What is Zero-Knowledge Architecture and How Can It Make the Digital World a Safer Place?
March 11, 2019
At first glance, calling something “zero-knowledge” may not sound like a positive thing. Since knowledge is typically seen as something that’s good, it would make sense that having less of it would undesirable. But there are certain situations where having less knowledge is better than having more. One of the most common scenarios is where privacy is involved, and that is where the technical term zero-knowledge—which refers to a method where the yes or no answer to a question can be shared without revealing the actual details of the answer—comes into play. But before we delve too deeply into that, let’s look at a basic example of how a zero-knowledge proof works:
If a bank would like to check if a customer’s phone is in the city where an unusual transaction is taking place, then the bank, with consumer consent, can ask if the phone is in that city*. The answer should be yes or no, and the actual city the consumer is in should not be returned. For example, if the transaction is taking place in Denver, and the consumer’s phone is in Atlanta, a zero-knowledge response would be that the phone is not in Denver. It would not be disclosed that the phone is actually in Atlanta.
If you think about why you would not want to disclose the actual location of the phone, it’s because that information may be used for nefarious purposes. In a non-zero-knowledge scenario, if a criminal wanted to know where a specific consumer was, they could learn the answer by asking whether the phone is in another location. With zero-knowledge, the answer that is returned is a simple yes or no and one cannot learn something new (such as a specific location) by asking a question.
*IMPORTANT NOTE: Although this example mentions location, Payfone does not use, and has never used, location data.
Another simple example of zero-knowledge identity authentication is one we are calling Maya and the Online Wine Shop. Maya wants to purchase wine online but there is an age restriction of 21-years-old or older. Maya wants to prove that she meets the age criteria without revealing her age. She prefers to have a private simple Yes/No response provide an answer that definitively proves that she is of legal age. This can happen if the online wine shop has zero-knowledge architecture, which can validate her age, without giving away the ‘secret’ (i.e. that she is actually 45 years old).
Interesting, But Why Does This Matter?
These two examples give us a basic understanding of what a zero-knowledge proof is and how it can help maintain privacy. In essence, zero-knowledge is a method of one party proving to another party that they know a value without conveying any additional information. So how can this be applied to some of the real-world problems that are challenging society today?
One area where zero-knowledge architecture is especially applicable is the realm of digital identity. With people using their phones and other devices more and more to interact online, verifying digital identities is now crucial to allowing consumers to access online services in a secure manner. Until recently, our online identities were managed in a similar fashion to how our offline identities are—by leveraging a trove of personal information such as names, addresses, social security numbers, passwords, etc. There are three key problems with this model:
- These “honeypots” of personal information are not secure. And as we saw in some infamous data breaches of late, they are a magnet for opportunistic fraudsters.
- Because these honeypots are so easy to break into, the information held within is often easily available on the black market, rendering it useless as a means of securing online identities. For example: a hacker can simply buy your social security number, type it in and pretend to be you.
- The information held in these honeypots is also oftentimes out-of-date. Consumers change their phone numbers, move, and make other changes to their lives, and the static information in these giant databases can’t keep up. In addition to not being secure or effective, verifying identities against these troves of static, hackable, often outdated information is a pain in the neck for consumers. Think security questions like ‘What’s your mother’s maiden name?’ While you may remember that, you might not remember the answer you provided to the question ‘Who was your favorite teacher?” These are annoying time-consuming authentication practices for consumers and are easily hackable by fraudsters.
Most digital identity experts agree that our online identities cannot and should not continue to be managed using this “old” non-secure way of doing things. So what should the “new” way be?
Passive, Private & Minimalist
Passive identity authentication, which analyzes secure, dynamic signals instead of relying on static information, is being adopted by more and more forward-thinking Fortune 500 companies. True to its name, this type of technology often removes the need for the consumer to take any action, and instead uses signals from their mobile or other device to instantly complete the authentication. Removing the consumer from the process not only takes away opportunities for fraudsters, but also makes things easier and more frictionless for users.
But what about privacy? In the past, concerns have been raised about how passive authentication companies leverage dynamic signals. Oftentimes, these signals come from authoritative sources, known as Identity Verifiers, such as mobile network operators or banks. The main concern around this model is that the Identity Verifiers must often pass the signals outside of their systems to the company that is doing the passive authentication. This leads to a question of whether the signals are indeed secure and private, or whether they can be intercepted during that transfer.
The solution to this problem lies in the fact that the company that is asking for the results of the identity verification (a.k.a. the Relying Party) really only needs a ‘Yes’ or ‘No’ answer. Is this really my customer trying to interact with me, or someone else? Does this customer meet my criteria or not? They don’t need to know any personal information about the customer beyond what is minimally required, and because of privacy, they shouldn’t want to. This is a real-world scenario where less knowledge is desired: the perfect application for zero-knowledge.
So going back to the example with Maya who is purchasing wine online, with zero-knowledge architecture, a green ‘Yes’ signal, indicating that Maya is old enough to purchase wine, will be sent to the wine site. The only information the wine shop will know is that she is 21 or older; her real age will never be revealed.
Payfone has been using a Zero-Knowledge framework for our clients (who are Relying Parties) since 2015. By employing zero-knowledge, we are able to answer our clients’ question of whether their customers are who they say they are with either a Y/N answer or a score, and without having to pass additional and unnecessary attributes that could compromise our clients’ commitment to ’ consumer data privacy.
Earlier this month, we announced that we are now extending our Zero-Knowledge architecture to Identity Verifiers and Service Providers (the companies that provide the dynamic signals that we analyze to decision on identity). Identity Verifiers (such as mobile network operators) who are serious about protecting their customers’ data privacy can adopt our Zero-Knowledge framework to continue to participate in doing their part to safeguard customers against fraud while minimizing the amount of information that needs to be passed outside of their walls to do so. This also mitigates the risk of data leakage.
What Are the Benefits for Consumers, Relying Parties and Identity Verifiers?
The consumer benefit of Zero-Knowledge is that it minimizes the need to pass personal information about a person in order to verify their identity for security purposes. That means a more secure and convenient digital customer experience that is also more private.
Relying Parties can benefit by getting the answers they need to protect their customers and companies against fraud, without opening themselves up to additional data breach risks or exposure.
Identity Verifiers can benefit by continuing to participate in thwarting fraud by allowing passive authentication companies to leverage their signals, without having to worry about exposing their customers to data privacy risks.