Distributed Ledger Technology & Law 101 Series | What is Zero-Knowledge Proof (“ZKP”)

“Misdirection is the key to survival, never attack what your enemy defends, never behave as your enemy expects, and never reveal your true strength, if knowledge is power then to be unknown is to be unconquerable.”

- A Romulan in ‘Birth of the Federation’

INTRODUCTION

One of the most mistaken truths behind the crypto-ecosystem is the idea that people wish to transact with a fake identity. The reality is that many traders merely wish to attain pseudo-anonymity and to trade without needing to worry about being robbed which is different from trading with a pseudo-identity.

In another words, many traders are happy to undergo the typical “know your client” process provided that they are then able to trade without painting a “rob me” target on themselves. Amongst the crypto circle, one of the most talked about solution is the idea of a Zero Knowledge Proof (“ZKP”). However, with the Financial Action Task Force (“FATF”) pushing for the implementation of the Travel Rule, there may be certain implications on future applications of ZKP.

As you plan on where to have your next move into the crypto-market, don’t forget to follow our Distributed Ledger Technology 101 series penned by crypto-practitioner Joshua Chu and his team of specialists at the subscribe link provided. Your journey into Blockchain and Law begins here. 

ZERO-KNOWLEDGE PROOF | WHAT AM I?

“Zero-Knowledge Proof has the potential to enhance data privacy and security in a vast number of use-cases, be it in the case of fraud prevention system requiring users’ personal details or in the case of an IoT system relying upon anonymous data”

- Ignaclo Sueiro, Head of NDB’s ‘Beyond Core’

A zero-knowledge proof, also known as ZKP, is a process and method by which end users within a system can prove to each other that he/she/it knows an absolute value without the need to convey any extra information.

To put it in perspective, instead of transmitting an entire message (which is subject to interception), a user will receive just the right amount of information to input on the receiving end to verify the transmission with anyone attempting to intercept any such message being unable to do anything with such data as it is, by itself, incomplete.

The common properties of Zero-Knowledge Proof will therefore include:

  1. Completeness: where a statement is true and both end-users apply their data set properly, then the verifier would be convinced without the need for further external inputs (each holding a piece).
  2. Soundness: where a statement/data set on one side is false, the verifier would not be convinced in any scenario (probabilistically checked to ensure probability of falsehood is zero).
  3. Zero-knowledge: the verifier would not have excess information that will enable a third party to piece together a complete picture to exploit. 

WHAT ARE ZKP’s APPLICATION?

It is often said that possible ZKP application is limitless. These can range from:

  1. Encrypted Messaging: in most messaging, end-to-end encryption is necessary with end users having to verify and trust the server of each side (giving rise to opportunities for man in the middle attacks). ZKP will mitigate such risks significantly by providing end-to-end trust without the need to put too much information out there.
  2. Data Sharing: sharing of data across the breadth of the internet without needing to worry about a third party eye is crucial for most data transactions. ZKP can help by making information transmitted across the internet unusable save for the intended recipient.
  3. Security for Sensitive Information: With more and more hacks targeting credit card scheme operators and payment gateways as we enter into the new decade, implementation of ZKP can improve security drastically by reducing the ability for cyber criminals to make off with usable data (not having all the pieces).
  4. Authentication, Authentication, Authentication: ZKP makes it that no one individual will have all the pieces unless intended for. Unauthorized users will face improved security for complex documentation. This will be useful for many legal practices handling what is essentially ultra-sensitive information.
  5. Storage Protection: ZKP can keep hackers away from storage units with data intercepts being harder to orchestrate as well as exploiting.
  6. Documentation: sensitive information can be safely stored and transmitted with added layer of protection as you will need the key to access with extra security implemented.
  7. File System Control for Law Firms: everything within a file system can use ZKP to enhance security with every file, user and login having different of security. With more and more data breaches becoming common place (especially among the legal profession dealing with privileged information, see Re Claire, Case No. 12005-2019, Solicitors Disciplinary Tribunal (United Kingdom)), intrinsic security will have its value.

FATF TRAVEL RULE | IMPLICATIONS ON ZKP

The FATF has been proactively pushing for anti-money laundering regulations in virtual asset transactions. In June 2019, the FATF adopted the Travel Rule, requiring Virtual Asset Service Providers such as cryptocurrency exchanges and digital wallet providers to pass along certain client information during cryptocurrency transactions valued at US$1000 or above.

Although the FATF published a paper in June 2021 stating that most countries have not implemented the Travel Rule, it was reported that “many jurisdictions have continued to make progress” in implementing the Travel Rule.

If the Travel Rule is implemented globally, information of traders will have to be disclosed during most transactions, meaning that solutions such as ZKP that work towards preserving the anonymity of traders may have to be abolished in the area of virtual asset transactions.

That said, there are still various applications for ZKP such as information storage and documentation mentioned above.

CONCLUSION

It is well known that Blockchain technology has mainstreamed various characteristics like transparency, immutability, decentralization, and distributed ledger into everyday life, enabling users to act anonymously and perform transactions with high-end security.

With the FATF driving for the worldwide implementation of the Travel Rule in virtual asset transactions, ZPK applications will have to be moved elsewhere. In most Blockchain environments, user’s sensitive information stored on a Blockchain network is only confidential, not anonymous. The question, therefore, comes down to do Blockchain networks really need to be anonymous and how can Blockchain offer more anonymity and better privacy protection to their users?

Zero-Knowledge Encryption makes sure that no one, except the intended user (not even the service provider or blockchain app development agency) can access secured data. ZKP is therefore hailed as the solution to making Blockchain-related applications more safe.

ZKP also has applications beyond blockchain. Already, ZKP is reported to have been under evaluation by the United States military for their cyber capability adaptation with other Allied nations the likes of the United Kingdom, Australia and EU following suite.

We hope you enjoyed the latest of our Distributed Ledger Technology 101 series. To stay tuned for more content hit the subscribe link provided. Until next time.

Jurisdictions

Solicitor, ONC Lawyers

Joshua Chu is a Litigation Solicitor qualified to practice in Hong Kong. Before becoming a lawyer, Joshua worked in the healthcare industry serving as the IT department head at a private hospital as well as overseeing their procurement operations.

Since embarking upon his legal career, his past legal experience includes representing the successful party in one of Hong Kong’s first cryptocurrency litigation cases as well as appearing before the Review Body on Bid Challenges under the World Trade Organization Government Procurement Agreement concerning a health care industry related tender.

Today, Joshua’s practice is mainly focused in the field of dispute resolution and technology law.

Aside from his legal practice, Joshua is currently also a Senior Consultant with a regulatory consulting firm which had been founded by ex-SFC Regulators as well as being a management consultant for the Korean Blockchain Centre.

Managing Director, Prosynergy Consulting Limited