Proving new worlds with zkTLS | Telah

Proving new worlds with zkTLS

Chinese version / 中文版

Crypto ecosystems have always been siloed from the real world, due to ethical - then technical - constraints. Ethical at first, because Bitcoin was a way to leave the system behind. Bitcoin was an extreme design choice where isolationism was a feature, not a bug.

But step by step - we started to see more pragmatic systems taking off : Ethereum of course, which spanned a wave a “Web2-ish but with a token” innovations during the ICO Boom.

Paying by crypto with a credit card, using crypto for wiring money overseas, sending message with your ETH wallet, Uber but with a token, a smartphone using the blockchain, …

Most of these projects didn’t really work, arguably for different reasons - one of them being infra wasn’t ready for it. For the past few years, most incremental innovation came around token economies, which are a new innovative business model that accelerate innovation & funding.

Source: TallAgency

We’ve or are starting to destroy all infra limitations we witnessed in previous cycles : L2, scaling, DA, zkVM, …. But one of the most significant is probably being able to use Web2 data at scale on Web3 dApps.

Source: Cisco Eng-emojis

We’ve rebuilt the Web from scratch during the past years. And that’s great. But crypto is still less than 1% of the web users. I’d argue that the last piece missing for real world crypto adoption is data.

There is this mainstream adage in startup saying you need to be 10 times more efficient than any existing solution to conquer the market. Well, interoperability is a way to lower this requirement.

Source: Reddit

Data is the new oil, as they say. We’ve seen 9 digits deals for selling data during this recent AI craze - and it probably won’t stop for a while (will it stop ?).

But datas are obviously constrained : first by FAANG, who tries to limit data portability & availability for customers. When you are lucky and have the possibility to use the API, guidelines are so restrictive that they can prohibit you for using at any time.

You can also export your datas - thanks to GDPR - but UX is broken that it probably will never reach mainstream adoption.

As a user, you are an essential-misguided stakeholder of a $1T data analytics industry.

At Telah, we’re convinced data portability is going to reshape the Web3 industry. It could be from enhancing the onboarding flow (Privy, Friend Tech) or vampire attacks, redefining the economics of Web2 businesses.

→ And we think the infra for this is currently being built :)

zkTLS is a protocol that creates a gateway between private Web2 data and the Web3 ecosystem. Effectively, it’s a way to enable users to export data securely from any website.

In this article, we’re going to give you an historical overview of this tech, a list of projects in the space and some use-case we’re excited about.

Side note : zkTLS is an outcome based portmanteau, stating “makes HTTPS verifiable”. The term “Web Proofs” might be better suited, but it’s not the point of the article.

We will also mention some projects not using zk nor TLS - but are still interesting for the use-case of bridging Web2 data to Web3. We will try to explain the tech components and the assumptions made for privacy, but that might not be 100% accurate.

I’ve said earlier that crypto has been siloed from Web2 data from the past few years. And you probably know it’s wrong.

We’ve been using oracles.

Source: Pudgy Penguins

The issue with oracles is that they are not scalable : most of the time, they are used for prices data (public information) - and are costly to use. This is a design choice, to maintain trust and give a way to reliably use it for DeFi protocols. They can’t scale for personally identifiable information (PII) and for a lot of use-cases Web2 currently relies on.

Source: Colegio Itaqua

Chainlink always assumed these weaknesses and started experimenting with a protocol called DECO since 2019. It’s a privacy-preserving oracle technology initially developed at Cornell University and later acquired by Chainlink.

Through the use of zero-knowledge proofs (ZKPs) with an oracle present in real-time, DECO allows users to prove to an oracle that a piece of data accessed via a TLS web session came from a particular API or website while restricting the amount of data revealed.

They built one of the first proof of concepts with a DeFi protocol called Teller, allowing them to prove revenue of a bank account - and set-up under-collateralized lending based on it.

