[NCR#1 Proposal] Bountied WhistleBlowing Project with zkEmail & Noir

[YashBit]

Bountied WhistleBlowing Project with zkEmail & Noir

Summary:

In many cases, whistleblowers face significant threats, including legal repercussions, job loss, or personal harm, deterring them from coming forward with crucial information. Traditional channels for submitting tips or evidence often lack sufficient privacy and security measures, leading to potential exposure of the whistleblower's identity. This project seeks to address these issues by providing a secure, anonymous platform that leverages zero-knowledge technology, ensuring that whistleblowers can share information without fear of being identified or retaliated against.

If executed effectively, this project could have a deep profound impact on the safety of the Journalism Industry to exchange secrets. It could lead to a surge in high-quality tips, empowering journalists to uncover critical stories that might otherwise remain hidden. By combining cutting-edge cryptography with financial incentives, the project aims to create a trustworthy and safe environment for whistleblowers, potentially reshaping the landscape of investigative journalism.

An efficient marketplace with high security measures to ensure the safety of its participants. An application protected by zk Email and the Aztec Network will allow for the development of a tracking feature as well.

Use cases will include:

1. Investigative Journalism
2. Corporate Compliance
3. Human Rights Protection
4. Anti Corruption

Idea from ZKEmail Github: A bounty platform for leaks where people can bid on leaks with specific sources (i.e. from @___) and specific text (i.e. includes the phrase "___"). It creates an escrow system on chain where others can upload those anonymized leaks along with zk-email proofs that they satisfy the regexes, and reveal only the parts that they want to reveal.

Methodology:

1. Verification of Buyer and Seller

• Objective: Ensure that both buyers and sellers are legitimate and verified through KYC processes without compromising their privacy.
• Steps:
  1. zkEmail KYC Integration:
     • Use zkEmail to handle KYC data, ensuring that buyers and sellers submit the necessary identification documents.
     • Develop custom verifiers in Noir to validate the KYC data without revealing personal details.
     • Implement a zero-knowledge proof that confirms the legitimacy of the documents submitted by the buyer and seller, ensuring they meet the required standards.
  2. Anonymity Maintenance:
     • Ensure that KYC verification only reveals the status (verified/not verified) without disclosing actual identity information.

2. Verification of the Existence of Documents

• Objective: Confirm that the documents exist and verify their metadata, like size, without revealing the document contents.
• Steps:
  1. Document Existence Proof:
     • Use zkEmail to create a zero-knowledge proof verifying that the documents in question exist.
     • Design a Noir circuit that takes a hash of the document and generates a proof that the document exists without revealing its content.
  2. Metadata Verification:
     • Develop a circuit in Noir to verify metadata such as the size of the document.
     • zkEmail should be used to confirm this metadata while keeping the actual document encrypted and private.

3. Search Feature for the Buyer

• Objective: Allow buyers to search for documents that match their criteria without compromising the confidentiality of the documents.
• Steps:
  1. Search Index Creation:
     • Create a hashed index of document attributes (e.g., titles, keywords) using zkEmail.
     • Implement a Noir-based search mechanism that matches the buyer's search query against this index in a privacy-preserving manner.
  2. Private Search Execution:
     • Use zkEmail to generate a zero-knowledge proof that a match exists, without revealing the content or details of non-matching documents.

4. Regex Confirmation of Document Keywords

• Objective: Verify that documents contain specific keywords or patterns without exposing the full content.
• Steps:
  1. Regex Matching with zkEmail:
     • Implement a circuit in Noir that processes the document and checks for the presence of specified regex patterns.
     • Use zkEmail to create a zero-knowledge proof that confirms the presence of these keywords or patterns within the document.
  2. Proof Generation:
     • Develop mechanisms in zkEmail to generate and verify proofs that only return a true/false result based on the regex match, maintaining document confidentiality.

5. Escrow Holdings

• Objective: Facilitate secure financial transactions between buyers and sellers, with funds held in escrow until conditions are met.
• Steps:
  1. Smart Contract Development:
     • Develop a smart contract in Solidity for handling escrow transactions.
     • Integrate zkEmail to verify that all transaction conditions, such as document delivery and verification, have been met before releasing funds.
  2. Noir Integration:
     • Use Noir to create circuits that validate transaction conditions and communicate with the smart contract.
     • Generate zero-knowledge proofs that confirm transaction steps (e.g., document existence, verification) are complete.

