Mechanism Capital: Why do we believe zkTLS is an opportunity now?

Original Title: "Why do we think zkTLS is an opportunity now?"

Author: Mechanism Captital

Compiled by: Deep Tide TechFlow

Key Points Summary:

• Why is this an opportunity? This is a significant improvement over existing oracle solutions, capable of expanding the protocol's coverage beyond the current user base to a diverse global audience.
• What is TLS? TLS (Transport Layer Security) is the "s" in "HTTPS," used to secure communication between servers and users.
• zkTLS enables the creation of web proofs without sacrificing privacy. Web proofs are a type of zero-knowledge proof used to verify information from Web2 data sources.
• The next evolution of oracles. Oracles have driven the development of decentralized finance (DeFi), and zkTLS will bring the world into DeFi. The limitation of oracles is that they can only receive data via APIs.
• zkTLS is currently just a buzzword, as existing technical implementations do not use zkTLS at the information handshake level (when you open a website in your browser, a TLS handshake occurs).
• Benefits: Protects user anonymity, security, and internet data privacy. Users can share data, such as bank balances and average social media likes, privately and verifiably without revealing personal information.
• This will extend the coverage of encryption protocols beyond the current user base to a larger and more diverse audience. The assurance here is limited to the authenticity of the data and its source.
• zkTLS was first introduced in 2016 and has only recently begun to gain attention. Currently, there are only a few use cases, such as exporting social media followers/following lists.
• The opportunity to integrate Web2 data with Web3. This evolution will enable encryption protocols to solve real-world problems more quickly. The opportunity lies in the protocols supported by zkTLS, rather than its infrastructure.
• The Reclaim protocol is leading in development and market appeal. Other market participants include TLS Notary, zkPass, and Pluto.

Problems

There is a lack of verifiability in the world. In decentralized and adversarial environments, many simple things in both the real and digital spaces are difficult to prove.

The verification capability of HTTPS is limited. You can only verify the authenticity of data when you access it yourself. If you try to show data to a third party, you lose verifiability because the third party cannot confirm that the content is a legitimate copy of what you see.

Web3 faces a "chicken and egg" problem, where all related internet activities are isolated. There are no bridges between Twitter and Instagram, Instagram and Zora, or Spotify and Sound.xyz. This may be acceptable for early users, but it poses a significant challenge for time-sensitive users.

zkTLS, or zero-knowledge transport layer security protocol, provides a way to address data source issues without sacrificing privacy. It is built on the TLS protocol using zero-knowledge proofs.

In practice, this is a method that allows users to securely export data from any website. There is no guarantee of data authenticity, only a guarantee of the data and its source.

Opportunity: Large-scale use of Web2 data in Web3 applications

This is the natural evolution of oracles. The problem with oracles is that their usage is limited to public data, and they are costly, making it difficult to scale to personally identifiable information and Web2 scenarios.

How does it work?

Three technical approaches to achieving HTTPS verifiability:

1. Raw TEE (Trusted Execution Environment) / SGX Proofs

TEE is a secure area within the device's main processor. It ensures that external processes or computations, even those with higher privileges, cannot access or alter the data within. They protect critical data and also authenticate and verify the data computations performed within.

Proofs allow remote parties to be confident that the expected software is securely running in an enclave on a fully patched, Intel SGX-enabled platform.

The TEE model does not use zero-knowledge proofs but relies on the security guarantees of TEE.

TEE is limited by the trust assumptions of hardware providers.

2. Proxy requests through intermediary third parties

Using the proxy feature of the browser as an intermediary between the user and the website. Proxies can create zero-knowledge proofs.

This approach may be blocked due to bottlenecks at the proxy level.

The proxy model does use zero-knowledge proofs, but they are used after the TLS handshake is completed (when you open any website in your browser, the browser performs a TLS handshake).

3. Multiparty Computation (MPC) based approach

Implementing MPC through a network of nodes, rather than having the browser hold its own keys. Thus, the keys are held neither by the browser nor by specific nodes.

MPC solutions are costly, so in practice, 2PC solutions are often used, which operate between a single node rather than multiple nodes.

This model provides good security guarantees, but setting up MPC requires significant network communication, leading to higher overhead.

MPC/2PC models do not use zero-knowledge proofs but perform handshakes through MPC.

MPC has inherent collusion risks that can be mitigated through various strategies.

MPC-based models are generally considered the best in terms of security. However, the proxy model is the only one that uses zero-knowledge proofs to ensure data integrity. Yet, no model uses zero-knowledge proofs at the TLS handshake level to qualify for the name zkTLS. zkTLS is more of a buzzword and has not yet fully matured in practical applications.

Unique Selling Proposition (USP)

When accessing data via APIs, it is easy for the data to be shut down. If tech companies do not want applications to use their data for token distribution or off-platform financial activities, they can easily shut down those APIs. However, with web proofs, as long as users can access data on a website via HTTPS, that data cannot be shut down.

This means that almost any Web2 data can be securely put on-chain without the data source taking any action or being able to prevent this process.

zkTLS paves the way for a more open future internet where data will no longer be isolated. This means that the unique selling propositions of the Web2 business models we know will be disrupted. Users will be able to integrate and utilize various new interoperable frontends.

Use Cases

Zero-Knowledge Verification (zkKYC)

More expressive oracles, such as weather oracles, sports score oracles, and stock market pricing oracles.

Web3 airdrops to Web2 users. Achieving interconnectivity between Web3 and Web2 users, as well as defending against vampire attacks.

