Trust distribution and verification

This document is about collusion risks in zkTLS and Stormbit mitigations.

While zkTLS provides cryptographic guarantees, collusion risk can arise, especially for high-stakes transactions where attacked are highly motivated. Two main collusion scenarios are of concern :

User-Data Source Collusion: A user (Borrower) might collude with an off-chain data source (or an insider at that source) to generate authentic-looking but misleading data. For example a borrower could temporarily inflate their bank balance (with shorte term loan or insider help) to pass a zk proof of "balance > $X" and secure a large Stormbit loan, only to withdraw the funds immediatly after. In a more malicious scenario, an insider at a financial institution could feed falsified data over a geniune HTTPS connection (e.g. a fake credit report that passes certificate checks because it’s served from the institution’s servers) - this is what we call providing true proofs for false information. And because zkTLS guarantees the data came from from a particular domain but not the correctness of that domain's context, this is a risk : authenticity of source is ensured but if the source itself is compromised or colluding, the proof can certify wrong data. In high-value contexts, attackers might bribe or plant insiders to game the system.
User–Prover Collusion (Attestor Collusion): Most current zkTLS implementations rely on some off-chain prover service or network to facilitate data retrieval (e.g. Reclaim’s HTTPS proxy nodes, or secure enclaves running TLSNotary). If these attestors collude with a malicious user, they might produce a fraudulent proof. For instance, a dishonest prover node could bypass the actual TLS fetch and instead inject arbitrary data into a proof, or reuse a prior legitimate proof for an illegitimate purpose. A user might also run a modified client that presents a fake domain certificate (perhaps via a rogue Certificate Authority) to trick the system. While zk proofs and TLS encryption make this extremely difficult technically, the human element or misconfiguration could be exploited. In essence, if the party that is supposed to faithfully execute the protocol (fetching real data and computing the proof) is compromised, they could attest to false statements – a form of MPC collusion attack.

These collusion risks are particularly acute for high-value transactions (like large loans) because the incentive to cheat is higher. Stormbit, as a lending platform, must address these to maintain lender confidence. Here’s how Stormbit can mitigate collusion risks in its zkTLS-based infrastructure:

Multiple Attestation & Decentralization: Instead of relying on a single prover or data fetcher, Stormbit can require multiple independent zk proofs from different sources for the same claim. For example, a borrower’s claim of $50k bank balance could be verified via two or more distinct attestor networks (say, one using Reclaim’s infrastructure and another using a separate TLSNotary node). The loan is approved only if all independent proofs agree. This makes it much harder to collude, as an attacker would need to corrupt multiple systems. Stormbit can participate in decentralizing the zkTLS node network – e.g., running its own nodes and encouraging third-party auditors to run nodes – so that no single node is fully trusted. This approach is analogous to how decentralized oracles use multiple feeders to ensure integrity.
Data Redundancy & Cross-Verification: Verify the verifier. Stormbit could cross-check proofs with secondary information. If a borrower proves a high bank balance, the protocol might also request a proof of monthly income or a credit score. Inconsistencies (like a high balance but very low income) could flag manual review. Additionally, Stormbit can use time-based challenges: require the borrower to submit fresh proofs periodically or multiple times. A collusion that is arranged for a single moment (snapshot) might be hard to sustain repeatedly over time. Frequent or random spot-check proofs increase the risk for colluders to slip up.
Whitelisted Data Sources & Certificate Validation: To prevent “fake data from real domain” issues, Stormbit should carefully whitelist which Web2 sources are accepted for proofs, focusing on reputable institutions with strong internal security. For instance, only official banking sites or credit agencies should be used – no personal websites or unverifiable sources. Moreover, integrating with Certificate Transparency logs and requiring that the TLS certificates used in proofs are valid and not flagged as fraudulent can mitigate fake certificate attacks. If an attacker somehow obtained a bogus TLS cert for a bank (a very high-bar attack), it would likely appear in transparency logs or fail additional validation.
Economic Stake for Attestors: Stormbit could leverage a crypto-economic approach: any third-party attestor nodes or services that provide zkTLS proofs could be required to stake collateral (in a smart contract) and face slashing if they’re caught colluding. While detecting a bad proof is non-trivial (since a collusive proof may still be formally valid), Stormbit could introduce challenge periods or bounties for hackers who manage to produce a contradictory proof. By aligning the incentives – honest behavior earns fees, cheating risks losing stake – collusion becomes economically unattractive. Stormbit might also choose to work only with attestor networks that have undergone security audits and have reputations to lose.

