Web3 privacy experts unveil zkTLS and its applications

Author of this article: Xavier, Co-founder@Primus Lab

PhD in cryptography with over 10 years of experience in privacy research such as MPC/ZK/PPML.

Despite the unprecedented development of ZK technology represented by zkSNARKs in the blockchain industry, it is still far from the ultimate end game expected by the industry. On one hand, zkRollup has brought certain advantages to the performance breakthrough of Ethereum; however, with the increasing scarcity of on-chain applications, the predicament of having infrastructure without usage cannot be overcome. On the other hand, ZK technology itself has not yet incubated high-value zk applications—whether it is on-chain transactions and confidential payments centered around privacy, or various zk +XXX (zkEmail, zkLogin, zkPassport, …), the demand remains unclear, or there is an opportunistic attempt to leverage zk, with the technology being overstated, without truly addressing the pain points of the scenarios.

What is zkTLS?

A simple example is how you prove to another person that you have a lot of money in your bank account? The traditional method is to have the bank issue an asset certificate for you. This type of paper certificate carries the bank's official seal and has a very clear authenticity (authenticity).

( Image source from the internet )

So, if the question changes to how you can prove your credit score, e-commerce spending amount, and gaming duration to another person, we cannot expect those websites that hold your personal data to endorse you individually and provide relevant proof services. Alternatively, a screenshot might convince others, but this process can still be perceived as forgery and carries the risk of disclosing additional sensitive information.

zkTLS is a data verification technology based on the TLS protocol that objectively provides authenticity proof for any data based on the internet.

The earliest zkTLS technology product is PageSigner, released by the TLSNotary project in 2015, based on the Chrome browser. It is not difficult to see from its name that TLSNotary's original intention was to create a tool that could provide proof of the authenticity of web data. In fact, it wasn't until 2020, when the ChainLink team published the paper DECO, that zkTLS gradually entered the industry's view, and everyone discovered that there was another type of oracle (Oracle) that could obtain off-chain private data.

Objectively speaking, before 2023, zkTLS technology will only stay in the "usable" stage when it meets actual business needs, and it is still far from "easy to use", and it usually takes several minutes for a single proof to be proven. In 2023, in view of the high communication overhead of the previous zkTLS technology after using secure multi-party computation, reclaim proposed the zkTLS technology based on proxy mode (proxy mode) to achieve the verifiability of TLS data through traditional zkSNARKs and the introduction of a trusted proxy node. In mid-2023, the Primus team ( previously known as "PADO") improved the overall performance of zkTLS technology based on secure multi-party computation mode by more than 10 times through garble-then-prove technology, combined with quicksilver algorithm, and replaced the traditional one with quicksilver algorithm in proxy mode zkSNARKs, which also improves the overall performance by more than 10 times. At present, Primus' zkTLS technology can basically meet the needs of various business scenarios in terms of performance.

Readers can refer to the relevant benchmark tests to learn more about the performance of zkTLS.

()

zkTLS Technology Classification

Generally speaking, zkTLS implements the authenticity verification of web data, relying on a third-party Attestor. The Attestor acts like an observer, ensuring that the user's data ( comes from the server's response message ) by "reading" the requests and response messages during the execution of the TLS protocol, confirming that it indeed comes from the specified data source (. Note: Here, the data source refers to the server domain name and related API endpoints ).

The TLS protocol is generally divided into two phases: the handshake and the session. In the handshake phase, the client and server interact through a series of communications to jointly calculate a session key for the next phase of encrypted communication. In the session phase, the client sends a request message to the server, which subsequently returns a response message. All messages are encrypted using the session key to ensure that no third party can intercept them.

zkTLS is mainly divided into two categories based on different core technology components: one based on secure multiparty computation (MPC) and the other based on proxy technology.

MPC mode

The MPC mode mainly relies on the use of secure multi-party computation. In the MPC scheme, the Attestor and Client( client ) simulate the client part of the TLS handshake through the two-party computation (2PC) protocol. This means that after the handshake phase is completed, the client does not directly obtain the complete session key. Only when the Attestor receives the response ciphertext, it will send the key share to the client, enabling it to decrypt all ciphertext.

"Small Knowledge: MPC stands for Secure Multi-Party Computation, generally involving two parties participating (, which is 2PC), or three or more parties participating (, referred to as MPC ). Whether it is 2PC or MPC, all participating parties are required to ensure that their computational inputs are not obtained by other parties while collaborating to complete a specified computational task, such as multiple people calculating the average salary without disclosing any individual's salary information, or multiple data providers participating in AI model training without leaking their respective data resources."

The intuitive process of the MPC mode is as follows:

Handshake Phase: Client and Attestor run the 2PC protocol to jointly compute the session key. During this process, the Client and Attestor only hold their respective shares of the session key, not the complete key.

Request Encryption: Client and Attestor run the 2PC protocol again to compute the encrypted request data.

