Zero-knowledge proof(ZKP) is a nascent technology where one party can prove to another that they know the value of something without sharing what something is.
In this article, I hope to share how ZKP can be used in CivicTech to create the next generation of public goods where government, businesses and citizens can better infrastructure to collaborate with one another. Specifically, I will explore 3 use cases where ZKP can be applied.
Low-wage migrant workers in the construction, shipyard, cleaning and food services industries are often exposed to illegal and endangering work conditions. However, many of them are reluctant to lodge complaints against their employers, for fear of being dismissed and repatriated.
One way to mitigate employees’ fear of repercussion is to enable them to blow the whistle on their employer anonymously. An employee should be able to simultaneously:
The application can similarly help:
Some government programs involve distribution of vouchers, grants, or physical items to the public based on need. For instance, the Singapore government has conducted multiple distribution exercise during the pandemic where it distributed masks and TraceTogether tokens using the SupplyAlly application.
However, not all distributions exercises are large scale and conducted by the government. Some of them are by NGOs for a subset of the population, which often involves vulnerable groups of the population.
An application which respect the dignity of the individuals should be able to:
An example of how this application can work will look like this:
Several governments around the world like Singapore & Estonia has formal national identity systems. In Singapore, the SingPass is used by citizens to interact with all Government e-services as well as services from 42 private organisations (as of 14 November 2020). In Estonia, the state issued e-identity allows citizens to use digital signatures to interact with both Government and private e-services — it can even be used to cast votes during an election!
In both cases, when citizens interacts with a non-government e-services the citizens share their unique personal identifiers such NRIC in Singapore’s case and the public key Estonia’s case. This subjects the citizen to additional risks such as:
As we know it would be very hard to have all the private organisations using the identity infrastructure to uphold the same data protection standards as the governments themselves. Governments may be in a pickle to choose between an identity infrastructure that is inclusive and allows any developers to build on, versus one that is secured but may only be used to interact with government e-services.
Ideally, the digital identity infrastructure provided by the government which citizens may use to interact with private organisations should:
If more assertions needs to be made during the interactions with the private organisations’ e-services, ZKP may also be used to prove conditions like:
With these constraints, it allows companies such as telecommunication, utility companies, e-commerce or even cryptocurrency exchanges to provide service to the user and in cases of disputes or investigations, that the account could be frozen to prevent the individual from accessing their services or creating new accounts.
All of these, without revealing more information than required.
One might think that the use cases mentioned might be a pipe dream, but what if I could tell you that the tools are readily available for a proof-of-concept (POC) work to solve all of the 3 use cases?
In fact, components from Semaphore could be used to solve all 3 use cases, with exception to the range proves on the additional properties in the last use case which is really easy to solve with a ZKP framework with range proof available.
In a following blog post, I will take a deep dive into how we can build a POC using semaphore for the anonymous goods distribution use case (the most complex of the 3 in my opinion).
Subscribe to my mailing list if you like to be notified on how to build such identity infrastructures.
Special thanks to Lai Ying Tong from Electric Coin Company & Koh Wei Jie from Ethereum Foundation for contributions to the original memo titled “Zero-knowledge in civic tech: an overview of three use-cases” where this article is based on.