Zero-Knowledge Proofs for Business Processes
Name
Aivo Toots
Abstract
Every day the amount of private and sensitive information shared in the Internet increases. This means that there is also a growing need for solutions to protect this information. There are various effective technologies used to protect or hide private and sensitive information, but even better approach would be to reduce the need for sharing this information through the Internet at all. In many cases, zero-knowledge proofs could be used, replacing the shared sensitive information with proofs based on this information. As zero-knowledge proofs have a lot of potential, but they are not widely used in practical applications yet, this thesis presents a tool that supports two goals – firstly, making systems more secure and privacy-preserving, and secondly, bringing zero-knowledge proofs more into practical applications. This paper describes a tool that allows to prove, based on a description of a system (a process) expressed as a business process model in BPMN notation, that the system (a process) has under certain conditions some stated properties, for example, that there is a flaw in it. For example, one may prove that a purchase process satisfying certain conditions allows one to receive the product without actually paying for it, without disclosing how this is achieved. For constructing and verifying the proofs, the tool uses the zkSNARK protocol provided by libsnark.
Graduation Thesis language
English
Graduation Thesis type
Master - Cyber Security
Supervisor(s)
Peeter Laud
Defence year
2020