Can You Solve My Riddle? | Zero-Knowledge Proof Protocols

Подписаться 467 тыс.

Просмотров 25 тыс.

50% 1

Usually, at Sumsub, we like to talk about the covert or overt dangers of the online jungle, ultimately to help you avoid such threats. But today, we will speak about something more hopeful, something telling of a ‘bright future’.
What if I told you, that there is a way to prove your identity without taking any of your personal information? You can shop, vote, exchange messages as usual, but now, it’s impossible to identify you based on that data, because it’s not actually in the system at all.
How is that possible? Let’s dive in.
Chapters:
00:00 - Intro
00:55 - Why do we need Zero-Knowledge Proofs?
02:16 - So what is it?
04:25 - Bob and Alice metaphor
05:50 - Got it, so how is it used?
Useful links:
How To Disappear Completely and Never Be Found
• How To Disappear Compl...
How To Hide Your Digital Secrets
• How To Hide Your Digit...
6 Ways Your Identity Might be stolen
• 6 Ways Your Identity C...
Bob and Alice metaphor
hackernoon.com/eli5-zero-know...
#digitalprivacy #Sumsub #blockchain
More about us:
sumsub.com
/ sumsubcom
/ sumsubcom
/ admin

Наука

Опубликовано:

5 авг 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 129

@user-ov2fc5sd1e 2 года назад

I understood nothing. I just like hearing Bradley's voice when he explains something technical haha

@BowlOfHotDogs 2 года назад

why i watch half the things i watch

@AwokenEntertainment 2 года назад

facts lol

@BrianShine7582 2 года назад

Yessss, agreed...

@J_Kwan 2 года назад

I remember learning how ZKPs work from a fanfiction back when I was in highschool. Kudos to that author for getting teenage me into cryptography. They and all their work have since disappeared off the face of the internet, but I still remember their stories fondly.

@MZzXzZM 2 года назад

The timing of when a person might have shared a secret with a friend. A rough idea of what the secret is. For example, "last night... your mom"

@AwokenEntertainment 2 года назад

This one was a little harder to understand and follow, but appreciate your work always!

@pabloalarconlopez8212 2 года назад

Please, I think that i speak for many and we need a longer video of this topic.

@good-sofa 2 года назад

Still convinced you're a secret agent

@DaCatmasterX 2 года назад

Wow, I love this channel. I have learned so much!

@timg335 2 года назад

Here's my solution: To prove you have a piece of information, you could manipulate that information down, or encrypt it and send to the receiver to check if they can get the same result from their information(like a hash). i.e. if I have a string and you have a string, I could encrypt the string in a predetermined way, and give you the encrypted string. If you can encrypt it and get the same result, you know I have the string, and if you use secure enough encryption(like a one-time-pad) then its virtually impossible to crack.

@anesidora4551 2 года назад

That would be a good way if the information is case sensitive and something concrete. An abstact idea cant be proven in this case. Since a slight change of the input would make the output entirely different.

@kac5527 2 года назад

Strange enough I thought of the same.

@kac5527 2 года назад

@@louiskusno hashing are one way function so there is no way to get the same hash of encrypted message by guessing. The receiver must need to have the exact message encrypted to get the exact hash. The send the hash of the encrypted message to the sender. The sender can verify the hash without reading the message.