Looking back at our rapid journey to build a new financial system, our industry has excelled in incentive mechanisms. Rather than spending huge amounts on advertising to attract users, blockchain has industrialized the shaping of user behavior and rewarding participation.

Airdrops are one of the most effective user engagement strategies we have seen, requiring no upfront investment of millions of dollars. The current main limitation is that Web3 protocols can only reach users with on-chain histories.

Currently, on-chain users make up only a small fraction of the ideal target audience for these applications.

The target audience for airdrops has expanded from a few million existing crypto users to the majority of the global population. They need a wallet to receive the airdrop, but this process can be simplified through account or chain abstraction.

Combining Web3 with real-world loyalty programs.

A breakthrough moment for zero-knowledge peer-to-peer payments.

A channel supporting fiat currency conversion, allowing peer-to-peer transactions. One party can send fiat currency using a Venmo-like service, while the other sends cryptocurrency, automatically releasing it through web proofs after payment completion. This requires smart contracts or centralized solutions as custodians.

Anonymous information and insight sharing.

Tokenization of domain names. Turning domain names into a liquid asset class with verified ownership. Ownership proofs can be used as collateral in decentralized finance (DeFi). This will allow Web2 assets to be tokenized on Web3, similar to ENS, but targeting website domains.

Ride-sharing platforms: Importing user ride counts from Uber to build a competitive ride-sharing platform.

E-commerce personalization: Importing user purchasing preferences from Amazon to provide targeted discounts.

Blockchain economics: Utilizing users' off-chain activity data to realize economic functions on the blockchain.

Use cases include:

Proving your bank balance and that the data comes from a specific bank.

Proving you are over 21 without revealing your birthday.

Proving that ESPN.com reported the results of a sports game.

Proving that a user purchased concert tickets.

Proving that a certain Uber driver has completed 1,000 rides and maintains a 5.00 rating.

Related Projects

Reclaim Protocol

https://www.reclaimprotocol.org/

The zkTLS infrastructure of Reclaim Protocol enables Web2 and Web3 users to generate verified credentials through zero-knowledge proofs, securely verifying online data without revealing sensitive information. Unlike other solutions, it does not require the installation of any applications or browser extensions, allowing users to seamlessly share selected data with third-party applications.

Reclaim Protocol is one of the most advanced protocols in the field, open-source with over 40 verified patterns and 240 community patterns. They currently use HTTPS proxies to forward user responses and plan to decentralize nodes soon. We should reach out to them to explore investment opportunities and synergies to understand the protocols built on their infrastructure.

Pluto

https://x.com/plutolabs_

https://pluto.xyz/

Pluto allows you to add verifiable data from any internet source. They have demonstrated a demo integrated with Venmo and Reddit, which is a zero-knowledge implementation of TLSNotary.

Current prototype use cases include developers integrating web proofs into their applications. Pluto explores multiple directions in the field of applied cryptography, including the development of tools for zero-knowledge proofs (ZKP), multiparty computation (MPC), fully homomorphic encryption (FHE), and witness encryption (WE).

Pluto is built by a small engineering and operations team from Stripe, Aztec, Y Combinator, Hubspot, and Uber. You can find more information about the team on their website .

TLSNotary

https://tlsnotary.org/

https://x.com/tlsnotary

TLSNotary is an open-source protocol designed to verify the authenticity of TLS data while protecting user privacy. It employs a multiparty computation (MPC) solution. Its name is inspired by a 2013 Bitcointalk post aimed at enabling Bitcoin buyers to prove to third-party arbitrators that they have successfully completed a transfer of funds to sellers.

Opacity Network

https://www.opacity.network/

Opacity's zero-knowledge proof protocol can connect provers and verifiers in minutes, enabling trustless sharing and verification of information.

DECO (Chainlink)

https://www.deco.works/

This is the first zkTLS protocol and research project led by Chainlink.

PADO Labs

https://padolabs.org/

PADO uses standard TLS protocols combined with multiparty computation to collaboratively process data. They claim to be building the world's first zkFHE decentralized computing network. In 2023, they raised $3 million from Arweave, Hash Global, and Berkeley Blockchain Xcelerator.

zkPass

https://zkpass.org/

zkPass has received $2.5 million in investments from companies like Sequoia and Binance to develop TransGate. This platform allows users to selectively and privately verify data on any HTTPS website and connect it to the Web3 world. Currently, zkPass is in the pre-alpha testnet phase, with over 50 verification patterns covering websites like Uber, Instagram, and Coursera.

They claim to have generated over 315,000 zero-knowledge proofs and use zkSBT as certification. Additionally, users can create their own custom patterns through a Chrome extension, which is a significant advantage.

Conclusion

As cryptocurrency development enters a critical moment, web proofs become a powerful tool to connect early users with the mainstream. By generating verifiable on-chain data from any Web2 source, web proofs extend the incentive range of cryptocurrencies beyond the current user base, attracting a larger and more diverse audience.

zkTLS technology will gradually lead the world towards on-chain solutions. Combining optimized incentive mechanisms of cryptocurrencies with real-world Web2 applications is a path to success. I believe this is a significant breakthrough in cryptocurrency use cases.

Open Questions

How to design economic incentive mechanisms to ensure the honest behavior of third-party provers?

How will the system respond when a website updates its data structure? How to ensure that systems relying on third parties operate normally?

How to prove the existence of something over long or different time scales?

Currently, zkTLS focuses on "proving"—that is, completing an operation at a certain time. However, for protocols, data changes may be more valuable, such as updating credit risk or airdrop statistics based on Web3 behavior.

How do end users connect with their websites? Currently, most projects rely on Chrome extensions or App Clips.