The 2nd Zkproof Workshop 2019 page
# Zero Knowledge Architecture, is it possible?
# ZKP Zero knowledge proof asymmetric keys # ZKP Bob and Alice inside the cave Register Intermediate certificates No password exchanges Keys can be revoked using intermediate certificates
Client side only
# Security Concerns
- Each symmetric key is unique per Blob/Service/Client
# No name approach - Never share complete
# Frameworks Node Coassak labs
# Web Apps - CORS presents requests - CSP explicitly allow resources - Verify assets checksum (prevents MITM attack) - Referrer-Policy - WebCrypto to manage keys
#How to protect the Encyption Layer? - Can sniff plain JS - Solution WebAssembly -- Prevent the data accesses on the fly -- Binary
# Minimize the Mayhem ....
Questions on ZKA 1/ Migrating from an existing codebase 2/ Applying ZKA to the Big Data 3/ Losing The Keys 4/ Storing metadata on the server 5/ Server security failure 6/ Exporting the keys (recovery system better for users) 7/ Recovery - Recovery server - [new] Client -- Extract the payload -- Restores the contents
# Main problem with ZKApp - Constructors? - Operating systems (bios)? - Trust the users
# ZKA Summary - talks.m4dz.net/zka/en