Frequently asked questions, answered.

Why ZKX is better than PKI

Even with 10 challenge rounds, the Tx/Rx bandwidth required is in tens of bytes and fractions of a second. We will perform additional stress tests and publish a more detailed report as the product matures.

We have built ZKX to operate on any platform that can run & execute code. This architectural agnosticism combined with its low throughput requirements allows us to operate on a vast variety of different endpoints, servers, platforms, etc. Please reach out to have a more in-depth conversation and receive some more technical materials!

Yes. Random zero-knowledge proofing elements are injected into every user response to an identity challenge. It is a fundamental part of the ZKP protocols.

There is a NIST certification for identity & authentication solutions, namely NIST SP 800-63 (Digital Identity Guidelines). There is no official process for certifying a technology against this standard (it is a self-asserted designation) but we have designed this technology to be compatible with the requirements of AAL3, the highest standard for digital authentication solutions. REDCOM would love to see a formal and definitive standard & certification body developed for authentication and identity solutions, and ZKX will be one of the first products in line to undergo that process, whatever it may look like.

Yes! We have several generalized architecture diagrams for how ZKX will look in a forward-deployed or tactical setting. Many of its details are left up to implementation or mission specifics, but the generalized diagrams will give you a feel for where in the ecosystem ZKX will reside. Please reach out to us and we can get those to you!

One-way functions are a fundamental component of asymmetric encryption, and there are many similarities between ZKX and more common asymmetric encryption techniques. ZKX will leverage any existing transport mechanism with or without encryption, so whatever transport security you require can still be implemented. In terms of protecting the authenticating data, users create responses to identity challenges using a public key-based system that also utilizes zero-knowledge proofs. Again, ZKX is not a transport protocol. Whatever safeguards you require over your data channels are free to remain. ZKX is a privacy-preserving, robust MFA system – other parts of the transaction like networking or policy governance are outside of its control.

ZKX can handle anything you throw at it. New cards, serial numbers, blood type — ZKX is agnostic to the methods our customers will use to manage their users and the databases defining them.

This is an interesting question and one that the enterprise (and industry, for that matter) are still struggling to answer. ZTA requirements have yet to be developed for tactical settings, but we envision the situation being like today, no AD or AAA, and no cloud connectivity. ZKX is designed to operate within even the smallest formations – users can authenticate themselves and their device(s) before detaching from garrison, and our zero-knowledge identity attestation will keep their user/device identity verified if there is connectivity to a computer platform taking care of the verification side of that transaction. ZKX operates on the order of 10^0 kb per round, so even the most degraded SATCOM links can still facilitate ZKX authentication.

This is a good point, and worth reinforcing. ZKX assumes that your organization has already undergone its own identity-proving process (think like being provisioned your first CAC or bringing a birth certificate and electric bill to the DMV to get a driver’s license). ZKX does NOT stand up to these identities, just authenticates them. This was an intentional design choice in order to allow organizations to continue utilizing their own trusted identity processes. We are simply offering a newer, more secure, and faster way to prove those identities (via zero-knowledge MFA) which are defined by your existing onboarding processes for employees, guests, contractors, etc.

Have your nerds call our nerds.