Least Authority is pleased to announce the publication of the Zero Knowledge Access Passes (ZKAPs) Whitepaper. The paper is intended both for technical and non-technical audiences.
ZKAPs, or Zero-Knowledge Access Passes, provide an anonymous, token-based authorization protocol based on Privacy Pass that facilitates an online exchange of value while disconnecting the payment and service data that is gathered on customers.
How does it work and what problem does it solve?
Using an online service requires users to prove that they meet the requirements to access the service. This is usually granted after payment and/or registration is completed. However, this process often allows all actions or data of a user to be collated to form a profile, which is often linked to the user’s real-life identity as well.
For many users and service providers, this process is sub-optimal. While data can be extremely valuable for some service providers, causing some to compare it to the ‘new oil’, data can just as often be a liability (or ‘toxic waste’) to others. For users, the existing process exposes major privacy and security issues as data can be used in ways the user did not consent to, including being sold to third parties. For service providers, handling personal data can be a costly regulatory burden and can increase the damage – both financially and reputationally – of a data breach.
ZKAPs offers a solution to this problem by disconnecting payment data from personal data, and instead giving users anonymous tokens (ZKAPs) in exchange for payment. These tokens can then be used to anonymously prove the token-holder’s right to access a certain service. With this model, the service provider knows if the user is permitted to use the service, but not who the user is. In other words, ZKAPs enable anonymous proof-of-payment [see image below].
The Whitepaper details what ZKAPs are, how they work, their evolution from Privacy Pass, their limitations as well as their potential utility across a number of sectors.
Potential Use Cases
Least Authority created ZKAPs to enhance the privacy of users when they make payments that require sharing personal data when paying for PrivateStorage. PrivateStorage is a privacy-preserving file storage solution based on the Tahoe-LAFS storage system that will be released later this year.
ZKAPs can be used whenever mixing payment and service data points on customers is not in the best interest of the company offering the service. But they can also be adapted as a privacy solution to a number of other use cases. Services that want to encourage users to invite their friends to use the service but don’t want to be able to build up users’ social network graph could use access passes like ZKAPs, which could be redeemed by new users to join the service. There are also clear potential use cases for VPN and direct messaging service, payment for a physical service such as public transport, as well as content escrow and beyond.
You can read the Whitepaper here and watch our talks on ZKAPs here. If you would like to talk to us about using ZKAPs as a standalone service, email us at firstname.lastname@example.org. If you want to see ZKAPs in action, sign up to be notified of the launch of PrivateStorage later this year (we will delete your email address after the notification).