BlockChainTeaHouse Exclusive Interview with Founder of zCloak Network
Interviewer:北辰 | Interviewee:w3tester
zCloak is giving us this possibility to apply privacy-preserving computation to real world cases. It solves our common data privacy concerns with a single browser extension.
In this issue, BlockChainTeaHouse interviewed w3tester, the founder of zCloak Network. He took us to the future of privacy-preserving computation track from the perspective of lightweight products.
1. When did the team decide to start zCloak Network? What was the original intention of the team entering this track?
When I served as the Polkadot China ambassador in 2019, I totally agreed with the vision of Web3 — to return data sovereignty to users. The problem with Web2’s cloud computing and big data models is that user data and the related computation are all in big organizations’ databases. If an organization does evil or hacks, the data will be leaked. But the vision of Web3 at that time did not include discussions about how the user can use their data when they keep their data in their own hands.
We believe that the fundamental way to protect user privacy is not only to allow users to control their own data, but also to perform computations and analysis of their data in user devices (instead of in third-party servers).
So the vision of zCloak was to give users complete control over their own data with privacy-preserving computation.
2. Specifically, in which scenarios can zCloak solve the difficult points of privacy protection?
zCloak provides a complete set of infrastructures to make private data off-chain available for various analysis and calculations to prove who they are without sending their own data to the outside world.
For example, personal biometric information (fingerprint, iris, DNA) can be used for identity recognition without sending this data to any third parties. In addition, there are many financial scenarios such as lending, insurance, and bills, for which, in short, many data usage scenarios based on privacy protection can be achieved through zCloak’s services.
3. How to explain the technical solution of “verifiable computation in user device” called “new computation paradigm” launched by zCloak?
Our technical solution is “verifiable computation in user device”, which is to perform verifiable computation at the user end — the user stores their own data locally, and the computation for the data is also performed at the user end.
We can think abstractly of the computation where there are two core elements: one is the algorithm, and the other is the input data. From the point of view of computer science, if you want to prove the authenticity of the computed results (output data), you have to prove that the data itself is authentic (input data), and ensure the integrity of the computation process.
For input data, zCloak uses DID and Verifiable Credential to ensure its authenticity. For the computation process, its integrity is proven by Zero-Knowledge Proof technology. Specifically, a Zero-Knowledge Proof Virtual Machine based on zk-STARK is used to prove integrity of the computation process. This process sounds a bit complicated, but for users, it is an atomic process which can be done in one step. In this way, users only need to show computation proof of local data to the outside world, instead of showing their own private data.
Here it is necessary to emphasize that zCloak does not directly use the traditional Zero-Knowledge Proof technology to perform verifiable computations on local data。 It actually uses a Zero-Knowledge Proof Virtual Machine (ZKVM).
Specifically, if a third-party organization wants to verify the user’s data, it will first send the algorithm to the user in the form of a plain text zk-program. After the user downloads it locally, it will be executed in the zCloak wallet extension for Zero-Knowledge Proof computation. The computation result will be sent to some verifiers, and the verifiers only need to check the zero-knowledge proof to know whether the computation is correct.
The advantage of ZKVM is that the computation type is more flexible than the regular zk-proof. It can adapt to more scenarios, but certainly efficiency is compromised a bit.
4. There are many strong projects in the privacy computation track, and they all exist in the form of public chains. Why did zCloak choose to provide privacy protection as browser extensions? Are any of the two options technologically superior?
Broadly speaking, there are two main tracks for privacy computation in crypto world — transaction privacy and data privacy.
The privacy public chains are more for transaction privacy, while zCloak is for data privacy. The computation of identity data rarely involves complex algorithms such as elliptic curve signatures, so the computation time will be much shorter (for example, our measured identity data verification takes only one second).
Of course, zCloak’s local privacy computation is different from many privacy computation platforms based on public/consortium chains. The difference is that those platforms are used more for institutional applications, and user data is still in the database of the institutions (such as banks). zCloak agrees with the vision of Web3 in that we want to return the data to the users themselves, which is the starting point of all subsequent steps.
In addition, zCloak not only has browser extensions, but also has several parts related to local privacy computation from the protocol layer to the infrastructure layer. There are currently three sets of components.
The first is the zCloak ID Wallet browser extension, which is a digital identity wallet used to store the user’s digital identity data locally, and then the zero-knowledge proof virtual machine can be used to do computation on the data in the wallet (this part of work can even be done without Internet connections because it is local).
The second is the zkp verifier network — zCloak Keeper Network, which has not yet achieved complete decentralization, but we will gradually decentralize this network in the future. Recently, some reputable institutions or individuals will be invited to form a verifier network including 20 to 30 nodes, as an independent third party to perform zero-knowledge proof verification for users. At that time, a zero-knowledge proof will be verified by five to six nodes at the same time. The result will be final and written to the smart contract on-chain only after a majority vote.
This involves the third component part — the zCloak on-chain smart contract. Other projects on chain can obtain the computation result of the user’s zero-knowledge proof by accessing the zCloak smart contract.
We believe the future of the crypto world is multi-chain. So we do not make any assumptions and decisions at the chain level. Our services can be used on all mainstream public chains.
