undefined | Better HN

0 pointskikimora1y ago0 comments

Instead of asking your id police office pass you a circuit. You present your ID to the circuit and pass results to the officer. The officer then verifies you are not a criminal without ever looking at your documents.

0 comments

bschmidt11y ago

This is the same fundamental thing as the password hash example. I can verify you without ever seeing your password, the policeman can verify you without ever seeing your documents - same exact concept.

My question is then: What is unique to ZKPs? Are the ZKP folks just asking us to start calling these techniques "ZKPs"?

When I use Clear for IDV is that a ZKP? Just like your example, they show the ID to Clear, but I never see the ID.

kikimoraOP1y ago

Hashing is a limited variant of ZKP which can answer one exact question. With ZKP you can also check if password has certain length, special characters, etc., without ever seen the password itself.

Clear is not ZKP because Clear servers learn all data from your documents. With ZKP Clear would only know that you hold an ID with details matching the ticket you also hold. This is just 1 bit of information instead of many.

bschmidt11y ago

Re: Hashing - The point of one-way encryption is that it can't be decrypted. A plaintext password has 1 job, to be read, not saved - yet you want to encrypt it as if it will be saved, but because it's one-way encrypted now it can't be read. What problem did you solve? You created a problem (that you now need ZKP to solve...)

Anyway, the ZKP concept is not about decrypting hashes at all, but looking at peripheral data to prove something (Alibaba Cave - Victor only knows Peggy knew the password because he had access to some other data - the path she took). "checking length etc." only if those hints are already available to the system in some way. And because of this approach, why would you need the hash? Just don't use passwords at all in the case of ZKP right? Simply rely on the other identifying data that you have access to, that you use anyway. Also - how secure is this loose profiling technique compared to email-backed passwords over HTTPS?

I imagine few product use cases allow for a server to trust all the clients with encryption, while not trusting itself - but there are some use cases like when the server is not the source of truth - file system service, or peer-to-peer stuff like ledgers: If the server's purpose is just to maintain a shared ledger and all the clients in the network are trusted.

But in the case we're talking about, of a service that authenticates clients, you're saying you can't trust the authenticator when that is kinda the point of authentication - they don't trust you, or rather - the server cannot tell for sure that any incoming connection is who they say they are, even if it has "zero knowledge" like their IP address and a face scan (your brother in the same house might pass). The point of a username and password is that you want the server to not trust any connecting clients unless they have this specific data precisely.

So I wouldn't use it for auth.

cyberax1y ago

How will the circuit determine that you are actually you? How will it make a query to the police database to look for warrants?

TimJRobinson1y ago

The ID would need to have some government digital signature for the ZK circuit to work. The proof would be "this digital ID that has this valid government signature shows XYZ".

The verifier would need the government public key and then can see "This ID that has been signed by the governments private key shows XYZ"

cyberax1y ago

And the next question is: why bother? We have well-established protocols for the ID card: a police scanner creates a nonce and sends it to the card, the card signs it with its private key, and provides a certificate signed by the government.

The police scanner then verifies the signature and checks that the certificate is correctly signed by the government's public key.

No need for ZKP.

1 more reply

kikimoraOP1y ago

Circuit returns a photo form your document as an output and the officer compares it to your face.

The circuit won’t query DB but rather return your name or maybe a hash that can be used to query the database.

j / k navigate · click thread line to collapse

0 comments

bschmidt11y ago

My question is then: What is unique to ZKPs? Are the ZKP folks just asking us to start calling these techniques "ZKPs"?

When I use Clear for IDV is that a ZKP? Just like your example, they show the ID to Clear, but I never see the ID.

kikimoraOP1y ago

Hashing is a limited variant of ZKP which can answer one exact question. With ZKP you can also check if password has certain length, special characters, etc., without ever seen the password itself.

bschmidt11y ago

So I wouldn't use it for auth.

cyberax1y ago

How will the circuit determine that you are actually you? How will it make a query to the police database to look for warrants?

TimJRobinson1y ago

The ID would need to have some government digital signature for the ZK circuit to work. The proof would be "this digital ID that has this valid government signature shows XYZ".

The verifier would need the government public key and then can see "This ID that has been signed by the governments private key shows XYZ"

cyberax1y ago

The police scanner then verifies the signature and checks that the certificate is correctly signed by the government's public key.

No need for ZKP.

1 more reply

kikimoraOP1y ago

Circuit returns a photo form your document as an output and the officer compares it to your face.

The circuit won’t query DB but rather return your name or maybe a hash that can be used to query the database.

j / k navigate · click thread line to collapse