[this document was started on 1 Aug 2020]
# zero-knowledge in civic tech: an overview of three use-cases
## 0. introduction and motivation
Zero-knowledge is useful in many areas of civic technology. At a high level, we employ zk-proofs to publicly prove some qualities about sensitive data, while concealing the data itself. Civic technology, by its nature, must provide wide-reaching services which simultaneously involve sensitive personal data: from which combination arises several natural use-cases for zk-proofs.
(NB: most examples used in this article are taken from the Singaporean context.)
## 1. safely reporting employer misconduct
Low-wage migrant workers in the construction, shipyard, cleaning and food services industries are often exposed to illegal and endangering work conditions. However, many of them are reluctant to lodge complaints against their employers, for fear of being dismissed and repatriated. [^TWC2]
One way to mitigate employees' fear of repercussion is to enable them to blow the whistle on their employer anonymously. An employee should be able to simultaneously:
- prove membership in a certain company, but also
- conceal their personal identity.
An anonymous signalling mechanism like [Semaphore](https://github.com/appliedzkp/semaphore) can be easily adapted for this use-case.
## 2. anti-bribery voting in municipal fund allocation
Municipal-scale decision-making bodies, like town councils, often vote on the allocation of resources. However, lucrative municipal tenders can incentivise bribery or vote-buying from unscrupulous contractors. [^AMKTC]
Collusion-resistant voting systems like MACI (Minimal Anti-Collusion Infrastructure) render these bribes ineffectual. [MACI](https://github.com/appliedzkp/maci) allows a voter to pre-emptively invalidate her vote in zero-knowledge. This makes it impossible for a briber to know whether or not the vote being cast had already been previously invalidated: and without this confidence, a briber would be reluctant to invest the promised sum.
Further, collusion-resistant infrastructure can be combined with innovative voting mechanisms like quadratic voting [^clr.fund], which takes into account voters' degree of preference and discourages polarising decisions.
## 3. reducing data-sharing with third-party vendors
Singapore's Government maintains a database of citizens' identifying data in the [SingPass](https://www.singpass.gov.sg/) system. As of 28 July 2020, 36 partner organisations have been authorised to use SingPass for identity verification, including banks and insurance companies. [^SingPassPartners] Besides identity verification, partners can also request additional SingPass information from users (with their consent). [^SingPassData]
Sharing data with third-party vendors widens the attack surface for data breaches -- of which we have had a few in recent memory. [^SingHealth] [^MINDEF] Instead of requesting additional data about a SingPass ID, third-party vendors should simply request zk-proofs fulfilling the conditions they are interested in (e.g. "age is above 18", "income is below S$50k"). In submitting this zk-proof, citizens would only have to expose their ID to the vendor. Additional contextual information can be concealed as private inputs and would not have to change hands or be transferred to an external database.
A further benefit of zk-proof identity verification is that it distributes the proving load from the centralised SingPass infrastructure to individual citizens. The government no longer has to screen each partner organisation for access to services like MyInfo -- instead, each citizen simply creates her own proofs and shares the verified information with whomever she deems fit. By reducing the strain on a single infrastructure, this allows more companies to onboard with government-attested information, and effectively scales the identity system.
NB: although citizens can largely generate identity proofs offline, the citizen pool is updated periodically on a national scale. This means proofs will be checkpointed in time, and will have to be periodically synced online to stay up-to-date. The required frequency of sync may vary with the time-sensitivity of the e-service in question.
> I'd be interested extending this to records in general, "age is above 18" can be extended to "vaccinations a,b, c have been taken, as attested by some healthcare provider in a particular set", "has completed >=200 hours of yoga teacher training"
## 4. preserving anonymity in voucher and grant schemes
Some government programmes involve distribution of vouchers, grants, or physical items to the public based on need. Often, this is disbursed through an identity card with a status flag. [^CHAS][^ComCare][^STUFFD] However, due to the sensitive nature of these programmes, beneficiaries may not want their identities to be associated with the redemption of vouchers.
To decouple vouchers from beneficiaries' identity, we can use one-time use "tickets" which allow them to prove membership in the set of eligible recipients, without revealing their actual identity. Borrowing from the [Zcash protocol](https://z.cash/technology/), this is akin to the government issuing vouchers as "shielded transactions". Even though the recipient's identity is concealed, nobody but her will be able to redeem a voucher she owns. At the point of sale, third-party vendors who want further confirmation can request that beneficiaries include a random challenge in the voucher's memo field.
Further, this scheme allows citizen contributors to directly fund beneficiaries. (This would require offline communication of the beneficiary's ID.)
> I'm unsure about this use case. What if the govt just provides the 3rd party a list of pseudonymous IDs, and an API that lets the 3rd party check if the item has been received, and mark it when it is received? Then no ZKPs would be needed.
