This article, the first in a series, presents why advances in cryptography are important for enabling new identity primitives. The “why” is covered in this article; the “how” will be explained in the next article.
The design of online identity systems has been the subject of intense debate over the past few years. Modern digital identity systems have enabled new and complex online interactions and communities. Unfortunately, many of these systems also have significant weaknesses.
Many of these weaknesses can be attributed to inherent limitations in the design of centralized identity systems. First, these systems are usually built around a central point of control, and therefore a central point of failure. Modern e-commerce, social media and messaging platforms are vulnerable to pressure or interference from powerful actors such as authoritarian governments, or to technical attacks by malicious hackers; Outside parties are also at risk. Second, these systems rely on the concentration of power in the hands of operators, who cannot be fully aligned (financially, socially or ethically) with all users – for example, private social media companies with diverse global audiences must often decide what is Unreasonable censorship behavior, what is in the interest of public safety, although they often do not have the proper capacity to judge.
Decentralization and encryption mechanisms are not magic panaceas, but they do provide some useful tools, and they expand the design space of digital identity systems. As more of our social and economic lives move online, it will become increasingly important to design identity systems that are secure, protect privacy, and user control. In this post, we will demonstrate that new cryptographic primitives, such as zkSNARKs, are critical to building identity systems with these properties.
At their core, zkSNARKs are useful because they enable users of digital systems to produce arbitrarily complex trusted claims without relying on trusted parties. All identity systems are built around some mechanism for producing credible claims of identity and reputation—often fairly complex claims, attached to attestations from a trusted authority such as a government or corporation. By applying the zkSNARK structure to claims about identity and reputation, we can restructure digital identity systems and put control and data custody in the hands of users.
Since zkSNARKs operate on precise, mathematically defined “claims”, we must first break down precisely the nature of the claims involved in the identity system.
It is difficult to do business with a completely unknown and distrusted counterparty. Common sense tells us that as trust between transacting parties decreases, so does the likelihood of cooperation; game theory tells us that in a one-shot prisoner’s dilemma, the best strategy is always mutiny. You’d rather buy a used car from a close friend who is closely connected to your social circle than from an unconfirmed 58.com seller from out of town who won’t even tell you he name.
To build trust with each other, we need to be able to make credible claims: claims about our identity and reputation that those with whom we interact feel credible. If the 58.com seller above assures you that he “sold a lot of cars before and everyone loves my car, trust me”, that’s not really a credible claim. But that statement feels more credible when combined with what you know is a five-star review from a verified buyer on a popular site.
The idea of credible claims sounds like a no-brainer, but establishing and legitimizing a mechanism to generate credible claims (in this case, a popular classifieds site) is no easy feat. In the traditional model, our usual solution is to delegate records management to a trusted authority, so they can attest to our claims about identity and reputation and give them credibility. This institution must prove their legitimacy and trustworthiness over time (usually in an adversarial environment) and maintain the infrastructure to generate and distribute proofs at scale.
Crucially, in most models, the proof of the central authority is what makes the claim credible. This is a valid government ID, so I’m a citizen; this is an accurate list of my followers, so I’m a social influencer; these are a verified set of reviews and ratings, so I’m a trustworthy of online retail businesses.
Another application of trusted claims is lower in the stack. First, how do you know that the person or business you interact with is making a claim to you about themselves and not impersonating someone else? Many systems need to rely on trusted authorities that perform more basic functions beyond proving identities themselves. An API access token, a government-issued passport, or a chain of signatures generated by a certificate authority when you visit a website are all proof of identity claims.
Useful identity systems allow participants to make very broad and complex trusted claims.
- (Digital) When you order food through Doordash, the Doordash web server makes a trusted claim to you (“I am the Doordash web server”, via a chain of DNS signatures); you tell Doordash about your identity via a third-party identity provider Make a credible statement (“I’m a Doordash user and should be allowed to access the credit cards stored on this account” by logging in with “Google”). You make credible claims to Doordash about future payments through various financial institutions (“I have money to pay you for my order, and this payment will arrive soon”, through a credit card provider that doesn’t decline transactions).
- (Physically) When you take out a loan to buy a home, you implicitly make numerous credible claims about your identity and reputation to banks, real estate agents, sellers, and the government.
- (Mixed) When you apply for a job, you make a credible statement to your potential employer by utilizing many different certification systems. By citing credentials (degrees, certificates) from educational institutions or professional accreditation bodies, other colleagues you have worked with, and evidence from previous companies, you claim that you have sufficient training and character to perform the job. Social media and other online account providers can provide further evidence for implicit claims about who you are.
The situation is further complicated by the fact that almost all identity systems inherently require privacy to function as intended.
Privacy is important and sometimes controversial for ethical and ideological reasons; but more fundamentally, it is often necessary as a simple system design issue. For example, nearly all identity systems rely on the concept of secret data to generate trusted identity claims—passwords, social security numbers, private keys, credit card passwords, account recovery questions, and more. For obvious reasons, this data must be kept confidential. Furthermore, the process of producing credible claims with fully transparent data may have negative externalities, or at least complex externalities; privacy safeguards prevent these. For example, if you had to show your entire financial history just to buy or sell items on an online marketplace—bank statements, credit card transactions, loan payments, and other jobs—the counterparty could use this information to conduct transactions with the original Irrelevant out-of-scope interactions (negative examples include advertising, and even harassment and extortion). Privacy “sandboxes” provide one-time interactions, well-defined and limited in scope, so that we can build more complex systems from simple and understandable building blocks.
