him cannot be tampered with, otherwise it will be detected, which will ensure that the user cannot commit data fraud.
 
zkPass Use Cases and Outlook
 
zkPass is a new Web3.0 verification solution based on multi-party secure computing and zero-knowledge proof, aiming to "Verify Everything". As an infrastructure, zkPass not only solves the security, privacy, interoperability, ownership and other issues of existing online digital identities, but also hopes to promote the better development of Web3 applications.
Unsecured lending/preferential lending rates
The traditional financial ecosystem supports many forms of uncollateralized lending, but relies on centralized credit ratings to measure the creditworthiness of borrowers who have little incentive to share their credit histories.
For example, a DeFi lending protocol holds a "loan rate discount" event, where borrowers can verify centralized credit rating agencies to obtain loan rate discounts. After zkPass initiates a verification request, borrower Bob can log in to his Alipay website, enter his account and password to obtain his Sesame Credit score, and generate a certificate generated by zero-knowledge proof (for example, if Sesame Credit score > 800, you can enjoy a 5% loan rate discount). If you apply for unsecured lending or loan rate reduction to this DeFi protocol, the only result obtained by the DeFi protocol is whether the Sesame Credit score is greater than 800.
Proof of qualifications
The Super rare platform pursues high-quality works of art, so it has high entry requirements for artists. Only invited artists can join the network to create works of art.
For example, Alice logs into the academic qualification website through the zkpass platform academic qualification verification module to generate a zero-knowledge proof of the Paris Academy of Fine Arts. When filling out the application, it can be submitted to the platform together, which not only improves the efficiency of the platform's background check and review, but also does not need to over-expose other graduation information.
Of course, zkPass can not only verify the identity of natural persons, but also verify academic qualifications, flight records, bank balances, work experience, etc. On the Web2+Web3 Internet, any personal data you can access can generate zero-knowledge proofs and generate verifiable zk SBT. Use cases involve user acquisition and stock activation, as well as anti-fraud, anti-electronic fraud, anonymous voting, anti-sybil attack, zkKYC, background check assistance, academic qualification verification, proof of participation, etc. Everything is in zkPass.
 
Conclusion
 
As a pioneer in the evolution of Web2 Internet to Web3, zkPass protects the personal digital sovereignty of users, while providing a more transparent, democratic, private and trustworthy information and data exchange solution, better promotes the digital economy and creates new blockchain application scenarios. In addition, zkSBT provides a wide range of applications to optimize the current way of using Web3. It can be said that zkPass is a very important identity authentication infrastructure on the road to jointly building a decentralized society.