What is Zero Trust Zero-Knowledge Proof?

‍

Zero Trust, Zero-Knowledge Proof (ZKP) is a security framework that combines the principles of zero-trust and zero-knowledge proofs.

Zero Trust is a security model that assumes that no user or device is trusted by default and that every access request must be authenticated and authorized.

Zero-Knowledge proofs are a cryptographic technique that allows one party to prove to another party that they know something without revealing any other information about it.

In ZKP, the prover (the party that wants to prove something) and the verifier (the party that wants to verify the proof) interact through a series of cryptographic steps. The prover does not reveal any information about the secret they are trying to prove, but the verifier can be confident that the prover does know the secret.

‍

There are three main criteria for a ZKP:

Completeness: If the prover knows the secret, they must be able to convince the verifier with their proof.

Soundness: If the prover does not know the secret, they cannot convince the verifier with their proof.

Zero-knowledge: The verifier should not learn anything about the secret from the proof.

‍

ZKP can be used to implement a variety of security features, such as:

- Identity verification: ZKP can be used to verify the identity of a user or device without revealing any personal information. This can be used to prevent phishing attacks and other forms of identity theft.

- Access control: ZKP can be used to control access to resources, such as files, applications, and networks. This can help to prevent unauthorized access to sensitive data.

- Auditing: ZKP can be used to audit access to resources. This can help to track down security breaches and identify unauthorized access.

‍

What are the different types of ZKP?

Interactive and Non-interactive ZKPs:

Interactive ZKPs require a series of rounds of communication between the prover and the verifier. In each round, the verifier sends a challenge to the prover, and the prover responds with proof. The verifier continues to challenge the prover until they are satisfied that the prover knows the secret.

‍

Non-interactive ZKPs do not require any communication between the prover and the verifier. The prover simply generates a proof and sends it to the verifier. The verifier can then verify the proof without knowing anything about the secret.

Interactive ZKPs are more flexible and secure than non-interactive ZKPs. However, they are also more complex and time-consuming. Non-interactive ZKPs are more efficient and scalable, but they may be less flexible and may require a higher level of technical expertise.

Here is a table summarizing the key differences between interactive and non-interactive ZKPs:

‍

The best choice of ZKP depends on the specific application. If security and flexibility are the most important considerations, then interactive ZKPs are the better choice. If efficiency and scalability are the most important considerations, then non-interactive ZKPs are the better choice.

‍

ZK-SNARKs:

Zk-SNARKs, or zero-knowledge succinct non-interactive arguments of knowledge, are a type of cryptographic proof that allows one party (the prover) to prove to another party (the verifier) that they know a secret without revealing any information about the secret itself.

ZK-SNARKs are used in a variety of applications, such as:

‍‍

Privacy-preserving payments: ZK-SNARKs can be used to make payments without revealing the identity of the payer or payee. This is useful for applications such as online gambling and anonymous donations.

Auditing: ZK-SNARKs can be used to audit transactions without revealing the underlying data. This is useful for applications such as financial auditing and healthcare data auditing.

Voting: ZK-SNARKs can be used to vote without revealing the identity of the voter. This is useful for applications such as elections and surveys.

‍

Supply chain management: ZK-SNARKs can be used to track the provenance of goods and services without revealing the identities of the parties involved. This is useful for applications such as food safety and counterfeiting prevention.

ZK-SNARKs are a powerful cryptographic tool that can be used to protect privacy and security in a variety of applications.

‍

Verifiable Delay Functions (VDFs): A Verifiable Delay Function (VDF) is a cryptographic function that takes a specified number of sequential steps to evaluate but can be verified efficiently.

‍

VDFs are used in a variety of applications, such as:

- Proof-of-work (PoW) blockchains: VDFs can be used to secure PoW blockchains by making it computationally expensive to create new blocks.

- Fairness mechanisms: VDFs can be used to create fair randomness and prevent cheating in games and elections.

- Time-based applications: VDFs can be used to create verifiable timestamps and prevent fraud in applications such as copyright protection and supply chain management.

‍

Here is an example of how a VDF can be used to secure a PoW blockchain:

- A miner wants to create a new block.

- The miner runs a VDF for a specified number of steps.

- The miner submits the output of the VDF to the network.

- Other nodes in the network verify the output of the VDF.

- If the output of the VDF is valid, the miner is rewarded with cryptocurrency.

‍

The VDF ensures that it is computationally expensive to create new blocks, which makes it difficult for malicious actors to attack the blockchain.

VDFs are a promising technology with a wide range of potential applications. As the technology continues to develop, it is likely to become more widely used.

‍

How does Zero Trust Zero Knowledge Proof work?

‍

Here is an example of how ZKP can be used to verify the identity of a user:

- The user generates a random number, called the witness.

- The user encrypts the witness using a public key that is known to the verifier.

- The user sends the encrypted witness to the verifier.

- The verifier challenges the user with a question that can only be answered by someone who knows the witness.

- The user answers the challenge.

- The verifier verifies the user's answer.

‍

If the user answers the challenge correctly, the verifier can be confident that the user knows the witness, and therefore knows the secret that they are trying to prove. However, the verifier does not learn anything about the secret itself.

