By Dr. Ivan Gudymenko, IT Security Architect, T-Systems MMS and Nikolaos Molyndris, Decentriq.
If designed and implemented in the right way, blockchain-based systems open new opportunities for businesses around the world enabling them to cooperate flexibly with minimum intermediaries in between at the same time enforcing transparency and non-repudiation. However, alongside with the aforementioned wins, serious privacy concerns arise prohibiting straightforward integration of blockchain-based systems and applications into production. The stringent requirements of GDPR (General Data Protection Regulation) highlighting the right to erasure of the personal information (“right to be forgotten”, Article 17 EU GDPR), the right to rectification (that is, correcting and/or completing the personal data, Article 16 EU GDPR) to name a few have put a severe burden on the operation readiness of blockchain-based systems and hence on their wide adoption. In order to address this issue, Blockchain Solution Center of T-Systems MMS has started a cross-discipline, practice-oriented research activity involving in-house IT security, blockchain and compliance professionals jointly working towards making the designed blockchain-based systems GDPR-compliant and privacy-friendly. As one of the outcomes of this initiative, the so-called generic privacy framework has been created and is constantly being improved and updated. In this context, technical means of classic privacy enforcement play one of the key roles and can be leveraged to provide a secure yet efficient protection of personal data. Among the other well-known principles collectively referred to as data minimization, secure encryption, etc., the so-called zero-knowledge protocols and their applications to the target blockchain use cases are being actively investigated. As such, zero-knowledge protocols are a well-researched topic within the cryptographic community with, for example, Chaum Protocols (see the link) and Intel Direct Anonymous Attestation (see the link) arguably being among the most well-known ones. In the blockchain context, zero-knowledge protocols have recently gained interest and are currently actively researched on. In order to ensure the exchange on the latest achievements in this area, T-Systems MMS is cooperating with a Swiss startup Decentriq.
Decentriq is a Swiss technology company which is one of the most prominent players in the applied cryptography space with expertise and experience on ZKP implementations (see ZoKrates, Openmined, protocol.ai). More specifically, decentriq has done a lot of work on ZKsnarks which is a specific Zero-Knowledge protocol with advantages on blockchain uses. Decentriq has contributed to the ZoKrates project. This project enables developers without profound knowledge about Zero-Knowledge Proofs to collect experience and develop applications. Especially the deep integration with Ethereum makes Zokrates interesting for a wide audience of Zero-Knowledge Proof and blockchain applications.
One of the first blockchain-based ZKP implementations that got quite some popularity was the private coin ZCash and its first use-cases in the financial industry. The truth is that while Zero-Knowledge Proofs are great for keeping a transaction private, applications of this technology can be expanded to a multitude of other domains.
A ZKP allows a prover, let’s call her Peggy, to demonstrate beyond any reasonable doubt to a verifier, let’s call him Victor, that she knows some secret without revealing what the secret is. For example, Peggy might want to prove to Victor that she knows the factorisation of a very large non-prime number without revealing the factors; or that she knows the solution to a given Sudoku puzzle without disclosing it. This simple premise can have a lot of impact in cases where there is minimum trust, or there is a maximum need for privacy. Cases such as information sharing between competitors, or proof of identification without disclosing the underlying information. And while ZKPs have been around since 1984 (see, for example, this link), only recently their performance has been dramatically improved (see, for example, the link) to be able to be applied on an industrial scale. The telecommunications industry is one of the frontrunners when it comes to handling sensitive data which have to be (partly) shared. As decentriq’s co-founder Stefan Deml told us: “Zero-Knowledge proofs are going to be the forefront of applied cryptography in the next few years. It solves so many issues on privacy and scalability on both DLT and AI that it is impossible to ignore. Issues such as model verifiability for AI, scalability and privacy for blockchain can be solved with ZKP”. ZKP allows the generation of very small-sized verification signatures that can bundle together off-chain transactions with a mathematic proof that have been done correctly hence lowering the amount of work that has to be done on-chain.
Summing up, in the context of blockchain-based systems data privacy aspects have to be addressed in a sound and grounded way. ZKP-based approaches are definitely going to be an imporant part of the technical toolbox providing future proof and privacy preserving solutions in the volatile and dynamically evolving blockchain area.