The massive data breaches in the last year have proven one thing for sure, data on the cloud isn’t safe! Not even in the hands of large enterprises who spend billions of dollars every year on shoring up their security.
And the problem has been lurking for a long time, we have just been ignoring it, which is why data privacy has become more important now than ever. Passwords are an archaic way of validating ownership. It worked fine till we were limited to an ISP account, one or two email accounts or probably even an eCommerce account or two. But that’s not the case anymore. There are a plethora of web apps that one might consume in a day and almost every single one uses email to sign on. And most users use the same or similar passwords across all accounts. So if a hacker cracks one access using brute force, he can hijack your email as well. The web of inter-connectivity is complex and makes the whole online presence vulnerable.
We have been lulled into complacency. We are so used to using our email for signing up, we don’t even realize the exposure we are subjecting ourselves to when we give access through our email. As more breaches started being reported we were told to create a ‘strong’ password to enhance data privacy. Its band-aid companies have been using to keep us signing up on their services, assuring us that stronger passwords would be harder to crack.
Security structures are a trade-off between convenience and privacy. One can create a perfectly secure environment with eyes on the subject and a complex verification system but no user would consume that service. But you wouldn’t want a so easy-to-use system that anyone can answer a couple of questions and get access to your account. A clever way to authenticate users without losing privacy or compromise on security is through zero-knowledge proof. Zero-knowledge proof is a method by which one party (the prover) can prove to another party (the verifier) that a given statement is true, without conveying any information apart from the fact that the statement is indeed true. The protocol never requires the user to enter any sensitive information on the (potentially compromised) device that they are logging in on.
An easy way to demonstrate how zero knowledge proof works is through the following example:
Two balls and the colour-blind friend
Software engineers Konstantinos Chalkias and Mike Hearn at a blockchain-related conference in September 2017, showing a live demonstration of this example
Imagine your friend is colour-blind (not being mean!) and you have two balls: one red and one green, but otherwise identical. To your friend, they seem completely identical and he is sceptical that they are actually distinguishable. You want to prove to him they are in fact differently-coloured, but nothing else, thus you do not reveal which one is the red and which is the green.
Here is the proof system:
- Process: You give the two balls to your friend and he puts them behind his back. Next, he takes one of the balls, brings it out from behind his back, and displays it. This ball is then placed behind his back again and then he chooses to reveal just one of the two balls, switching to the other ball with a probability of 50%. He will ask you, “Did I switch the ball?” This whole procedure is then repeated as often as necessary.
- Logic: By looking at their colours, you can of course say with certainty whether or not he switched them. On the other hand, if they were the same colour and hence indistinguishable, there is no way you could guess correctly with a probability higher than 50%.
- Inference: If you and your friend repeat this “proof” multiple times (e.g. 128), your friend should become convinced (“completeness”) that the balls are indeed differently coloured; otherwise, the probability that you would have randomly succeeded at identifying all the switch/non-switches is close to zero (“soundness”).
The above proof is zero-knowledge because your friend never learns which ball is green and which is red; indeed, he gains no knowledge about how to distinguish the balls.
Zero-knowledge proof finds tremendous application in blockchains and authentication used in one of the best privacy apps. It can be used to guarantee that transactions are valid even though information about the sender, the recipient and other transaction details remain hidden. And is a similar way it is being fostered as a sign-up tool with no compromise on security and complete anonymity. Applied in a decentralized platform there is no concern of one company tracking all your moves.
Check out more about our zero-knowledge system and share your vital information securely by trying out one of the best privacy apps here.