Zero-Knowledge Proofs as an enhancement to PHASE 2: Identity

[0zAND1z]

Linking an SSO identity to a Zoom PKI would be a good beginning step. However, this may not be enough.

One must also secure the "entry" to the meeting and strictly verify each participant in a non-interactive manner.

Have you guys considered using zero-knowledge proofs?

If the team is interested in the idea, suitable implementations are available in the form of zk-SNARK and zk-STARK.

[AdriaanDeVos]

The "Entry" into the meeting is currently done by receiving the participants from the MMR through a secured signaling channel. Then interactively the leader will verify each participant separately.

You propose the usage of zero-knowledge proofs, but I think you specifically suggest: Non-interactive zero-knowledge proofs?

Could you provide some arguments on why you think this solution would be better than the current implementation? Just linking to a techblog explaining the concept is not clear enough to me.

[karanlyons]

ZK is a fascinating topic in cryptography and I’ve a particular fondness for zk-SNARK, but for our purposes Zoom’s servers must at least know the identity of the host for a meeting, and it is unclear through what means Peggy could prove her identity to Victor without leaking information to either the IdP or Zoom. We’ll consider more zero-knowledge approaches to verifying meeting participants as we gather more information about use cases.