zkTLS Operations
The Issue of Handling Private Data
Traditional zkTLS algorithms provide data authenticity for applications. In this model, the zkTLS client ultimately receives an attestation from the attestor, where the embedded raw data and its corresponding signature together prove that a zkTLS session was executed correctly and successfully verified by the attestor.
In many scenarios, offering the raw data is not considered as a good option if privacy is preferred. Handling the data computation within the attestation is a proper approach. Primus SDKs offers zkTLS operations to further adapt to the privacy-preserving applications.
Supported zkTLS Operations
Using comparison operations expressed as boolean conditions within the zkTLS attestation is an effective way to handle private data securely. During attestation generation, various comparison operators can be applied to specific data fields. Each comparison produces a boolean result—true or false—indicating whether the condition is satisfied.
The supported comparison operators within Primus SDKs include:
'>' (greater than): verifies if the data item is greater than a target value
'<' (less than): verifies if the data item is less than a target value
'=' (equal to): verifies if the data item is equal to a target value
'!=' (not equal to): verifies if the data item is not equal to a target value
'>=' (greater than or equal to): verifies if the data item is greater than or equal to a target value
'<=' (less than or equal to): verifies if the data item is less than or equal to a target value
Hash (SHA256)
The Primus SDKs also support hashing the proved data to provide strong privacy guarantees with SHA-256 hash functions. This operation ensures that even the attestor cannot learn any details of the proved data, only that the zkTLS session was correctly executed in a black-box manner. The op code is SHA256.
Multiple Hashes (SHA256_EX)
To hide the multiple data fields within multiple URLs, you can use the extended hash operations instead, where the op code is SHA256_EX.
How to Use the zkTLS Operations in zkTLS-JS-SDK and zkTLS-Core-SDK
When using Primus zkTLS-JS-SDK or zkTLS-Core-SDK, You can simple enable the comparison and hash operations in the zkTLS attestation generation, by the following example code.
// enable zkTLS computation operations.
// 1. Hashed result
const attConditions = [
[
{
field:'YOUR_CUSTOM_DATA_FIELD',
op:'SHA256',
},
],
];
// 2. Conditional result
const attConditions = [
[
{
field: "YOUR_CUSTOM_DATA_FIELD",
op: ">",
value: "YOUR_CUSTOM_TARGET_DATA_VALUE",
},
],
];
request.setAttConditions(attConditions);
Comparison with DVC Pattern
zkTLS operations natively support performing data computations directly over the attestation. In contrast, the DVC (Data Verification and Computation) pattern leverages a zkVM to shift the computation into a zkVM circuit. While zkTLS operations offer a level of privacy comparable to DVC, they provide less public verifiability and trustlessness, since the output of a zkVM circuit, namely a SNARK proof, can be publicly verified on-chain. Even so, zkTLS remains an efficient and architecturally simple approach for enabling application-level privacy.