How it works
We will split all the parts of the technology using our architecture as the example of what we are trying to accomplish as a robust solution.
Last updated
Was this helpful?
Zelf Documentation
We will split all the parts of the technology using our architecture as the example of what we are trying to accomplish as a robust solution.
Last updated
Was this helpful?
The Zero Knowledge Face Proof uses the user's face as the primary input, optionally combined with metadata and/or a password. A cryptographic AI algorithm generates a random ephemeral public key from the user's face, which is then used to encrypt metadata, producing encrypted bytes called ZelfProof. These ZelfProofs, which typically contain minimal encrypted metadata and are about 350 bytes in size, can be easily converted into QR codes for various identification mediums.
Instead of comparing facial templates, Zelf verification involves decrypting a given ZelfProof using the correct corresponding private key generated up on a live face scan. A successful decryption verifies the person, while failure indicates a mismatch.
Face (Required): The user's face is captured through a device's camera. This input is mandatory as it forms the basis of the ZelfProof generation.
Metadata (Optional): Additional data that the user can provide to further secure the ZelfProof. This could include information like your 12-24 words of your seed phrase a password for your Gmail account.
Password (Optional): A password can be added to enhance the security of the ZelfProof, ensuring an additional layer of protection.
The algorithm uses face data to generate a unique, non-biometric binary representation called ZelfProof, which facilitates highly secure authentication, encryption, and verification processes.
Liveness Detection: Every end user undergoes a liveness detection for proof of humanity, which prevent spoofing and Men-In-the-Middle (MITM) attacks.
The output is an encrypted packet, devoid of any biometric information, which can be used for subsequent face verification. The ZelfProof is a secure representation that can be stored or transmitted without compromising the user's privacy.
Zelf is designed with privacy at its core. It ensures that no biometric data is stored or transmitted. The generated ZelfProof is an encrypted, non-biometric binary representation, making it impossible to reverse-engineer the original face data. This ensures that users' privacy is always maintained, even in cases where the ZelfProof is shared or stored.
The use of facial biometrics as a core component of the ZelfProof creation process introduces a powerful layer of security that is uniquely tied to the individual. As a required encryption key and a private key, the face provides a secure, non-replicable method of protecting sensitive data, while ensuring that only the rightful owner can access or decrypt the information. Here's a detailed breakdown of how the biometric layer enhances security:
Biometric Uniqueness: Every individual’s face is unique, with distinct features such as the distance between the eyes, the shape of the nose, and the contour of the jawline. This uniqueness makes the face an ideal encryption key because it cannot be easily replicated or mimicked by others. Unlike passwords, which can be shared or guessed, facial biometrics are inherently tied to the individual, making them a robust and secure method for encryption.
Private Key Functionality: In the context of the ZelfProof, the face functions as a private key, meaning it is the essential element required to unlock or decrypt the encrypted data. Since the private key (i.e., the face) is unique to each person and cannot be easily duplicated, it ensures that only the individual who created the ZelfProof can decrypt or access the associated data.
Protection Against Spoofing: Liveness detection is a critical feature that ensures the face being presented during the ZelfProof creation or verification process is not just a static image or a video replay, but a live and authentic representation of the individual. This is crucial in preventing spoofing attacks where an attacker might use a photograph, mask, or video to trick the system.
Real-Time Verification: Liveness detection tests for subtle movements, such as blinking, facial expressions, and other micro-movements, to confirm that the face is real and belongs to a live person. This adds an extra layer of security, ensuring that only a legitimate, live individual can generate or verify a ZelfProof. This makes the system highly resilient against sophisticated attacks that attempt to bypass facial recognition.
Cannot Be Stolen or Lost: Unlike passwords or physical tokens, your face is always with you and cannot be forgotten, lost, or stolen. This immutability ensures that the encryption key is always secure, as it cannot be easily separated from its owner. Even if an attacker gains access to other data, without the specific facial biometric, they cannot recreate or access the ZelfProof.
Inalienable Identity: The face, being an integral part of one's identity, is inherently inalienable. It is not something that can be transferred or duplicated in the same way that a password or token could be. This ensures that the security provided by the facial biometric is deeply personal and tightly coupled to the individual’s identity.