@carlohumfing6432 2 года назад

@@kac5527 In Tim Gs example you (as an attacker) do not need to have the actual information, you just need to have the hash and input it to the receiver. If you have managed to capture one transmission of the hash by intercepting the traffic you (as an attacker) have won. The only way of preventing this attack would be to ensure that the transmitted hash is constantly changing with every transaction. This is called a Salt. For example you could use the date and time and hash it, but then the sender and the receiver has to be syncronized good enough to fit the resolution of the time measurement. If, for example, you take the milliseconds since 1970 as the salt and a fixed string as the secret then you need to ensure that the receiver's and the sender's clock are synchronized exactly to the millisecond. But this solution has flaws: If the clock does not match, the senders correct solution will be seen as incorrect by the receiver. Also the attack still would work if the attacker has a really fast connection and PC that can capture the traffic within microseconds, manipulate it and then resend it with the captured hash before the millisecond has passed. Another solution that comes into my mind to solve this would make this attack a bit harder would be to use the sequence number of the transmitted message as a salt as long as the communication channel is live. The problem to this would be that sender and receiver will get desynchronized if at least one package is getting lost while it is on its way to the receiver. Then the receiver will reject all following packages of the sender as invalid, so the connection has to be rebuild. But this might could open another attack vector: The intercepting attacker could force the sender to reconnect after every package (for example the attacker could block the network traffic of the sender to force a connection timeout or send packages with the wrong hashes on purpose to the sender to make him think that the client got desynchronized to force the receiver to close the channel), so he could reuse the hash he captured before the connection close and send it as the solution to the receiver and the receiver would accept it if there are no further security measurements present, because the hash of the attacker exactly matches the expected hash (the attacker still does not need to know the secret - having the hash is enough to fool the receiver into thinking that he is the legitimate sender). A second attack vector for this solution would be for the attacker to make sure he captures the first package in the channel (so that he knows the sequence number) and then with knowing the Salt running a Bruteforce or Dictionary Attack against the captured hash. If the attacker has enough computing power and enough time he will find out the secret (or at least a matching secret - Hash functions always cause collisions) by comparing the computed hashes with the captured one until he has found an input that generates the captured hash as output. Then he can manipulate all remaining traffic without making noise on the network by spamming reconnects.

@konstantina9368 2 года назад

Спасибо, товарищ Бредли, за интересный рассказ. Примем к сведению.

@SUHABOUT 2 года назад

His voice is so soothing. Thank you for the ASMR content!

@tattikhatti7917 2 года назад

You have choosen a perfect thing to make a video on , love you videos , dont stop making videos ever

@wer2006 2 года назад

How do you afford making that high quality videos? They are so good but you have only about 30k-40k views on many videos and that will make only about a 60-$100$

@Greeklish21 2 года назад

It's a company!

@lowwastehighmelanin 2 года назад

One can reasonably assume they have strong support from a backer of some kind

@aritradhabal 2 года назад

Sum sub is a company of kyc verification

@alwayswatching_ 2 года назад

No ig posts 👀

@garethwilliams5898 2 года назад

Watched for a long time, they will defiantly be a top RU-vid channel in the next few years

@ditm02 2 года назад

I was going to say through actions, that would display a knowledge of something, something that people can see, then reconcile that with an unknown or desired information.

@ianndagdag9421 2 года назад

ITS BEEN WEEKS AAAA FINALLY A NEW VID

@jab2ez 2 года назад

I am glad you feeling better.

@sebyalm 2 года назад

Damn that's cool! A video looking into /imagining the future of local governance through DAOs and using NFTs would be very interesting!

@darkerarts 2 года назад

I suppose using a mathematical way, the person could have a number or formula referring to the 'secret'. A 'challenge' number could be sent and via a calculation ie. 'Challenge' X 'Secret', a number could be returned. By undoing the calculation, you could see whether they had the secret. Anyway, I'll watch and see 😁

@anesidora4551 2 года назад

No, once the "challenge" and retuned number is known in this case, the secret can be found. And that's not the goal. Youre supposed to prove without revealing the secret.

@Tonksec 2 года назад

You are my hero

@fluorine8006 2 года назад

ayy you're back

@giantroboteye5371 2 года назад

I'm not completely sold on using zkp's for digital voting. It solves some of the issues but not all. How does the voter know their vote was recorded correctly? If they can check via a password then they can prove how they voted to others, making paying/threatening for votes easier.

@DmitryShpika 2 года назад

As if these problems could be solved with existing voting mechanisms

@giantroboteye5371 2 года назад

I would say they mostly are. The voter crosses a ballot, which is placed in a sealed guarded box, then counted by representatives from all sides. Electronic voting is less transparent, and whilst not perfect physical voting requires far more effort and conspiracy to fake.

@giantroboteye5371 2 года назад

@Marek Kobra Not the best example of a functioning voting system it's true... However the fact everyone knows it was unfair is in favor of physical voting. The observers reported the tampering with ballots, something far harder to do using a electronic system. And regardless of the voting system very little can stop a government seizing power through force.

@notorious264 2 года назад

Bradley is the best

@maxsnts 2 года назад

On the Bob & Alice example, what guaranty is there that Bod kept only one Key? Can´t he keep all the keys and open all the boxes to see where the "+" is?

