# Harmful coordination using zk membership proofs _Epistemic status_ - I'm guessing that others have had similar thoughts, but I think it's important for us to share ideas in order to deepen our understanding of the harm that the technology we are working on could introduce. - Would like to get feedback on a moderation method that I describe here, especially from the perspective of how could it affect the behavior of people/groups. - The moderation method doesn't introduce new primitives and is simple so it's likely to work, but it could contain errors in the stated details since it's not yet rigorously assessed. If Bitcoin aided the exchange of value in the illegal markets, zk membership proof could become the catalyst of illegal information/intelligence markets. That is, zk membership proof enables trustlessness coordination and better coordination usually makes markets more liquid. So how can we prevent government employees from selling top-secret information to hostile nations, or scammers from buying credible signatures to make themselves more believable? Even though we are working on anonymous proving technologies, I think the dominant issue is not zk proof of membership nor similar zk schemes, but the social context equipped to public keys. That is since anyone can view which Ethereum addresses have what authority or rank, nothing is stopping dark web dealers from bribing credited DAO members to disclose confidential information. Therefore one can argue that Ethereum addresses with social context, or SBT-style verifiable public information can be used for harm, not just by authoritarian governments but also by ordinary bad actors. Fortunately, we still don’t have much meaningful information on-chain. Therefore, before we start providing meaning to Ethereum addresses, we probably should set some preparatory measures that allow defending from such unwanted uses. ## Potential measures ### m of n threshold public key decryption This is a method that allows disclosing the public key of a membership proof if $m$ of $n$ moderators or members in the group agree to do so. Such a method can only be used in situations where there is a way to define moderation policies, and participants agree to enforce a policy. Hence not a solution against bad coordinatinos. We use a variant of [Shamir's secret sharing](https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing), to extend the standard zk membership proofs circuits. **Private inputs** - $s$: secret value to hash the public key - $c_1 … c_{m-1}$: secret coefficeints **Constraints** - Hash the signer public key with a secret - $\mathrm{pubKeyHash} = \mathrm{Poseidon(publicKey, s)}$ - Evaluate a degree $m$ polynomial with coefficients $s, c_1 … c_{m-1}$ at predefined $n$ points ($s$ should be the degree-0 term). - $y_1 … y_n$ = $\mathrm{evalPoly}(s, c_1 … c_{m-1})$ - encrypt each $y_i$ with $P_i \in P$, such that $e_i = y_i * P_i$ - $e_1 .. e_n$ = $\mathrm{encrypt}(y_1 … y_n)$ **Public inputs/outputs** - $e_{1} .. e_{n}$: the encrypted y-coordinates as defined above - $\mathrm{pubKeyHash}$ If $m$ of $n$ moderators decrypt $e_i$-s and obtain the y-coordinates, the y-intercept of the polynomial (i.e. $s$) can be retrieved. Each public key in the group can be hashed with the retrieved secret to be checked against $\mathrm{pubKeyHash}$. ### Make public keys non-public information. Given the possibility that public knowledge of the authority of public keys could fuel the dark markets, not attaching high stake information to public keys could be a necessary measure. Moreover, not only the knowledge of the authority of public keys could catalyze illegal activities, but simply the knowledge of the public key of an acclaimed person could be used for bad coordination. That is, proving that you have received an email, text message, etc from that acclaimed person in zero-knowledge, could become a powerful primitive in the dark markets. ## Further research - Read the [Decentralized Society paper](https://deliverypdf.ssrn.com/delivery.php?ID=408124104112068025084068092118067107123017009086086028121015022064005101014066116111030053120027118109011115066031087092118030123038039076068071118000095067126105080052069051025105064070112112007110094029071070127123109101066120075126065086103004016113&EXT=pdf&INDEX=TRUE) and understand the benefits of providing social contexts to public keys and the concerns raised in the paper itself.