Tech Stack:

Frontend (Next.js):

• UI Pages: Home, Listings, Details, Profile
• Components: Navbar, Footer, Search Bar
• Static & Server-Side Rendering

Backend Services:

• API Server: Node.js with Express
• Authentication: Auth0/Firebase

Data Storage:

• PostgreSQL/MySQL, MongoDB
• Caching: Redis

Search & Filtering:

• Search Engine: Elasticsearch/Algolia
• Server-side Filtering

Timeline and Deliverables:

Phase 1: Planning and Setup (Sep 1 - Sep 7, 2024)

• Deliverables:
  • Project plan and milestones
  • Development environment setup
  • Finalized requirements and specifications

Phase 2: Porting and Development (Sep 8 - Oct 6, 2024)

• Deliverables:
  • Circom circuits ported to Noir
  • ZK Email Verifier developed with RSA/SHA integration
  • Client-side proving functions in Noir developed and tested
  • Regex Mapping for Search Terms

Phase 3: Integration and Testing (Oct 7 - Nov 3, 2024)

• Deliverables:
  • ERC-721 tokens generated and integrated
  • Integration with Aztec Network completed
  • Financial Transaction Features
  • Comprehensive testing of all components and integrations
  • Quality assurance and resolution of issues

Phase 4: Deployment and Review (Nov 4 - Nov 15, 2024)

• Deliverables:
  • Deployment of the ZK Email Verifier and related components
  • Final documentation and user guides completed
  • Collection of stakeholder feedback
  • Review of project outcomes and recommendations for improvements

Team:

Team:

• Yash Bharti
  • Noir Circuits with PSE Grant - Porting over Circuits from Circom -> Noir
  • Smart Contracts with Solidity
  • ZK Circuit Writing : Halo2, Circom
  • Proficient with Rust, C++, Python, Web Dev - NextJS
  • NYU BA CS '22, University of Cambridge - MPhil (CBL Lab) - Deferred 2025
  • AI Research Background - Deep Reinforcement Learning for Robotics, Natural Language Understanding, Cognitive Science
  • Telegram: yb3351, Email: [email protected]

Start Date:

• 1 September, 2024

[Savio-Sou]

Hi @YashBit, thanks for submitting the second proposal! Looks clean and no technical questions so far on an early skim.

Would be great if you could shine light on are there whistleblowing / information markets that exist today:

• If yes, what are they good at and what are the challenges they face?
• If not, do you know friends / people that personally showed strong interest in the idea through the lens as a potential user?

[YashBit]

@Savio-Sou

Would be great if you could shine light on are there whistleblowing / information markets that exist today:
If yes, what are they good at and what are the challenges they face?

Hi Savio, thanks for your comment again. Yes, the market for whistleblowing is quite developed. WikiLeaks, GlobaLeaks are some incumbent players.

The core weakness is that their encryption systems are based on old ideas where the meta data is stored on servers and is hence susceptible to attacks. To hack the Ethereum blockchain, due to PoS is nearly impossible. Moreover, Aztec's security features can potentially directly play to the popularity of the website.

Moreover, they lack escrow systems. This is incorporated into the proposal idea.

Savio, this idea is a powerful one as it directly plays on top of both development trajectories. Aztec's Network - for its privacy features and Noir - for zk Email. As the ecosystem for Aztec develops and features come out in the future, the website will continue to get better. Isn't that great? If this website becomes popular, it will pull thousands of developers to the ecosystem because of the strong network effects.

More Noir code that I have written: https://github.com/privacy-scaling-explorations/zk-kit.noir/pull/9/files

[Savio-Sou]

Selected proposals for NCR#1 are announced: https://github.com/orgs/noir-lang/discussions/5932

Thank you for your support on the initiative. NCR is just one of the many ways to start your explorations with Noir, check the announcement for more potential ways to collaborate.

Let's bring the world ZK!