In traditional systems that require privacy, we have had to devolve more power to a central authority – a system where the central authority stores private data and vouches for trusted claims about that data that are almost cannot be verified.
The role of cryptography
All the models we have discussed so far about trusted claim generation and identity systems involve a centralized actor. As we’ve discussed, there are many reasons why we want to seek a system that doesn’t rely on a strong recorder or manager.
But we face the obvious question: I don’t have your data, how can I trust your claims? If you send me your data, how do I know it’s valid? What should we do if you want to claim private data? This is where cryptography comes into play.
From our perspective, most of the applied cryptography (and consensus) over the past fifty years has been an incrementally expanding project, that is, under various resource constraints and privacy conditions, in the absence of a trusted authority what credible claims can be made.
- Digital signature schemes allow me to make a trusted claim to the consistency of my identity online, across a range of different actions, by signing a sequence of messages with the same private key. “I am authorized to charge Alice’s credit card.”
- The group signature scheme allows me to make more complex privacy claims about my identity. “I’m a member of this alumni group, but I’m not going to tell you which.”
- Signature aggregation, multi-signature, and threshold signature schemes allow me to make claims about swarm behavior under a variety of different resource constraints. “This large collective institution — not just one rash employee — has authorized the transfer of money from our financial accounts.”
- Consensus schemes and programmable smart contracts allow me to make credible, irreversible commitments to future actions. “If you send me digital asset A, I will immediately send you digital asset B in exchange.”
Historically, progress has been slow – each of these cryptographic primitives defines a new, tightly scoped statement whose structure is highly defined. However, this has changed in the past few years.
What is exciting today is that, thanks to SNARKs, we now have mechanisms to effectively make arbitrary trusted claims. Due to the zero-knowledge properties of zkSNARKs, we can also adjust the declared privacy guarantees exactly to our liking.
Here are a few examples of what kinds of claims you can make with zkSNARKs that were not possible before.
- “I am a trusted debtor. I have made timely repayments of large loans to three trusted banks, although I will not disclose the banks or the purpose of the loans.”
- “I am a respected member of the community. Although I am writing this post anonymously, I have amassed over 10,000 upvotes on this forum under my named account.”
- “I am a long-term crypto token collector. The Ethereum addresses I control collectively hold at least two NFTs from the Dark Forest Valhalla series, and at least 100 ETH.”
These declarations can be combined, composed, and even programmed in arbitrarily complex ways.
While all of this is theoretically possible, we still have a long way to go. Making a robust set of ZK identity tools for next-generation applications requires substantial improvements in performance, reliability, developer experience, and application design patterns. In the next article, we will discuss our understanding of the road ahead.
Addendum: What’s Included in Identity?
To understand where cryptography can be used to build an identity system, it is useful to break down the concept of an identity system into its key components.
When analyzing a particular identity system, we can ask the following questions.
- What is the atomic unit of identity?
Physical World: Identity is often associated with legal personality. In other words, the atomic unit of identity is the individual, or company.
Cyberspace: identities can be Google/Facebook/Twitter accounts; public/private key pairs associated with certificate authorities; holders of some Ethereum-based tokens (probably not tied to specific addresses!); and others .
- What constitutes valid proof of identity or proof? Who can issue identification? Who can revoke identity-related privileges?
Physical World: A valid proof might look like a state-issued ID card or business license. The government ultimately has the power to hold the privileges that come with valid identification: for example, the government can revoke your passport.
Cyberspace: A valid proof might be an OAuth token provided by FB, or a valid digital signature (or signature chain). Various service providers have power over various proofs: Twitter, for example, can ban your account.
- Who keeps secondary data related to your identity? Who can access this data, and who controls this access?
Physical world: Ancillary data is held jointly by government agencies and bureaucracies, private service providers (banks, credit scoring agencies) and personal contacts (your personal network).
Cyberspace: In a centralized model, auxiliary data is held by large tech companies. In the decentralized model, auxiliary data is held jointly by client software you control (browser, personal web server) and a decentralized storage network (for example, historical transaction data in the blockchain or smart contract state).
- What records, documents or certifications are signals of reputation and credibility? Who determines these signals and how to interpret them? Who has access to the underlying input data that determines reputation? Who can access these signals?
Physical World: Credit Score Reports, Background Checks, Social Recommendations, Employment Letters, Credentials and Honors, and Titles.
Cyberspace: NFT ownership, account age and previous activity, proof network, likes on Reddit or other forums.
Some of these concepts are intertwined: identity, reputation, and proof of identity are closely related and not easily separable. For example, in some systems the atomic unit of identity is even defined as “a central authority that can provide valid proof” – the concept of a Facebook account that is not stored in the Facebook database does not exist.
Generally speaking, the identity we use in this set of articles refers to a persistent label of an entity (a person, an organization, a bot) and represents that entity’s legal personality, public key, account ID, etc. We use reputation to refer to statements about an entity’s past behavior (“Alice always keeps her promises”, “Bob always pays his credit card bills on time”, “Comfortable Home always uses accurate images on her Airbnb listings” ”).
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/why-does-web3-need-zk-identity/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.