Overview

In addition to its zkFHE core technology, PADO has developed a cryptographic attestation solution called zkAttestation, which enables users to attest to web data from any internet source and share its value using zero-knowledge proofs (ZKPs). The goal of zkAttestation is to address the challenges of data silos, extend smart contract capabilities, and enable the secure monetization of personal data within privacy-preserving workflows.

avatar

How zkAttestation Works

PADO's zkAttestation network is supported by cryptographic attestors, fiduciary entities that verify the authenticity of data from diverse sources on behalf of users.

Users can attest to their personal data from an internet source through PADO-enabled clients like the PADO extension or dApps that utilize PADO's cryptographic SDKs. The attestation process is interactive, involving cryptographic communication between the client and attestors from the zkAttestation network. For applications needing attestations, additional computations on private data—such as zero-knowledge proof of age verification (e.g., proving someone is over 18)—can be performed. In some cases, these computations are outsourced to third-party evaluators due to limited computational resources or privacy concerns. This outsourced computation leverages fully homomorphic encryption (FHE), as outlined in PADO’s framework.

Attestations can then be shared with attestation registries like Verax, EAS, or BAS. These registries are infrastructures that support the creation and sharing of on-chain and off-chain attestations with other entities. Built on smart contract platforms like Ethereum and Layer 2 networks, these registries also support non-EVM blockchains that offer smart contract programmability.

Technical Insights of zkAttestation

PADO Labs, working with leading cryptographers, has designed a lightweight cryptographic attestation protocol that uses cutting-edge techniques like MPC (Secure Multi-Party Computation) and IZK (Interactive Zero-Knowledge Proofs) to authenticate web data. Here are the key cryptographic techniques behind zkAttestation:

MPC-TLS

MPC-TLS is a specialized version of the standard Transport Layer Security (TLS) protocol that ensures secure communications between internet clients and servers. Typically, TLS protects data exchanges with encryption, as seen in secure browsing sessions (indicated by the "lock" icon in the browser). MPC-TLS extends this to involve cryptographic attestors working alongside the client.

• TLS Handshake Simulation: The attestor and client engage in two-party computation (2PC) protocols to simulate a standard TLS handshake. They jointly establish a secure channel, compute session keys, and exchange messages in encrypted form.

• Query Execution in TLS: The client generates encrypted requests, and the server sends encrypted responses. The attestor assists in encrypting requests and decrypting responses through MPC-TLS, splitting the session key between the client and attestor.

All communication-related actions, such as generating the encryption keys and processing requests and responses, are performed within 2PC using cryptographic primitives like garbled circuits, oblivious transfer, and IZK.

IZK (Interactive Zero-Knowledge Proofs)

IZK protocols enable the prover and verifier to interactively verify a claim while keeping sensitive data hidden. Unlike zk-SNARKs or zk-STARKs, which are non-interactive, IZK offers benefits such as:

• High scalability for large statements.

• Low computation costs.

• No need for a trusted setup.

• Minimal memory usage.

IZK helps ensure that the data decrypted and used within the system remains consistent with the committed, encrypted version while preserving privacy.

How zkAttestation Brings Value to Web3

The following describes the general workflow of how zkAttestation enables secure and compliant data sharing in Web3:

1. User Interaction: The user requests their personal data from a server's API using a PADO-enabled client.

2. Secure Communication: The client, assisted by an attestor, establishes a secure TLS channel with the server using MPC-TLS. The session key is split between the client and the attestor.

3. Data Request: The client sends an encrypted request for data, with the attestor participating in encryption. The server responds with encrypted data, which the client and attestor jointly decrypt.

4. Data Verification: The attestor requires the client to submit the decrypted response as a cryptographic commitment. After verification via IZK, the attestor blindly signs the response without ever knowing the actual data, generating an attestation.

5. Application Use: The attestation is shared with an application verifier, which processes it by verifying the attestor’s signature and the authenticity of the data.

6. Optional Computation: In cases where further computation is required (e.g., FHE computations), the client can outsource the task to a zkFHE evaluator. This allows applications to verify both the data’s authenticity and the correctness of the computed results.

In summary, zkAttestation ensures that users’ data can be securely authenticated and used in Web3 applications while maintaining privacy. The integration of MPC, IZK, and zkFHE makes it possible to execute complex computations on encrypted data, enabling trustless, secure interactions without exposing sensitive information.