Back to Blog
Technology Tax Coretax Data Security

Understanding Zero Knowledge Principle in DGT Coretax System

Arunika Consulting

The application of the Zero Knowledge principle in the Coretax Directorate General of Taxes (DGT - Direktorat Jenderal Pajak) verification process is a data security mechanism designed to protect taxpayer privacy when conducting inter-agency data integration.

Here is a detailed explanation of the application of this principle based on available sources:

1. Definition and Basic Concept

Simply put, the Zero Knowledge principle in the Coretax context is a security method where one party (DGT) can verify the truth of information without having to know, copy, or store that information in full from the original data owner (other agencies).

2. NIK (Population Identification Number) Verification Mechanism

The most tangible application of this principle occurs during the Coretax account activation process using NIK as NPWP:

  • Not Data Taking: The working mechanism is not โ€œtakingโ€ or copying population databases from the Directorate General of Population and Civil Registration (Dukcapil - Direktorat Jenderal Kependudukan dan Pencatatan Sipil) to DGT servers.
  • Verification and Confirmation: The Coretax system only sends verification requests to the Dukcapil system to ensure whether the NIK is valid and matches the entered name.
  • Minimal Response: The Dukcapil system only provides answers in the form of โ€œyesโ€ or โ€œnoโ€ confirmation, and minimal information needed to ensure identity. Dukcapil does not hand over the entire population data to DGT.

3. Biometric Verification (Face)

This principle is also applied to the face recognition feature:

  • Authentication Purpose: The face verification process aims to ensure that the party performing activation is the legitimate identity owner.
  • No Permanent Archive: Face visual data is only used for momentary authentication. DGT does not collect these face photos to become permanent biometric archives.

4. Purpose and Benefits

The implementation of this Zero Knowledge principle has several strategic objectives:

  • Preventing Redundancy and Leaks: Reduces the risk of data leaks that often occur due to duplicate data (redundancy) in various government agencies.
  • Separation of Authority: Emphasizes that population data remains the domain of Dukcapil, while DGT only manages data related to tax authority (such as SPT).
  • Regulatory Compliance: Fulfills the mandate of the Personal Data Protection Law (UU PDP - Undang-Undang Perlindungan Data Pribadi) by ensuring data processing has legal basis, specific purpose, and strong security systems.