Upgrade to Pro — share decks privately, control downloads, hide ads and more …

apidays Paris 2022 - Why you shouldn't trust me, Keerthana Ganesh (AWS) & Shubham Patil (Natwest Digital Channels)

apidays
PRO
December 31, 2022
Programming
0
54

apidays Paris 2022 - Why you shouldn't trust me, Keerthana Ganesh (AWS) & Shubham Patil (Natwest Digital Channels)

apidays Paris 2022 - APIs the next 10 years: Software, Society, Sovereignty, Sustainability
December 14, 15 & 16, 2022

Why you shouldn't trust me
Keerthana Ganesh, Solutions Architect at AWS
Shubham Patil, Android Developer at Natwest Digital Channels
------

Check out our conferences at https://www.apidays.global/

Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8

Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io

Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/

Deep dive into the API industry with our reports:
https://www.apidays.global/industry-reports/

Subscribe to our global newsletter:
https://apidays.typeform.com/to/i1MPEW

apidays
PRO

December 31, 2022
Tweet

More Decks by apidays

See All by apidays
apidays Australia 2023 - A programmatic approach to API success including OpenAPI, Paul Bradley, Excelsa
apidays
PRO
0
23
apidays Singapore 2023 - Securing and protecting our digital way of life, Veronica Tan, Cyber Security Agency of Singapore
apidays
PRO
0
23
apidays Singapore 2023 - State of the API Industry, Manjunath Bhat, Gartner
apidays
PRO
0
58
apidays Singapore 2023 - Beyond REST, Claudio Tag, IBM
apidays
PRO
0
23
apidays Singapore 2023 - Connecting the trade ecosystem, CHOO Wai Yee, Singapore Customs
apidays
PRO
0
17
apidays Singapore 2023 - Business resilience: keeping a finger on the pulse and digitizing for productivity, Jene Lim, Experian Asia Pacific
apidays
PRO
0
27
apidays Singapore 2023 - Changing the culture of building software, Aman Dhamija, Goldman Sachs & Green Software Foundation
apidays
PRO
0
25
apidays Singapore 2023 - Building a digital-first investment management model, Scott Treloar, Noviscient
apidays
PRO
0
14
apidays Singapore 2023 - Digitalising agreements with data, design & technology, Charlie Loo, DocuSign
apidays
PRO
1
17

Other Decks in Programming

See All in Programming
pixivアプリでマルチモジュールを実現するまで
gatosyocora
1
130
TYPO3 v13 – The road to LTS: What's new and new APIs
luisasofie_xoxo
0
180
[SF Ruby, March 2024] Rails on Wasm
palkan
0
380
Folding Cheat Sheet #1
philipschwarz
PRO
0
210
ログラスを支える設計標準について / loglass-design-standards
urmot
10
2.1k
What We Can Learn From OSS
inouehi
0
410
Designing for tomorrow's programming workflows
honnibal
PRO
2
110
大規模Reactアプリのリアーキテクチャ~8万行のTanStack Query移行の軌跡~
kj455
3
800
Java 22 Overview
kishida
1
170
Folding Cheat Sheet #2
philipschwarz
PRO
0
110
本格ローグライク制作にEbitengineを選んでみた
nagainaganawa
0
290
脱・初心者!脱・マネコン!AWS CDKを使ってみませんか!?
har1101
0
300

Featured

See All Featured
How GitHub (no longer) Works
holman
304
140k
Rails Girls Zürich Keynote
gr2m
91
13k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
6
990
Music & Morning Musume
bryan
41
5.6k
In The Pink: A Labor of Love
frogandcode
138
21k
The Art of Programming - Codeland 2020
erikaheidi
41
12k
How to Ace a Technical Interview
jacobian
272
22k
Web development in the modern age
philhawksworth
202
10k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
273
13k
What’s in a name? Adding method to the madness
productmarketing
PRO
15
2.6k
Fireside Chat
paigeccino
20
2.6k
Ruby is Unlike a Banana
tanoku
96
10k

