18

I have some sensitive data I'd like to keep in my contract in privacy. I'd like to make a simple version of Zero-Knowledge Proofs and have an idea in mind. Let's say I have a customer who filled out 6 fields in my dapp:

  • First Name as attr1
  • Last Name as attr2
  • Birthdate as attr3
  • Phone number as attr4
  • Passport number as attr5

I am making
hash1=SHA2(attr1+attr2+attr3+attr4) hash2=SHA2(attr1+attr2+attr3+attr5)

and store it in a map where hashes=[hash1,hash2] A third party could hash its dapp input using my scheme,query my contract and check if my dapp had this client. If true it can get metadata about found client, e.g. a credit score.

My questions are:

  • what do you think about this simple ZKP scheme? do you have any other ideas how to realize it?
  • how easy will it be for an attacker to make a lookup table with all hash1 or hash2 variants (most important question)
  • should I keep hash1/hash2 scheme in secret?
Igor Barinov
  • 2,138
  • 1
  • 16
  • 25

1 Answers1

4

Answering one by one your questions:

  • what do you think about this simple ZKP scheme? do you have any other ideas how to realize it?

It seems to be a nice Scheme, nice level of security and so simple. If you want more security, then i would suggest you:

A way to improve this may be by adding a salt to the hashes. You can make this salt random, pseudorandom or using a kind of diggest from some passphrase.

  • how easy will it be for an attacker to make a lookup table with all hash1 or hash2 variants (most important question).

Probably the most an attacker can do is a kind of "brute force", trying every possible combination for the attributes. It would be easier for an attacker that knows someone's firstname, lastname, birthdate, etc... to check if he's your client or not. So there are two ways:

  • Knowing somebody's information, and just using your own contract to know if he/she is your client or not.
  • Trying random data (and praying to have some luck).
  • should I keep hash1/hash2 scheme in secret?

Obviously, the most information you can keep in secret, the higher security level, as you want ZKP.

KanekiDev
  • 671
  • 3
  • 10
  • Thank you, let's say an attacker know my data scheme and would like to check against all possible last name/first/name/birthday/phone number. I'm trying to figure out is it possible in reasonable time for modern computers. – Igor Barinov Oct 11 '16 at 21:34
  • 1
    sorry for the delay, I've been out due to some personal issues.

    Trying every firstname+lastname+birthday+phone would be almost impossible even for a supercomputer.

    Even knowing firstname and lastname, there are millions of possible phone numbers (lets say e7 {ten to the power of seven) but 365 days for every year (lets say 100 years), that means 365.000.000.000 for a single result. Well, this can be done with modern computers in short time.

    Now think about how many possible names (in different languages) there are, and lastnames.

    So, It's almost impossible even for supercomputers.

     – KanekiDev Oct 17 '16 at 09:38
  • If he makes salt random, how does the client will be able to get the same hash without having the same salt. I guess the salt must be shared as well. – rstormsf May 28 '17 at 17:45
  • you can share a salt, create a pseudo-random salt generator function, use a kind of diggest, etc etc... – KanekiDev May 29 '17 at 08:41
  • @KanekiDev if your number is really just 365 billion then you have a problem. This is will take a few seconds (https://rya.nc/asic-cracking.html) with commodity hardware and readily available software (https://hashcat.net/hashcat/) - we have seen over 1 billion hashes per second: https://medium.com/@iraklis/running-hashcat-in-amazons-aws-new-16-gpu-p2-16xlarge-instance-9963f607164c – SCBuergel Feb 10 '18 at 12:25