Complexity Beyond Conventional Methods: Brute force attacks rely on systematically trying all possible combinations until the correct one is found. However, replicating a face with the necessary accuracy is virtually impossible, especially when combined with liveness detection. The sheer complexity of accurately mimicking the unique features of a face, in real-time, renders brute force attacks ineffective.
Biometric Inviolability: Because the face is biologically tied to the individual and cannot be easily reproduced by unauthorized parties, it offers a level of inviolability that passwords or tokens alone cannot. This inviolability is further enhanced by the liveness detection, which ensures that only a real, live face can be used for verification.
No Storage of Biometric Data: One of the critical aspects of the ZelfProof system is that it does not store the actual biometric data (i.e., the face). Instead, the face is used to generate a non-biometric, privacy-preserving binary representation that is used for encryption. This means that even if the ZelfProof is compromised, it does not expose the original biometric data, maintaining the user's privacy.
Secure Data Transmission: When the face is used as an encryption key, the data is encrypted in such a way that it can only be decrypted with the same biometric input. This ensures that the data remains secure both at rest and during transmission, providing end-to-end security that is tightly coupled with the user’s biometric identity.
Adding a password during the creation of a ZelfProof significantly enhances security, creating a multi-layered defense mechanism that makes unauthorized access exceedingly difficult for attackers. Here’s an in-depth explanation of why adding a password increases security:
Biometric Factor (Face): The first layer of security is the face itself, which is unique to each individual. This means that to recreate the ZelfProof, an attacker would need to have access to the exact facial image that was used during the ZelfProof creation. However, without the corresponding password, even having access to this face image wouldn’t be sufficient.
Knowledge Factor (Password): The addition of a password introduces a second factor that is not inherent to the individual but is known only to them. This ensures that even if an attacker were somehow able to obtain a similar facial image, they would still need to know the exact password that was used during the creation of the ZelfProof. This knowledge is something that only the user possesses, making it extremely difficult for an attacker to breach the system.
Unpredictable Combinations: When a password is added, the ZelfProof is no longer just a product of the face image; it becomes a unique combination of both the face and the password. For an attacker to successfully recreate or break into the ZelfProof, they would not only need to replicate the exact facial features but also guess or know the correct password. The number of possible face-password combinations is virtually infinite, making brute-force attacks impractical and almost impossible to execute within a reasonable time frame.
Dual Secrets Requirement: Hackers would need to breach two distinct secrets: the facial image (biometric data) and the password (a knowledge-based secret). Obtaining one without the other is useless, and each secret is protected in different ways, which adds complexity and reduces the chance of both being compromised simultaneously.
Password as an Anti-Spoofing Measure: Even if an attacker attempts to use a replay attack with a captured image of the face, the lack of the corresponding password renders the attack futile. The ZelfProof algorithm would detect that the combination does not match the original and would reject any attempt to use it for authentication or decryption.
Dynamic Security: Passwords can be changed regularly or be unique to specific transactions or instances, adding a dynamic layer of security that facial images alone cannot provide. This means that even if an attacker somehow learns a previous password, it would not be useful for future ZelfProofs if the password has been updated.
Minimal Exposure of Sensitive Data: The use of a password means that even if a database containing ZelfProofs is compromised, the attacker would still be unable to decrypt the data without the corresponding password. This greatly reduces the risk of sensitive information being exposed or misused.
Layered Encryption: The password can be used as an additional key in the encryption process, meaning that the ZelfProof is not only tied to the user’s face but also to their password. This creates a robust encryption framework where both components are necessary to decrypt and utilize the data.
Reducing Risk of Misidentification: In some rare cases, biometric systems can produce false positives, where an unauthorized person is incorrectly identified as the authorized user. By requiring a password, the system adds a safeguard against this by ensuring that only the person who knows the password can complete the authentication process, thereby reducing the chances of a false positive leading to a security breach.
Empowering Users: By allowing users to add a password, the security of the ZelfProof is placed partly in their hands. Users can choose a password of appropriate complexity and are responsible for its confidentiality, empowering them to take an active role in protecting their sensitive information.
