Privacy-focused blockchain platform Aleo has revealed its new decentralized digital identity solution that allows users to reveal only the necessary data and only to whom it’s intended in the form of ‘proofs’ – without ever showing actual documents.
The zPass protocol is a novel privacy-preserving credential system built on the Aleo layer-1 blockchain, which keeps users’ sensitive information offline.
When accessing online applications, only essential details are revealed, according to the press release.
Individuals and organizations can use zPass to upload their identity documents offline on private devices and services – then share anonymous ‘proofs’ as verification of that underlying data with institutions.
The computation is first done on a user’s device and then delivered on-chain as a verified proof. Aleo’s decentralized validators verify proofs before they are posted to the blockchain.
A major problem in this increasingly digital world, Aleo argues, is maintaining the balance between robust identity verification and user privacy – but doing so is essential.
Yet, current decentralized systems face privacy concerns, while centralized identity systems “face a trade-off between security and privacy” – they tend to collect more information than needed for verification due to regulatory requirements.
But a central storage is a large target for hackers.
“While these systems may technically meet regulatory standards, their data-rich environments become targets for cybercriminals, jeopardizing both user privacy and regulatory compliance.”
Meanwhile, says the team, zPass uses advanced zero-knowledge (ZK) cryptography techniques for private decentralized identity verification and leverages the Aleo blockchain for verified identity proofs.
Decentralized validator nodes receive the proof in a transaction, verify that proof, and then add it to the blockchain – thus eliminating intermediaries and third-party risks.
John Reynolds, Product Manager at Aleo, told Cryptonews that developer infrastructure will be available with the product announcement and open-sourced under Apache License, adding that,
“This equips builders with tools needed to generate credentials off chain, issue credentials as records on chain, and verify credentials in zero knowledge.”
Only a Proof and an encrypted Record of the data linked to the user’s private key remain on the blockchain.
A record is a fundamental data structure for encoding user assets and application state on Aleo, Reynolds said.
Users Select What To Share
zPass allows for “greater composability and selective attribute disclosure,” the press release stated.
Each user can select the specific information within a document they want to share and with whom. Only this data will be selectively verified.
This means that no more personal data will be given than is necessary for verification purposes, while users retain control over their personal information, Aleo argued.
Furthermore, zPass is able to onboard pre-existing signed credentials as proofs on the blockchain, with the team saying that,
“This represents a significant leap in user privacy, data security, and trust.”
For example, in order to access certain services, a user may need/want to authenticate their identity through their passport.
zPass will locally compute and validate the information from this document and produce a binary true/false output in addition to a ZK proof that confirms the output can be trusted – without ever revealing the actual document.
No Coordination With Document Issuers
Creating proofs, Aleo says, does not require modification from or coordination with the authorities issuing identities.
Reynolds told Cryptonews that,
“If physical documents are signed, no coordination is needed with the issuing authority. In the case of a US Passport, the US government does not need to be involved in any capacity for a passport holder to add their data to a record on-chain. However, if documents are not signed, or secured using some standard PKI, the issuing authority must have an account on chain to issue credentials.”
The proof and encrypted record are also reusable: the user decides when to use them, and the verifier sets the conditions for verification, Reynolds said.
The team argued that all this works to directly counter the vulnerabilities in traditional systems and elevate cybersecurity barriers against identity theft and unauthorized data access.
An additional advantage for the institutions is that they don’t “carry the regulatory burden or cybersecurity risk of storing that data themselves.”
According to Reynolds, the verifying party can define regulations within the verification program according to their jurisdiction.
“The proof will attest to whether or not the provided record (credential data) satisfied the regulatory requirements for their jurisdiction.”
Future plans for the protocol include full support for converting physical documents, specifically passports and ID cards, into records on-chain, integrating a wallet interface to allow users to manage and build compositions of credentials, and extending use cases beyond age verification.
Use cases span from ensuring child safety online to financial fraud prevention, Reynolds said.