ZKID: A Step Towards Privacy-Preserving Digital Identity

ScalingX ｜2023-10-31 16:26

With advances in the field of zero-knowledge technology, regaining control over our digital identities is achievable through the strategic implementation of a highly acclaimed solution: the integration of DIDs alongside ZKPs.

In the past, maintaining one's identity was a relatively uncomplicated affair; essential documents like passports and birth certificates were safeguarded and shared in-person when required. However, as the digital realm became our new domain and we enjoyed the benefits of virtual identity verification, we discovered that alongside the greater convenience and accessibility of centralized data systems came intricate complexities and fragmentation that created a dilemma for users: should privacy and security be sacrificed for the sake of convenience and accessibility?

The idea of centralizing our data was initially aimed at simplification, yet it inadvertently made us more vulnerable. Data became pooled in digital repositories, acting as a magnet for hackers. This gave rise to a disordered online environment, marked by persistent data breaches and the unsettling reality of third parties having dominion over our personal information, which is often pilfered, traded, and misused.

Challenging the Norm with ZKPs

Zero-knowledge, a cryptographic field, focuses on verifying the validity of information. It enables one party to demonstrate to another that they possess private knowledge without exposing it, accomplished by offering evidence that the information meets specific criteria while safeguarding additional details.

In the context of establishing identity, the process of verification appears quite straightforward. This occurs whenever we present our identification to an external party for the purpose of confirming certain particulars, such as the legal age requirement of 21 for alcohol purchases in the United States. However, the real complexity arises in the need to ensure that only the specific information we wish to divulge is shared. It's a challenge because each time someone inspects our ID to confirm our age, they inadvertently gain access to a plethora of additional personal data, including our birthdate, residential address, and other sensitive particulars.

ZK cryptography empowers us to revolutionize the conventional "trust and assume" model by shifting to a "verify to trust" paradigm. In this new framework, trust is no longer taken for granted but is rather earned through the verification of assertions. Individuals can now substantiate their claims, such as their age, nationality, or any identity-related attestation, without divulging sensitive information.

Absolute anonymity may not consistently align with the practical objectives of utilizing digital identities. This is where the concept of selective disclosure, leveraging ZK technology, becomes relevant. While the default configuration emphasizes comprehensive privacy, it's essential to recognize that privacy operates along a spectrum, and users should have the capacity to solely disclose pertinent information as required.

Who’s Building IDs with ZK?

Polygon ID

Polygon ID represents a self-sovereign identity solution that integrates ZKPs to establish a default privacy setting. Its adoption of the Circom ZK toolkit facilitates the creation of zero-knowledge cryptographic structures, specifically zkSNARKs circuits, simplifying intricacies and enhancing effectiveness.

At the heart of Polygon ID lies a triad of key modules, namely the Identity Holder, Issuer, and Verifier, collectively referred to as the "Triangle of Trust" by Polygon.

Identity Holder: An entity responsible for safeguarding claims within its digital wallet. A Verifiable Credential (VC), is issued to the Identity Holder by an Issuer. The Identity Holder is then tasked with generating ZKPs for the VCs it has received and subsequently presents these proofs to the Verifier. The Verifier's role is to confirm the authenticity of the proof and check if it aligns with predefined criteria.
Issuer: An entity (individual or organization) responsible for issuing VCs to the Identity Holders. These VCs are endowed with cryptographic signatures by the Issuer, and it's worth noting that every VC originates from a specific Issuer.
Verifier: Responsible for validating the proof submitted by an Identity Holder. The Verifier initiates a request for the Holder to provide a proof based on the VCs stored in their digital wallet. During the verification process, the Verifier conducts a series of assessments, such as confirming that the VC was signed by the anticipated Issuer and ensuring that the VC aligns with the specific criteria stipulated by the Verifier.

Image via Polygon ID

Utilizing zero-knowledge proofs for verifying state transitions, Polygon ID achieves two crucial objectives: upholding the integrity of the identity state and deterring unauthorized alterations. This approach establishes a robust mechanism to guarantee both the privacy and security of identity state transitions.

Sismo

Sismo is a platform that harnesses ZKPs and privacy-preserving technologies to empower users with greater control over their personal data. Sismo's innovative solution is anchored by Sismo Connect, a privacy-centric alternative to conventional non-sovereign Single Sign-On (SSO) systems like "Sign in with Google" or constrained options such as "Sign in with Ethereum."

Sismo Connect empowers applications to solicit access to user data without directly tapping into sensitive personal information. Through the utilization of Sismo Connect, users can consolidate their identity within a Data Vault, a secure, encrypted repository that stores personal data gathered from a diverse range of Web2 and Web3 sources, encompassing various credentials and attestations.

Image via Sismo

Within the confines of the Data Vault, users can securely store discrete units of data referred to as Data Gems, which encapsulate significant facets of their digital identity. These Data Gems may encompass records in registries, contributions on platforms, or specific demographic details. The Data Vault serves as a private and impregnable repository, ensuring users have full authority and ownership of their consolidated digital identity.

Leveraging Sismo's communication protocol, users can assert their ownership of Data Gems by generating ZKPs. These proof-based verification methods enable users to confirm their control over specific data without compromising sensitive information, ensuring a high level of privacy throughout the process. Applications seamlessly integrated with Sismo Connect have the capability to accept and validate these proofs, granting users the power to discreetly unveil their Data Gems while preserving the confidentiality of their associated Data Sources.

For developers, the integration of Sismo Connect into their applications provides access to a wide spectrum of user data from both Web2 and Web3 sources. Through the incorporation of Sismo Connect, applications can elevate their functionality, including features like access management, reputation integration, and personalized user experiences, all while safeguarding user privacy through the selective disclosure mechanism.

