The Holonym Foundation was established to seed a decentralized protocol for secure and accessible digital personhood that is resilient to censorship, deters mass surveillance, and sidelines hackers, fraudsters, and criminals. This article is geared towards new comers to cryptography and is part of a series that explains how we achieve our goals with this technology.

Glossary of Key Terms

▼Hey there! If you're new to this topic, expand this section to quickly review some key terms to help you understand this article better, and the next parts of this series. If you’re already familiar with these terms, please feel free to skip this section and continue to the next part of the article.

Zero-Knowledge Proofs (ZKPs): A cryptographic method that allows one party (the prover) to prove to another party (the verifier) that a statement is true without revealing any additional information beyond the validity of the statement itself.
Cryptography: The practice and study of techniques for secure communication and data protection in the presence of third parties (adversaries).
Auto-custodial: Auto-custody refers to a system where users have full control and ownership of their assets or data with minimal trust placed in a third-party custodial service to authenticate, manage or access their digital assets. In an auto-custodial system, users have full ownership of their own cryptographic keys and their data, with built in redundancy and security against key loss or potential attackers. In an auto-custodial system, data and keys are more secure against user error and data loss.
Private Key: A key used in cryptography to securely encrypt and decrypt data or verify digital signatures.
Fully Homomorphic Encryption (FHE): A type of encryption that allows computations on encrypted data without decryption.
Multi-Party Computation (MPC): Splitting encrypted computations across multiple parties so none of them individually can see the sensitive data.
Trusted Execution Environment (TEE): A secure environment that protects sensitive information and computations from unauthorized access.

I. Intro

In the past year, the personal information of 2.6 billion individuals was stolen or compromised in massive data breaches (Apple's December 2023 report). The increasing frequency of data breaches across industries is alarming. The 2017 Equifax data breach and the 2016 Uber data breach are two of the most well-known. In the Equifax breach, financial information of approximately 147.9 million Americans (FTC Equifax Data Breach) was compromised - a massive leak of names, addresses, social security numbers, driver license numbers and credit cards. In the Uber data breach, approximately 57 million users (Lifelock Uber Data Breach) and drivers had their names, email addresses and phone numbers leaked. It’s no coincidence that bot calls and anonymous scams have picked up in intensity. Events like this have made consumers more aware of data privacy and security. It’s much like squeezing toothpaste out of a tube, once it's out, you can’t put it back into the container. Once critical data is exposed to the wrong parties, it can result in devastating damage to customers and organizations.

II. The Need for Enhanced Privacy & Data Security

All of the elements of data security can seem a little overwhelming. From privacy, elliptic curves, asymmetric keys, security threat models and more - data security can seem a little unapproachable, but thinking about how it impacts our everyday lives on the web can make it much more relatable. Putting our information in the public record should be a consensual act on the internet. However, data breaches and privacy violations are becoming too common to the point that they are an expected part of the online experience.

Every day cybercriminals exploit vulnerabilities, leading to identity theft, financial losses, and eroding trust in technology. Careful protections for privacy and data security are paramount to protect against cybercriminals. Every online interaction leaves a digital footprint - from every “likes” to shopping habits. Companies and third parties collect vast amounts of information to improve their products and services for better monetization. While this benefits companies, customers also benefit from more personalized experiences.

However, this personalization comes with a costly tradeoff of decreased privacy and security. The consequences of data breaches are tangible, resulting in identity theft, financial fraud, and reputation damage. Hackers create fraudulent accounts and accumulate debt in victims' names, while exposed financial data grants unauthorized access to bank accounts, leading to financial losses. Elderly people are especially vulnerable to these fraud schemes, such as a couple that was scammed out of nearly $700k by an online scam. If you’re interested in learning more about their story, click on the below image to take you to the video.

The impact of these breaches extends far beyond individuals, and it has a detrimental impact on companies as well. These incidents make them vulnerable to litigation and diminishes public trust in their services. These consequences demonstrate the importance of reducing risk with data minimization, where users share only essential information required for a service. Embracing this principle can reduce the volume of exposed data and mitigate the risks of breaches and misuse.

III. How ZKPs are Changing the Game

Zero-Knowledge Proofs (ZKPs) solve this challenge in a unique way with cryptography. They can be leveraged to minimize the need to store data on risky third-party servers, while never allowing the sensitive data of consumers to leave their personal devices.

At the most basic level, ZKPs let you prove you have certain attributes or data without divulging the information itself. ZKPs are a paradigm shift in how data is treated and what information is shared on the internet. This novel approach can transform online interactions and make privacy the default on the internet. The fundamental idea behind ZKPs is that the validity of data or information can be verified without having access to the data itself. They enhance the security and privacy of data by providing a layer of separation between the user and the verifier. To better understand the fundamental concept behind ZK Proofs, please see the below visual.

Graphic Made By The Holonym Team

ZKPs are a powerful tool in the privacy arsenal that enable consumers to safeguard their information discreetly, without compromising their privacy. Let’s explore how this emerging technology is being leveraged to preserve and optimize data security and data privacy, such as the need for selective disclosure of information (i.e., only sharing the minimum data needed to complete a transaction on the internet).

Exciting Applications of ZKPs

Age Verification: ZKPs validate eligibility for online purchases or access to age-restricted content without disclosing birthdates.
Income Validation: ZKPs determine income brackets for loan applications or financial services without revealing precise salaries.
Medical Record Access Control: ZKPs confirm a patient's medical history suitability without exposing specific conditions in stigmatized scenarios, such as access to medical services that require specialized approval for hospital or insurance purposes.

IV. Conclusion

These examples merely scratch the surface of the transformative potential of ZKPs to return data privacy firmly into the hands of users. Our journey doesn’t end here. In the next part of this series, we will explore different technical approaches to ZKPs, and the unique challenges that come with each approach. Additionally, we'll discuss Zeronym by Holonym - a suite of tools to deploy any dApp with full ZK functionality in less than an hour.

Stay tuned for the next article. Remember, technology is constantly evolving and embracing solutions like ZKPs is crucial for optimizing privacy and security for users. Until next time, don’t forget to check out the Holonym resources to continue your learning journey about ZKPs.