The immense potential unlocked by SSI in content-centric social networks (forums) is largely unaddressed by the recent wave of decentralized social networks. Enter ZKorum - a network of verifiable communities where members create anonymous polls and discussions. In this episode, Nicolas Gimenez, the Co-Founder and CTO of ZKorum, unveils the Alpha version and delves into its architecture, drawing inspiration from SSI, DWeb, and Password Managers.
2. 1. Empower global SSI communities
2. Open to everyone interested in SSI
3. All content is shared with CC BY SA
Alex Preukschat
@SSIMeetup @AlexPreukschat
James Monaghan
@james_monaghan
Coordinating Nodes
SSIMeetup.org
SSIMeetup Objectives
3. Nicolas Gimenez
Co-Founder & CTO of ZKorum
❖ Software Engineer for almost 10 years
❖ Technology & Community Agnostic
❖ Firm advocate for Digital Privacy and Free Software
❖ DWeb, SSI & Applied Cryptography enthusiast
❖ Prev. Lead Developer in the Protocol Labs Network
About Me
Tribute To
4. Social network landscape
Follow People Follow Topics/Communities
Mainstream
Emerging
Censorship-resistant
Anonymous, yet
Verifiable (ZKP)
Censorship-resistant
Own your Social Graph
Verifiable (no scam/bot)
DWeb + SSI (VC, DID, etc)
Open-Source
DWeb (+ DID)
Open-Source
5. Each Individual is a collection of Personas:
eligibility/post as…
… a 2009 NYU alum
… a resident of the 7th District of Paris
… a parent … an employee of the Protocol Labs Network
… a refugee … a researcher in infectious diseases
… a patient of Dr. House
… an accredited investor
… a buyer of the iPhone 15
… a woman
6. ZKorum 2027,
The Next Generation eAgora
Addressing everyone who owns Verifiable Credentials.
Bringing democracy to everyday life and local communities.
A platform for minorities & the Silent Majority to be heard. 🤝
ZKorum will drive mass SSI adoption for
- Public Opinion Polling
- Discussion / Debate
- Non-Critical Voting
- Market Research
7. ZKorum will become the most trustworthy, inclusive, and
impactful anonymous community for students and
professionals worldwide.
Our Mid-Term Vision
ZKorum proactively reuses the Web of Trust by issuing
Verifiable Credentials to community members who
verify their professional or school email address.
8. Where the “Real Talk” happens.
Get feed across different schools and companies
Log in with your school/work email address to
post as an anonymous member of your organization
No Hate Speech & No Personal Names
(unless they are public figures on Wikipedia)
★ Optional AI Rewrite
AI can locally rewrite your posts in a more positive tone
★ Verifiable Moderation
Cryptographically auditable conflict resolution
ZKorum MVP
Data is purely
for illustration purposes.
10. System Requirements
❖ Privacy-First - we prioritize Privacy to Security and UX
➢ Anonymity By Design
➢ User posts must be anonymous even for ZKorum and for the Issuer(s)
➢ Even if a data breach occurs, the anonymity of user posts must be guaranteed
❖ Transparency - Don’t Trust, Verify
➢ Open-Source - don’t trust us, verify the source code does what it is supposed to
➢ Censorship-resistance - don’t trust the server, verify its actions:
■ Every interactions between clients and server must be verifiable
■ Verifiable Data & Verifiable Moderation
❖ High availability and scalability - we are an open social network!
➢ DDoS attacks prevention, protection from scams, bots and spams
11. ZKorum architecture overview
❖ A client side application that’s a Progressive Web App (PWA): it’s a web
application that’s installable on any device. When you install it, under the
hood it still runs in a browser, without you noticing it.
➢ Example of mainstream PWA: X (Twitter) Lite
➢ Cross-platform
➢ Cheap to develop
➢ Focused on web standards, e,g,: WebAuthn, WebCrypto, and one
day the Verifiable Credential Web API
❖ A classic backend communicating with the PWA via an HTTP API
❖ Verifiable data transits in this centralized client-server application,
building accountability
❖ We use CID (IPLD) to identify posts, comments etc - so this static data
can be served via IPFS (or Filecoin)
❖ We broadcast proof of posts on Nostr for censorship resistance
12. SSI x DWeb: ZKorum’s trust-minimized architecture
based on the principle of data minimization
Frontend (PWA) - device represented by
did:key. Holds private secrets securing zkp
Application server
Traditional server’s
database: contains
Verifiable Posts:
Payload + Proof.
