Learn

Digital Identity: Solving the Privacy Problem with Zero Knowledge Proofs

Our personal data is scattered across countless platforms and applications on the internet. This fragmented approach to digital identity has led to a myriad of issues that we are facing as our digital identities become more complex.

However, with the advent of Web3 blockchain technology, a new era of digital identity is emerging — but there are still key roadblocks to mass adoption. Web2 allows for multiple online personas but suffers from centralized data vulnerabilities. In contrast, Web3 offers decentralized identity solutions, yet contends with privacy and regulatory challenges. However, zero knowledge proofs (ZKPs), when combined with decentralized identifiers (DIDs), allow for verifying identity attributes without disclosing personal information, thus creating secure and private verification methods.

Mina Protocol, with its innovative approach to ZKPs, is at the forefront of addressing these challenges. Let’s explore the shortcomings of Web2 and Web3 and how programmable ZKPs are poised to revolutionize digital identity.

The Good and the Bad of Fragmented Digital Identities in Web2

The Good: Most of us probably maintain accounts on at least two social platforms like Twitter/X, Instagram, LinkedIn, etc, where we might show different facets of ourselves. By preserving separate and distinct digital identities on various platforms, individuals can keep professional, personal, and anonymous identities separate with a decreased risk of each audience mixing. This level of control over our digital personas empowers us to confidently navigate the online world.

This benefit becomes even more important with high stake scenarios, such as whistleblowing or safeguarding individuals with political affiliations. With Web2, the security is still traceable, and there are many data leaks, but the interactive experience makes it easy to build compartmentalized  identities. 

The Bad: Internet applications today store our personal data in centralized databases controlled by corporations and other powerful entities. This control creates a single point of failure, increasing the chances of a hack or exposing our personal information to data breaches, surveillance, and misuse. Additionally, this centralized control limits our autonomy, where centralized entities control and profit from our personal information without our consent.

Gaps of Web3 Solutions

Web3 introduces decentralized solutions, such as blockchain-based identity systems and Decentralized Identifiers (DIDs). While these solutions improve user control and reduce reliance on centralized authorities, they still face some challenges. 

Existing Web3 solutions often rely on the use of public-private key pairs and on-chain data storage systems. While the security and efficiency of these systems are improving every day, the transparency of the distributed ledgers raises privacy concerns. Not only is it stopping mainstream corporations and their users from moving to Web3, but building privacy into blockchain is complex and has many regulatory concerns.  

Think about it. Would you want to put your age, weight, or medical data on a transparent chain? This is why information like this is siloed to large institutions, which you need to trust. If you could put real-world information on-chain, applications for Web3 will no longer be as limited.

Another example of a Web3 challenge is the concept of the Metaverse, where users interact in a shared virtual space. While the Metaverse promises exciting opportunities for social interactions, commerce, and entertainment, it also poses significant privacy risks. As users engage in various activities within this virtual world, their actions, preferences, and personal data may be recorded on the blockchain, creating a detailed digital footprint. This vast store of information, though encrypted and secured, may still raise concerns about potential data leaks, surveillance, and misuse.

Due to these challenges, many Web3 applications are not regulatorily compliant. However, with the right digital identity systems, integrating identity on the blockchain can enable features such as age restrictions (e.g., 18+ to access certain products or services on-chain) and jurisdiction-based gatekeeping to enter decentralized finance (DeFi) pools.

The ability to enforce compliance through provable and tamper-proof identity verification holds the potential to revolutionize how regulations are upheld in the digital realm. It introduces a framework where individuals can securely and seamlessly prove their eligibility, ensuring adherence to social, legal, and regulatory requirements.

Web3 + The Power of Zero Knowledge Proofs for Digital Identity

With ZKPs, you can get the benefits of Web2 and Web3 applications without the gaps they are facing. In order to achieve this, Web3 projects should integrate privacy-enhancing techniques like ZKPs into identity management systems. This is because, with ZKPs, users can control their identity and prove parts about themselves without disclosing sensitive personal information. 

Not only would large institutions be able to keep their users’ private information private, but it will remain verifiable and traceable, satisfying many regulatory concerns.