@FaisalSO 2 года назад

@Marek Kobra HE’S EVEN MORE POWERFUL

@caladestine4540 2 года назад

You make a riddle on the subject of the secret that is good enough to not be figured out and later forgotten. Also, with this type of anonymous voting, it seems you can only verify whether a vote happened, not the subject you have given the vote to, since it's anonymous. This seems prone to being misused; if you can't verify that what you voted for is indeed what the vote processed for, it may make the voting system meaningless and I hope I'm wrong.

@JR-mp9wu 2 года назад

Is it possible to create an algorithm that would combine all our personal data into a key? Basically take height, age, date born, social, etc etc etc and then create a key. Then whatever algorithm is being used would be able to allow the checker to know all these facts based off of the number the key generates. Something like an evolving algorithm based on our characteristics and potentially data we choose to input.

@agentnine3973 2 года назад

Well this doesnt sound dangerous at all-

@asronome 2 года назад

You wouldn't want to bundle all your data, it's way safer to give only what's reasonably needed in that situation

@JR-mp9wu 2 года назад

@@agentnine3973 I'm sure 20 years ago they would say the same thing about the problems/solutions we are creating today.

@JR-mp9wu 2 года назад

@@asronome But what if you are the one in control of all of it?

@Dr.Schnizzle 2 года назад

@@JR-mp9wu you can still get hacked, and it would probably be much easier since you don’t have the resources of a tech giant. The reason that bundling all of your data together is dangerous is because you’re putting all of your eggs in one basket, regardless of where that basket is. Interesting idea though.

@nate_d376 2 года назад

Well, one solution is to use hash algorithms. Basically complicated math formulas done to the raw bits. In fact it's supposed to be used in database design with passwords and other sensitive data that isn't directly used, say an SSN for identifying people, not records like with the IRS. Those shouldn't be stored in the DB, ever. Just a hash generated by the algorithm, and the hash from the user logging in are compared. Of course the hash being sent is encrypted using HTTPS protocols (public/private key).

@m4rt_ 2 года назад

maybe via some pgp, where they pgp sign it or something and the person who wants proof check if it is valid

@m_t_t_ 2 года назад

Perform a hash algorithm on the secret and then share the resultant hash. If another person has that secret they can hash it and compare their hash with mine.

@Chambers23 2 года назад

you should check out the mina protocol project.

@nate_d376 2 года назад

Nothing says "I know all your secrets" like not being able to look you in the eyes anymore.....

@tommasoc.2207 7 дней назад

Can't Alice just tell Bob to enter the cave by path A and exit by path B? Alice won't know what the secret code is and the experiment is repeated only once.

@samuelstefanek2211 2 года назад

Orwell would like this

@Daniel27600 2 года назад

Im writing an essay on Marrakech right now!

@IWNeron 2 года назад

Left me with more questions than answers lol

@yeetedthedevil 2 года назад

why is the guitar not stringed up

@agentnine3973 2 года назад

If I didn't have a social media addiction, i would certainly disappear off the internet

@agentnine3973 2 года назад

This being posted 25 mins ago is the earliest i will ever be

@anuvette 2 года назад

why no strings on that guitar

@popularrandomstuff1348 2 года назад

Findora Whitepaper will not disappoint

@Daniel27600 2 года назад

This channel needs a Tom Scott collab.

@crepethepancake 2 года назад

Oh 100%. I loved that they both released videos right after each other too x)

@Hithere.howareyou 2 года назад

☺️

@shilrim733 2 года назад

Idk its just me or bradly is speaking so fast today. had to check if the video was playing on 1.25x

@anton2re 2 года назад

algo comment, very nice

@singularity3656 2 года назад

ibir nitawareshi, what does it mean?

@DmitryShpika 2 года назад

Мои верные товарищи. Moi vernye tovarischi. My loyal comrades

@chocolatejellybean2820 2 года назад

Poor Bradley lol I can imagine its something to do with difficulty of solving a problem? Make it so difficult to solve, that if one solves it then it's a validated case. Something like private and public asymetric keys being used to guard a transaction and give the user a challenge to de encrypt the TX. Or am I speaking rubbish?

