Browse > Article
http://dx.doi.org/10.13089/JKIISC.2019.29.6.1285

Privacy-Preserving Credit Scoring Using Zero-Knowledge Proofs  

Park, Chul (Graduate School of Information Security, Korea University)
Kim, Jonghyun (Graduate School of Information Security, Korea University)
Lee, Dong Hoon (Graduate School of Information Security, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.29, no.6, 2019 , pp. 1285-1303 More about this Journal
Abstract
In the current credit scoring system, the credit bureau gathers credit information from financial institutions and calculates a credit score based on it. However, because all sensitive credit information is stored in one central authority, there are possibilities of privacy violations and successful external attacks can breach large amounts of personal information. To handle this problem, we propose privacy-preserving credit scoring in which a user gathers credit information from financial institutions, calculates a credit score and proves that the score is calculated correctly using a zero-knowledge proof and a blockchain. In addition, we propose a zero-knowledge proof scheme that can efficiently prove committed inputs to check whether the inputs of a zero-knowledge proof are actually provided by financial institutions with a blockchain. This scheme provides perfect zero-knowledge unlike Agrawal et al.'s scheme, short CRSs and proofs, and fast proof and verification. We confirmed that the proposed credit scoring can be used in the real world by implementing it and experimenting with a credit score algorithm which is similar to that of the real world.
Keywords
zero-knowledge proof; zk-SNARK; blockchain; privacy-preserving credit scoring;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Korea Credit Bureau, "Public disclosure of personal credit scoring model," http://www.koreacb.com/kr/etc/policy_scoring, Oct. 2019.
2 Interwork Technologies, "The Equifax cyber attack - how it happened and how to protect yourself," https://interwork.com/equifax-cyber-attack-happened-protect, Oct. 2019.
3 Keep Network, "How to kill Equifax," https://blog.keep.network/how-to-kill-equifax-9b0222af5f88, Oct. 2019.
4 QEDIT-Medium, "Trustless computing on private data," https://medium.com/qed-it/trustless-computing-on-private-data-6dc2deac306b, Oct. 2019.
5 S. Agrawal, C. Ganesh, and P. Mohassel, "Non-interactive zero-knowledge proofs for composite statements," CRYPTO 2018, pp. 643-673, Aug. 2018.
6 B. Parno, J. Howell, C. Gentry, and M. Raykova, "Pinocchio: nearly practical verifiable computation," IEEE Symposium on Security and Privacy 2013, pp. 238-252, May 2013.
7 J. Groth, "On the size of pairing-based non-interactive arguments," EUROCRYPT 2016, pp. 305-326, May 2016.
8 D. Fiore, C. Fournet, E. Ghosh, M. Kohlweiss, O. Ohrimenko, and B. Parno, "Hash first, argue later: adaptive verifiable computations on outsourced data," ACM Conference on Computer and Communications Security 2016, pp. 1304-1316, Oct. 2016.
9 M. Campanelli, D. Fiore, and A. Querol, "LegoSNARK: modular design and composition of succinct zero-knowledge proofs," ACM Conference on Computer and Communications Security 2019, pp. 2075-2092, Nov. 2019.
10 N. Bitansky, A. Chiesa, Y. Ishai, O. Paneth, and R. Ostrovsky, "Succinct non-interactive arguments via linear interactive proofs," Theory of Cryptography Conference 2013, pp. 315-333, Mar. 2013.
11 Home page of Ivan Damgard, "On ${\Sigma}$-protocols," http://www.cs.au.dk/-ivan/Sigma.pdf, Oct. 2019.
12 A. Fiat and A. Shamir, "How to prove yourself: practical solutions to identification and signature problems," CRYPTO '86, pp. 186-194, Aug. 1986.
13 T.P. Pedersen, "Non-interactive and information-theoretic secure verifiable secret sharing," CRYPTO '91, pp. 129-140, Aug. 1991.
14 E. Mays, Handbook of credit scoring, 1st Ed., Glenlake Publishing Company, pp. 91-92, Mar. 2001.
15 B.W. Yap, S.H. Ong, and N.H.M. Husain, "Using data mining to improve assessment of credit worthiness via credit scoring models," Expert Systems with Applications, vol. 38, no. 10, pp. 13274-13283, Sep. 2011.   DOI
16 P.S. Barreto and M. Naehrig, "Pairing-friendly elliptic curves of prime order," Selected Areas in Cryptography 2005, pp. 319-331, Mar. 2005.
17 Korea Internet & Security Agency, "Guideline for using cryptographic algorithms and key lengths," KISAGD-2018-0034, Dec. 2018.
18 E. Kiltz and H. Wee, "Quasi-adaptive NIZK for linear subspaces revisited," EUROCRYPT 2015, pp. 101-128, Apr. 2015.
19 M. Ajtai, "Generating hard instances of lattice problems (extended abstract)," ACM Symposium on Theory of Computing '96, pp. 99-108, Jul. 1996.
20 A. Kosba, Z. Zhao, A. Miller, Y. Qian, H. Chan, C. Papamanthou, R. Pass, A. Shelat, and E. Shi, "COCO: a framework for building composable zero-knowledge proofs," IACR ePrint 2015-1093, Nov. 2015.
21 Korea Internet & Security Agency, "Subscriber identification based on virtual ID," KCAC.TS.SIVID, Sep. 2009.
22 E.B. Sasson, A. Chiesa, C. Garman, M. Green, I. Miers, E. Tromer, and M. Virza, "Zerocash: decentralized anonymous payments from Bitcoin," IEEE Symposium on Security and Privacy 2014, pp. 459-474, May 2014.
23 GitHub, "libsnark: a C++ library for zkSNARK proofs," https://github.com/scipr-lab/libsnark, Oct. 2019.
24 GitHub, "xJsnark," https://github.com/akosba/xjsnark, Oct. 2019.
25 H.A. Abdou and J. Pointon, "Credit scoring, statistical techniques and evaluation criteria: a review of the literature," Intelligent Systems in Accounting, Finance and Management, vol. 18, no. 2-3, pp. 59-88, Apr. 2011.   DOI