I was looking through the repository to learn how ZK was implemented but what I found was encrypting and decrypting data. Where are the circuits implemented to hide the witness (secret values), and how is the system zero-knowledge?
Hello @Kaleb
In the KeyManager implementation for Zero Knowledge encryption, 10K random AES keys will be pre-generated and encrypted using a master key stored securely in the HSM.
For actual data encryption, a random key will be selected from 10k keys. This selected key will be decrypted using the master key from the HSM. The decrypted random AES key will then be combined with the UIN/VID to derive a new encryption key. This derived key will be used to encrypt the actual data.
During decryption, the same process will be followed, the same AES key will be decrypted using the HSM master key and combined with the same UIN/VID to derive the same AES key. The derived key will be used to perform the decryption.
Missing any one of these inputs will result in failure to decrypt the data, thereby ensuring strong protection and Zero Knowledge assurance.
Thanks,
Mahammed Taheer