HTTP API Verifiable interactions:
- UCAN for User Profile requests
- VP for other requests
Nostr
(permissionless
peer-to-peer network)
Proof = {
presentation: {
postAs: <zkp proving I am
a student of Acme Univ>,
context: <Payload CID>
}
timestamp: <time signed by TSA server>
}
Proof CID ~= hash of Proof == Post Unique ID
Payload = {
eligibility: “Acme University alumni”
question: “How much do you earn?”
}
broadcast
listens
Anyone can act
as a watchdog
IPFS/Filecoin: a
p2p network that
can serve Payload
CIDs or Proof CIDs
pins
14. Why does our PWA embed an internal wallet?
We are adoption-obsessed.
❖ Downloading a secondary app for using ZKorum is currently too much friction.
❖ Protocols for choosing among credentials and wallets are not mature yet.
❖ Our privacy-preserving posting protocol is currently only compatible with the Dock
Wallet.
❖ Time-consuming to implement external wallet support for ZKorum Alpha
For ZKorum 1.0, we aim to be compatible with open standards and support as many
external wallets as possible.
❖ We have no intention to be a contender in the upcoming Wallet War.
❖ We consider Wallets to be a common good that should be 100% open-source for
transparency & privacy sake, and contributed to by every stakeholders.
15. ZKorum internal wallet: why NOT using seed phrases?
Most wallets use seed phrase for recovery and backup.
We decided NOT to go that route because:
- It is not user friendly, whereas UX and adoption is
our north star
- Our privacy-preserving polling protocol requires to
sync and reuse secret values between the user’s
devices instead of re-generating them.
16. Inspired by password managers…
To provide privacy in the hand of the Holder, ZKorum needs to generate secret values only
known to the Holder’s device. We need a way to secure these secrets and synchronize
them between the user’s devices.
Log in using a
Master Password
Master Encryption
Key locally derived
Encrypted
user’s
passwords
Device 1
Device 2
PBKDF2
deterministic
encrypts
passwords
Backend
storage:
Encrypted
data
stores
Locally in
device
synchronizes between devices
17. …but passwordless & DID-centric
Passwordless
❖ Passwords are the #1 cause of cyber attacks
❖ We can’t expect our users to use a strong password
❖ PBKDF2, which is used to derive the Master Encryption Key, is
particularly difficult to implement and secure correctly
DID-centric
❖ Credentials are issued to a DID so devices must have a DID
❖ DID as identifier opens up lots of possibilities:
➢ Verifiable interaction with the server using UCAN
➢ Easy blockchains and p2p integration using UCAN
➢ DID as the IP address of the “identity layer”
18. UCAN: the de-facto standard for DID-centric
decentralized auth
A JWT that can be used
client ->client, client->server (HTTP Bearer Token) and server->server:
{
"aud": "did:web:zkorum.com",
"att": [
{
"with": "https://zkorum.com/api/v1/auth/verifyOtp",
"can": "http/POST"
}
],
"exp": 1701644840,
"fct": [],
"iss": "did:key:z13V3Sog2YaUKhdGCmgx9UZu[...]",
"prf": []
}
Created by
Used by
19. ZKorum login/register - internal wallet: email (1/3)
- Email verification + Fission’s UCAN.xyz:
1) Generate an
unexportable private
key using the standard
WebCrypto API
did:key:<public_key>
Login/Register
attempt
Device 1, in-browser
2) derives
Backend
storage
3) Signs UCAN
as bearer token
Application server
4) Sends Verifiable HTTP request,
payload = email, bearer = UCAN
5,7) Stores did:key <-> email <-> OTP
5) Generates and
sends OTP via email
6) Guessed OTP signed with UCAN
23. Supported Credential Formats
❖ Proofs generated from the Verifiable Credentials must provide:
➢ Verifier & Issuer Unlinkability => currently only BBS+ Credentials match
➢ Selective Disclosure
➢ Arbitrary Zero-Knowledge Proofs:
■ Advanced eligibility: “only people > 18 yrs old” or more sophisticated
■ Blind signatures
■ Anonymous pseudonyms (Pedersen commitments)
■ => currently only Dock BBS+ Anonymous Credentials match
24. SSI x DWeb: ZKorum’s trust-minimized architecture
based on the principle of data minimization
Frontend (PWA) - device represented by
did:key. Holds private secrets securing zkp
Application server
Traditional server’s
database: contains
Verifiable Posts:
Payload + Proof.
HTTP API Verifiable interactions:
- UCAN for User Profile requests
- VP for other requests
Nostr
(permissionless
peer-to-peer network)
Proof = {
presentation: {
postAs: <zkp proving I am
a student of Acme Univ>,
context: <Payload CID>
}
timestamp: <time signed by TSA server>
}
Proof CID ~= hash of Proof == Post Unique ID
Payload = {
eligibility: “Acme University alumni”
question: “How much do you earn?”
