In January, we launched the 0xPARC Zero-Knowledge Identity (ZK-Identity) working group: a working group trying to build digital identity tools using zkSNARKs. This is the first in a series explaining why advances in cryptography are important for enabling new identity primitives. The first article explains the “why”; the “how” is explained in subsequent articles.
The topic of online identity system design has been hotly debated in recent years. Modern digital identity systems enable new and complex online interactions and communities. Unfortunately, many of these systems have significant weaknesses.
Among these weaknesses, many can be attributed to the inherent limitations of the design of centralized identity systems. First, these systems are typically built around a central point of control—a central point of failure. Modern e-commerce, social media, messaging platforms are under pressure and interference from powerful actors (such as authoritarian governments), or technical attacks from malicious hackers; when central operators are coerced or hacked, outside the central operator All parties will also be at risk. Second, these systems rely on centralized power in the hands of the operator, which cannot be on the same page (economically, socially, or morally) with all users—for example, a privately owned and diverse global audience Social media companies must often decide what constitutes improper censorship and what is in the public safety interest, though they are often out of touch on this point.
Decentralization and encryption mechanisms, while not a magic panacea, do provide some useful tools and widen the design space of digital identity systems. As more and more of our social and economic lives move online, designing secure, privacy-preserving, and user-controlled identity systems will become increasingly important. In this paper, we will demonstrate that novel cryptographic primitives like zkSNARKs are crucial for building identity systems with the above properties.
At their core, zkSNARKs are useful because zkSNARKs allow users of digital systems to generate credible claims of arbitrary complexity without relying on trusted parties. All identity systems are built around mechanisms that generate trusted claims of identity and reputation—often, fairly sophisticated proofs attached to proofs issued by trusted bodies like governments or corporations. By applying zkSNARK constructs to claims about identity and reputation, we can reconstruct digital identity systems that put control and data custody back into the hands of users.
Since zkSNARKs need to operate on precise, mathematically defined “claims”, we must first need to break down exactly the nature of the claims involved in the identity system.
It’s hard to make deals with people you don’t know and don’t trust at all. Common sense tells us that the lower the level of trust between the two parties, the lower the possibility of cooperation; game theory tells us that in a one-time prisoner’s dilemma, the best strategy is always to betray the other party. Who would you prefer to buy a used car from, a close friend with whom you have a strong social circle? Or an out-of-town Craigslist seller who won’t even tell you his name?
In order to build mutual trust, we need to be able to make credible claims: those we interact with believe that our claims about identity and reputation are credible. Even if the aforementioned Craigslist seller assures you that he “sold a lot of cars before, and all customers are happy — I promise you.” That’s not a credible statement. But it definitely feels a lot more credible if it’s tied to a popular website you know and five-star ratings from verified buyers on it.
The idea of trusted claims sounds easy to understand, but building a mechanism for producing trusted proofs and making them acceptable to the general public (in this case, a popular ranking website) is not an easy task . In the traditional model, our common solution is to delegate records management to trusted authorities, who can then attest to our identity and reputation claims and give them credibility. Such authorities must prove their own acceptance and trustworthiness over time (usually in an adversarial environment), while maintaining a large-scale proof generation and distribution infrastructure.
Crucially, in most models, it is attestation by a central authority that gives credibility to claims. I’m a citizen because this is a valid government ID; this is an accurate list of my followers, so I’m socially influential; these are moderated reviews and ratings, so I’m a trustworthy online retailer.
Another application of trusted claims is further down the stack. First, how do you know that the person or company you interact with is producing a statement that is theirs and not someone else’s? In systems that rely on trusted authorities, these authorities take on a more fundamental function—the attestation of the identity itself. When you visit a website, an API access token, a government-issued passport, or a chain of signatures generated by a certificate authority are all proof of identity claims.
Practical identity systems allow participants to make various types of complex trusted claims:
- (Digital World) When you order food through Doordash, Doordash’s web server makes a trusted claim to you (via a DNS signature chain saying “I’m Doordash’s web server”); via a third-party identity provider, you Make a trusted claim to Doordash about who you are (by “signing in with Google” to say “I’m a Doordash user and should be allowed to access the credit cards stored on this account”); you do things to Doordash through various financial institutions Make a credible statement about future payments (by saying “I have enough money to pay for the order, and it will arrive soon” by a credit card provider that doesn’t reject the transaction).
- (Physical World) When you take out a mortgage to buy a home, you already make a lot of credible claims about your identity and reputation to banks, real estate agents, sellers, governments in non-obvious ways.
- (Both worlds mixed) Make a credible statement to potential employers when you apply for a job by utilizing many different certification systems. By citing testimonials (degree certificates, certificates) from educational institutions or professional credentialing authorities, other colleagues you have worked with, former companies, you claim that you have sufficient training and quality to perform the job. Social media and other online account providers actually reinforce claims about who you are.
The situation is further complicated by the fact that nearly all identity systems inherently require private information to function as intended.
Privacy is important and sometimes controversial for ethical and ideological reasons; but more fundamentally, privacy is a simple, but often necessary, issue of system design. For example, almost all identity systems rely on the concept of secret data to generate trusted claims about identity—passwords, social security numbers, private keys, PINs for credit cards, account recovery questions, etc. Obviously, this data needs to be kept secret. In addition, there may be negative externalities, or at least externalities that are difficult to reason about, in the use of fully transparent data to generate trusted claims; private data prevents the above. For example, if you just want to buy or sell something on an online marketplace, but you need to show your entire financial history – bank statements, credit card transactions, loan repayments, etc., then the counterparty may use this information to initiate a transaction with the original Irrelevant interactions beyond the intended scope (negative examples include advertising, harassment, and even extortion). Privacy “sandboxes” one-time interactions, clearly defining and limiting the scope of interactions, so that we can build more complex systems starting from simple and well-understood components.
