Xavier Salleras, a Dusk researcher, and colleagues from the Universitat Fabra in Barcelona have created a decentralised system to allow users to prove their rights and access blockchain services without using a third-party and without revealing any sensitive data.
They have created the FORT Protocol. FORT uses Zero Knowledge Proofs (ZKP and NFT) in a unique manner to enable users to anonymously prove who they are to service providers without having to disclose any sensitive information.
Privacy concerns regarding user authentication for services
Today, online services require personal authentication to ensure that the user can prove their identity. Online subscriptions to services such as music streaming and concert tickets can be purchased online. Customers must pass this third party authentication repeatedly.
These tokens are linked to customers’ private information, giving them access to the platforms. The platforms use centralised systems, which could put customer data at risk.
The platforms play the role of trusted third party and are therefore posing unnecessary risk. If users don’t have full control over their data, data misuse and data leakage are possible.
FORT: Right-proving and attribute blinding self-sovereign authentication
NFT and ZKPs are used in the FORT protocol to provide self-sovereign authentication which can be used by users to protect and control their sensitive information.
The above image shows five steps that explain how FORT works.
The service provider charges the user via an anonymous address or private transaction. The service provider then grants the user an NFT, which contains attributes. The service provider mints an NFT and transfers it to the address of the user, who can then access the attributes as needed.
The NFT information is used to compute a certificate (ZKP), and the user installs it on their smartphone.
Once the user is authorized to use the service they can log in and request the certificate from the service provider.
To verify that the required attributes are present in the NFT of the user, the service provider examines the Merkle tree. This tells him if the user is authorized to use the service.
The service provider verifies that the user can access the service by verifying the certificate of the user, but without knowing who the user is.
Benchmarks have shown that FORT can be run on low-resource devices like smartphones and smartwatches. This makes FORT an extremely practical solution.
FORT can be easily implemented on any blockchain, including Ethereum and the Dusk. It would be even more private if it were integrated into the highly private Dusk Blockchain.
Disclaimer: This article is intended for informational purposes only. This article is not intended to be used for legal, tax, investment or financial advice.