}
broadcast
listens
Anyone can act
as a watchdog
IPFS/Filecoin: a
p2p network that
can serve Payload
CIDs or Proof CIDs
pins
25. Types of Credentials
To participate on ZKorum, users need two types of credentials:
❖ Community Credential (CC)
➢ External credential: digital passport, proof of employment, proof of enrollment
in a school…etc. ZKorum is NOT the issuer.
➢ Email-based credential: issued by ZKorum after the user verified ownership
of a community email address and eventually self-attested attributes.
❖ Secret Credential (SC)
➢ Blind-signed & issued by ZKorum, containing a secret only known to the user
■ “Timebound SC”: only used to respond to polls or to vote
■ “Unbound SC”: used to create polls/posts/votes and write comments
26. Secret Credentials blind issuance
5) Verifies request is
well formed
6) Blind-signs
credential request
1) Generate random 32
bytes secret value:
73719127ea49e4a7[...]
2) Generate cryptographic
material to unblind: never
leaves the device unencrypted
User’s personal device
3) Create Blinded
Credential Request
4) Sends blinded credential issuance
request: secret is encrypted,
HTTP Request authorized using UCAN
Application server
8) Unblind credential request
into a Verifiable Credential
7) Sends blind-signed credential request
9) Use it to post! No need for
User Profile’s UCAN anymore
28. Verifiable Presentation as auth
❖ After the user was issued credentials, the user can Log Out and post!
❖ The “post” backend endpoint expects a Verifiable Presentation as a proof to be
authorized to post. VP are used directly - no UCAN.
❖ No Holder’s or device DID is ever shared as otherwise it could be used to
correlate back to the user’s profile.
❖ The backend not only needs an eligibility proof (“a student”) but also some kind of
controllable but anonymous user identifier to be able to handle Moderation, DDoS
attacks & Spam.
=> that’s what anonymous pseudonyms (and Secret credentials) are for
29. ZKorum’s privacy-preserving posting protocol:
cryptographically unlinking user profile from posts
// Simplified representations
Email_Community_Credential = { // issued by ZKorum
uid: “alice@acme.com”,
type: “university”,
typeSpecific: {
status: “student”
}
}
Secret_Credential = { // the secret attribute is private and only known to the user
uid: “alice@acme.com”,
secret: “73719127ea49e4a7[...]”, // locally generated cryptographically random 32 bytes - blind-signed by ZKorum
type: “unbound”
}
// From these two credentials, the user locally generates the following proofs:
Verifiable_Presentation = {
anonymousPseudonym: “791db93208cc87[...]”, // bound to “EmailCommunityCredential.uid” and “SecretCredential.secret”
attributeEqualityProof: <the proof>, // zkp that “Email_Community_Credential.uid” == “Secret_Credential.uid”
revealedAttributes: [“EmailCommunityCredential.student, SecretCredenial.unbound”] // zkp
}
30. Anonymous pseudonyms are used under the hood but
can be safely ignored by users
❖ The sole knowledge of an anonymous pseudonym does NOT give access to the
“secret” or the “uid” (email for the email-based use-case).
❖ We can cryptographically verify it has been generated from the right inputs…
without knowing the inputs!
❖ It’s deterministic: the same secret+uid+scope will always render the same
pseudonym: useful for counting responses to a poll/vote, and for moderation or
DDoS attack mitigations.
❖ … but we can play with the number of allowed pseudonyms using the “scope”: a
value determined in advance by the protocol and cryptographically bound to the
proof. Changing the scope changes the pseudonym but two pseudonyms which
inputs only differ by scopes aren’t correlatable! It’s useful for users to distinguish
personas depending on the attributes revealed, preserving privacy!
31. Privacy is more than credentials
Group Threshold protection:
❖ If fewer than 5 users possess a certain combination of attributes, ZKorum’s PWA
stops users from revealing them until more users register.
Timestamp Correlation protection between the user profile and the anonymous posts:
❖ ZKorum’s PWA avoids UX design that requires credential issuance immediately
before posting, and/or schedule-sends users’ posts.
❖ Fetching posts on the app is not done using the user profile to avoid linkability
with the post endpoints. Instead, anonymous pseudonyms are used.
❖ …
ZKorum provides application-level privacy:
❖ Users are encouraged to use Tor to guarantee transport-level privacy.
33. Product
ZKorum, the Social Network (priority):
❖ User feedback loop: UX, performance, features… => product-market fit
❖ Moderation. Organizing information by eligibility and topics.
