🧱zkPass Components

The zkPass is a cloud-based infrastructure composed of three main components: zkPass Service, Privacy Applications, and zkPass Client Library.

zkPass Service

The zkPass Service has 2 parts:

  • zkPass Web Service zkPass Web Service provides the REST API for the privacy app clients. This endpoint accepts parameters that are defined by the privacy app and forwards them to the ZkPass Host for the actual execution of the application. The web service operates in an untrusted environment. The clients of the privacy app communicate with the web service via the zkPass Client Library.

  • zkPass Host zkPass Host operates within a Trusted Execution Environment (TEE), ensuring complete isolation and security from external threats. It interacts with the zkPass Web Service through a secure, specialized channel, receiving inputs for the privacy application that are forwarded by the zkPass Web Service. The main function of the zkPass Host is to load the privacy application executable module and execute it within the TEE. Additionally, the client of the privacy application can perform end-to-end encryption with the zkPass Host to protect the privacy of user data being sent to the zkPass Service. This setup ensures that user data remains confidential and secure throughout the entire process.

Privacy Applications

The privacy application is the heart of zkPass, creating higher-level abstractions and models that simplify integration and usage for third-party software. Its two main goals are:

  • Protecting the privacy of user data

  • Providing a verifiable computing environment

Pluggable Module

The privacy application is implemented as a pluggable module, which is loaded by the zkPass Host and executed within a Trusted Execution Environment (TEE). While the data format for input and output is specific to each application, all input and output data must adhere to JWT encoding standards. This modular design ensures flexibility and security, allowing the privacy application to operate seamlessly within the zkPass framework while maintaining the integrity and confidentiality of user data.

DVR

zkPass is designed to support multiple privacy applications, with the current primary application being the Data Verification Request (DVR), detailed in the DVR section. DVR uses the powerful Zero Knowledge Virtual Machine as the underlying proof system. DVR ensures robust data protection and trust, making it indispensable for developers aiming to incorporate advanced privacy-preserving features into their software with an intuitive and easy-to-use interface and expressive JSON-based query language.

zkPass Client Library

The zkPass-client is the SDK client library that provides the interfaces, types, and functions exposed by the privacy applications. Since the DVR is the main privacy app which is supported by zkPass, the zkPass client library interface includes DVR functionalities for three distinct DVR client roles: Data Issuer, Data Holder, and Proof Verifier.

DVR-Specific Interface

The library defines the ZkPassClient struct that implements these traits:

  • ZkPassProofGenerator: Focused on the generate_zkpass_proof function and primarily used by the Data Holder role.

  • ZkPassProofVerifier: Provides a function to verify the zkPass proofs, which is used by the Proof Verifier.

  • ZkPassUtility: Provides utility functions for data manipulation.

    • Signing and Verifying: Utilizes JWS format for digital signatures.

    • Encrypting and Decrypting: Utilizes JWE format for data encryption.

Last updated