 

How zkIdentity Might Work

With zero knowledge proofs, users can create cryptographic proofs that attest to their identity or membership in certain groups without revealing all their personal details. These proofs can be verified by specific parties without exposing any personally identifiable information (PII). As a result, users gain complete control over their digital identity while still being able to access services securely and privately.

This is especially great for the compartmentalization of digital identities on various platforms. Let’s take Jane, an imaginary person, for example, who is a dedicated employee of a corporation who becomes aware of unethical practices and decides to blow the whistle to expose the wrongdoings of their company after multiple failed attempts to raise the issue to leadership. Jane may use a ZKP platform to report their wrongdoings anonymously while still confirming that they are a legitimate member of the corporation.
Similarly, Jane has certain things about herself that she doesn’t like to share publicly, such as her income and address. However, she wants to join a club with certain income and postal code requirements in order to participate. Jane may use a ZKP to prove she has an income above a certain threshold without sharing an exact number and can prove she is a resident of a certain postal code without sharing the exact address with that group of people. 

In these examples, ZKPs ensure Jane’s digital personas and traits remain distinct and separate. By preserving the principles of fragmented and verifiable digital identities, ZKPs can foster a more secure, privacy-focused, and user-centric internet of Web3 applications.

Decentralized Identifiers and Attestation

Centralized identifiers such as emails and usernames are how most identities are verified today. Organizations each gather many data points about us, and we trust it is safeguarded in exchange for our identifier.
Decentralized identifiers, also known as DIDs,  have the same purpose but allow you to control them versus intermediaries. You can think of it like a “digital passport” to prove who you are online without giving all of your information. 

Typically, DID holders each have a private key that only they can access, along with public keys for each DID, which attests to information. DIDs do not contain personal data or wallet information, making them more secure and private. Moreover, each user can have multiple DIDs for different purposes, making it great for the compartmentalization of identity attributes.

The user flow for using DIDs involves three main parties: issuers, holders, and verifiers. Issuers, like universities or organizations, issue verifiable credentials to holders, attaching the holder’s public DID to the credential. Verifiers, such as employers or service providers, can then verify the authenticity of the credential by checking the public DID on the blockchain, eliminating the need for time-consuming and inefficient verification processes.

Zero knowledge proofs are a tool that DID providers can use to further privacy and security. ZK can attest user data was accessed correctly and sufficiently. Additionally, platforms like Mina Protocol provide a native ZK environment for even greater security and efficiency.

Not all DID services are the same, however. Some utilize zero knowledge proofs, while others do not. Other projects also explore alternative solutions to DIDs called soulbound tokens, which function like non-transferrable NFTs. The eventual widespread adoption of these technologies is uncertain, but it is evident that verifiable identity with robust privacy mechanisms will be a crucial element in shaping the future of online interactions.

Some other use cases for decentralized identifiers include verifying: 

  • Know-your-customer/ Anti-money laundering (KYC/AML)
  • Gambling requirements
  • Accessing DeFi requirements
  • Minimum age requirement
  • Country
  • Compliant yet private payments under certain regulations

How Projects on Mina Protocol Are Using ZKPs for Digital Identity

Digital identity solutions with ZK are still in their infancy. Today the developer’s experience in programming applications with them is either not possible or very complex. Mina Protocol provides a programming experience with ZK for privacy that is much simpler and more powerful.  Numerous builders have recognized Mina Protocol’s revolutionary potential and are actively building decentralized identity solutions on its ZK-native foundation. Below are three identity-related projects being researched and built on top of Mina Protocol now. 

PunkPoll

Punkpoll is a decentralized voting platform that operates on the Mina blockchain. It operates with a two-utility token system representing political rights (zk-PUNK-nft as votes) and economic rights (PUNK Token for receipts and rewards). Voter eligibility is verified through accessible mechanisms like KYC via KakaoTalk and WhatsApp, ensuring a secure and transparent voting process. Then users request their friends to authenticate each other’s identities. This method, called social graphing, is established through existing friendships, forming a trustworthy and decentralized network. ZK-PUNK NFTs, representing votes, are issued post-authentication, with voting receipts provided as NFTs by smart contracts, ensuring vote inclusion. Participants receive PUNK TOKENs as rewards, enhancing engagement. The integration of zero-knowledge technology guarantees personal information protection, vote transparency, coercion resistance, and verifiability, epitomizing a comprehensive decentralized voting service.

