Dusk researcher Xavier Salleras and colleagues from the Universitat Pompeu Fabra in Barcelona, have designed a decentralised system that will enable users to prove their rights to blockchain services without using a third party, and without revealing any of their sensitive data.
The researchers have developed what is called the FORT Protocol. FORT employs NFT and Zero Knowledge Proofs (ZKP) in a unique way in order to allow users to anonymously prove their identity to service providers, without having to reveal their sensitive information to any trusted third parties.
Current privacy concerns over user authentication for services
Online services today invariably require some form of personal authentication in order for the user to prove they are who they say they are. Many subscriptions for online services from music streaming, to concert ticket purchases, are made online and entail that customers pass some kind of third party authentication over and over again.
These platforms issue tokens that are related to the private information provided by their customers, which gives them the right to use the platforms. However, the platforms all use centralised systems that potentially put customer data in jeopardy.
Therefore, the platforms are playing the role of trusted third parties, and as such they are bringing unnecessary risk into the situation. Data leaks, and data misuse are possibilities when users do not have control over their own data.
FORT: Right-proving and attribute-blinding self-sovereign authentication
The FORT protocol makes use of NFT and ZKPs in order to create self-sovereign authentication that the user can employ to control and protect their sensitive information.
As seen in the above image, there are 5 steps that show how FORT works.
- readOnchainInfo
The user pays for the service by way of an anonymous address or private transaction. An NFT is then granted to the user by the service provider, which holds attributes that are stored within. The service provider mints the NFT, and then transfers it to the user’s address, who can then read the attributes when required.
- computeProof
The user computes a certificate (ZKP) using the information stored in the NFT, and instals it on their device, which is a smartphone in the above example.
- sendProof
Now that the user has gained the right to use the service, they then try to log on and the service provider requests the certificate.
- verifyOnchainInfo
The service provider reads the Merkle tree of the blockchain to verify that the necessary attributes are contained in the user’s NFT, which tells the service provider whether the user has the right to use the service at that moment.
- verifyProof
The service provider verifies that the user has access to the service by checking the user’s certificate, without having any knowledge of who the user is.
Benchmarks show that the FORT protocol can be run on devices with low computing resources, such as smartphones and smartwatches, making FORT a very practical solution.
FORT can easily be implemented on blockchains, including on Ethereum or on the Dusk blockchain itself. Integrating it into the already highly private Dusk blockchain would result in even higher levels of privacy.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.