KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Within the digital identity wallet-movement (and especially SSI), there is a lot of focus on proving something about yourself, without revealing anything else, also known as ZKP (Zero-Knowledge Proof). It is important to realize that if we build this into the future identity systems, we will also grant any criminal the right to full anonymity.
While there are some marginal use cases (buying beer and adult materials) where we might want this, using ZKP also excludes accountability, unless there is a way to reveal the identity behind the proof. This would then be pseudonymity, and the challenge here, is who is authorized to reveal this, and how to prevent mis-use.
Within the digital identity wallet-movement (and especially SSI), there is a lot of focus on proving something about yourself, without revealing anything else, also known as ZKP (Zero-Knowledge Proof). It is important to realize that if we build this into the future identity systems, we will also grant any criminal the right to full anonymity.
While there are some marginal use cases (buying beer and adult materials) where we might want this, using ZKP also excludes accountability, unless there is a way to reveal the identity behind the proof. This would then be pseudonymity, and the challenge here, is who is authorized to reveal this, and how to prevent mis-use.
Okay, so anonymity. So my first question would typically be, you know, what is anonymity?
Well, it means it's a situation where you are unknown. You're untraceable. You are untrackable. So my question would be, how many of you would like to have this option to, to be anonymous? Yeah. Most of us. How many would say the person next to you would have this ability to be anonymous?
Okay, little fewer. How many would say that guys stalking your teenage daughter could be anonymous? That's where it gets difficult, right?
Okay, so why are we talking about anonymity? Well, pool one is privacy. We don't want to be tracked, we don't want to be followed, et cetera. And I mean, this is down in the ID 2020 manifesto. And this is under pressure. We are being surveilled, we are being followed on the internet by the big techs and there is surveillance. And also privacy may be overruled by a court. If you are under suspicion of doing criminal activities, a court can decide to tap your phone to trace you, which means, well, you're not really anonymous payments.
Well, cash payments are anonymous. I find it's still amusing. There are groups on Facebook discussing the privacy problems of cbdc. But that's another matter. We think that voting is anonymous.
Well, voting itself is not. The vote is anonymous. The fact that I voted is not because if that was anonymous, well I could vote multiple times. So the information about me voted, that is not anonymous. We have things like witness protection programs where anonymity is important. Charity is another interesting one. If you go to some religious text, you will find that, well, if you give to charity, you should not brag about it. You should do it anonymously. You shouldn't do it to get credit. You should do it to help somebody. So that's an interesting point where you want to be anonymous.
You have countries with repressive regimes where you want to avoid prosecution. That's another the place where you want to be anonymous. And of course our friends, the criminals, they want to be anonymous.
Obviously, they don't want to be tracked. I don't know if you've seen this movie from 1968. It's actually an excellent movie proving that point where the, the leader, the the brain behind the crime is, is getting all these people together. Nobody knows him, nobody knows each other, but there's a twist at the end. So it's a good movie. And look at it through the eyes of anonymity and identity. It's actually quite good. The Tinder swindler, I don't know if you remember that one. This was also fraud case on, on, on Tinder, where the guy of course was not known.
There was no sort of real identification on Tinder. So he was able to fraud one lady after the other and getting all this money. And the movie shows a lot about this. And would this be possible if we would be able to hold him accountable? Cause that's the problem. If you're anonymous, we can't hold you accountable.
Obviously, if I don't know who you are, well I can't hold you accountable. And typical example is the dating sites where right, where people are you, you don't really have to prove a lot about your identity. And therefore it's also difficult to hold you accountable if you are abusive or you, you, you know, get people's money and, and behave in different ways. So anonymity and accountability is a challenge and it's a challenge of under one side, we want to have free expression. We want to get all the different voices out. But what we are seeing as well is the harassments.
We are providing a stage for a lot of people see, saying a lot of really bad things and just, you know, following the comments. I mean, the worst thing you can do when you wake up in the morning is read the comment section on, on some statement on the internet.
