- Several researchers have proposed a new method of location sharing
- The method maintains the confidentiality of users while sharing relevant data
- This could have great implications in the industries
The researchers have found a new method to “prove” where you are, without having to share sensitive location data.
If adopted, the method could have major implications for companies such as carpooling or delivery, smart cities and public transport, or digital advertising and marketing.
The article, presented recently at the IEEE 2025 symposium on security and confidentiality, was written by the authors Jens Ernstberger (Munich Technical University), Chengru Zhang (Hong Kong University), Luca Ciprian (Munich Technical University), Philipp Jovanovic (University College) and Sebastian Steinhorst (Technical University of Munich). It is called “the confidentiality of the location of zero knowledge via precise rumbles with floating comma”.
How does it work and what are the drawbacks?
Simplified, it works like this: instead of revealing their exact location (as is the case today), the user creates a cryptographic commitment (essentially, the data is locked behind a crypto key). The data cannot be modified, but cannot be consulted by third parties either.
Then, the device performs an algorithm of proof of zero knowledge, proving that the data locked behind the cryptographic key is correct. In the end, the auditor (who can be an application or a server) checks the proof of zero knowledge, and due to the cryptographic properties, they can confirm with confidence that the location meets the condition without ever seeing the exact coordinates.
The key limitation of the method is that it does not intrinsically guarantee the authenticity of location data. Since the system is based on the device or user to provide location data in the first place, it can always be usurped (if GPS data is false, for example).
In the article, the researchers proposed a solution to verify that proof of location is not forged, which implies the communication of the network with a third party (for example, the global signals of the satellite navigation system (GNSS)). In this case, the data on the place where the device indicates that it is located would no longer be non -interactive.
Via The register