Source: Lillian Wong

TLSNotary is a similar approach - built by Privacy and Scaling Ethereum team - with a name inspired by a Bitcointalk post from 2013 relying on the same idea : “The goal of TLSNotary is to allow the buyer of BTC to prove to a 3rd party arbitrator that a money transfer to the seller has been made.”

It’s not a new idea, but it couldn’t be scalable without the latest improvement of ZK technology. Indeed, blindly sending your website data could work. But privacy is key, especially for personally identifiable information.

Source: WAW GRAFIK
Source: Google

zkTLS rely on TLS - the S in the

It’s a protocol created in 1994 that protects communication against eavesdropping and tampering - by using a certificate for all web pages. Today, pretty much all website use HTTPS and web browsers like Chrome make sure it is becoming a standard.

For the ZK part, they are using VOLE-based ZKP that allows for interactive proofs, relying on a predefined JSON Schema that maps the responses you will share and the ones you don’t. Indeed, you might be fine with sending your last bank salary, but not doxxing your whole account balance.

Still, ZKPs are pretty expensive to run for a JSON - compared to plaintext. The most elegant solution at the moment is to let the verifier handle the computation, parsing properties / key in plaintext and hiding keys with the important information.

The user also can’t forge false proofs, because they are running on a secure multi-party computation setup.

Source: GLOSSYBOX
Source: Aaron's Animals
Source: Aaron's Animals

Using this protocol, you can create cryptographic proofs of authenticity for any data on the web.

They are not solving the oracle problem - they are tackling a different problem : ensuring personal data is unfalsifiable from the prover, the server and the verifier.

Pado Labs is another team building in this space. They are based in Hong Kong, raised $3M to build an MPC-TLS with interactive ZK proofs. They are also using Fully Homomorphic Encryption, enabling the creation of more complex ZK Schemas. Right now, they seem mostly focused on Proofs of CEX Assets for users - powered by a Chrome extension.

zkPass raised $2.5M from Sequoia, Binance and more to build TransGate - enabling users to selectively and privately validate their data on any HTTPS website to the web3 world. They are currently in pre-alpha Testnet, with +50 verified schemas incorporating websites like Uber, Instagram or Coursera.

They claim to have already generated +315K zk Proofs and uses zkSBTs as attestations. One great point is you can already create your own custom schema with a Chrome extension.

Source: Homes.com

Another upcoming protocol is Opacity Network, which is currently building some PoC from sources like Oura, Spotify, Ticketmaster & AMC. They made a great explainer, hosted by Archetype.

Gandalf Network is still in his infancy, focused on TLS (they don’t use ZKPs yet) and allows you to retrieve users data on Netflix, Playstation, Amazon & YouTube - via GraphQL.

Pluto enables you to add verifiable data from any internet source.

They have a working demo with Venmo and Reddit.

Finally, the most advanced protocol on this space is probably Reclaim Protocol, which is open-sourced, with +40 verified schema & 240 community schemas.

They use HTTPS Proxies that forward the users' responses, and plans to decentralize nodes soon.

Source: littlebigFuture

One key component of the Web2 experience is OAuth / OpenID logins, where some projects are building implementations targeted at this use-case :

Source: Mike Voropaev

→ zkLogin by SUI

→ RiscZero zkKYC

→ RiscZero Bonsai Pay

→ RiscZero JSON Proof

Another great innovation that had some attention in the past year is zkMail. One key difference is they are not using TLS but DKIM - which is an email authentication method. DKIM uses a header that contains all the email information, enabling the protocol to retrieve meaningful data.

Source: MadeByShape

The ZKP can’t use a JSON schema to retrieve this information, so they built a custom Regex to Circom library. It’s a different workaround compared to zkTLS - but can still be used to prove key information with mails, like Twitter accounts ownership.

Source: itani Grande✨
Source: Aurecon

This is still a new space and most of the real world constraints haven’t been tried yet.

