Analysis of zkTLS Technology and Its Application Prospects in Web3

Recently, I have been exploring new project directions. During the product design process, I encountered a technology stack that I had not previously worked with—zkTLS. Therefore, I conducted in-depth research and organized my learning insights into a document, hoping to share it with everyone.

zkTLS is a new technology that combines Zero-Knowledge Proofs (ZKP) and Transport Layer Security (TLS) protocols. In the Web3 space, it is primarily used in on-chain virtual machine environments, enabling the verification of the authenticity of off-chain HTTPS data provided without the need to trust a third party. The authenticity here includes three aspects: the data source indeed comes from a certain HTTPS resource, the returned data is untampered, and the timeliness of the data is guaranteed. Through this cryptographic implementation mechanism, on-chain smart contracts gain the ability to trustfully access off-chain Web2 HTTPS resources, thereby breaking down data silos.

Introduction to TLS Protocol

To gain a deeper understanding of the value of zkTLS technology, it is necessary to provide a brief overview of the TLS protocol. The TLS protocol is used to provide encryption, authentication, and data integrity in network communications, ensuring the secure transmission of data between clients (such as browsers) and servers (such as websites).

The HTTPS protocol is essentially based on the HTTP protocol and uses the TLS protocol to ensure the privacy and integrity of information transmission, making the authenticity of the server verifiable. In contrast, the HTTP protocol is a plaintext transmission network protocol that cannot verify the authenticity of the server, which may lead to the following security issues:

1. Information may be intercepted by third parties, leading to privacy breaches.
2. Unable to verify the authenticity of the server, the request may be hijacked by malicious nodes and return malicious information.
3. Unable to verify the integrity of the returned information, which may result in data loss due to network reasons.

The TLS protocol is designed to address these issues. It primarily achieves this through the following methods:

1. Encrypted Communication: Use symmetric encryption (such as AES, ChaCha20) to protect data and prevent eavesdropping.
2. Identity Authentication: Verify the identity of the server through digital certificates issued by third parties to designated institutions (such as X.509 certificates) to prevent man-in-the-middle attacks.
3. Data integrity: Use HMAC (Hash-based Message Authentication Code) or AEAD (Authenticated Encryption) to ensure that the data has not been tampered with.

HTTPS Data Interaction Process

The HTTPS protocol based on the TLS protocol is divided into two phases during data exchange: the handshake phase and the data transmission phase. The specific process is as follows:

1. The client sends ClientHello: contains information such as supported TLS versions, encryption algorithms, random numbers, etc.

2. The server sends ServerHello: contains information such as the selected encryption algorithm, server random number, server certificate, etc.

3. Client verifies the server: verifies the server certificate, computes the shared key, and sends the Finished message.

4. Start encrypted communication: Use the negotiated session key for encrypted communication.

Data Access Issues in Web3

Although the TLS protocol is widely used in Web2 networks, it has caused difficulties in Web3 application development. When on-chain smart contracts hope to access certain off-chain data, the on-chain virtual machine does not allow external data calls due to data availability issues, in order to ensure the traceability of all data and thereby guarantee the security of the consensus mechanism.

To solve this problem, a series of oracle projects have emerged, such as Chainlink and Pyth. These projects act as a relay bridge between on-chain data and off-chain data, breaking the data island phenomenon. However, this oracle-based data acquisition scheme has two main issues:

1. High costs: Maintaining the PoS consensus mechanism requires a large amount of staked funds, and there is redundancy in data interaction, leading to high usage costs.
2. Low efficiency: The consensus of the PoS mechanism takes some time, resulting in latency in on-chain data, which is not conducive to high-frequency access scenarios.

zkTLS Solution

The zkTLS technology introduces zero-knowledge proof algorithms, enabling on-chain smart contracts to directly verify that the data provided by a certain node indeed comes from a specific HTTPS resource and has not been tampered with, thereby avoiding the high usage costs associated with traditional oracles due to consensus algorithms.

Specifically, zkTLS is implemented in the following way:

1. Calculate the data obtained from HTTPS resource requests to off-chain relay nodes, related CA certificate verification information, temporal proof, and data integrity proof to generate the Proof.
2. Maintain necessary verification information and verification algorithms on the chain.
3. Ensure that smart contracts can verify the authenticity, timeliness, and reliability of data sources without exposing key information.

The biggest advantage of this technical solution is that it reduces the cost of achieving availability for Web2 HTTPS resources, thereby stimulating many new demands, such as lowering the on-chain price acquisition cost for long-tail assets, utilizing authoritative Web2 websites for on-chain KYC, and optimizing the technical architecture design for DID and Web3 games.

The Impact of zkTLS on the Web3 Industry

The development of zkTLS technology has had a certain impact on existing Web3 enterprises, especially mainstream oracle projects. In response to this challenge, industry giants like Chainlink and Pyth are actively following up on related research, attempting to maintain their leading position during the technological iteration process. At the same time, this has also given rise to new business models, such as the shift from time-based charging to usage-based charging, and Compute as a service.

However, like most ZK projects, the main challenge faced by zkTLS is still how to reduce computational costs to make it commercially viable.

In summary, paying attention to the developments of zkTLS and integrating this technology stack in a timely manner during product design may lead to new breakthroughs in business innovation and technical architecture.