❖ Supporting external wallets and W3C VC (Alpha uses plain crypto libraries)
❖ Convincing organizations to issue official credentials
ZKorum, the core auth library:
❖ Extract into an open-source library the core functionality of unlinkability between
the user profile and the other user data
ZKorum, the auth SaaS based on the above library, some example use-cases:
➢ Dating apps: protecting from conmans like The Tinder Swindler
➢ Digital peer-to-peer marketplace: protecting from scams
➢ Adult websites: protecting children
34. Tech
❖ Security
➢ UCAN-based auth & wallet:
■ passkeys support tech is ready - waiting for widespread browser support
of WebAuthn `prf` and `largeBlob`. This will add biometrics security, make
Master Encryption Key unexportable, and make device linking seamless.
■ 2FA: TOTP, HOTP
➢ Support for HSM to secure the BBS+ private key issuing credentials:
■ Promising IBM paper (thanks Lovesh)
➢ Privacy-preserving Holder-binding:
■ Solutions are possible using Merkle Tree to prove ownership of the DID
bound to a Credential without revealing the DID (thanks Lovesh)
❖ Privacy
➢ Avoiding timestamp correlation is a long-haul concern
❖ Everything else
➢ Scaling a social network is hard
35. Thank you ❤
❖ Lovesh Harchandani: OSS collaboration, cryptography, privacy, security
❖ Kartik Kapai: business & operations strategy
❖ Nicolas Amsellem: exposure, advice
❖ Boris Mann: exposure, advice
❖ Philipp Krüger: wallet security & UCAN auth
❖ Mircea Nistor: wallet security & Verifiable Credential standards
36. Get involved
You want to use ZKorum with your community asap?
You’re an advertiser tired of losing funds in farm bots?
You want to use ZKorum for your market research?
You just want to chat?
- We so want you to meet you!
You’re an investor?
- We’re raising pre-seed in 2024!
You’re not an investor but you still want to invest?
- We may start a crowdfunding in 2024!
You’re a developer?
- We’re 100% open-source and open-contribution!
- We will hire when we raise funds! Join our Discord
ZKorum and Friends
Adventure Forever!
38. Nicolas Gimenez
CTO
Yuting Jiang
CEO
❖ Prev. Sales at Microsoft France,
closed 6-figure deals
❖ MiM ESSEC Business School
❖ B.A NYU Abu Dhabi with a
scholarship worth $300K
❖ Prev. Lead Developer in the Protocol
Labs Network
❖ Specialized in Software Ethics,
Applied Cryptography & DWeb
❖ IMT Atlantique 2015
Co-Founders
We are a cross-cultural married couple.
We believe that open and honest dialogues are the bridge that
unite different people from diverse backgrounds. 🌈
39. Roadmap
Alpha Launch
ESSEC Community
Beta Launch
Universities & Companies
Addressing 300 million students
& professionals worldwide
Addressing residents of the
EU, Bhutan and more
Dec
2023
June
2024
2026 2027
Dec
2024
Pre-Seed by
40. Business Model
Advertisers today lose a quarter of
their spendings to Ad Fraud,
representing $84 billion in 2023.
ZKorum is free from click bots or
fake accounts. All data is verifiable
and GDPR-friendly.
Advertising Paid Traffic
Pay to push up threads (or
polls) to gain more visibility,
like Google Ad.
Incentivize respondents by
giving them a reward.
Data Analytics
B2C Freemium: access to
paid analytics dashboard,
like LinkedIn
B2B API: access to
programmatically retrieve
data from ZKorum
Ethically Sustainable
ZKorum reuses successful revenue models based on user data,
except that our data is anonymized yet verifiable.
Anonymization makes data collection ethical, and verifiability makes data valuable.
41. Competitive
Landscape
Anonymous
Transparent
Opaque
Pseudonymous
Blind
2013 South Korea
Anonymous (disputably)
9M users
$62M Raised
Not subject to GDPR
Pseudonymous
55M monthly users
Revenue: $320M
GDPR Compliant
Grapevine
2023 India
Pseudonymous
55K users
$3M Raised
Not subject to GDPR
ZKorum
Made in Europe
Cryptographically Anonymous
100% Open-Source
Transparent Moderation
Above GDPR Compliance
**Hard Privacy**
Glassdoor
2007 US
Pseudonymous
1M users (2021)
Acquired by Glassdoor
Not subject to GDPR
Fishbowl
2017 US
42. Learn about BBS+ Credentials & Issuer Unlinkability:
❖ Slides presenting BBS+ to NIST (standardization efforts)
Learn more about Dock Anonymous Credentials:
❖ Lovesh’s SSI Meetup podcast
❖ Dock Crypto library documentation
Learn about UCAN:
❖ UCAN official website
❖ Brooklyn Zelenka, CTO of Fission, explaining what is UCAN
Resources