Rizz Risk
Securely shared a medical report using zero-knowledge proofs—verifying the information without exposing personal details. A new standard for privacy and trust in sensitive conversations. It’s time to normalize secure and respectful health disclosures.
Project Description
The goal of this project is to make sharing medical reports in the most privacy preserving way Traditional methods of sharing medical information often expose more personal data than necessary, relying on centralised systems or full document sharing. This risks breaches, limits privacy, and leaves individuals with little control over who sees their information.
Our solution takes privacy and security a step further by integrating seamlessly with existing infrastructure. Using ZK Fetch, we retrieve medical reports from trusted online portals, and with ZK Email, we validate reports sent via email. These tools ensure that the data originates from legitimate sources without exposing unnecessary personal details. This approach makes it easy to authenticate documents without disrupting existing workflows or requiring new platforms.
For enhanced Sybil resistance and identity verification using Reclaim Protocol, we employ a nationality provider to verify users’ identities. This verified identity is securely compared to the identity information contained in the medical report. The comparison is conducted using advanced cryptographic methods like Zero-Knowledge Virtual Machines (ZKVMs) or Trusted Execution Environments (TEEs). These technologies enable secure processing of sensitive data in isolated environments, ensuring the authenticity of the report while keeping the user’s identity completely private.
By using ZKVMs or TEEs, we ensure that identity checks and report verifications occur in a privacy-preserving manner. No raw data is exposed or shared with third parties, and only the validity of the information is confirmed. This eliminates the need for users to disclose their full identity or additional personal information, maintaining trust and security.
This approach combines the power of zero-knowledge proofs with cutting-edge secure computation to create a robust system for verifying sensitive medical data. It not only preserves privacy but also builds a scalable, user-friendly framework for secure and transparent health data sharing.
How it's Made
Privacy-Centric Medical Report Management System
Our project is designed with a strong focus on privacy at every stage: data collection, processing, and sharing. Below is a structured breakdown of our approach:
1. Data Collection
Medical reports are commonly shared via two primary methods: email and online portals. To ensure these reports originate from legitimate sources, we employ the following:
-
zkFetch Integration:
Using zkFetch (https://docs.reclaimprotocol.org/zkfetch), we verify that data is fetched from private and authentic sources. This ensures the reports come from trusted entities. -
ZkEmail Integration (In Progress):
We are integrating ZkEmail (https://prove.email/), which enables users to submit reports directly from their email inbox while preserving privacy.
While these measures confirm the authenticity of the source, we also need to ensure the reports belong to the intended user and not someone else.
2. Sybil Resistance
To verify that users are submitting their own reports, we are integrating the Reclaim Protocol (https://reclaimprotocol.org/) along with a nation-level identity provider:
- Government ID Verification:
Users authenticate their identity through a government ID portal. The verified name is then cross-checked to ensure that uploaded reports belong to the correct user.
This mechanism prevents users from uploading reports that do not belong to them, ensuring data integrity and privacy.
3. Document Processing
Once we verify both the user’s authenticity and the data source, the next step is processing the report to extract its content securely:
-
Challenges with zkVMs:
After evaluating options like zkVM (https://github.com/succinctlabs/sp1) and ezkl (https://ezkl.xyz/), we found they faced limitations in handling large models or multiple model scenarios. -
Solution – Verifiable API Calls:
To overcome these limitations, we use a verifiable API call to OpenAI, which generates a cryptographic proof about the document's content. This ensures the integrity of the processing stage.
4. Verifying Compute and Enabling Private Sharing
After generating proofs for all steps, users can privately share their attested proofs with others. Here's how we ensure privacy in this process:
-
Proof Verification in a TEE:
Using a Trusted Execution Environment (TEE) provided by Phala Network (https://github.com/Phala-Network):- Proofs are verified to ensure the data processed matches the original data fetched from the portal.
- The TEE confirms that the uploaded report belongs to the verified user.
-
Encrypted Proof Sharing:
The TEE encrypts the result and generates an attestation, which can only be decrypted by the recipient using their private key. This ensures:- No private information, such as the user's name or health records, is exposed.
- Data remains secure and inaccessible to unauthorized parties.
-
On-Chain Privacy via Sign Protocol:
Using Sign Protocol (https://docs.sign.global/), attestations are recorded on-chain. However:- The public key of the sharer is not exposed.
- Only a "proof request" event is publicly visible.
5. Privacy-Preserving Experience
By combining these elements, we create a system where users can share attestations of medical reports securely and privately. The key highlights include:
- Verifiable data authenticity and user identity.
- Cryptographic proof of document content.
- Private sharing mechanisms that safeguard sensitive information.
- Minimal public on-chain exposure.
This end-to-end privacy-focused workflow enables a seamless and secure experience for managing and sharing sensitive medical reports.
