Introducing the Anti-Cheating Mechanisms on zkPass

zkPass is an oracle protocol that enables private internet data to be verifiable on-chain. Built on top of zkTLS, composed of 3P-TLS and Hybrid ZK technologies, zkPass provides tools and applications for secure, verifiable data sharing with privacy and integrity assurances from any HTTPS website without requiring OAuth APIs.

zkPass allows users to selectively prove various types of data, such as legal identity, financial records, healthcare information, social interactions, gaming data, real-world assets, work experience, education, and skill certifications. These zero-knowledge proof computations are performed locally and securely, ensuring that sensitive personal data is not leaked or uploaded to third parties. They can be used for AI, DePIN, DID, lending, and other financial and non-financial applications.

Reasons for Implementing the Anti-Cheating Mechanism

In any data verification system, ensuring the authenticity and integrity of data is crucial. Without an effective anti-cheating mechanism, users and malicious attackers could tamper with request and response data, undermining the trust foundation of the entire system. Here are the main reasons why zkPass has implemented an anti-cheating mechanism:

• Data Integrity Assurance: The anti-cheating mechanism ensures that data transmitted from the client to the server is not tampered with, safeguarding the data’s integrity and reliability.
• Prevention of Malicious Behavior: It prevents malicious users from exploiting system vulnerabilities to perform fraudulent operations, such as forging data or modifying response content.
• Enhancing System Credibility: By ensuring that all participants (clients and servers) can trust the data exchange process within the system, the overall reliability and credibility of the zkPass system are significantly enhanced.

Introduction of Anti-Cheating Mechanism

To further enhance data integrity and prevent tampering, zkPass is launching a new anti-cheating mechanism that employs zero-knowledge proofs to verify both the requests sent by clients and the responses received from servers.

Detailed Mechanism of Anti-Cheating

The anti-cheating mechanism works by validating the correctness of data exchanged between clients and servers through a series of zero-knowledge proofs.

Request Verification

1. Proof 1: Verifying the Correctness of Client’s Request

• Private Input: Client request, EncKey
• Public Input: Node Ciphertext
• Check: AES[Client request] == Node Ciphertext
• Explanation: The client encrypts the request data using an encryption key (EncKey), producing a ciphertext. By ensuring that this ciphertext matches the expected Node Ciphertext, zkPass verifies that the client has sent the correct request.

2. Proof 2: Validating the Correctness of Client’s URL

• Private Input: URL (Plaintext, URL x bit-y bit)
• Public Input: URL in Template
• Check: Client URL == URL in Template
• Explanation: This step ensures that the URL provided by the client matches the predefined URL template, verifying the correctness of the request address.

Response Verification

3. Proof 3: Ensuring the Client Receives the Correct Response

• Private Input: Client response, EncKey
• Public Input: Node Ciphertext
• Check: AES[Client response] == Node Ciphertext
• Explanation: By comparing the encrypted response data with the Node Ciphertext, this proof verifies the integrity of the response received by the client.

4. Proof 4: Matching Response Attributes to the Template

• Private Input: URL (Plaintext, URL x bit-y bit)
• Public Input: Attribute in Template
• Check: Client attribute == Attribute in Template
• Explanation: This proof ensures that the attributes within the response data align with those specified in the template, verifying the accuracy of the response content.

5. Proof 5: Validating the Asserted Value’s Correctness

• Private Input: Value
• Public Input: >, <, =, ∈, Value in Template
• Check: Value > Value in Template
• Explanation: This step checks if the value in the response data satisfies certain conditions (such as greater than, less than, or equal to a specified template value), ensuring the logical correctness of the response data.

Proving the Correctness of the Response

In zkPass, the server returns an encrypted response to the node, which caches a copy and forwards it to the client. The client, equipped with the EncKey, decrypts the response to obtain the plaintext data. The client then runs a zero-knowledge circuit where:

• The private inputs are the plaintext response and the EncKey.
• The public input is the Node Ciphertext.

The client proves the correctness of the response by:

1. Encrypting the plaintext response using the EncKey.
2. Verifying that the encrypted result matches the Node Ciphertext.

If the encrypted result matches the Node Ciphertext, it demonstrates that the client has not tampered with the response data, ensuring data integrity.

Conclusion

By implementing this anti-cheating mechanism, zkPass not only guarantees the privacy and security of data verification but also ensures the integrity of client-server communications, reinforcing its position as a leading protocol for secure, verifiable on-chain data.

zkPass Links:

Website | Twitter | Discord | Medium | Github | Portal