Introduction
Most people do not advocate for war. Once war becomes a reality, misinformation spreads quickly. One of the major escalation patterns we are witnessing in modern warfare is the amplification of acts allegedly done in violation of international treaties.
These false claims are frequently intended to inflame both citizens in the streets and decision-makers in governments. Nearly always, excluding terrorist acts, there is sound logic that counters the treaty-violation argument.
This logic is generally based on gathered intelligence, which is often too sensitive to expose. ZKPs provide a way to maintain the confidentiality of gathered intelligence, while still allowing for disputes of false claims. In this blog, we explain how.
Reference Scenario
Our starting point is a ‘Humanitarian Island’ — such as a school, hospital, temple, mosque, church, or even an ambulance — located in a warzone and attacked by enemy fire. We assume the island is not hit by a statistical fire, but rather a targeted strike to kill. An equivalent scenario for our purposes is that of unintended friendly fire, indistinguishable from enemy fire.
Targeted strikes on these islands violate the Geneva Conventions and other treaties, and is therefore bound to receive condemnation from across the board: the UN, media outlets, governments, and so on.
As we have observed time and again, including in the ongoing war in Gaza, these singular events are explosive. Given the wrong treatment, an image of a hospital under attack creates a massive psychological effect, widening the conflict in intensity and scale.
The best possible way to manage the situation would be to provide an incident report:
- Collect evidence
- Investigate what triggered the attack
- Determine who should take responsibility
Warfare Basics
Modern armies operate according to battle-tested and well-established combat doctrine. Command and Control (C&C) is centralized, with a clear hierarchy. Target generation, building situational awareness (SA), prioritization, assignment, and fire authorization are executed by different teams of professionals, with clean interfaces between them.
Therefore when a “humanitarian island” is attacked, there should be a clear, traceable line following the chain of command in reverse, all the way down to the raw intelligence material that influenced the decision.
Many times, access to the raw intelligence can prove beyond reasonable doubt that the alleged humanitarian island was, in fact, a legitimate target, and no longer used for humanitarian purposes. Examples of the ongoing war in Gaza include mosques, schools, and hospitals used by Hamas to launch rockets and other attacks against Israeli civilians.
Alternatively, raw intelligence may provide the “golden” indication that the attack came from friendly fire.
This poses a dilemma:
- Exposing such piece of intelligence will counter the psychological effect
- However, it will burn the intelligence source, which we may assume is
(1) sensitive — it may reveal details on Intelligence methods of operation
(2) valuable — a source that may be used in the future to gather more insights on the battlefield
SIGINT — Signal Intelligence
Let’s double-click on what we mean by saying “burn the source”. For this, we need to make a few more assumptions, which we can later generalize.
In wartime, the battlefield is constantly changing. C&C must be maintained at all times, on both sides. Real-time communication is therefore king — tactical land radio or satellite communication being examples. A radar is another example of a real-time system, providing real-time data on several classes of threats. On the other hand, a file on a computer, or even just an email, is second-order when it comes to real-timeliness.
What is common to all of the above examples is that they are digital: bits running on computing devices, with access to some network. Gaining covert access to such networks is the basis of Signal Intelligence, or SIGINT. As one may imagine, acquiring any kind of access to enemy networks can deliver great value, especially C&C networks at a time of war.
It is worth noting the way military intelligence works is that many times, such access is partial, noisy, or 99.99% irrelevant. To reach real insights, further analysis and research is required, with cross-referencing from other intelligence sources.
However, for the sake of simplicity, we will operate under the assumption that a single intercepted communication message, M, from person A to person B, is sufficient to justify or disprove an attack under investigation.
Now the risk of exposing a SIGINT source is hopefully clearer: publishing message M will leak information to the enemy, such as ‘this line is tapped’ and ‘all past communication between A and B are compromised’.
Zero Knowledge Proofs
Loosely speaking, Zero Knowledge Proofs (ZKPs) are a Privacy-Enhancing Technology (PET), that allows a Prover to mathematically convince a Verifier of the correctness of computing some known function F, over a private input known only to the prover. For example, a prover may prove that a hash function H was computed correctly, producing output out, without revealing the input used for the hash function.
