Blog

A proof that uses special cryptography and a link secret to support selective disclosure of information about a set of claims from a set of credentials. A Zero-Knowledge Proof (“ZKP”) provides cryptographic proof about some or all of the data in a set of Credentials without revealing the actual data or any additional information, including the Identity of the Prover. (LIVING DOCUMENT – Sovrin Glossary V3 Living Community Version, n.d.)

Let’s see how it works. Mary is a subscriber of YuTru and has been conducting her business online. Recently, Mary bought a car and wants to obtain her driving license. Mary submits her online application to obtain a license from the Motor Licensing company, another relier of YuTru.  

The relier (Motor Licensing company) only needs to know if Mary is of age to apply for a driving license. Here the relier only requests her eligibility before issuing a license. Without disclosing Mary’s date of birth or address, the Motor Licensing company only receives a “yes” or “no”. Since Mary is over the age of 18, the relier receives confirmation that she is of eligibility and a license is issued. 

Therefore, Zero-Knowledge Proof provides proof while ensuring user data privacy. 

Key Features of Zero-Knowledge Proofs

1. Completeness – If the statement is true, the relier will be convinced by the issuer. 
2. Soundness – If the statement is false, the relier will not be convinced by any issuer. 
3. Zero-Knowledge – The relier learns nothing other than the fact that the statement is true.

Benefits of Zero-Knowledge Proofs

1. Enhanced Privacy

By not revealing any information during the verification process, Zero-knowledge proof  protects users’ privacy, making it ideal for sensitive applications like medical records and financial transactions.

2. Improved Security

Since no actual data is transmitted during the proof, the risk of data interception and misuse is minimised, offering a robust layer of security against cyber threats.

3. Regulatory Compliance

Zero-knowledge proof can help organisations comply with privacy regulations like the General Data Protection Regulation (“GDPR”), by minimising the amount of personal data they need to store and process.