Transcript

  1. Why You Shouldn’t Trust Me Zero Knowledge proofs for those

    with Zero Knowledge Keerthana Ganesh and Shubham Patil

  2. Who are we? An d ro id d e ve

    lo p e r a t Na twe st Ba n k in Lo n d o n Se c u rity So lu tio n s Arc h ite c t in th e se rvic e s se c to r in th e UK I like le a rn in g a b o u t th e e m e rg in g te c h n o lo g ie s in th e se c u rity sp a c e Sh u b h a m Pa til Ke e rth a n a Ga n e sh

  3. 2023 SERIES OF EVENT New York May 16&17 Australia October

    11&12 Singapore April 12&13 Helsinki & North June 5&6 Paris SEPTEMBER London November 15&16 June 28-30 SILICON VALLEY March 14&15 Dubai & Middle East February 22&23

  4. • Data created every day by an average person ≅

    350MB • Ave ra g e n u m b e r o f p a s s wo rd s p e r p e rs o n in th e d e ve lo p e d wo rld ⁡ ⁡ ≅ 100 • Th e s e p a s s wo rd s a re a ll s to re d s o m e wh e re , e ith e r a s p la in te xt o r a s a h a s h with e n cryp tio n • Au th e n tica tio n is s im p ly a p ro ce s s o f cro s s re fe re n cin g • Cre d e n tia ls , n o t p ro o f, a re tra n s m itte d ; m a kin g th e m lia b le to in te rce p tio n • Se cu rin g APIs b e co m e s a le n g th y p ro ce s s Se c u rity to d a y

  5. Some form of data has to be tra n sfe

    rre d , a n d th is is like h a n d in g yo u r ke y to so m e o n e a n d th e y h a ve a c o p y o f th a t ke y wh ic h is c h e c ke d a g a in st yo u rs.

  6. Issues: Have to trust that the verifier isn’t malicious AND

    that they c a n b e tru ste d to ke e p th is se c re t se c u re … .we a ll kn o w h o w th a t g o e s. An o th e r issu e is th a t th is c re a te s a n a rm s ra c e - b e tte r e n c ryp tio n le a d s to b la c k h a t h a c ke rs tryin g to fin d b ig g e r e xp lo its wh ic h le a d s to g re a te r se c u rity wh ic h le a d s to g re a te r e xp lo its.
  7. None

  8. Proving facts requires only two words: True or False

  9. Keep your keys on your person In s te a

    d o f le ttin g a n o th e r p a rty u n lo ck th e lo ck wh ile yo u wa tch , yo u o p e n it in fro n t o f th e m . No le a ka g e o f cre d e n tia ls No n e e d to s to re cre d e n tia ls in a fo rtifie d d a ta -ce n te r.

  10. How? • Ma ke ch a lle n g e

    s INTERACTIVE, n o t ju s t STATIC • Cre a te a s e cu re e n viro n m e n t • De fin e wh a t th e m in im u m p ro b a b ility is to b e s a tis fie d

  11. Enter Z e ro Kn o wle d g e

    Pro o fs De fin e d in 1985 b y Mica li, Go ld wa s s e r a n d Ra ckh o ff ZKPs e xis t fo r ANY m a th e m a tica l p ro p o s itio n th a t ca n b e p ro ve n tru e o r fa ls e . Ba s ica lly a n y p ro o f ca n b e tu rn e d in to a ZKP

  12. /*EMPHASIS **ANY mathematical proposition END EMPHASIS*/

  13. What makes a ZKP a ZKP? 1. Co m p

    le te n e s s : Is it co n s is te n t? 1. So u n d n e s s : Is it ro b u s t? 1. Ze ro -kn o wle d g e … n e s s (?): Is it ze ro kn o wle d g e ??????