ZKPs, invented and developed in academia over the last several decades, have already found practical usage in the real world. Industry adoption is focused on short proofs that are publicly verifiable by anyone, which is what we need for our proof-of-innocence.
When we apply ZK technology to our problem space, the goal is straightforward — can we prove in Zero-Knowledge that there is a reason a certain island was attacked? Essentially, we wish to prove that message B exists, without exposing sensitive information on its meta-data, such as identification of speakers A and B, geo-location, time-stamp, and so on.
Challenges & Ideas
The first problem is that sometimes, even the existence of message M is enough to expose and burn a source. Our technique is useful in the case that the information conveyed in message M, e.g. “Ambulance XYZ is full of terrorists on their way to fight”, is repeated multiple times, preferably on a diverse set of platforms.
This is a kind of anonymity-set: The less secret the information within enemy ranks, the better we can keep the anonymity of the SIGINT source.
The second issue we need to resolve is that a ZKP is done for a known, in practice public, statement such as the hash output of a function and the function itself. In our problem, such a statement is vital; otherwise, we prove with respect to nothing which means one can make up any message that will miss our goal.
This is, in fact, a part of an almost independent question on how can the public tell that some revealed SIGINT is indeed authentic and not fabricated. Here, we argue that there is a ‘game-theoretic’ motivation — if a government chooses to fabricate intelligence to justify an attack, the backlash, should this be discovered, is far greater than the consequences of admitting a mistake. Furthermore, since such an act is morally wrong, it could be exposed by a citizen with a strong moral compass, leading to internal dissent.
The question remains: how can the prover generate a public statement that is trusted to be traced back to the raw SIGINT? As a first attempt, we try to identify a trusted-third-party and minimize the trust assumptions.
Starting from a toy example:
Say that we need to prove in ZK to the BBC that a school was destroyed because of SIGINT indicating it was used as a terror base and not as a school (and obviously had no civilians inside).
The message M framing the school is shared in secret with the NSA, the US SIGINT agency, or even with specific individuals within the BBC with appropriate security clearance. The NSA, in turn, will publish a statement such as Hash(M), the hash of message M, which on the one end is not helpful to extract the full message M, but is certainly usable for ZKP. Now the prover can generate a ZKP that the message M is a conversation containing sentences framing said school.
With a more futuristic view of the battlefield, we can remove trust much further:
There are only a handful of suppliers for military-grade gear. The supply chain usually starts with a small number of large hardware manufacturers, either unaware of how their hardware components are integrated into systems, or aware because they are part of a defense industry. Most suppliers are global companies, and sell to various governments.
There is a growing trend for developing open silicon which will help make these hardware vendors trustless. More specifically, one of the first open-source initiatives is for hardware Root of Trust (RoT), with companies building atop reference frameworks, such as industry-accepted OpenTitan. With a transparent RoT in silicon, it should be possible for the hardware vendor to attest to a message M or some related telemetry T coming from a communication device that runs on the hardware. Attestation for encryption or some commitment to the message M should be good for use in ZK.
A possible solution without needing a trusted party would be an AI model. Assume that a combined effort can be applied to create an open-source model that can analyze raw intelligence material and answer questions about it with measurable reliability. Such a model can be publicly tested on public data to see that it complies with some reliability threshold. One can then generate a ZKP that a certain (secret) message M was run through the model along with a (public) question Q, to obtain a (public) answer A. The ZKP would prove that no one had tampered with either the model, the question, or the answer.
Bottom line, we think this is an interesting design space that can influence how SIGINT products are spec’d. More ideas and PoCs are welcome
Summary
While still far from us today, it seems the basic conditions to apply ZKPs to publicly share insights from SIGINT are there. Sadly, it seems like wars are inevitable; however, if we as a society are smart enough to take advantage of ZK tech on the battlefield, we can potentially offer a mathematical way to avoid one of the worst kinds of conflict escalation, simply by releasing some siloed data.
Disclaimer: The authors are Israelis and served in unit 8200 of IDF intelligence.
