Topic-specific policies
ISO/IEC 27565


Search this site
 

ISMS templates

< Previous standard      ^ Up a level ^      Next standard >

 

ISO/IEC 27565 — Information technology — Security techniques — Guidelines on privacy preservation based on zero knowledge proofs [DRAFT]

 

Abstract

“This document provides guidelines on using zero knowledge proofs (ZKP) to improve privacy by reducing the risks associated with the sharing or transmission of personal data between organisations and users by minimizing the information shared. It will include several ZKP functional requirements relevant to a range of different business use cases, then describes how different ZKP models can be used to meet those functional requirements securely.”
[Source: SC 27 Standing Document 11 (2022)]

 

Introduction

Zero knowledge proofs are cryptographic techniques allowing someone to prove to someone else that they are in possession of a secret, without actually disclosing the secret to the other person. The secret may be a password or other authentication information (e.g. biometrics), a cryptographic key, electronic currency, or some other piece of sensitive information which must remain confidential during the entire process.

 

Scope of the standard

TBA

 

Content of the standard

TBA.

 

Status

The New Work Item was proposed in 2021.

Status update April The standard is due to be published in 2025.

 

Personal notes

This standard will (presumably!) apply ZKP techniques to the protection of personally identifiable information/personal data - perhaps proving that an authority holds someone’s personal details without them simply handing over those details (which may be legally prohibited if the data subject did not explicitly agree to such use of their details, and would increase the risk of improper disclosure by the recipient or during the data transfer).

Beyond that, I’m struggling to think of how this might be of any value in practice ... but then I’m not a privacy or crypto expert (and they are quite excited about this standard). Along with privacy, the NWI proposal mentions a substantial reduction in financial fraud and information theft by criminals, a compelling case if the standard leads to widespread adoption of ZKP.

 

 

< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2022 IsecT Ltd.