Topic-specific policies
ISO/IEC 27565

Search this site

ISMS templates

< Previous standard      ^ Up a level ^      Next standard >


ISO/IEC 27565 — Information technology — Security techniques — Guidelines on privacy preservation based on zero knowledge proofs [DRAFT]



Abstract added July ”This document provides guidelines on using zero knowledge proofs (ZKP) to improve privacy by reducing the risks associated with the sharing or transmission of personal data between organisations and users by minimizing the information shared. It will include several ZKP functional requirements relevant to a range of different business use cases, then describes how different ZKP models can be used to meet those functional requirements securely”
[Source: ISO/IEC JTC 1/SC 27 SD11]



Zero Knowledge Proofs are cryptographic techniques allowing someone to prove to someone else that they are in possession of a secret, without actually disclosing the secret to the other person. The secret may be a password or other authentication information (e.g. biometrics), a cryptographic key, electronic currency, or some other piece of sensitive information which must remain confidential during the entire process.


Scope of the standard



Content of the standard




Drafting commenced in 2021.

The standard is due to be published in 2025.


Personal notes

This standard will (presumably!) apply ZKP techniques to the protection of personally identifiable information/personal data - perhaps proving that an authority holds someone’s personal details without them simply handing over those details (which may be legally prohibited if the data subject did not explicitly agree to such use of their details, and would increase the risk of improper disclosure by the recipient or during the data transfer).

Beyond that, I’m struggling to think of how this might be of any value in practice ... but then I’m not a privacy or crypto expert (and they are quite excited about this standard). Along with privacy, the NWI proposal mentions a substantial reduction in financial fraud and information theft by criminals, a compelling case if the standard leads to widespread adoption of ZKP.



< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2023 IsecT LtdContact us re Intellectual Property Rights