‍

Benefits of Zero Trust Zero Knowledge Proof

‍

ZKP offers several benefits over traditional security methods:

- Increased security: ZKP can help to prevent phishing attacks, identity theft, and other forms of cyberattacks.

- Enhanced privacy: ZKP does not reveal any personal information about the user, which can help to protect their privacy.

- Improved scalability: ZKP can be used to scale to large numbers of users and devices.

- Reduced costs: ZKP can help to reduce the costs of security by eliminating the need for expensive security infrastructure.

‍

Drawbacks of Zero Trust Zero Knowledge Proof

‍

ZKP also has some drawbacks:

- Complexity: ZKP is a complex technology that can be difficult to implement and manage.

- Performance: ZKP can add some overhead to the authentication process.

- Not yet widely adopted: ZKP is not yet widely adopted, so there may be limited support for it in some applications.

‍

Conclusion

Zero Trust Zero Knowledge Proof is a promising new security technology that can help to improve the security and privacy of our digital world.

However, it is still a relatively new technology, and some challenges need to be addressed before it can be widely adopted.

‍

Réglementation	Exigence clé	Réponse ShareID	Résultat pour vous
DSP2 – Directive (UE) 2015/2366 + RTS SCA (UE 2018/389) Source DSP2 : Directive (UE) 2015/2366	Authentification forte du client (SCA) obligatoire (art. 97) avec lien dynamique (art. 5 RTS) et indépendance des facteurs (art. 9 RTS).	- Full IDV : authentification du document d’identité + biométrie (détection du vivant) - MFA 3.0: Ré-authentification forte basée sur l’identité Full IDV + MFA 3.0	Conformité immédiate SCA ; fluidité pour l’utilisateur, sécurité renforcée.
DSP3 / Payment Services Regulation (projet) Source RTS SCA : Règlement délégué (UE) 2018/389 Entrée en vigueur prévue en 2025/ 2026.	Articles 85–89 : consolidation de la SCA, règles d’accessibilité, clarification des exemptions.	- Full IDV : authentification du document d’identité + biométrie (détection du vivant) - MFA 3.0: Ré-authentification forte basée sur l’identité Solution déjà alignée sur les parcours biométriques & exemptions. MFA 3.0	Anticipez les évolutions futures sans refonte lourde.
DORA – Règlement (UE) 2022/2554 Source DORA : Règlement (UE) 2022/2554	Authentification forte pour protéger les systèmes et les données critiques (art. 9(4)(d)), encadrement strict des prestataires de Technologie de l’information et de la communication (art. 28–30).	- MFA 3.0: Ré-authentification forte basée sur l’identité. Intégrable via SDK/API (iOS, Android, Web), traçabilité complète. MFA 3.0	Sécurisation des systèmes d’informations critiques, conformité démontrable aux superviseurs.
eIDAS (UE 910/2014) + implémentation 2015/1502 Source eIDAS (2014) : Règlement (UE) 910/2014	Niveaux simple / substantiel / élevé ; multi-facteurs encouragés pour les niveaux substantiel et élevé.	Authentification des documents + biométrie (détection du vivant). Full IDV	Valeur probante proche d’un contrôle présentiel.
eIDAS 2 – Règlement (UE) 2024/1183 Source eIDAS 2 : Règlement (UE) 2024/1183	Les EUDI Wallets devront fonctionner à un niveau d’assurance élevé, avec partage sélectif d’attributs.	- MFA 3.0: Ré-authentification forte basée sur l’identité Intégrable via SDK/API (iOS, Android, Web), traçabilité complète. MFA 3.0	Intégration fluide des futurs portefeuilles européens.
MiCA – Règlement (UE) 2023/1114 Source MiCA : Règlement (UE) 2023/1114	Les prestataires de services sur crypto-actifs doivent appliquer les obligations KYC/AML (Directive 2015/849) ; art. 76 impose CDD (renforcement de la vigilance client) renforcé pour certaines plateformes.	Authentification des documents + biométrie (détection du vivant) = anti-deepfake et anti-spoofing. Doc IDV ou Full IDV	Réduction drastique des fraudes, conformité crypto-AML.
ETSI TS 119 461 (V2.1.1, 2025) Source ETSI TS 119 461 : Norme européenne	Vérification d’identité à distance : 5 étapes (initiation → collecte → validation → liaison → résultat). Liveness et anti-spoofing obligatoires pour les parcours à distance.	- Enrôlement complet : authentification des documents + Biométrie (détection du vivant) - Algorithmes entraînés sur une base de données de vrais et de faux documents de la Gendarmerie Nationale. Full IDV	Enrôlement KYC robuste, valeur probante reconnue.
FIDA – Financial Data Access (projet) Source FIDA (proposition) : Commission européenne	Consentement explicite, traçable et révocable via des tableaux de bord.	- MFA 3.0: Authentification forte basée sur l’identité au moment du consentement + réauthentification fluide avec un simple sourire. MFA 3.0	Accès aux données conforme et centré utilisateur.
RGPD – Règlement (UE) 2016/679 Source RGPD : Règlement (UE) 2016/679		Durée de maintien de données chez ShareID paramétrable. Aucun stockage biométrique : hachages homomorphiques brevetés , ISO 27001.	Image de marque, risque réglementairejuridique réduit, confiance accrue des régulateurs et clients.

What is Zero Trust Zero-Knowledge Proof?