Response Handling: The Client receives the response ciphertext returned by the data source and forwards it to the Attestor.

Key Unsealing and Verification: The Attestor sends the key shares to the Client, allowing it to obtain the complete session key. The Client uses this key to decrypt the response and proves to the Attestor that the ciphertext is valid and meets the security properties set by the protocol. It is important to note that the Client and Attestor do not use the 2PC protocol to decrypt the response ciphertext; the decryption is independently completed by the Client after obtaining the complete key.

Proxy Mode

In the proxy mode, the Attestor acts as a proxy, forwarding all TLS interaction data between the Client( client ) and the Data Source( data source ), including handshake information and encrypted communication data (. At the end of the TLS protocol, the Client needs to prove the validity of the ciphertext to the Attestor in a zero-knowledge manner )ZK(.

The design motivation of the Proxy mode eliminates the 2PC protocol in MPC-TLS, as 2PC is the most computationally intensive part, improving the overall execution efficiency of the protocol by reducing computational complexity.

What can zkTLS bring us?

The core value of zkTLS is mainly verifiability.

Before this, there wasn't a good way to support users in providing trustworthy personal data under trustless conditions. This verifiability has broad flexibility and practicality, including:

• Non-intrusive data source: The data source will not perceive that it is interacting with a completely new zkTLS protocol, but will only follow the operational logic of the traditional TLS protocol. This means that zkTLS can theoretically connect to all underlying data sources or API services based on the TLS protocol, although the frequency of abnormal interactions may still trigger the risk control strategies on the data source side.

• Universality: Everything that can be seen can be verified. In theory, any web data, whether public or private, sensitive or non-sensitive, can be obtained through zkTLS after being verified by Attestor.

• Chain agnostic: zkTLS is purely a cryptographic off-chain behavior, and its protocol output is usually a piece of data with an Attestor signature, which can be verified off-chain or verified in a smart contract after being on-chain.

• Privacy-friendly: Based on the characteristics of zero-knowledge proofs, zkTLS can support minimal disclosure for sensitive information that needs to be shared. In simple terms, for the response messages returned by the TLS protocol, relevant constraints can be customized for the computable data ) numeric type (, such as age greater than 18, balance not less than 10000, etc., and the relevant computational proof results will be reflected in the output data.

Application cases of zkTLS

You might be wondering what the potential use cases for data sharing based on zkTLS are. Here are some ideas that we think are worth exploring:

Low Collateral Loans: By providing off-chain proof of credit scores, bank balances, income, and other financial data through zkTLS, lending protocols can enable better capital utilization efficiency.

Off-chain identity verification: Obtain user KYC information from traditional institutions and use it in on-chain financial protocols.

P2P Trading: We can create a peer-to-peer digital goods marketplace. On one hand, buyers can prove that they have completed the transfer of ownership of the goods through zkTLS technology, which includes electronic tickets, domain names, game items, and even fiat currency; sellers can control the transfer of tokens through smart contracts.

AI Agent: With the help of zkTLS, we can ensure that the behavior of the AI Agent is completely reliable. This includes validating the statements of market-influencing agents on social media, as well as unlocking AI trading bots and AI participation in DAO governance, thereby reducing the trust cost in the process.

Fan Proof: For example, allowing users to provide proof of fan identity and receive relevant rewards from KOLs/artists.

Social Account Tips / Payments: It allows anyone to send crypto assets to one or more social accounts without knowing the wallet address of the other party. On the other hand, users need to provide relevant social account proof through zkTLS to claim the tokens under their name.

Social Login: Verify the ownership of users' social platform accounts through zkTLS, developing a brand new login mechanism. Users can log in using accounts from any web service provider without relying on specific Google or Meta accounts.

Value Data Verification and Calculation New Paradigm

zkTLS represents not only an enhancement of the usability of Web2 data in the Web3 ecosystem but also a shift in data ownership. Data that was previously restricted by platforms can now flow freely, be protected by privacy, and possess programmability. This evolution allows users to no longer be mere passive recipients, but true masters of their data.

With the accelerated adoption of zkTLS, we will witness the combinatorial effects brought by the verifiability of data – more verifiable data supports more powerful applications. On the other hand, the transmission of these verifiable data across applications will raise a new question: how to compute these critical data and ensure the correctness of the computation results.

In fact, the computation of on-chain sensitive data is often aided by more complex cryptographic techniques such as Fully Homomorphic Encryption ) FHE (. Primus has redesigned the Fully Homomorphic Encryption algorithm combined with zero-knowledge proofs to propose the zkFHE ) verifiable Fully Homomorphic Encryption ( protocol, supporting trustless on-chain confidential computation. It is further expanding the zkTLS data verification technology, which spans different cyberspaces, into the field of data computation, creating possibilities for unlocking more innovative applications.

Disclaimer:

This article is written by Xavier of the Primus team, and some content involves vested interests, readers can make their own judgment.