In April, a major hacking incident involving SIM (USIM) cards at South Korea’s leading telecommunications company, SK Telecom (SKT), raised significant concerns about personal data security. The hackers infiltrated SKT’s system with malware and stole critical subscriber data, including International Mobile Subscriber Identity (IMSI), International Mobile Equipment Identity (IMEI), USIM authentication keys, and phone numbers. This breach has sparked debates and concerns regarding the potential for ‘USIM Swapping’ crimes, where hackers misuse this data to impersonate victims.
USIM Swapping involves using stolen SIM credentials to trick telecom companies and intercept all calls and text messages meant for the victim. This allows attackers to receive verification text messages or one-time passwords (OTP), leading to secondary crimes such as unauthorized bank transfers, cryptocurrency wallet theft, email account breaches, and illicit access to cloud services.
In the wake of the incident, some banks and corporations temporarily suspended SMS verification through SKT’s network. Internal guidelines for SIM card replacements were also issued for employees. This event has highlighted the severe consequences of personal authentication data breaches stored on centralized servers.
# Zero-Knowledge Proof: Validation Without Information Disclosure
Such hacking threats underscore why sensitive information is stored in plaintext on corporate servers and why victims have no way to respond once data is leaked. Centralized authentication systems are vulnerable to hacking and insider attacks, as users lose control over their data once it is compromised. A promising solution to this problem is Zero-Knowledge Proof (ZKP) technology, which allows for the verification of truths without revealing information.
Zero-Knowledge Proof involves an interaction between a prover and a verifier, adhering to principles of completeness, soundness, and zero-knowledge. Unlike traditional methods where sensitive personal data is managed centrally—for instance, SKT validating your identity for banking transactions and storing all key customer data—ZKP allows users to retain ownership of their primary information.
With ZKP, critical information is owned by individuals themselves. After SKT verifies your phone number and creates a zero-knowledge proof key, SKT can discard your personal data. If a bank requires identity verification, you can present a ZKP QR code issued by SKT. The bank uses a verifier to confirm your identity without needing direct access to your personal information.
ZKP thus enables users to own and manage their data, providing verification as needed without complete disclosure, thus ensuring privacy and trust. If SKT’s authentication data had been encrypted and managed individually as in ZKP systems, the impact of the breach could have been mitigated or even prevented.
# Applications of Zero-Knowledge Proof Projects
Various blockchain projects are leveraging ZKP technology to solve diverse problems, demonstrating its practical utility.
RiscZero offers a general-purpose computing platform capable of proving arbitrary computational results. Utilizing a RISC-V-based instruction architecture and ZK-STARK to create a ZKVM, it can verify program execution results on blockchains, enhancing trust without revealing original data. This has significant applications in data analysis and machine learning.
Taiko operates a ‘Type 1 ZK-EVM’ based on Ethereum, allowing developers to use existing Ethereum smart contracts seamlessly. It maintains Ethereum’s security and compatibility while reducing fees and increasing transaction speeds. With rollup technology incorporating pre-confirmation systems to accelerate transaction consensus, Taiko exemplifies efficient blockchain development.
Humanity Protocol focuses on decentralized identity (Decentralized ID) utilizing ‘Proof of Humanity.’ Unlike Worldcoin, which uses iris scans, Humanity Protocol relies on palm vein scans. This method stores biometric data with the user rather than on external servers, using ZKP to ensure personal ID protection. It strikes a balance between trust and privacy.
Zircut combines optimistic rollup with ZKEVM for a hybrid zero-knowledge proof rollup project. Initially operating on an optimistic basis, it plans to strengthen security by applying ZK validity proofs to all transactions over time. AI-based security monitoring will detect and block hacking attempts, optimizing speed and fees while maintaining EVM compatibility.
Succinct addresses blockchain interoperability issues using ZKP. Its ZKVM, ‘SP1,’ enables zero-knowledge proof generation for various chains like Ethereum and Cosmos. This facilitates trustless cross-chain messaging with lightweight proofs, making it competitive in both cost and speed.
# Zero-Knowledge Proof: A Foundation for the Data Sovereignty Era
The SKT hack illustrates the vulnerabilities of centralized authentication systems. In contrast, a ZKP-based system minimizes data exposure, maintains trust, and enhances security through decentralization.
Zero-Knowledge Proof marks a foundational shift towards the era of data sovereignty, where users control their data and perform necessary verifications independently. This technology is expected to underpin the trust architecture of the emerging Web3 society.
Ultimately, data security is not merely a technical issue but a structural one. Zero-Knowledge Proof, as a technical solution, ensures that no one but the user controls their data. This groundwork for a secure and efficient digital life, free from concerns about data breaches, is becoming a reality.
