Developing zero-knowledge solutions with JavaScript

Who am I

 

Jose Aguinaga / @ jjperezaguinaga

 

Web Engineer

Startups / Fintech / Privacy

 

Disclaimer

Crypto stuff ahead, handle with caution, errata might occur

What are zero-knowledge solutions?

Trust based solutions

I have nothing on ya, trust me.

Zero-knowledge solutions

I have nothing on ya, you know.

?

?

😅

Zero-knowledge (proved) solutions

I have nothing on ya, you know, but you know I know.

SHA256(      )

SHA256(      )

Where does the Web fit in all this?

Server-side cryptography

SSL, bcrypt, HMACs

//NOTE: This prompts the user to enter a password.
window.crypto.subtle.generateKey(
    {
        name: "PBKDF2",
    },
    false, //whether the key is extractable
    ["deriveKey", "deriveBits"] //can be any combination
)
.then(function(key){
    //returns a key object
    console.log(key);
})
.catch(function(err){
    console.error(err);
});

https://deniable.website

Deniable encryption

Ya ain't know what I got, or if I got something.

E(A | E(B | ... E(N, pk.n), pk.b) pk.a)

What are some use cases for zero-knowledge solutions?

boxcryptor

Further reading, libraries and links

https://www.coursera.org/learn/crypto

Solid introduction to cryptography from a computer science perspective by Stanford University teacher Dan Boneh

https://github.com/diafygi/webcrypto-examples

Moar examples on Web crypto

keybase.io

Thank you

https://joind.in/talk/81548

QA

Made with Slides.com