Article Outline:
Introduction: 2022, the year of zero-knowledge
Concepts to understanding ZK
Data Privacy: A myth with web2 companies
Data Privacy: Substandard with web3 companies
Data Privacy: Leveraging zero-knowledge technology
Data Privacy: Exploring Aleph Zero’s approach
Testimonies of Aleph Zero’s Top-Notch Privacy
Introduction: 2022, The Year of Zero-Knowledge
In 2022, zero-knowledge was one of the hottest buzzwords in the crypto space. This is evident in the image below which is a screenshot of Google Trends data for the term “Zero Knowledge Proof” from 2018 - 2023. Observe the spike in interest in 2022. The second image depicts rising queries & topics related to ZK.
The concept of zero-knowledge wasn’t born yesterday. The idea of ZK tech has been known and experimented on since the late 1900’s, however, it only recently entered the limelight when it found its role in cryptocurrency or broadly speaking, in blockchain.
Zero-knowledge is simply what it implies - no knowledge. Zero-knowledge simply means verifying the truth about given information without revealing the contents or facts of that information. Seems tricky right? Impossible even. Not to bother, we’ll get down to it.
Firstly, here are a few concepts to understand in this article.
Concepts to Understanding ZK
Prover: this party proves that a given claim or information is true and they have knowledge of the factuality and accuracy of the info, albeit not revealing the content of the information. The prover does this by providing proof(s).
Verifier: this is the party tasked with verifying the prover’s claim by checking the proof provided by the prover.
Zero Knowledge Proof (ZKP): this is a cryptographic key that a prover sends to convince the verifier of the truth of the claim but it doesn’t reveal the main content of the claim.
The most popular association of zero-knowledge in the crypto space is about zk rollups, a type of layer 2 scaling solution for blockchains but zk is more than that. Over time, many use cases for zero-knowledge have emerged but one stands out - privacy.
It seems trivial but only if you knew the amount of sensitive data that has been lost due to breaches and security incidents.
Data Privacy: A Myth with Web2 Companies
Over the years there has been news of security breaches from web2 platforms that claim to keep users’ data private. These breaches have led to millions of stolen data. Giant web2 companies have unchecked control of users’ data and this is dangerous as it leaves room for exploits or even worse, sales of these data on the dark web to be used for cyber thefts.
Examples of data breaches in web2 companies:
In 2017, Equifax, a global data and analytics platform suffered a huge data breach - one of the largest to date. The platform, in 2022, went on to partner with Oasis Labs, a blockchain-based privacy-centric company to build a decentralized identity management and KYC solution for individuals and companies involved in the web3 economy.
In April 2019, Facebook suffered a data breach leading to the sensitive information of over 530 million of its users getting exposed on a public platform. The information leaked included phone numbers, email addresses, birth dates, and locations of users who joined the platform from 2018 to 2019.
In 2020, over 500K Zoom users had their login details exposed on the dark web.
In 2021, a data breach occurred at Hubspot (a leading web2 marketing and sales platform that stores users’ information). This breach affected 30 companies and you might be interested to know that some crypto companies were among those that suffered from this breach.
In 2022, hackers leaked email addresses of over 200 million Twitter (now X) users.
The names, locations, and contact info of 515,000 individuals were stolen in the Red Cross data breach in 2022. The information stolen belonged to people who had been victims of either migration, regional disaster, or conflict.
A global leader in AI computing, Nvidia has also had its own share of data breaches when, in 2022, hackers stole employees’ credentials and other company information.
On the 13th of November 2023, certain personal information of UK-based Samsung online store customers was illegally obtained as a result of a data breach. The breach was caused by an unauthorized figure(s) who gained access to a third-party application that the said company used.
The list of data breaches that have happened over the years is endless. It’s like an inevitable pandemic. Then came web3 with a beam of hope.
Data Privacy: Substandard with Web3 Companies
It may come as a shocker to you but web3 which is dubbed as a free, open, secured, and decentralized web isn’t leaving up to its name. The concept of web3 came with the promises of decentralization, security, users’ control, and freedom but web3, as it is today is sub-par in these promises.
Many web3 companies hide under the umbrella of decentralization but are centralized in all senses. They are failing to acknowledge and address the importance of data sensitivity which many web2 companies are probably unconcerned about.
Examples of data breaches in web3/crypto companies:
In 2020, Japanese-based crypto exchange, Coincheck’s customers fell victim to a data breach which led to the exposure of data of over 200 customers who (unknowingly) responded to the emails sent from the attacker(s) asking for their personal identifiable information like names, addresses, photos, etc. This breach occurred as a result of the vulnerability of the exchange’s domain name which the attacker(s) somehow got hold of.
