Why Zero Trust Must Also Be Under Zero Knowledge | 1 March 2023 - MOBI

This lecture took place on 1 March 2023.

Zero trust and its architectures are incomplete in a digital world where the benefits of exponential innovation are starting to be outweighed by its risks. To exponentiate trust in the digital world, zero trust must be expanded to zero trust under zero knowledge — because in a world of generative AI, none can be trusted, nothing should be shared, and if something is shared it must be verifiable to be true by anyone without revealing any sensitive data.

Q: If how Verifiable Credentials (VCs) work is inherently Zero-Knowledge (ZK), then what does the ZK layer in Citopia do?
A: VCs are not inherently ZK. Typically they will contain clear text data making claims about a subject that might be pseudonymous when using DIDs and attested to by a VC issuer that might also be using a Decentralized Identifier (DID). But that is not ZK. ZK in a VC is, for example, attesting to a ZK proof that the subject is over 21 years of age without revealing the birthday at the time the VC was issued.

Q: Is it more of a verification that ZK is actually being preserved?
A: It is a verification that a ZK proof was created at a specific point in time, more than anything else. But that is a very powerful statement by itself since otherwise, you cannot prove when a ZK proof was created.

Q: Interaction between digital twins is zero trust (ZT) in a network, but if a digital twin is accessed by an API, is it still a ZT network?
A: Yes, it is as long as the requester of the Self-Sovereign Digital Twin (SSDT) API is required to prove its identity using public key cryptography every time the requester accesses the API of the SSDT.

Q: What is the difference between the Citopia nodes being connected using Citopia API vs the Citopia nodes being connected via ITN?
A: Citopia Nodes connected to one another are network nodes in one network connected to one another, as network nodes are in IPFS or Bitcoin or Ethereum. Citopia Nodes connected to the ITN are one network talking to another network – cross-network node communications.

Q: When do the Citopia nodes communicate with one another?
A: Only when one node wants to discover or access services and applications in another node or when Citopia membership credentials are replicated between nodes.

Q: Is it strictly for peer-to-peer communications, such as proof presentations?
A: Basically, yes.

Q: I think peer-to-peer communication including write transactions is slow, what is the tech in order to speed up the communication?
A: Requests between Nodes can be processed in parallel. Therefore, more powerful compute and network infrastructure improves throughput.

Q: Is it correct to understand that interaction between Citopia API nodes is ZT and interaction between Citopia applications is ZT but interaction between Citopia API node and Citopia application node is NOT ZT because that API interaction is not by ZT (DID to DID)?
A: Communication within a Citopia node is within a trust boundary. Therefore, although all traffic is encrypted, not all applications must authenticate each other. However, all external requests made to a Citopia node must be authenticated and authorized by the Citopia node and by the targeted Citopia Application – double verification.

Q: Which ensures ZKPs? SSDTs by themselves or SSDTs with Citopia services or SSDTs and Citopia services interacting with core services?
A: ZKPs are generated and verified by Citopia Services or — a bit later on the roadmap due to required optimizations — directly within a Citopia SSDT as part of an SSDT’s capabilities.

About the Speaker

Andreas Freund, PhD is the lead for the technical development of the ITN, the Co-founder of the ConsenSys Kapture Fan Engagement platform, the TCS 2017 Distinguished Engineer for his contributions to Blockchain technology, a seasoned business, and technology leader, and Six Sigma Black Belt. He has a proven international record of over $1Bn+ in enterprise value enhancements, leading many successful business & technology transformations, M&A, Restructuring, and Continuous Improvement initiatives, and building successful technology practices. He now specializes in creating digitally-enabled organizations focusing on rapid digital strategy and product development and implementations spanning Fortune 500 to Private Equity companies. He managed 50+ enterprise programs with budgets up to $35M in financial services, insurance, alternative lending, supply chain, manufacturing, transportation/logistics, high-tech, media/telco, and publishing.