Hakata (Previously zkp-ID)

Hakata is a ZK-powered solution that will provide know-your-customer (KYC) and anti-money-laundering (AML) services without requiring users to share sensitive personal identifying information. They will first provide services to Lumina DEX users in order to enable private and compliant transactions; however, they also aim to serve a wide range of other applications across the Web3 space. 

zkHumans

zkHumans is a ZK self-sovereign identity and associations platform that enables biometric ownership of digital identifiers without transmitting PII. By leveraging ZKPs, zkHumans allow individuals and collectives to prove membership in various groups without revealing specific identities. This recursive approach enhances privacy and Sybil-resistance, providing a robust on-ramp for organizations seeking heightened security and privacy for their members and digital resources.

More…

Many developers in Mina’s ecosystem are actively exploring the use of ZKPs for digital identity solutions. In addition to the above, there was a recent cohort of identity projects that were funded via Mina’s zkIgnite grant program. These include Pass3, ID-Mask, and KimlikDAO Pass— each aiming to revolutionize digital identity by leveraging Mina’s ZK-native layer. Learn more about zkIgnite and all of the funded projects from Cohort 3 here.  

Why Build on Mina

Beyond being able to open up a new chest of possibilities for Web3 with its ZK applications, Mina Protocol has become the go-to place to build with ZK for the following reasons.

  1. The Most Advanced ZK Blockchain – Mina is a ZK-native chain. Its recursive properties make the L1 one giant proof, enabling nodes to sync quickly. This not only makes running a node more accessible, but it also improves decentralization and security drastically. This also allows rollup app chains to build on Mina to improve scalability.
  2. Easy ZK Programmability – Mina zkApps use o1js, a TypeScript library that is a widely recognized language by many developers. Developers execute off-chain removing burden from the L1. Additional community built Layer 2 solutions like Protokit and Zeko are also in development and aim to streamline system and DSL complexity even more to deliver better scalability and performance. 
  3. Interoperability – Builders can reuse proofs and parts of code across different chains and applications, enabling powerful composability. For identity use cases, this means proofs of identity can be reused by different apps, with no extra cost or effort needed. Additionally, a zkBridge is currently being built, which allows you to leverage Mina’s unique ZK properties directly from Ethereum and EVM chains. 

If you want to build with zero knowledge technology, you can start by:

  1. Installing the zkApp CLI here. Or check out Protokit development framework.
  2. Learning to code a Hello World example zkApp using this tutorial.  
  3. Exploring Mina’s ZK developer grant programs to start learning and building.

If you want the latest and greatest updates about zero knowledge proofs and Mina, ensure you are signed up for the monthly newsletter.

About Mina Protocol

Mina is the world’s lightest blockchain, powered by participants. Rather than apply brute computing force, Mina uses advanced cryptography and recursive zk-SNARKs to design an entire blockchain that is about 22kb, the size of a couple of tweets. It is the first layer-1 to enable efficient implementation and easy programmability of zero knowledge smart contracts (zkApps). With its unique privacy features and ability to connect to any website, Mina is building a private gateway between the real world and crypto—and the secure, democratic future we all deserve.

More from our Blog

SEE ALL POSTS
Learn / 2024-10-29 / Chris Song
Zero-knowledge Machine Learning on the Mina Protocol
Zero-knowledege Machine Learning turns decentralized AI into a practical reality, verifying computations and keeping input data & models private. Learn more about Mina’s upcoming ZKML library.
Read more
Announcement / 2024-10-25 / Mina Ecosystem Contributors
Mina Ecosystem Gears Up for Beta Testing Phase
Read more
Announcement / 2024-10-16 / Andrew Ferrone
Mina Foundation Product Priorities Q4 2024
Read more
Announcement / 2024-10-14 / Mina Foundation
SmartOSC to Onboard 1,000 Developers to the Mina Ecosystem and Accelerate Adoption of ZK Tech
Read more

About the Tech

AboutTechCta

Mina uses advanced cryptography and recursive zk-SNARKs to deliver true decentralization at scale.

Get Started

GetStartedCta

Getting started with ZK on Mina is simple.