In 2020, Ledger, a company popular for providing hardware crypto wallets suffered a data breach as a result of a hack. This hack caused 270,000 customers’ emails, and phone numbers to be exposed and victims, susceptible to wallet drains. In 2021, customers filed lawsuits against the company.
In another 2020 data breach, Coinsquare, a centralized crypto exchange lost over 5,000 email addresses, home addresses, and mobile numbers of their customers.
In 2022, Unstoppable Domains’ email vendor suffered a data breach that led to the exposure of some of its customers’ email addresses. Unstoppable Domains happened to be among the six companies affected by this vendor’s data breach.
With all these and more, it’s quite certain that there’s work to be done.
As the web3 industry matures, communities and individuals who are dedicated to seeing web3 achieve its full potential are exploring more options to ensure that web3 isn’t just a wish but a reality. An important aspect of what these individuals/communities are gearing towards is privacy with the use of zero-knowledge tech. Let’s take a look at the role of ZK tech in achieving full privacy.
Data Privacy: Leveraging Zero-Knowledge Technology
The landscape of zero-knowledge tech is on steady growth with the continuously increasing number of projects accumulating users. One thing is clear now - zero-knowledge tech (ZKPs leveraged) is going to reshape the web3 landscape.
How so? ZKPs’ ability to verify information without revealing the content of the information is a vital instrument for web3 dApps which prioritizes data security and users’ privacy.
In a recently released annual report by Cryptomeria Capital titled “State of Zero Knowledge 2023,” one statement from the 114-page document stood out. “Zero-knowledge proofs, with their cryptographic prowess, have the potential to revolutionize data security.” A later part of the report laid out some concerns about the uncertain future of ZK rollups in tackling explicit challenges required of a potential full-scale launch of hyper-scalable and privacy-oriented infrastructures.
The recently concluded 10th edition of zkSummit by Zero Knowledge Podcast which took place in London in September 2023 threw more light on people’s perception of zero-knowledge for privacy. In a bid to get more insights, interested participants were asked to fill out an application form that included some questions about their thoughts on the state of ZK. From responses received, people have the most interest in privacy applications as a ZK use case.
Many ZK protocols have been recently developed and more are undergoing development. Undoubtedly, these protocols will play a major role in establishing a privacy layer for web3. Blockchains like Aleph Zero are providing avenues for developers to build not only scalable, decentralized, and secured platforms but also privacy-enhanced infrastructures. Let’s take a look at what Aleph Zero is doing differently.
Data Privacy: Exploring Aleph Zero’s Approach using ZKP's and sMPC's
Aleph Zero is a layer 1 open-source, public blockchain that allows developers to explore the use of ZK tech in deploying dApps that are not only decentralized, secure, and scalable but also privacy-enhanced. “Blazingly fast. Exceptionally private.” It is a platform where solutions to many industries' challenges can be built.
Aleph Zero’s privacy layer, called Liminal combines the power of ZK-Proofs and sMPC (secure Multi-Party Computation) to allow developers to create projects that solve the blockchain trilemma and prioritize data privacy without compromising transparency. Aleph Zero has multiple projects within its ecosystem.
Projects building and leveraging the unique features of Aleph Zero can apply for funding in the Aleph Zero Ecosystem Funding Program (EFP) which has a $50 million grant & investment pool. While Aleph Zero is dedicated to its mission of supporting innovative projects that are at the forefront of adopting its blockchain, projects chosen to be funded are required to go through a KYC/KYB background check. This is to make sure that they adhere to AML rules whilst ensuring customers’ privacy. This goes to show the blockchain’s unwavering commitment to ensuring that users’ data are kept private.
With multiple measures in place, Aleph Zero is solving one of the internet’s most pressing challenges and preventing us from becoming data items to be sold to the highest bidders or on the dark web, because data, as we know it, is now the new oil.
Testimonies of Aleph Zero’s Top-Notch Privacy
“Aleph Zero is at the top of our priority list. It brings an exciting use case for us: private fundraises that could be attractive to enterprises that don’t want to disclose the investment but would benefit from our smart contract-based protection.”
- Alex Strzesniewski, CEO of AngelBlock
“Information submitted by players will remain confidential through the use of Aleph Zero’s Zero-Knowledge proof solutions to ensure that whatever happens in DRKVRS stays in DRKVRS.”
- Marcin Kobylecki, Co-founder of DRKVRS
“We can decentralize the Interlock logic without revealing how the heuristics work, or what they are computing which is part of our advantage against malicious actors.”
- Nick, Principal Engineer at Interlock
To learn more about Aleph Zero, check out their website
Comments