Stormbit’s strategy to combat collusion will be to distribute trust and verify vigorously. By using multiple independent proofs, monitoring attestors, and setting prudent policies for large loans, Stormbit can greatly reduce the likelihood and impact of collusion. These precautions, combined with the inherent security of zkTLS (which ensures outsiders cannot tamper with the data in transit), create a robust framework.

PreviousSecurity at Core NextzkSTARKs to scale Bitcoin (coming soon)

Last updated 1 month ago

Trust distribution and verification

This document is about collusion risks in zkTLS and Stormbit mitigations.

While zkTLS provides cryptographic guarantees, collusion risk can arise, especially for high-stakes transactions where attacked are highly motivated. Two main collusion scenarios are of concern :

User-Data Source Collusion: A user (Borrower) might collude with an off-chain data source (or an insider at that source) to generate authentic-looking but misleading data. For example a borrower could temporarily inflate their bank balance (with shorte term loan or insider help) to pass a zk proof of "balance > $X" and secure a large Stormbit loan, only to withdraw the funds immediatly after. In a more malicious scenario, an insider at a financial institution could feed falsified data over a geniune HTTPS connection (e.g. a fake credit report that passes certificate checks because it’s served from the institution’s servers) - this is what we call providing true proofs for false information. And because zkTLS guarantees the data came from from a particular domain but not the correctness of that domain's context, this is a risk : authenticity of source is ensured but if the source itself is compromised or colluding, the proof can certify wrong data. In high-value contexts, attackers might bribe or plant insiders to game the system.
User–Prover Collusion (Attestor Collusion): Most current zkTLS implementations rely on some off-chain prover service or network to facilitate data retrieval (e.g. Reclaim’s HTTPS proxy nodes, or secure enclaves running TLSNotary). If these attestors collude with a malicious user, they might produce a fraudulent proof. For instance, a dishonest prover node could bypass the actual TLS fetch and instead inject arbitrary data into a proof, or reuse a prior legitimate proof for an illegitimate purpose. A user might also run a modified client that presents a fake domain certificate (perhaps via a rogue Certificate Authority) to trick the system. While zk proofs and TLS encryption make this extremely difficult technically, the human element or misconfiguration could be exploited. In essence, if the party that is supposed to faithfully execute the protocol (fetching real data and computing the proof) is compromised, they could attest to false statements – a form of MPC collusion attack.

Multiple Attestation & Decentralization: Instead of relying on a single prover or data fetcher, Stormbit can require multiple independent zk proofs from different sources for the same claim. For example, a borrower’s claim of $50k bank balance could be verified via two or more distinct attestor networks (say, one using Reclaim’s infrastructure and another using a separate TLSNotary node). The loan is approved only if all independent proofs agree. This makes it much harder to collude, as an attacker would need to corrupt multiple systems. Stormbit can participate in decentralizing the zkTLS node network – e.g., running its own nodes and encouraging third-party auditors to run nodes – so that no single node is fully trusted. This approach is analogous to how decentralized oracles use multiple feeders to ensure integrity.
Data Redundancy & Cross-Verification: Verify the verifier. Stormbit could cross-check proofs with secondary information. If a borrower proves a high bank balance, the protocol might also request a proof of monthly income or a credit score. Inconsistencies (like a high balance but very low income) could flag manual review. Additionally, Stormbit can use time-based challenges: require the borrower to submit fresh proofs periodically or multiple times. A collusion that is arranged for a single moment (snapshot) might be hard to sustain repeatedly over time. Frequent or random spot-check proofs increase the risk for colluders to slip up.
Whitelisted Data Sources & Certificate Validation: To prevent “fake data from real domain” issues, Stormbit should carefully whitelist which Web2 sources are accepted for proofs, focusing on reputable institutions with strong internal security. For instance, only official banking sites or credit agencies should be used – no personal websites or unverifiable sources. Moreover, integrating with Certificate Transparency logs and requiring that the TLS certificates used in proofs are valid and not flagged as fraudulent can mitigate fake certificate attacks. If an attacker somehow obtained a bogus TLS cert for a bank (a very high-bar attack), it would likely appear in transparency logs or fail additional validation.
Economic Stake for Attestors: Stormbit could leverage a crypto-economic approach: any third-party attestor nodes or services that provide zkTLS proofs could be required to stake collateral (in a smart contract) and face slashing if they’re caught colluding. While detecting a bad proof is non-trivial (since a collusive proof may still be formally valid), Stormbit could introduce challenge periods or bounties for hackers who manage to produce a contradictory proof. By aligning the incentives – honest behavior earns fees, cheating risks losing stake – collusion becomes economically unattractive. Stormbit might also choose to work only with attestor networks that have undergone security audits and have reputations to lose.

PreviousSecurity at Core NextzkSTARKs to scale Bitcoin (coming soon)

Last updated 1 month ago