Developer Diaries: designing a privacy-respecting application using zero-knowledge proofs (ZKP)

|

Developer Diaries is a series about the stories behind the product. It provides a first-hand account of the process of building. In this edition, we sat down with Raymond Yeh, the creator of VeilOS, a proof-of-concept application that uses zero-knowledge proofs to grant user anonymity while allowing them to authenticate against a platform.

 

The project aims to improve internet privacy, an increasingly important issue as more personal, financial and browsing information is stored online. Raymond also writes about privacy, decentralised applications and personal finance on his blog, geek.sg.



Log entry: Raymond Yeh

 

Privacy is an important issue. There are few things you can do online that can guarantee you anonymity. As more of our lives go digital, privacy becomes a big issue because of all the personal information stored online. It could be your monthly salary, your medical records or your home address.

 

This issue makes it difficult to create applications such as an anonymous voting platform and a place for whistleblowers to report issues safely. Take electronic voting for example. It could replace how we conduct General Elections in the future. But there’s a conundrum in creating such a system: how do you authenticate users as eligible voters while ensuring it doesn’t know who they voted for?

 

Currently there’s no way for governments to ensure both authentication and anonymity. On one hand, true anonymity is possible, but it doesn’t allow for authentication, making voter fraud an issue. On the other hand, authentication without anonymity inevitably leads to people saying things like they lost their job because they voted for the opposition party. This project was about finding that middle ground.

 

Zero-knowledge proof

Zero-knowledge proof (ZKP) provides a potential solution to this problem.


ZKP in essence allows you to prove the knowledge of something without revealing what it is. It is used in applications to exercise business constraints. However, the problem with ZKP is that it’s a mostly theoretical solution that exists in academic papers. It’s never actually been tested for real-life applications.


The initial idea for VeilOS came about during discussion with a group of friends in the ZKP space. I met them through a local chapter of a foundation, RadicalxChange. It’s a global organisation with some pretty influential people on its board, including Glen Weyl (political economist and social technologist), Vitalik Buterin (creator of the Ethereum) and Audrey Tang (Taiwan’s digital minister).


We were quite excited to explore beyond the academic side of ZKP. There are a lot of papers on it, but little on how it can be used practically. I’m a civil servant, so naturally the conversation turned into how we can apply ZKP in civic tech. Our conversation produced this memo.


Diving deeper into the ZKP resources, I wanted to build a proof of concept to showcase how it could be done. It would allow users to vote anonymously by exercising the following business constraints:

  1. Only members of a group can vote
  2. Each member may only vote once (or not vote)
  3. The vote cannot be attributed to the individuals


I used ZKP to enforce the following properties to fulfil the above constraints:

  1. The user submitting the proof is a member of a group (i.e. citizen of a country) without telling you which.
  2. The proof has a nullifier (think of it as a unique ID) that can be proven to be deterministically derived from the user and the topic, without revealing the user identity. This prevents duplicate submission of a user to a topic (i.e. voting twice) by rejecting entries with duplicated nullifier.
  3. The user submitting the proof possesses a secret key only known to him to authenticate himself without revealing the secret key.

 Photo caption: VeilOS is a privacy preserving application engine

Creating VeilOS

The biggest worry I had about creating this project was ZKP followed by the UI and UX. ZKP was something I only understood from a high level. It involves a lot of academic concepts like polynomial equations and variations. I was more interested in its application than the math behind it. As a result, creating the actual circuits would be quite challenging.

 

Fortunately, I came across this plugin called Semaphore, which packaged a Circom circuit with some easy to use APIs for the app. It was basically everything I needed.

 

I took about two weeks just tinkering with the package and making sure it worked, before implementing functions. The next thing I did was to fire up the backend code. It’s a bundle of serverless functions to be deployed on AWS Lambda. It uses DynamoDb as the data source to store proofs and groups. At the same time, I used React to create the frontend application which is deployed as a static website using Netlify.

 

I used this method because I’m quite familiar with a serverless framework, and it’s cheap and easy to maintain. The next part was UI and UX. This took about two weeks because it was difficult to present the application in a way people can understand. The current manner is still not usable for the layperson.

 

During my programme at RadicalxChange, I traded ideas with a few mentors. After that, I came up with a revision, and I plan to do a UX revamp in the future. But right now, VeilOS is still missing some key infrastructure like public keys that will allow it to run at a large scale. In the meantime, I’m pursuing another project while waiting for the supporting technology to develop. The product is a bit ahead of its time, so we still need to wait for that bridge between the current and the future world.

 

The importance of privacy

The project showcased something that couldn't have been done before. For example, there is currently no way an e-voting platform can prove to users that the platform owner does not know who the users vote for. This is extremely important if any nation decides to allow its citizens to vote online and prove (not just assure) them that the votes are confidential and non-attributable.


In addition, as systems become more interconnected and data being more free-flowing among previously siloed systems, data is more at risk of being leaked. This project showcases how coordination among not just systems, but organisations, can happen without sharing of personal data.


I hope the project becomes a living proof that a better alternative exists for building applications that respects the privacy of individuals. That developers and organisations can no longer say that they do not have any choice to not share your data with other organisations.


In addition, there is a little hope that organisations, especially governments, will be interested in using it for things like anonymous voting, whistleblowing and feedback applications.

If you’re interested to learn more

  • If you don't understand the value of privacy read this

If you have understood all of that and want to take action, or knows of a policy maker, feel free to reach out to me at https://geek.sg/contact/


Low-balled on salary during Offer?

Join the smarter way. Discover upfront real salary data backed by payslips and offer letters.

Join the growing community of 800+ tech talents who have already submitted their salary data. Put an end to salary opaqueness here in Singapore!

Follow us on Telegram (@nodeflairsg) for the latest Tech Insight, Reads, Salaries & Job Opportunities!

Related Articles