What’s Waldo Got To Do With Your Password?

We live in a 1980s viewpoint of our digital world. We must prove that we know our password, so we blindly send it. It is then checked against a scrambled version of it (normally a hashed version), and which can be easily reversed if someone manages to get access to the scrambled version.

We must prove we are over 18, so we send our date of birth. Straight away we are giving away something which could be used against us, and where we have leaked a bit more of our life to someone who might use it for reasons that we have not consented too (such as hacking our bank account!).

But why? Because programmers have created a world where we must show the original value, again and again. But why can’t we get some trusted person to prove our age, and why can’t see just prove that we still know our password? This is the world of zero-knowledge proofs (ZKPs), and our digital world must move towards this. My ID should be my own, and Facebook could not actually know my ID, but can only link me to the ID that they know.

And so we should all know of the Ali Baba zero-knowledge proof explanation, and where Peggy (the Prover) goes into a cave, and must show Victor (the Verifier) that she knows the secret password to open up the passage way. If Victor continually asks Peggy to exit through a certain exit route, she will always be able to do…