Author: Zero-knowledge Proof protocols can be very useful in a GDPR context as they can be used to build more secure authentication schemes or provide better data privacy for transactions containing sensitive, non-falsifiable data. For example, the OTR protocol which is used for secure messaging implements ZKP-based authentication schemes for safe authentication and key exchange.
Projects implementing the ZKP technology
NuCypher
NuCypher is a strong ICO project that’s building a network for proxy re-encryption. The idea is that you own a certain confidential document and you encrypt it with your private key. If you want to share the encrypted document with a colleague you have to give him your private key, which is NOT the thing to do! Instead, this is where proxy re-encryption comes in handy. The technology allows you to create a re-encrypted key towards someone’s public key. Now, you can safely share the document encrypted with the re-encrypted key so the receiver can open it with his private key.
NuCypher works with a network of nodes which are responsible for the re-encrypted keys as the keys are stored in pieces across multiple nodes to make them even more secure. To make things quicker, the network uses a derivative form of ZKP tech – non-interactive zero-knowledge (NIZK) proofs – with the goal of verifying the correctness of re-encryption, to prevent KMS nodes from cheating without being caught.
Nuggets
The Nuggets project is giving control back to users when purchasing items online. You own your personal data and decide how much of the data will be shared with online shops where you’re buying products. The idea behind Nuggets is that centralised databases owned by online shops often lack security and are a potential target for data breaches. Nuggets itself is not unique. However, the Nuggets blockchain implements ZKP technology to hide a transaction’s private information.
ZCash
ZCash, also known as Zerocash, extends the protocol and software underlying Bitcoin. ZCash has added ZK-SNARKs to the Bitcoin blockchain to encrypt all transactional data in the ledger, while still proving no double-spending has occurred.
The importance of the Enigma project
The Enigma project describes computing over encrypted data, the Holy Grail of security, or more aptly defined in the literature as secure computation. “This begs the question — how can we compute a function over hidden inputs? In other words, how can we process information we cannot see, while still obtaining an intelligible outcome?”
Luckily, cryptography exists and there are different (complex) options available like:
- Fully Homomorphic Encryption (FHE): Only theorized schemes that exist, too impractical to implement and only works for very simple computations in a reasonable amount of time.
- Secure Multi-party Computation (MPC): TLDR; Makes use of philosophical questions and assumes a server that will never be hacked, which is a bad assumption.
- Zero-knowledge Proofs (ZKPs): Is solely focussed on answering questions with a Yes or No.
- Deterministic and Order-preserving Encryption (OPE): This classifier for secure computation includes partial encryption algorithms that allow for certain operations. The Numer.ai project uses an OPE algorithm.
According to the Enigma project, ZKP technology is important, but not sufficient to fulfill all privacy needs, especially the need for secure computation. An interesting quote from Enigma, “In practice, ZKPs are useful when a party with access to the data wants to prove a claim to others, without revealing the data to them. In cases where we want to outsource computations, often involving multiple parties, there isn’t a single party we can trust with seeing all of the data. This is exacerbated in the smart contract setting, where the parties executing the computation are untrusted and pseudonymous.”
Enigma wants to look further than just ZKP technology and push the research towards secret smart contracts further. Secure computations for smart contracts will become increasingly important to bring the blockchain space to the next level. Research by the Enigma project – and other privacy-focussed projects – is important for the future of blockchain technology.
What’s left?
The number of zero-knowledge tools and implementations will certainly continue to rise in response to data protection regulations, GDPR, and the stronger market demand for security guarantees.
Gaining control over your digital data will certainly imply a shift in many business operations. In addition, invoking a breach in someone’s personal data will become much harder as the data is effectively rendered unintelligible to any unauthorized person trying to gain access.
Given the power of zero-knowledge proof technology, the technology should become a critical component of most thoughtful GDPR-compliance strategies.
According to Eugene Pilyankevich, CEO of Cossack Labs, it is important that cryptographers develop encryption schemes that are closer to actual use-cases rather than “compose your own solution” because regular developers don’t have the required understanding to compose such a solution. Focusing on “boring crypto” instead of “ground-breaking features” is crucial in the current environment, where developing super-strong narrow schemes is advancing at full speed, yet the average implementation of encryption-based security systems is weak and problematic.
Sources
[1] Ewanick, B., 2011 – Real Definition of Zero-knowledge Proof,
[2] Luciano, A., 2018, June 26 – ZK-STARKs, (image)
[3] Zyskind, G., 2018, April 4 – Defining Secret Contracts,
[4] Enigma Project, 2017, May 30 – Computing Over Encrypted Data,