@smz3610 2 года назад

My back hurts😭

@davejoseph5615 2 года назад

I'm really tired of the colored balls and colored cards and other silly abstractions when the real application involves passing numeric messages in order to prove someones identity or password over a communication channel. Now how can you prove that you know a password without revealing any part of that password or providing any information that could be reused in a replay attack?

@annimuller892 2 года назад

I am sorry, but this one is a) too fast and b) too short to understand. I'd appreciate a more detailed version to get the concept. Thanks in advance

@apurvaaryan7984 2 года назад

Beep the secret like you do swear words with required context and both party will know what you are speaking off.

@colincoda935 Год назад

hash it!

@epipen22 2 года назад

😉

@Snail_Slowly_Moves 2 года назад

but why not just use the “trust me bro” protocol?

@MusicToTheEars141 2 года назад

Lol right now, there are 5,000 views, 555 likes and 5 dislikes on this video.

@user-kp6ky7ru2m 2 года назад

bright future???😉 Is it Utopia Ecosystem?! Safe and anonymous!

@rekiahills5854 2 года назад

If only you know what the future says, you'll know that indeed cryptocurrency is the future, investing in it now will be the wisest thing to do. Hold!!! And you"'ll thank yourself

@sozetraore8169 2 года назад

Crypto trading is very profitable when you trade well.

@florinstrava3896 2 года назад

Many of us don't know where to invest our money so We invest it in wrong places and to the wrong people

@louishansell8765 2 года назад

How does this whole bitcoin thing works, I'm interested in it and willing and ready to invest heavily but I need an assistant to properly guide me through on how to make a good startup and be successful in it without making mistakes.

@louishansell8765 2 года назад

Just bought $7K Ethereum and $14k bitcoin with the recent dump in crypto I was told it's the right time to buy and get ready for a skyrocket.

@florinstrava3896 2 года назад

@@louishansell8765 The only safe reliable,genuine and highly experienced expert I can refer you to is Mrs Pamela Morgan

@user-sm8iz3up9z 2 года назад

ого он по русски шпрэхает

@Reckin 2 года назад

Loopring ftw

@MyXAHOB 2 года назад

Бредли, ты правда живёшь в Питере?

@kijijiallin 2 года назад

hurry up and get some strings on that guitar

@siriusmart 2 года назад

The fact that you are watching this video from RU-vid proves that will be no privacy awareness in the future.

@reastle1307 2 года назад

tuf one

@Stealth1337 2 года назад

Keep it simple stupid. --> You need to exchange information about you knowing the secret but not the secret. Being on a list of people who know the secret , means anyone can see if you know the secret but not the secret! ANother solution may be shor's algorithm? Not quite there yet as my quantum mechanics are a bit rusty lmao

@jonathan2361 2 года назад

Riddle answer: I would just say it's a secret and me telling the person would not make it a secret anymore 😈. 9999 iq move right there

@fumikato 2 года назад

i know one of your secret, and from now on let's act like we never know each other. *stop talking to him, forever*

@Decrypto01 2 года назад

can you teach us how to hack?

@somedude144 2 года назад

Hacking is like cooking. You have your tools to make food, the ingredients, and the recipe. Then your goal is some type of dish. You use your tools and ingredients to work around a recipe to get your dish!

@RobotDaniel10 2 года назад

992th

@zavioxx8670 2 года назад

I think the name for the video needs improvement, though video is pretty good

@new-bp6ix Месяц назад

This is the solution to the problem of minors on the Internet. I wish for a ID card that uses this technology and is also encrypted and uses the fingerprint system That you can only Enter it by the official authorities in the country.

@nothingbutgianttrees1995 2 года назад

2:47 "he or she" 💀 I'm starting to take physical damage

@7heMech 2 года назад

Second

@good-sofa 2 года назад

No-one cares

@googleaccount4256 2 года назад

@@good-sofa i do

@IKEMENOsakaman 2 года назад

I don't really mind about privacies anymore, because I'm gen Z

@JR-mp9wu 2 года назад

Actually? I only ask because I'm curious. I question how I feel about it quite a bit and am always a little shocked when people say they don't care or just accept it is being lost.

@agentnine3973 2 года назад

@@JR-mp9wu not all gen z feel this way.....