ZPass by Aleo

zPass, recently launched by Aleo on October 25th, is a privacy-centric credential protocol built on the Aleo blockchain. This solution is meticulously designed, capitalizing on ZK cryptography as a versatile tool in an ever-changing regulatory landscape. The primary objective of this system is to provide robust verification while limiting the exposure of data, aligning it with current and potential future regulatory standards.

Through zPass, both individuals and organizations acquire the capability to securely store identity documents on private devices and services, bypassing the need for an online connection. Subsequently, they can share these anonymous 'proofs' to validate the underlying data with relevant institutions. This approach significantly simplifies the regulatory compliance and cybersecurity challenges typically associated with direct data storage.

Users maintain the autonomy to generate these proofs independently, eliminating the need for modifications or collaboration with identity issuing authorities. This empowers users to exercise precise control over the information they share and with whom they share it, ensuring that only the necessary personal data for verification is exposed.

Image via Aleo

For example, envision a scenario where a user wants to confirm their identity using their passport to access particular online services. With zPass, users can independently process and validate passport data locally. The outcome is a binary true/false result and a ZKP that confirms the accuracy of the result without exposing the actual document.

zPass is adept at seamlessly incorporating established credentials, such as passports, as verifiable proofs on the Aleo blockchain. This is made possible through Aleo's capacity to execute programs that produce proofs directly on the user's device, all made possible by leveraging WebAssembly (WASM). This approach guarantees the safeguarding of sensitive data within a secure local environment.

zkSBT by Manta Network

Manta Network's zero-knowledge Soulbond Token (zkSBT) is at the forefront of privacy and security, outperforming traditional Soulbond Tokens (SBTs), which are non-transferable digital identity tokens residing on the blockchain. zkSBTs employ ZKPs to facilitate secure and confidential minting while preserving ownership privacy. These tokens are adaptable across various blockchain networks, including Ethereum, Polygon, BNB Chain, and more, all while maintaining their privacy features within Manta Network's ecosystem. Verification is made seamless through the utilization of Proof Keys, eliminating the need to disclose wallet details.

zkSBTs are intricately tied tozkAddress, serving as reusable and transparent destinations for confidential assets within Manta Network. Each zkSBT is affiliated with a specific zkAddress, allowing multiple zkSBTs to coexist under a single zkAddress. The inclusion of metadata within zkSBTs, encompassing elements like profile pictures, AI-generated images, and social graph data, provides remarkable flexibility.

Manta Network has introduced a pivotal technology known as Proof Key. It empowers users to affirm their identity and zkSBT ownership on the blockchain without the reliance on wallet signatures. This innovation streamlines mobile application integration and opens the door to a diverse range of verification scenarios. This includes safeguarding the privacy of profile pictures, conducting on-chain transactions without exposing address details, verifying ownership of in-game items, and securely accessing decentralized social graph information.

Worldcoin

Within the Worldcoin ecosystem, the World ID stands as the global identity protocol, driven by a combination of two pivotal technologies. These technologies enable individuals to digitally assert their individuality and humanity while upholding their privacy. The foundational components encompass ZKP and Semaphore, a generic, open source privacy layer for Ethereum applications based on zk-SNARKs. This system relies on a robust proof of personhood (PoP) credential, validated through a cutting-edge biometric imaging device referred to as The Orb. This synergy provides individuals with the capability to digitally validate their unique identity and humanity.

Each time a user utilizes their World ID, ZKPs come into play to verify their distinct human identity. This signifies that no third-party will gain access to a user's World ID or wallet public key, ensuring that cross-application tracking remains impossible. Importantly, it assures that the utilization of World ID is entirely decoupled from any form of biometric data or iris codes. The fundamental principle is that when you seek to establish your unique human identity, you should have the ability to do so without disclosing any personal information about yourself such as names, email addresses, social profiles etc.

The following outlines the process of verifying the World ID enrollment, enabling a user to establish their unique human identity without disclosing personal information. ZKID: A Step Towards Privacy-Preserving Digital Identity

Image via Worldcoin

The project's primary objective is to curb the proliferation of bots and AI by validating human uniqueness via an encrypted on-chain iris scan. When necessary, the system produces a ZKP to verify identity. Nonetheless, Worldcoin has faced scrutiny from community members who harbor concerns about privacy, ethical considerations, and security risks linked to the storage of biometric data. Despite the project's criticisms, it has garnered over 2.3 million World ID sign-ups worldwide, spanning more than 100 countries, as of October 2023.

The Road Ahead

In our ever-evolving digital landscape, the significance of ZKPs becomes increasingly evident. ZKPs pave the way to a future where identity verification respects the privacy of users. A significant hurdle faced by DID solutions incorporating ZK technology is the fragmentation of data across various blockchain networks. Currently, there exists no universally interoperable solution that allows users to wield their ID seamlessly across various networks, limiting the use of DID within each blockchain.

Nonetheless, DID technology leveraging ZK is gaining momentum and catching the attention of industry leaders. With the expanding adoption of the Web3 space, we find ourselves standing on the brink of a potential industry breakthrough. Companies such as Sismo are diligently working to bridge the gap between Web2 and Web3. PolygonID appears to possess the essential technology and access to a broad market, positioning itself as a catalyst for realizing DIDs.

As technology advances and our comprehension of ZKPs deepens, we can anticipate wider adoption of digital identity verification powered by zk-technology which will enhance the security and privacy of our online interactions, setting the stage for a safer and more confidential digital future.