5. As the privacy gateway of Web3, what are the target users of zCloak? How does zCloak reach them?
In the Web3 world, the boundaries between toB and toC are very blurred. There are many application scenarios for zCloak, but the cold-start stage is more suitable for doing some toC activities with the community.
zCloak’s first product is zkID.app, which enables local computation of user identity data in a browser extension. Users can then prove their identity attributes to any entity without exposing their real data to any third party. In order to promote zkID.app, we made a small game based on the background of Warcraft, guiding users to go through the whole process by creating game characters, and then they can mint a non-transferable POAP NFT based on the attributes of their character.
zkID.app also has more serious application scenarios, such as our collaboration with LegalDAO to establish DIDs (related to real-world legal licenses, professional experience, etc.) for lawyers on multiple blockchain networks, so that they can provide legal services on chain.
We will soon launch the DAO Membership certificate, which is a digital certificate based on DID (so it is not NFT, nor is it on chain), which can be used to prove the membership and level of DAO members, and can be used for interactions between protocols or DAOs in the future.
zCloak’s recent business activities will focus on countries with stricter privacy regulations. The recently launched International Ambassador Program received more than 500 applications from around the world in about a week.
6. How does zCloak’s future business model work?
zCloak is currently positioned as a provider of privacy computation services. We provide services in different scenarios to different chains, institutions, and organizations, so we will charge service fees, but not necessarily in the form of tokens, which means we also accept Fiat currency.
The original intention of the zCloak team is to make the product work first, and then, on this basis, consider more complex business models. In other words, users use zCloak because it can really solve practical problems, not because they can make money using zCloak.
Of course, zCloak’s verifier network will be incentivized. The details are still in design phase, and opinions and suggestions from the community are welcome.
7. Can you introduce the zCloak team, its background, and what areas will it focus on in the near future?
Personally, I learned about Bitcoin in 2011, when I was just studying it as a fault-tolerant distributed system. At the time, I was in the Netherlands doing my PhD studies, focusing on multi-core processors and highly reliable distributed systems.
After returning to China, I was in frequent contact with the Ethereum community in 2017 and 2018, and did some community work as well. In 2019, I served as the first batch of Polkadot ambassadors in China, and have been working for the vision of Web3 in the Polkadot ecosystem since then. Throughout the process, I got to know many members who are now in the zCloak team.
The zCloak team is now 18 people, mostly full-time. We have now also set up a full-time cryptography team, specializing in improving zero-knowledge proof algorithms and applications. The more important task now is to describe the zCloak protocol in a language familiar to cryptographers, and then publish a scientific paper for experts in the field of cryptography around the world to review.
We have collaboration with well-known domestic universities as well as overseas experts. For example, Bobbin Threadbare, the author of the zk-STARK-based VM Polygon Miden, is also our advisor.
8. Is the current progress of zCloak in line with expectations? What areas will you focus on in the next stage?
The progress is relatively in line with expectations. zCloak did not do marketing before the official announcement of the Pre-A round of financing in June. It has been a month since the official announcement, and the effect is not bad. The community pays a lot of attention to zero-knowledge proof, especially privacy-related projects, because it really is closely related to everyone’s interests.
In the next week or two, we will add a very important function to zkID to achieve a complete solution of DID and Verifiable Credential that conforms to the W3C standard. Everyone is welcome to try it out at that time. It is expected that the number of users of the zkID product will reach tens of thousand this year.
(In addition, we also hope that at least 10 protocols or projects can use zCloak’s technology on the business side to provide privacy protection for their members or customers.)
9. zCloak will also support the implementation of more projects, and privacy protection is undoubtedly a rigid demand in the Web2 world, so what stage do you think the technology accumulation of large-scale implementation in the future has been reached?
As far as zCloak itself is concerned, it has reached the progress of 85%-90%. This year, we will improve various application scenarios for users. By early next year, our product can be commercialized on a large scale and provide privacy services for ordinary users and protocols.
10. Finally, what might be the future opportunities and challenges for zCloak?
The track where zCloak is in actually combines several fields such as privacy computation, DID, and zero-knowledge proof. Under the trend of Web3, the potential market space is large. This track has network effects, and it is possible that a set of solutions can be quickly extended to a very large range after being adopted. It is also a long process full of uncertainty, so opportunities and challenges coexist.
The opportunity lies in the awakening of the awareness of data sovereignty under the trend of Web3. This is an irreversible trend, just like electric lamps will replace kerosene lamps, so the market capacity will be very large.
The challenge is that though we have mathematically proved that zCloak’s technology can protect privacy, convincing the market is a long process. So we want to expand the user base and application scenarios of zCloak as much as possible.
zCloak Network is a privacy-preserving computing platform. It enables a new computation paradigm where people can do computation/analysis of their data in client device, not in centralized servers. zCloak Network combines the latest progress in zero-knowledge cryptography and verifiable credentials to ensure both the computation process and the user data are trustworthy.
With zCloak, users can prove their identity has certain attributes or they satisfy certain requirements without showing any private data. The user proofs are made available in major public blockchains by zCloak oracle service. Third-party DApps can leverage this information to provide personalized service to their users.