  14. A few examples

  15. Example 2: Swapping 2 objects

  16. Analysis 1. Co m p le te n e s

    s : If I kn o w th e d iffe re n ce b e twe e n th e o b je cts - I will a lwa ys co n vin ce th e ve rifie r. 1. So u n d n e s s : If I kn o w th e d iffe re n ce , it’s e xtre m e ly u n like ly I’ll co n vin ce a ve rifie r. 1. Ze ro -kn o wle d g e … n e s s (?): No m a tte r h o w m a n y ro u n d s th e ve rifie r a s ks fo r, th e y wo n ’t e ve r g e t a cce s s to th e ke y.

  17. A real problem that can be solved with ZKPs.

  18. Interactive vs Non -in te ra c tive In te

    ra ctive - A co m p u ta tio n h a s to b e p e rfo rm e d b y th e p ro ve r fo r e ve ry ve rifie r. Be s t wh e n p o te n tia l n o o f ve rifie rs is s m a ll. No n -in te ra ctive - Th e ve rifie r ca n d o th e p ro o f th e m s e lve s , n o n e e d fo r p ro ve r to d o a n yth in g . Be s t wh e n th e re m ig h t a lo t o f ve rifie rs th a t n e e d to b e s a tis fie d .

  19. Use Cases

  20. The killer app - Se cu re Mu lti-Pa rty

    Co m p u ta tio n • ZKPs , in e s s e n ce , a re ju s t p ro o fs o f c o m p u ta tio n . • In a d d itio n to p ro vin g kn o wle d g e , we c a n p ro ve th a t we p e rfo rm e d s o m e th in g h o n e s tly. • Allo ws fo r m a n y p a rtie s to co lle ctive ly c o m p u te a s o lu tio n , with o u t kn o win g th e in p u ts fro m o th e rs . • Le s s re s o u rc e s n e e d e d fo r API s e cu rity. Alice’s private data x1 Bob’s private data x2 f(x1 ,x2 ) Alice Bob

  21. SMPC examples: • Pro c e ssin g p riva

    te a u c tio n s. • Me d ic a l re se a rc h in vo lvin g p a tie n t’s p riva te d a ta . • Ta rg e te d a d ve rtisin g with o u t kn o win g p riva te d a ta . • Su p p ly c h a in s th a t a re p riva te a n d ve rifie d .

  22. APIs as hardware? • As SMPC g a in s

    wid e r a d o p tio n , APIs will p la y a m a jo r a s c o n n e c tio n s b e twe e n n o d e s . • O n e c o u ld s a y APIs will e vo lve in to a typ e o f h a rd wa re c o n n e c tio n b e twe e n d is trib u te d c o m p u ta tio n n e two rks . • Ne w d a ta fo rm a ts will e m e rg e , th a t m a y m a ke m o d e rn e q u iva le n ts like J SO N o b s o le te . • Sin c e o th e r p a rtie s in th e c o m p u ta tio n c a n n o t s e e yo u r in p u ts , s e c u rity is in b u ilt

  23. Current Limitations and the Fu tu re

  24. Limitations • Th e p ro to co ls u

    s e d a re s o in te n s ive th a t th e y re q u ire e ith e r a la rg e n u m b e r o f in te ra ctio n s b e twe e n th e Pro ve r a n d th e Ve rifie r o r re q u ire a lo t o f co m p u ta tio n . Th a t m a ke s it d ifficu lt to ru n o n s lo w o r m o b ile d e vice s . • Ap a rt fro m s im p le p ro o fs fo r ch e ckin g th e va lu e s o f n u m b e rs in a ra n g e (tra n s a ctio n s e tc), cu rre n t p ro to co ls ta ke to o lo n g to g e n e ra te p ro o fs .

  25. Who still has zero kn o wle d g e

    o f ZKPs? ;)

  26. Sources h ttp s :/ / s lid e p

    la ye r.co m / s lid e / 15397042/ h ttp s :/ / m e d iu m .co m / co in m o n ks / wa lkth ro u g h -o f-a n -in te ra ctive -ze ro - kn o wle d g e -p ro o f-fo r-su d o ku -p u zzle -a c563588f1a 8