In traditional systems that require private information, we must delegate more power to a central authority – in such systems, the central authority stores private data, and attests to trusted proofs of that data, which are rarely may be verified.
The role of cryptography
All the models we have discussed so far for trusted claim generation and identity systems involve a centralized role. As we have discussed, there are many reasons why we would want to explore a system that does not depend on a strong record-keeper or administrator.
At this point we are immediately faced with the obvious question: how can I trust your claims when I don’t have your data? If you send me data that belongs to you, how do I know the data is valid? If you want to generate a statement of privacy data, what should we do? This is where cryptography comes into play.
From our point of view, most applied cryptography (and consensus) has continued to expand this range over the past fifty years under various resource constraints and privacy conditions: i.e. in the absence of a trusted authority Next, what credible claims can be made.
- Digital signature schemes allow users to use the same private key to sign a series of messages. After a series of different operations, users can make credible claims about the consistency of their online identity. “I am authorized to charge Alice’s credit card.”
- Group signature schemes allow users to generate more complex privacy-preserving claims about identities. “I’m a member of that alumni association, but I won’t tell you exactly who I am.”
- Signature aggregation, multi-signature, and threshold signature schemes allow users to generate claims about group behavior under various resource constraints. “This large collective — not just a single outlier employee — has authorized the transfer of money from our financial accounts.”
- Consensus mechanisms and programmable smart contracts allow users to make trusted and irreversible commitments to future behavior. “If you send me digital asset A, then I will immediately send you digital asset B in exchange.”
In the past, these processes have been slow to evolve – each of these cryptographic primitives defines a new and strictly scoped type of declaration, whose structure is highly well-defined. However, over the past few years, this has changed.
What is exciting today is that we now have a mechanism that allows us to efficiently generate arbitrary trusted proofs, thanks to SNARKs. By leveraging the zero-knowledge nature of zkSNARKs, we are able to adjust the declared privacy guarantees to our own will.
Here are some examples of the types of declarations you can generate with zkSNARKs that were not possible in the past:
- “I am a trustworthy debtor: I have paid off large loans on time with three banks, although I did not disclose which banks or what purpose I borrowed.”
- “I’m a well-respected community member: while I’m writing this post anonymously, I’ve accumulated over 10,000 votes on this forum under my named account.”
- “I am a long-term cryptocurrency collector: I control Ethereum addresses that hold at least two Dark Forest Valhalla series NFTs and at least 100 ETH.”
These declarations can be connected, combined, and even programmed in arbitrarily complex ways.
While this is theoretically possible, we still have a long way to go. Making a robust set of ZK identity tools for next-generation applications requires substantial improvements in performance, reliability, developer experience, and application design patterns. In the next article, we will discuss the understanding of the road ahead.
Addendum: What’s in Identity?
To understand where cryptography can play a role in building an identity system, it is helpful to break down the concept of an identity system into its key components.
When analyzing a particular identity system, we may ask the following questions:
What is an atomic unit of identity?
- Physical World: Identity is often associated with legal personhood. In other words, the atomic unit of identity is an independent individual, or legal person.
- Cyberspace: Identity can be a Google/Facebook/Twitter account; a public/private key pair associated with a certificate authority; some ethereum-based token holder (maybe not tied to a specific address); or others.
What constitutes a valid proof of identity? Who can distribute proof of identity? Who can revoke identity-related privileges?
- Physical World: A valid proof might be a state-issued ID or EIN letter (Employer Identification Number, a unique nine-digit number assigned by the IRS to business entities operating in the United States to identify them). For a valid ID, the government has ultimate authority: for example, the government can revoke your passport.
- Cyberspace: A valid proof can be an OAuth token provided by Facebook, or a valid digital signature (or a chain of signatures). Various service providers have control over various proofs: Twitter, for example, can ban user accounts.
Who is keeping secondary data related to user identities? Who can access this data, and who can control access to this data?
- Physical world: Ancillary data is held by government agencies along with bureaucratic organizations, private service providers (banks, credit scoring agencies), individuals.
- Networked world: In a centralized model, auxiliary data is held by large tech companies. In the decentralized model, auxiliary data is jointly stored by client software controlled by the user (browser, personal web server), and a decentralized storage network (for example, historical transaction data on the blockchain or smart contract state).
What records, digital artifacts, or proofs can indicate the reputation or trustworthiness of an identity? Who decides these signals and how they are to be interpreted? Who has access to the underlying input data that determines reputation? Who can access these signals?
- Physical World: Credit Score Reports, Background Checks, Social Recommendations, Employment Letters, Certificates, and Honors.
- Cyberspace: NFT ownership, account age, historical activity, proof network, karma (Reddit’s credit scoring mechanism) / forum likes.
In the above concepts, there are some fusions: identity, reputation, and proof of identity are closely linked and cannot be easily separated from each other. For example, in some systems, the atomic unit of identity can even be defined as “an object to which a central authority can provide valid proof” – there is never such a thing as a Facebook account that is not stored in a Facebook database.
In general, however, we use the term identity in this series of articles to denote a long-term label of an entity (person, organization, bot) that remains stable over time and represents that entity— — Legal personality, public key, account ID, etc. We use the term reputation to express statements about what the subject has done in the past (“Alice always keeps her word”, “Bob keeps paying off her credit card on time”, “Comfort Homes has always used accurate photos as their Airbnb listings” property”).
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/zk-identity-why-and-how-one/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.