TLS & zkTLS & ZKON Network
The nodes that maintain blockchain networks are in constant communication with each other.
Bridges are also responsible for the communication between two blockchains. They carry a commitment made by a blockchain user on one chain to the other chain, creating a communication network.
Oracle protocols that transfer external data to blockchains also create a communication channel and can move any data into the blockchain.
Mina, with its “proof of everything” concept, can process and verify any verifiable data on-chain.
Today’s topic is TLS, zkTLS and ZKON Network.
1. Transport Layer Security 1.3
TLS 1.3 is the newest version of the Transport Layer Security protocol, designed to secure connections on the internet. It provides better performance, stronger security, and a simpler handshake process than older versions like TLS 1.2.
Think of TLS 1.3 as an upgraded lock and key system that helps keep your data safe when you browse websites, use apps, or connect to online services.
TLS 1.3 uses temporary (ephemeral) keys to protect past communications if someone ever discovers the server’s private key in the future. In older versions, if an attacker got hold of the server’s private key, they could potentially unlock previously recorded conversations. TLS 1.3 stops this by generating new, short-lived keys for each session, ensuring no one can later “go back in time” and unlock old data.
A big improvement in TLS 1.3 is that it completes most handshakes in just one “round trip” (1-RTT). When you visit a website, your browser (the client) and the website’s server exchange just a few messages to agree on cryptographic methods, verify identities with certificates, and create a shared secret key.
This shared secret key then encrypts and decrypts the data you send and receive, like passwords, credit card information, or personal messages, so eavesdroppers see only scrambled text.
1.1) TLS 1.3 Handshake
- The client starts the handshake by sending a “ClientHello” message, listing its supported encryption methods (CipherSuits) and providing an ephemeral key share. Client also sends a “Key Share” to Server to generate the “Master Secret Key”
Supported TLS versions also sent by Client to the Server.
2. The Server generates a Master Secret Key in a process called Elliptic Curve Diffie-Hellman Key Exchange, which guarantees that only the client and server can compute this secret key.
3. The server responds with a “ServerHello” that picks one method from the CipherSuits (TLS_AES_128_GCM_SHA256 is recommended to use) and sends its own key share.
Server sends a “Server Random” that will be used by the Client while generating the same “Master Secret Key”.
The copy of the Server Certificate is sent by the Server. The client will verify this certificate to be sure about who it is communicating with.
Server sends a Finished message for encryption verification. In the Finished message, the Server includes an encrypted digest of all previous messages. With it, the Client can verify whether the encryption is expected.
4. Client sends a Finished message with encrypted digest of all previous messages.
For some services, TLS 1.3 can also use “0-RTT” data if the client reconnects to the same server, letting the client send data immediately without waiting for the full handshake. This can speed up connections even more, although it’s typically used only for non-critical data because 0-RTT is less resistant to replay attacks.
2. zkTLS & ZKON Network
zkTLS is an advanced security protocol that combines the encryption capabilities of TLS with the privacy-preserving features of Zero-Knowledge Proofs (ZKPs).
Zero-Knowledge Proofs (ZKPs) are cryptographic methods enabling one party (the prover) to convince another party (the verifier) that a given statement is true, all while keeping hidden any information that could reveal the actual data behind that statement.
In zkTLS, these proofs are generated during or alongside the standard TLS handshake. This way, the usual TLS encryption takes care of securing the data, while the ZKPs allow users to confirm that they meet certain conditions (like having sufficient account balance) without revealing the exact balance or personal details.
Multi-Party Computation (MPC) often comes into play in zkTLS setups, where multiple parties collectively perform computations on encrypted data.
This distributed approach prevents a single entity from seeing the entire encryption key or underlying data.
MPC techniques can split cryptographic keys across different servers, ensuring that no single party can decrypt or modify the data on its own. This is particularly useful in decentralized scenarios, such as blockchain-based applications, where trust is spread across many participants.
Trusted Execution Environments (TEEs) can also reinforce zkTLS by offering a hardware-isolated space for sensitive operations. A TEE is essentially a protected enclave within a CPU that shields certain processes, like key generation or data decryption, from the rest of the system.
By combining TEEs with zero-knowledge proofs, zkTLS can verify and process sensitive information without exposing it even to the service provider or operating system.
This approach enhances privacy while retaining a high level of security, although it does require some degree of trust in the hardware itself.
All of these components (TLS encryption, ZKPs, MPC, and TEEs) work together to ensure data remains confidential, verifiable, and resistant to tampering.
In practical terms, an application using zkTLS might allow a user to prove they are over a certain age, possess a valid credential, or have enough funds in a wallet, all without sharing the exact date of birth, the entire credential, or the complete account balance. This selective disclosure is essential in decentralized and blockchain environments where transparency and immutability are key features, but users still require a means to protect private data from public exposure.
3. Use Cases of ZKON Network
In my last article, I said that blockchains are made entirely of commitments.
The most important work that blockchain nodes do is to verify these commitments (verifiable, encrypted data) with cryptographic methods and add them to the network.
To illustrate, blockchain bridges are based on these commitments. When we send an asset or message from Mina to Ethereum, we use an intermediary nodes that verifies the commitment (transaction) on Mina on Ethereum.
This bridge validates the commitment received on Mina and writes a new commitment (transaction) on Ethereum.
The most important feature we achieve by using ZKON Network and zkTLS is that we transform the information we receive from the outside world into secure and verifiable commitments and carry them to blockchain networks.
With Multi Party Computation, the information we compute cannot be accessed and modified by a single person. With the TEE, the accuracy of the information received can be executed privately and securely. By using Zero Knowledge Proof, we ensure that the information sent to the blockchain remains private.
It’s all about confidentiality
With ZKON Network,
-> You can verify that you have some money in the bank and borrow from lending protocols on blockchain networks. No one can find out how much money you have.
-> You can even borrow from a protocol on Mina by verifying your money on Solana.
-> You can verify that you are you and vote on blockchain networks without sharing your credentials with anyone. You can also verify your private information for the KYC process without sharing it with anyone.
-> In a world where governments are moving to a blockchain-based citizenship system, you can verify that you have a passport when you go abroad and that you have successfully completed your visa procedures without revealing your personal information.
-> When using a blockchain bridge, you can also hide how much assets you are passing to the target chain.
The possibilities with ZKON Network are endless. It is all about the secure and private commitments :)
Thanks for reading..:)
X : blockofchain