I mean, you, you just get sad. So it is a challenge, this balance, we want to have our privacy, but we still want to hold the people accountable and we don't want to be give people this ground for harassment. So how anonymous are we really? Right? One example, I work for tier to every banking, 3,500 people. So I mean that attribute about somebody in itself doesn't give away the person. I live in a city called Marwick, which is about 15,000 people, big groups. But the intersection of this, the last time I check was only me. Meaning if you have those two attributes, you know it's gonna be me.
And often we can see it's often very few attributes needed to define an individual. Okay? Zero knowledge proofs. I I was intrigued and fascinating by this, this concept of zero knowledge proofs. This is about proving something without revealing anything else. And I've used a popular metaphor to, to explain it at least to non-technical.
I mean, if everybody knows what this is, this is gonna be really boring. But remember Waldo, where's Waldo, right? You're gonna find him. I'm grandkids love doing this. I want to prove that Waldo is on this diagram without revealing where, right? That's the idea of a zero knowledge proof. I can prove that it's here. So what I'll do, I create a big piece of paper with a little hole in it and then I place the book underneath and I show there's Waldo. Now I've proven that it's there, but you don't know the location of the book or the picture. So I haven't given away where he is.
So this is your a very popular explanation of zero knowledge proofs. You prove that he's there, but I haven't revealed where he is. And this has been around for some time. It's a cryptographic protocol and it's really important in what we are doing right now. And also what we need with zero knowledge proofs is some chain of trust. You need somebody that can attest to the attributes. And we see this typically in verifiable claims where some attribute is issued by somebody and somebody attest that this is true.
So you can prove you're of legal age, you can prove your nationality, you can prove your person, et cetera. But without having the source, you can't trust that information. So you always need this chain of trust. Some examples, I mean, legal age is typical one over a given age, citizenship, your city, your employment is a great husband gonna be another one. All of these needs somebody that can attest to it. And of course the government will attest to some of them. The employer will test, and my wife would attest to the last one.
And again, depending how much you trust these entities, I mean, if you knew my wife, you would know if that statement is true or not, right? And same with the others. So you will always need this chain of trust will need the trusted entities in this to do that. And also important though, I I show the Venn diagram with the city and the employer. Two different, I mean, if the same validator gets these two attributes, well you can derive its me, but you can't do that across different validators. And that's important.
Well, so they can sort of compare notes and find out, okay, this is me. Okay? So we looked at that now to certain anonymity, which is very confusing because anonymity is often used to meme certain anonymity.
And this, this causes a lot of confusion. What do we really mean? And actually most cases we say, well you are anonymous and you can read or you know, newspaper article, he was anonymous, but they were tracking him.
Well, no, then you're not anonymous if you, if you know who people are. So I went back to, you know, the origin of this pseudonym. So this is a picture of George Elliott. It doesn't really look like George does it. Well it's not, this is Maryanne Evans that used the pseudonym George Elliot when publishing books and why.
Well, at that time, being a female, you wouldn't be recognized when publishing books, right? So if she used pseudonym, and of course this information is not true, she decided to use a mail name to get recognized.
And we, we see that a lot, a lot of authors are using pseudonyms. You could see it in personal ads if that exists anymore. Reader letters and, and comment sections, et cetera. Health research you use anonymity. And also more so the internet and and dating sites, people don't really go out there with their real identity behind those top ones. There is typically a responsible entity.
I mean, if you are an author, well the publisher will know the link to your real identity for the ads. Will there somebody publishing that health research? Of course the, some researchers will know that, which is important because you may find some really critical information in the research that you need to go back to the individual and say, Hey, we found something serious, you should really go back and and check on this. And we had that case in Norway not long ago, but for most of the internet, and typically, again I mentioned dating sites.
Well, this is not a case. You don't really have that link back. You can be anybody you want, nobody can hold you accountable. Then Metaverse, and there's some interesting thing, I mean in, in the metaverse you can be anybody you like, right? I still think of Metaverse like Second Life and everybody remembers Second life. I had an account in Second Life and it was still working.
