ZKAPs

Zero Knowledge Access Passes


The use of ZKAPs attempts to solve the issue of privacy-preserving payments. This anonymous, token-based authorization protocol based on Privacy Pass by PrivateStorage helps facilitate an online exchange of value while disconnecting the payment and service data that is gathered on customers.

    ABOUT

    The Path to ZKAPs

    Although we created ZKAPs to better address the access-control issue in Tahoe-LAFS for the development of PrivateStorage, we see many possibilities for the use of ZKAPs to help protect user privacy in other services that need to accept online payments.

    The use of ZKAPs can help facilitate an online exchange of value while disconnecting the payment and service data that is gathered on customers. This is very helpful in use cases where mixing these data points is not in the best interest of the company offering the service, such as ours. While collecting personal data can be incredibly valuable to some services (“data is the new oil”) it can just as often be a liability to others (“data is toxic waste”).

    In addition, disconnecting payment from service data can provide value to customers. The company offering a service can still know through payment data who its customers are. But, customers may not want that company to know how they use the service—specifically, for the company to tie behavior that they observe (service data) to an individual name. This can be relevant for file storage services, but also for any other kind of use that may be privacy-sensitive, such as medical advice or even newspaper consumption.

    For ZKAPs, we designed a variation of Privacy Pass—a zero knowledge cryptographic protocol with proof-of-payment, instead of proof-of-humanness .

    While in Privacy Pass the use of CAPTCHAs is checked, in this system payment is verified on the Payment Server to provide service, which is when ZKAPs are created and distributed to the user. After creation, ZKAPs are requested and checked in the ZKAPs Authorizer. This privacy-preserving infrastructure maintains separation and simplicity.

    For generating ZKAPs we created and used Python [and Haskell] bindings to Brave’s Privacy Pass library. Brave’s implementation of Privacy Pass uses the Ristretto group, which uses a Rust implementation for group operations on Ristretto. It was through the use of thoughtful open source resources that we were able to modify Privacy Pass to develop ZKAPs.

    PROCESS

    How It Works


    LEARN MORE

    Watch the Talks

    ZEAL Community Call, March 31, 2020

    Jean-Paul Calderone and Chris Wood share their research on Zero Knowledge Access Passes, ZKAPs which attempt to solve the issue of privacy-preserving payments. They’ll dive deeper into the functionality of Privacy Pass and ZKAPs, understand what changes were made, and how these can be used for other use cases. View the slides here.

    zkSummit 5, March 31, 2020

    Anna Kaplan (Least Authority / Technical University of Munich) explains how to use Privacy Pass was adapted to ZKAPs for payment-based access to your application. Free registration with zkSummit in order to view this talk. View the slides here.


    LEAST AUTHORITY

    Newsletter

    Join our monthly newsletter mailing list to stay up to date on the latest developments in ZKAPs, upcoming security events & workshops, completed audits, open source initiatives & more.

    TEST ZKAPs IN YOUR PROJECT

    Get in Touch

    We’re continually looking for possible applications of ZKAPs in a variety of scenarios. If there is a product or project you’re working on that you would like to test ZKAPs with, don’t hesitate to get in touch!

    .