Best Practices
Security Guarantee - The zkMe project employs a range of critical technologies aimed at meeting regulatory demands, facilitating a user-friendly verification experience, and upholding utmost privacy protection for its users. To this end, the project utilizes a number of security assurance techniques, which are listed below.
Private Key Security
The zkMe App employs multi-party computation and threshold signatures to ensure the utmost privacy protection for its users. In order to safeguard users' private keys, the following three principles are strictly adhered to:
Users maintain complete autonomy over their private keys, with threshold signatures requiring 2FA verification and the user being the sole initiator.
Accounts can be safely recovered through the use of email, social media accounts, and other verified methods.
The wallet design incorporates multiple redundancies, thereby eliminating any single point of failure.
Smart Contract Security
[WIP] Smart Contract auditing report coming soon
Personal Data Security
In order to maintain the utmost privacy and security for its users, the project employs a two-pronged approach:
The facial data that the user provides is encrypted using a state-of-the-art technology called fully homomorphic encryption. By using fully homomorphic encryption, the user can be assured that their facial data is protected from any unauthorized access or malicious intent. In addition, this technology offers an added layer of security that ensures that the user's data is protected from any potential breaches or cyber attacks that may occur.
User's original data is securely encrypted using a threshold encryption algorithm, thereby ensuring that the data remains inaccessible to any unauthorized parties.
The project utilizes anonymous identity credentials based on the Zero-Knowledge Proof (ZKP) technology, which allows for the verification of user identity information while simultaneously ensuring user privacy.