You know, when, 15 years later when I've heard about Metaverse, and of course the next slide now is if the people could close the rise because I'm using somebody else there. They were using, Gartner was doing a research on diversity, equity inclusion on, on this topic. And the idea was to minimize bias, right? So going into the metaverse, you could create your persona, you would standardize the names, the physical appearance, the voice, et cetera of the people. Because we've seen again and again in for example, application for jobs, there is a bias based on the name.
If the name gives some indication of some foreign countries that gender can be important. I mean things like that are we, we all have bias, right? So the idea behind this, well if you go into Metaverse, you can go in and not have the bias. So for example, then June Guang here from from Sudan, she's in a metaverse, she creates another persona, which is a German, German male, right? To try to avoid this bias, which makes perfect sense, right? You should be then treated differently, unfortunately. I mean it shouldn't be like this, but we, we have these bias problems.
And then, you know, applying for, for a job there, well the employer would request a, you know, name, gender, age, nationality and things like that. All good. And that can be sent back. The challenge is what if this is requested as zero knowledge proofs, zero knowledge, proofs or verifiable claims need some trusted entity that can attest to this information. And since all this information are lies, her name is not John Zimmer, how can you create a verifiable claim that claims she's German when she's not? I mean we talk about trust providers, right? This would be a live provider.
I dunno, you cannot, I mean that, that's the whole idea behind verifiable claims. The claims are verified by somebody. And this is where, you know, at least I run into challenges. How do we handle this problem? We have this really good mechanism of verifiable claims where you can prove something about you. We want to avoid bias, for example, in the metaverse. So you can, you know, show somebody else, but they don't really go together. So absurd name is a lie, right? It's not your real name, it's not your real gender, nationality, age, whatever. It's li but somebody knows something about this.
The, the real identity behind this. There, there is a link there somewhere. So how does it, whoops. How does this go together? Is it possible to create a $0 proof or verifiable claim for these lies? Well that sort of would defeat the whole system here. I don't know how that would work. And another challenge with anonymity, who decides to reveal the real identity entity? You have a platform where you are, you have your avatar or your, your persona, and then somebody claims, well I need to know the real identity. Who decides that's a big problem?
I mean, if we could have a vote on that, but would that be fair? The, should the platform decide, should this be a legal issue? Like back to the, the legal system being able to override your, your privacy. So that is a big problem.
Yes, we want to hold people accountable for one, we want them to, to be able to have their privacy, right? So they have, shouldn't have to expose everything, but we want to hold them accountable. But who decides? And that is a problem. And who decides how to real reel that identity?
So, so why is all this important? What have been talking about this identity?
Well, we want to build the future identity systems for human good, at least I'm really concerned about that. We want to make really good systems that takes all this into account. But how do we balance people's wants, needs to be anonymous for all these different reasons. Everything from, you know, being witness protection, we don't want to be traced, et cetera, with being held accountable for your actions with the bias and diversity.
How, how do we balance these things together? And that was the question I ended with. I don't really have the answers, I have the questions. So any questions from, from you guys now? Thank you John for presentation. Any questions to the audience?
No, I'll check online. What, what are the advantages of anonymity and zero knowledge proof in the context of privacy and security and how, how does it differ from traditional identification and authentication method? So I mean traditional, well what does traditional methods mean?
I mean, in a lot of cases you don't really need to prove who you are. I mean, if you set up a Google account or Facebook account or pretty much any account, you don't need to prove who you are. So you could be anybody. I mean that's excluding if you, you want a bank account or, and of course obviously government knows you, so you there have a, a degree of an anonymity. Although of course the, the service party will be able to collect a lot of information about you to, to know who you are.
Of course the advantage of zero knowledge proofs is whoever you are giving information to don't need to know everything about you. I mean, typical example is h but I I'm much more like the example of rebate on public transportation. The transport company doesn't need to know if that's because I have an illness or because I'm over a given h. That's the typical zero knowledge proofs. I just have this attribute, I have rebate on public transportation and nobody needs to know why. Perfect. Thank you so much John. And we are right on time, so everyone round for plus for John. Thank you.