> [name=wei jie]
> in this case, i think each 3rd-party vendor must get a different pseudonym. (else they could come together and denonymise the beneficiaries.) we could introduce a hierarchical wallet + a mapping between child pubkeys and different 3rd-party vendors.
> what makes me antsy is that a plaintext mapping between these pseudonyms and the third-party vendors exists. whereas if we use tickets, you would need to hack the users' private key to decrypt their transactions.
> [name=ying tong]
> Instead of borrowing shielded transactions from zcash, I was thinking more of using Semaphore. A publicly available external nullifier will allow different organisations, private and public, to collaborate on a single distribution. An extension of that will be something like SupplyAlly where a distribution exercise can be periodical. For each period, we can allow define a global external nullifier.
> That leads me to think about organisation like Stuff'd [^STUFFD] which are giving free meals. I wonder how would it be like if each kid under a program can claim one free lunch everyday, across different participating organisations. The external nullifier for each day could look something like `<PROGRAM_NAME>-<DATE>`. Extending on that idea, we can have citizen fund these programs as a check-and-balance scheme can exist between private organisations providing food and kids in these program claiming against these goods that are funded publicly.
> that works, my understanding of Semaphore is that it more or less borrows from Zcash shielded transactions.
> i really like the citizen-funded approach: someone could directly send vouchers to a beneficiary.
> [name=ying tong]
> I think I've a slightly different idea. In the approach of sending a voucher I'm not certain if the beneficiaries identities will be leaked to the donor through the voucher sending channel.
> There is no 'voucher' in the scenario I'm imagining. As long as you are in the scheme, you are entitied to 1 item per epoch, say a day. In the case of Semaphore, the epoch is defined by the change in external nullifier. Since we can insert a message such as "STUFF'D", that information is public and can be used to account for how many burritos has been claimed from the organisation. The public can use this tally to help fund the program since they know that the organisation cannot fraud them - they can't send a valid claim proof without being in the set of people in the program. I'm not sure if this is the correct understanding of Semaphore, maybe wei jie can confirm?
> i see, so that's one nullifier set per day / epoch. and some central coordinator maintaining the membership set + providing Merkle paths to create proofs of membership.
> [name=ying tong]
> from what i understood of Semaphore, yes (=
> that's correct, one external nullifier per epoch (day).
> [name=wei jie]
[^TWC2]: Meera Rajah. (2014). "What plagues the migrant worker". *Transient Workers Count Too (TWC2)*. Accessed at http://twc2.org.sg/wp-content/uploads/2019/08/meera_rajah_2014_what_plagues.pdf.
[^AMKTC]: Tham Yuen-C. (2019). "AMK Town Council ex-GM jailed 27 months for bribery". *The Straits Times*. Accessed at https://www.straitstimes.com/singapore/courts-crime/amk-town-council-ex-gm-jailed-27-months-for-bribery
[^clr.fund]: Ezra Weller. (2020). "Funding Public Goods, Next Steps (Part 1)". *clr.fund*. Accessed at https://clr.fund/building-the-next-step-for-public-goods-funding-part-1/
[^CHAS]: Community Health Assist Scheme. (2020). Accessed at https://www.chas.sg/
[^ComCare]: Ministry of Social and Family Development. (2020). "ComCare Interim Assistance". Accessed at https://www.msf.gov.sg/Comcare/Pages/Urgent-Financial-Assistance.aspx.
[^SingPassPartners]: SingPass FAQ. (2020). "Can I log in private sector services using SingPass? I thought SingPass can only be used to log in to government services. (recent update)". Accessed at https://www.ifaq.gov.sg/singpass/apps/fcd_faqmain.aspx?TOPIC=210779#FAQ_2110237.
[^SingPassData]: SingPass FAQ. (2020). "If I log in to a private sector service using SingPass, will the company have access to all my SingPass information?". Accessed at https://www.ifaq.gov.sg/singpass/apps/fcd_faqmain.aspx?TOPIC=210779#FAQ_2110238.
[^SingHealth]: Irene Tham. (2018). "Personal info of 1.5m SingHealth patients, including PM Lee, stolen in Singapore's worst cyber attack". *The Straits Times*. Accessed at https://www.straitstimes.com/singapore/personal-info-of-15m-singhealth-patients-including-pm-lee-stolen-in-singapores-most.
[^MINDEF]: Rachel Phua. (2020). "MINDEF will strengthen oversight of vendors after possible data leaks: Ng Eng Hen". *Channel News Asia*. Accessed at https://www.channelnewsasia.com/news/singapore/mindef-strengthen-oversight-of-vendors-after-possible-data-leak-12240022
[^STUFFD]: Goh Chiew Tong (2019). "He went hungry as a teen. Now Stuff’d boss is feeding kids who can’t afford a meal". *Channel News Asia*. Accessed at https://www.channelnewsasia.com/news/cnainsider/stuffd-free-food-for-kids-hunger-food-insecurity-singapore-12073570