Composable Identity with ZK: Avoiding Web3 data monopolies, and marketing and phishing empires

Phil Kelly

Cybersecurity, digital identity, 3D illustration Getty

The digital identity world is in build mode, and its adoption of Zero Knowledge Proofs (ZKPs) will lead to a powerful new generation of decentralized apps. New use cases under development include:

• Pseudonymous KYC, to help DeFi protocols with needs related to the regulatory environment.
• Proof of credit score / credit score range, to help open up DeFi undercollateralized lending.
• Proof of unique liveness, to prevent sybil attacks and overclaiming of economic benefits.
• Proof of token ownership / experience (e.g., I voted in five DAOs, or I achieved a return of over x% on my crypto portfolio) to support privileged interactions with DAOs, games, NFT drops, DeFI protocols, or for gated, anonymous access to a shared communication group.

The O(1) Labs team has talked to numerous startups in the space in recent months — identity has a strong affinity with ZKPs. We’re envisioning a future where identity information becomes something developers can easily consume and owners of the information can safely provide, without resorting to centralized intermediaries that are prone to attacks or predatory actions. In this new world, sharing of valuable information will be facilitated by zero knowledge proofs that attest to properties of information, rather than the raw information itself.

The new dynamics for identity space will be based on:

• Composability analogous to that emerging in DeFi. A dApp will be able to call elements of identity from multiple sources in real time for a decision based on the aggregate picture.
• New identity Primitives based on ZKPs. These will enable more expressiveness and precision, with less information exposure (e.g. the ability to prove I don’t live in North Korea without disclosing where I live).
• New economics (e.g., user-driven monetization, micro-payments).
• Siloing by choice. An ongoing preference amongst users to keep aspects of their web3 lives siloed, to maintain privacy, for security (avoiding honeypots of data and assets), or simply because it’s easier and cheaper to keep digital assets and attestations where they first acquired them, on multiple chains and wallets.

How will an identity ecosystem employ composability and reusability? To give an example: A user of zkApp A on Ethereum will be able to verify a proof (e.g., credit score over 700) that will then be permanently reflected in Mina’s global consensus proof. The user will then be able to present the same verification to support an interaction with zkApp B on any other chain that Mina is bridged to in the future. For example, the user could ‘compose’ multiple independent proofs into a single richer overall statement (e.g., “I am a resident of Australia, with more than 3 years of crypto experience, and in the last month owned a CryptoPunk and had a credit score of over 700”) and use it for access to a DAO. We have used Mina as the common layer in this example (for a range of reasons, including the availability of free proof composition across zkApps, and the no-gas-fee verification model) but in fact there will likely be multiple infrastructure routes, just as there are within the internet today, and as there will be for modular Web3 in general.

A number of technical building blocks will be necessary for this future to be fully realized (in addition to fast, affordable proof generation and verification):

• Persistence of proof verification so that proofs can be reused over time.
• Accessibility of the proof verification from multiple dApps and chains, with an early focus on Ethereum*.
• Context: The ability of a dApp that is seeking to reuse an existing proof to understand the meaning / context of that proof when it was originally generated.

ZKPs will play multiple roles in the new identity solutions:

• zkOracles in the future will attest to the provenance of offchain data, and reduce data sets to avoid unnecessary data leakage. For example, proving that account balance data harvested by the user from her bank has not been tampered with, and masking it down to just a total balance number.
• ZKPs will allow greater trust in off-chain computation: Proving that a credit score model was run correctly (e.g., without the insertion of malicious or erroneous code) despite the dApp that consumes the output not witnessing it directly.
• Data sets composed in this way will be re-generalized using ZKPs to avoid unnecessary information exposure. For example, proving someone’s Web3 credit score is over x, without telling you the inputs to the model or the exact score.
• ZKPs will allow data indexers to prove the validity of their work (instead of needing to rely on a slashing mechanism).

To speed up, and reduce the delivery cost of solutions, common utility components will be required, such as the code OxPARC has pioneered for Signaling (Semaphore) and for Nullification.

Thanks to the new capabilities, identity will have more dimensions in the future. Consumers will become more educated about their choices and have new expectations and dApps will need to code in choices as options for the customer. Some examples of the variables emerging in identity are:

Proof of identity:

• Transparent
• Pseudonymous
• Anonymous (disconnected from the rest of Web3/2 life possibly re-anonymized transparent or pseudonymous identity)
• Unique
• Live (not a bot)

Credentials:

• Proof of group membership based on a token (I own any CryptoPunk)
• Proof of Web3 activity (my return on investing is over x%; I have voted in five DAOs)
• Proof of Web2 data (my credit score is x, or my credit score is between x and y; I have a live email at company x; my residency is not a sanctioned jurisdiction)
• Reputation (based on Web2 and Web3 activity)

Expression:

• Proofs may lead to the generation of a token (usually non-transferrable NFT) or an attestation that could live off chain, usually attached to a wallet. The merits of each approach, including in the context of Soul Bound Tokens, is currently under debate in the industry.

As adoption continues, O(1) Labs is committed to fostering the healthy growth of the ecosystem around ZKPs and Identity:

• We discussed Identity and ZKP during the first of a series of Twitter Spaces earlier this week, with Daniel Kelleher from Civic and dcbuilder from WorldCoin (both of whom have had some exposure to SnarkyJS).
• The Mina Foundation continues to offer grants for projects that will contribute to the acceleration of the ecosystem as a whole.

If you’re a developer who’d like to get their hands dirty with these use cases, along with many others that zero knowledge proofs enable, we invite you to try out zkApps and SnarkyJS. You can also participate in the recently launched zkSpark program from the Mina Foundation.

Please reach out to us to learn more at partners@o1labs.org

Follow O(1) Labs on Twitter for all things #zk