Topic-specific policies
ISO/IEC 27565


Search this site
 

ISMS templates

< Previous standard      ^ Up a level ^      Next standard >

 

ISO/IEC 27565 — Information technology — Security techniques — Guidelines on privacy preservation based on zero knowledge proofs [DRAFT]

 

Abstract

”This document provides guidelines on using zero knowledge proofs (ZKP) to improve privacy by reducing the risks associated with the sharing or transmission of personal data between organisations and users by minimizing the information shared. It will include several ZKP functional requirements relevant to a range of different business use cases, then describes how different ZKP models can be used to meet those functional requirements securely”
[Source: ISO/IEC JTC 1/SC 27 SD11]

 

Introduction

Zero Knowledge Proofs are cryptographic techniques allowing someone to prove to someone else that they are in possession of a secret, without actually disclosing the secret to the other person. The secret may be a password or other authentication information (e.g. biometrics), a cryptographic key, digital currency, or some other piece of sensitive information which must remain confidential during the entire process.

 

Scope of the standard

[TBA]

 

Content of the standard

[TBA]

 

Status

Drafting commenced in 2021.

The standard is due to be published in 2025.

Jan info added Addressing the large volume of detailed technical inputs to this draft standard while ensuring its readability and value for the intended audience may delay its release.

 

Personal notes

This standard will (presumably!) apply ZKP techniques to the protection of personally identifiable information/personal data - perhaps proving that an authority holds someone’s personal details without them simply handing over those details (which may be legally prohibited if the data subject did not explicitly agree to such use of their details, and would increase the risk of improper disclosure by the recipient or during the data transfer).

Beyond that, I’m struggling to think of how this standard might be of value to a general audience in practice ... but then I’m not a privacy or crypto expert (and they are quite excited about this standard). Along with privacy, the new work item proposal mentioned a substantial reduction in financial fraud and information theft by criminals, a compelling case if the standard leads to widespread adoption of ZKP.

 

 

< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2024 IsecT LtdContact us re Intellectual Property Rights