The product of ZKorum is an online forum where communities and verified members can create and participate in anonymous polls, surveys, discussions, and votes. On reaching the ZKorum Progressive Web App (PWA), anyone can browse the existing public surveys and their results. For example, a public poll asking European residents from 18 to 60 years old if they will choose an Electric Vehicle over a gas one. By default, surveys are publicly visible. Participating in surveys is restricted to users who can prove they hold the right credentials (eligibility). Eligibility is verified in a privacy-preserving way using zero-knowledge proof (ZKP) of users’ Anonymous Credentials (Dock’s BBS+ W3C Verifiable Credentials).
As a PWA, ZKorum is installable on most existing devices. ZKorum adopts a passwordless authentication process to improve security and enhance user experience. Unlike existing passwordless solutions, ZKorum relies on the standard WebCrypto API to generate a non-exportable private key stored in IndexedDB in the browser. A Decentralized Identifier is derived from this key (did:key method) and used to sign JWTs that are sent to the backend at every request. The exact format of JWT being sent is UCAN, the de-facto standard for DID-centric decentralized auth in the web3 space. This protocol has been initially developed by Fission and is now maintained by a growing ecosystem of users such as web3.storage, IPFS/Filecoin or Bluesky. However, no solution to this day combines the usage of UCAN with traditional email one-time password authentication and with Verifiable Credentials in the context of traditional client-server applications. ZKorum does just that: an email address one-time code is used to register a new user and its device, and then every request is signed using the device’s DID. Cryptographic secrets are generated directly in the browser, then encrypted using this available key and finally synced and backed up via ZKorum server. When adding a new device by verifying the email address with it, the already registered device must accept the synchronization via web push notification. 2FA will later be added to this process. WebAuthn would be the perfect alternative to WebCrypto because of its hardened protection of private keys and its built-in synchronization mechanism. However, only the development version of WebAuthn supports arbitrary data encryption. ZKorum will use it instead of WebCrypto whenever it is available on most browsers. Fission has already developed tools to easily integrate UCAN with this version of WebAuthn.
ZKorum combines the breakthrough of the decentralized auth space, which solely uses DID but not Verifiable Credentials, with the Verifiable Credentials space which usually works on solutions around OpenID. Some advantages of the UCAN solution over OpenID are the natural integration of local-first and peer-to-peer aspects, and the capacity to encrypt data via the private key that’s been generated. Traditionally, applications managing sensitive user data such as password managers rely on password derivation to generate an encryption key. Our solution removes the need for this complex cryptographic technique, and for a password at all. Studies show that passwords are the primary source of cyber-attacks, besides providing poor user experience.
ZKorum aims to support external wallets holding externally issued Anonymous Credentials, but instead of awaiting organizations to issue them, ZKorum takes a proactive stance by reusing the Web of Trust via email verification. Most large organizations already own a domain name and distribute unique email addresses to their members. By reusing this infrastructure, ZKorum can easily organize users into communities. Upon successful registration using a community email address, users self-attest non-sensitive attributes by filling a form, so ZKorum can issue them corresponding Anonymous Credentials. In this feature, ZKorum acts as both the issuer, and the wallet, which is secured by the mechanisms exposed above. Every member of the community is given the possibility to verify how other members filled their form, mitigating the likelihood of users entering fake data in the web forms. Email-based communities are a way to showcase ZKorum’s capabilities, convincing organizations to issue credentials themselves and more wallets to support Anonymous Credentials.
Our innovative posting/polling/voting protocol is based on the following features implemented in Dock crypto library: meta-equality proofs, blinded credentials, non-revocation accumulator proofs, and attribute-bound pseudonyms (Perdersen commitments). After the device’s browser generates a secret value, it is blind-signed by ZKorum’s server and returned in a Blinded Credential. The secret is a cryptographically random 32 bytes value, generally secure against brute-force attacks. When a user posts as a university student, his browser generates an attribute-bound pseudonym from both the “secret” attribute and the “university ID” attribute, reveals the student attribute (eligibility proof), then hashes the post metadata and payload, and finally ties everything into a Verifiable Presentation. Knowledge of the pseudonym does not give access to the user’s DID, email address or university ID. Pseudonyms are necessary for counting responses in a poll or a vote, for protecting against spam or DDoS attacks and for moderation.
On reception of the Verifiable Presentation, ZKorum verifies the integrity of the data, then forwards the hashed packet to a Time Stamp Authority Server (RFC 3161), and finally broadcasts the timestamped Verifiable Presentation on a channel of a custom libp2p node created specifically for this purpose. The frontend embeds this libp2p node and users would see their own message being broadcast, which serves as a confirmation that the message has been sent. If they don’t see this confirmation, either there is a bug or something wrong is happening. Since data is verifiable and broadcast in this public peer-to-peer network, anyone can run the ZKorum node and keep track of data. They can then visit ZKorum website, and audit whether ZKorum is compliant with its moderation policy. Thus, we build censorship-resistance.
The email-based communities feature of ZKorum generates data through a web form. For instance, in the case of a university student, this data includes attributes such as student status, enrolled or past classes, nationality, gender, age group, and year of study. The user's profile, linked to their email address, closely resembles a conventional social network profile, allowing users to share personal information with their community and the social network's server. ZKorum strictly adheres to GDPR regulations, granting users the ability to delete their data and accounts at any time while implementing robust security measures to safeguard this information.
ZKorum introduces innovation by cryptographically dissociating user accounts from the posts they create, as previously explained. Given that posts inherently maintain anonymity, this data is less sensitive compared to the user's profile information. In a further commitment to user privacy, ZKorum exclusively incorporates the hash of the post payload in the Verifiable Presentation. This approach eliminates concerns about post deletion after broadcasting to the peer-to-peer network since only ZKorum's server possesses the corresponding preimage. Moreover, ZKorum actively manages deletion requests from the anonymous pseudonyms responsible for the posts.
ZKorum extensively uses IPLD to address voting data:
- 1 vote proposal = 1 CID representing the content (name of the question => 1 child CID, list of choices => N children CIDs, etc).
- the list of vote proposal CID is publicly pinned to IPFS by ZKorum
- the exact content of the vote proposal (values behind the CID of the name of the question and choices) is not pinned to IPFS
- the list of anonymized valid votes for each proposal is constantly pinned to IPFS by ZKorum (the only thing to anonymize are comments which are hashed to CIDs)
- the raw comments are not pinned to IPFS by ZKorum
ZKorum provides a libp2p node that anyone can run:
- you configure which vote proposal CID you're interested in
- it will listen to the corresponding libp2p topic
- anyone can publish valid vote in this topic directly instead of going through the UI.
- ZKorum runs a node that listen to all the vote proposal topics
- each time ZKorum receives a new valid vote, it updates its local database
- the local database containing each valid votes for each proposals is regularly pinned to IPFS (in anonymized form, see above)
- a valid vote is a vote signed by a DID that hold the eligible credentials. It is verified in a privacy-preserving way