Sure, that was not the point of my post. It seems that most people have reacted to this half-sentence, I think the technical discussion would have been far more interesting for this forum, especially when it comes to applications outside of blockchains. I could list more examples where substantial losses to real clients (of "normal" businesses) could have been avoided if there was a better way of proving simple facts like bank balances to auditors (it's in fact partly related to my work).
The current process basically looks like this: an auditor will ask the bank to confirm that client X has such and such balance with them. Of course, the bank needs to be sure that the auditor is actually who they claim they are, so they get in touch with their client to confirm that they can tell the auditor their balance. Since this is a bit tricky if the auditor doesn't have a direct line of communication with the bank already, it is often facilitated by the client directly asking the bank to issue a balance confirmation to the auditor, and that's an entry point for impersonation attacks (in an overly simplified manner, that's also what happened at Wirecard). We probably don't need the exact fancy machinery of Merkle sum trees and zero knowledge proofs outlined in the OP, we also don't want to bring in blockchains, but I was wondering whether we could use some of those ideas to make the audit process for normal firms a bit safer.
The current process basically looks like this: an auditor will ask the bank to confirm that client X has such and such balance with them. Of course, the bank needs to be sure that the auditor is actually who they claim they are, so they get in touch with their client to confirm that they can tell the auditor their balance. Since this is a bit tricky if the auditor doesn't have a direct line of communication with the bank already, it is often facilitated by the client directly asking the bank to issue a balance confirmation to the auditor, and that's an entry point for impersonation attacks (in an overly simplified manner, that's also what happened at Wirecard). We probably don't need the exact fancy machinery of Merkle sum trees and zero knowledge proofs outlined in the OP, we also don't want to bring in blockchains, but I was wondering whether we could use some of those ideas to make the audit process for normal firms a bit safer.