zkTLS Technology Analysis: Breaking the Data Barrier Between Web3 and Web2

Recently, during the product design process, I came across a new technology stack - zkTLS. After in-depth research, I have organized my learning insights as follows, hoping to share them with everyone.

zkTLS is a new technology that combines zero-knowledge proof ( ZKP ) and Transport Layer Security protocol ( TLS ). In the Web3 domain, it is primarily used in on-chain virtual machine environments, enabling the verification of off-chain HTTPS data authenticity without relying on a trusted third party. The authenticity here includes three aspects: the data source indeed comes from a specific HTTPS resource, the returned data is unaltered, and the timeliness of the data is guaranteed. Through this cryptographic implementation mechanism, on-chain smart contracts gain the ability to access off-chain Web2 HTTPS resources in a trustworthy manner, thereby breaking data silos.

Introduction to TLS Protocol

In order to gain a deeper understanding of the value of zkTLS technology, it is necessary to provide a brief overview of the TLS protocol. TLS( (Transport Layer Security protocol)) is used to provide encryption, authentication, and data integrity in network communications, ensuring the secure transmission of data between clients( such as browsers) and servers( such as websites).

The HTTPS protocol is essentially based on the HTTP protocol, using the TLS protocol to ensure the privacy and integrity of information transmission, and making the authenticity of the server verifiable. The HTTP protocol itself is a plaintext transmission network protocol and cannot verify the authenticity of the server, which leads to several security issues:

1. Information may be monitored by third parties, leading to privacy breaches.
2. Unable to verify the authenticity of the server-side, the request may be hijacked by malicious nodes and return malicious information.
3. Unable to verify the integrity of the returned information, data loss may occur due to network issues.

The TLS protocol was designed to address these issues. It mainly resolves the aforementioned problems in the following ways:

1. Encrypted Communication: Use symmetric encryption ( such as AES, ChaCha20) to protect data and prevent eavesdropping.
2. Identity Authentication: Verify the identity of the server through digital certificates issued by third parties to designated institutions, such as X.509 certificates (, to prevent man-in-the-middle attacks.
3. Data Integrity: Use HMAC) hash message authentication code( or AEAD) authenticated encryption( to ensure that data has not been tampered with.

HTTPS based on the TLS protocol is divided into two phases during the data exchange process: the handshake phase and the data transmission phase. The specific process includes four steps:

1. The client sends ClientHello
2. The server sends ServerHello
3. Client verifies the server
4. Start encrypted communication

This widely used foundational technology in Web2 networks has caused difficulties for Web3 application development. In particular, when on-chain smart contracts wish to access certain off-chain data, the on-chain virtual machine does not open the capability to call external data due to data availability issues, in order to ensure the traceability of all data and thus guarantee the security of the consensus mechanism.

To meet the needs of DApps for off-chain data, a series of oracles )Oracle( projects have emerged, such as Chainlink and Pyth. These projects break the data silo phenomenon by acting as a relay bridge between on-chain data and off-chain data. At the same time, to ensure the availability of the relayed data, these oracles generally implement a PoS consensus mechanism, which makes the cost of malicious behavior for relay nodes higher than the benefits, so that they will not economically provide false information on-chain.

Problems Solved by zkTLS

However, there are two main issues with the data acquisition scheme based on Oracle:

1. High costs: To ensure the authenticity of the data delivered by Oracle to the blockchain, a PoS consensus mechanism is required, which incurs significant maintenance costs. Generally, Oracle projects will only maintain some of the most mainstream data for free, while exclusive requirements must be paid for, which hinders application innovation, especially for long-tail and customized needs.

2. Low Efficiency: The consensus of the PoS mechanism requires a certain amount of time, resulting in latency of on-chain data, which is unfavorable for high-frequency access scenarios, as there is a significant delay between the data obtained on-chain and the real off-chain data.

zkTLS technology has emerged to address the aforementioned issues. Its main idea is to introduce the ZKP (Zero-Knowledge Proof) algorithm, allowing on-chain smart contracts to act as a third party that can directly verify that the data provided by a certain node is indeed the data returned after accessing a certain HTTPS resource and has not been tampered with, thus avoiding the high usage costs caused by consensus algorithms in traditional Oracles.

zkTLS uses cryptographic protection to replace the high costs associated with traditional Oracle consensus mechanisms for data availability. Specifically, by introducing ZKP (Zero-Knowledge Proofs) and calculating the Proof based on requests for resources obtained from certain HTTPS, related CA certificate verification information, timestamp proofs, and data integrity proofs based on HMAC or AEAD, while maintaining necessary verification information and verification algorithms on-chain. This allows smart contracts to verify the authenticity, timeliness, and reliability of data sources without exposing key information.

The biggest advantage of this technical solution is that it reduces the cost of achieving availability for Web2 HTTPS resources. This has stimulated many new demands, especially in terms of lowering the on-chain price acquisition of long-tail assets and utilizing authoritative websites in the Web2 world for on-chain KYC, thus optimizing the technical architecture design of DID and Web3 games.

Of course, zkTLS has also brought impacts to existing Web3 enterprises, especially for current mainstream oracle projects. In response to this impact, industry giants like Chainlink and Pyth are actively pursuing research in related directions, trying to maintain their leading position during the technological iteration process, while also giving rise to new business models, such as transitioning from time-based charging to usage-based charging, and Compute as a Service. Naturally, like most ZK projects, the challenge of zkTLS still lies in how to reduce computational costs to make it commercially viable.

Overall, during the product design process, paying attention to the development trends of zkTLS and appropriately integrating this tech stack may help find new directions in business innovation and technology architecture.