Some open interrogations we have :

> How do you set up economic incentives to ensure the 3rd party attestors behave honestly ?

> How does it behave when a website updates their data structure ? How can you ensure uptime based on third parties ?

> How do you manage to prove something for the long-run / on a different timescale ? Right now, zkTLS is focused on “attestations” - meaning you’ve done X thing at this Z time. But data mutations are probably more useful for protocols, where you are able to update credits risks, airdrop stats or whatever based on Web3 behavior.

> What will be the end-user experience to connect with their website ? Right now, most projects rely on Chrome Extensions or Appclips.

> Envisioning different security design / assumptions, based on the use-case: bring your own proof - where you generate your proof locally & submit it or 3rd party attestors, which run computation & make the whole experience run smoother.

Source: Health Union

Web3 faces a chicken & egg problem, where all relevant engagement on the internet is siloed. There are no bridges between Twitter and Instagram. No bridges between Instagram and Zora. No bridges between Spotify and Sound.xyz. It’s working for early adopters, but it’s a big struggle for more time-sensitive users.

Source: katycreates

And it’s something that won’t be solved magically with AI, because AI currently lacks personal memory and have tiny context windows.

I don’t really trust Web3 data brokers or data DAOs, I think we will end with the same current paradigm - a big org selling user data, but with more flows : API can be cut, people can abuse the data, …

zkTLS can’t be shutdown, is focused on granular data - which prevent abuse - and is easily adaptable, pioneering the Data On-Demand (DoD) market.

Source: Moldimplas

Use-cases we are excited about :

> Bring your own algorithm : export your Twitter followings, generate embeddings based on their profile & get user recommendations on Farcaster.

> Loyalty : if you ordered +5 coffee this week at Starbucks,

get rewards on for a Web3 coffee brand - then monitor usage

& give incentives.

> Onchain Attestations : mint achievements using EAS, Sign or Verax - and let people composability do his thing.

> Whistleblowing : Ketl or Creddd are a way to get verified based on off-chain or on-chain actions and anonymously share insights or information.

> zkKYC : no need for explanation.

> Upgrading Blockchains DX : L1/L2 focused on Web2 data harvesting with zkTLS - giving developer new tools to build Web3 experiences.

> Web3 vampire attacks : give token allocation to user of X platform, make them available if they perform Z action.

> Memecoin / social game : using zkTLS to prove you’ve been part of X event - and giving you rewards for it. Been to Taylor Swift show ? Own TaylorSwiftWifHat.

> Tokenizing domains : verify ownership of domains & allow for tokenization + sales on marketplaces. We can even imagine automatic loans for expensive domains, like two or three A-Z characters dot com domains.

> Oracle as a service : when zkTLS becomes really secured with MPCs, dApps should be able to use zkTLS as a reliable oracle solution for price feeds.

> Data DAOs : AI can’t access private data. Harvest anonymized data with zkTLS, train an AI model and give ownership to users.

Reclaim Protocol use-cases are also worth checking !

Source: By Sauts // Alex Sautter

How it feels to use the world’s data

Source: Freckle & Fern Ceramics

We’re also fairly convinced zkTLS are going to become a commoditized infra piece available on every chain. While block space become cheaper, chains will need to differentiate on developer experience - and zkTLS will become a key differentiator for builders, being able to leverage data from the start. For example, Camp is an Op stack chain leveraging zkTLS natively.

Wallets like Privy are also well positioned on this space, already leveraging “sign in with” stacks from every social, they could easily expand their offering in this matter.

zkTLS landscape

We hope this blog post has been insightful and makes you excited about the future of zkTLS / Web proofs.

Thanks to Matteo, Yaugourt, Div & JP for your useful feedbacks on the article.

Feel free to follow Telah and Aaron Elijah Mars on X.

If you are building in the space and want to chat, feel free to reach out to [email protected] or @aaronjmars on Telegram.

Source: SHARE Creative