From Public Web Account Linking to General Use Zero Knowledge Proofs:

Why We’ve Pivoted to Privacy and What’s Next for Holonym

Holonym is a zero knowledge protocol for Sybil resistance, anonymous KYC, and wallet recovery. Verify users without sacrificing privacy. The project started as a hack-a-thon to link academic web accounts to public on-chain identities. We’ve pivoted since then to focus on privacy as first principle for identity on the internet. Learn more at https://holonym.id ✨ Continue reading below to learn how Holonym got its start with zero knowledge.

Vision of a Future Web

We launched the Holonym alpha in April 2022 to unlock the next wave of decentralized web protocols that are open to use by anyone, yet also resistant against bots, fraud, and abuse. Our team built toward a vision of the internet where any decentralized application (dApp) can verify users. In this vision, every claim, or nym, is treated as a fact about an account attested by the owner of that identity. Together, many nyms may combine to describe a holistic user-configured identity, a Holo, that abstracts account ownership away from centralized services and back to individual users.

Decentralized Societies (DeSocs) can bootstrap credibility from the reputation of their verified members that have linked off-chain credentials.

Alpha Release: Public Account Linking

The Holonym DID Registry alpha was launched at ethAmsterdam as a first step towards this vision. The goal of the alpha version was to demonstrate the linking of a signed credential to an Ethereum account with a cryptographic proof that the owner of an ORCID, Discord, or really any web account, corresponds to a specific decentralized identifier (DID). We encountered many engineering challenges around requirements for privacy, security, and seamless UX. Despite these challenges, we built a novel architecture that solves a difficult problem. The Holonym alpha system verifies any web credentials on smart-contract compatible blockchains. Now, smart contracts can interact with user identities from websites like Google and Twitter. Verified sellers can exist in decentralized Web3 marketplaces and check verifications on-chain. Decentralized Societies (DeSocs) can bootstrap credibility from the reputation of their verified members that have linked off-chain credentials.

Verse is a public registry of academic web accounts verified by Holonym. Relaunch with closed alpha expected Q1 2023.

For example, OpSci is using Holonym’s alpha architecture to power Verse, a decentralized science society registry of verified public academic accounts. This is just the tip of the iceberg. Many other use-cases that require public claims on identity are waiting to be unlocked. However, being public on the internet should always be an option and not a requirement for using a service. Privacy should be the default setting for internet users.

In this next iteration, we’ve redesigned the Holonym beta to offer users privacy and pseudonymity by default, embedding user consent into any actions that may result in public identification.

Charting a New Path: Privacy First for Users

How do you verify someone’s identity without compromising user data to any single person or system? Shortly after releasing our alpha version, our team hunkered down to redesign Holonym from scratch addressing this seemingly impossible question. This time we started with zero knowledge proofs for privacy (ZKPs) built-in as first principles. In this next iteration, we’ve redesigned the Holonym beta to offer users privacy and pseudonymity by default, embedding user consent into any actions that may result in public identification. The impetus for this was a request by Lobby3 to prove US residency of their DAO members engaged in US political and civic advocacy. ZKPs make this possible while also offering several advantages beyond privacy, and will likely become a key part of next generation internet infrastructure. Let’s dive in and explore some of these future-forward perks and the interesting use-cases that become possible!

Privacy as a Perk

One of the more obvious advantages of ZKPs is privacy. Zero knowledge means users do not need to reveal their credentials to prove facts about them. This breakthrough feature makes it possible to maintain an open decentralized database of private claims on identities. The private claims are converted into a proof that the user has a valid identity signed by an identity issuer. We call this database of private claims a privacy pool, where any application can verify user proofs by checking if they are a member of the pool. The privacy pool is a global Merkle tree that only accepts new proofs on identity if they can be proven valid by an issuer.

Users have full control over when to reveal facts about themselves and how much information to include in those claims.

We have designed Holonym so that the issuer knows nothing about the user except that they received a cryptographically signed valid credential such as a driver’s license, or passport from an authority (i.e., the DMV or State Department). The Holonym architecture is a novel application of ZKPs that minimizes leakage of user information outside of the parties that are already privy to that knowledge. For example, users that prove their identity with a legal ID need only to trust the authority that issues the credential and that their own computer is secure. All other services, agents, and requestors are completely blind to the government ID and can only make requests via simple proofs about the identity, such as age, residency, sex, etc. In summary, Holonym users are offered privacy by default. Users have full control over when to reveal facts about themselves and how much information to include in those claims. The protocol is decentralized and anyone can run an issuer to maintain the network while retaining zero knowledge about users or their identities.

Security as a Perk

A less obvious benefit of zero knowledge for Holonym users is the security that credentials are accessible and recoverable only by the owner. Holonym employs a nullifier scheme that makes duplication or impersonation of an identity incredibly impractical. In this scheme, all credentials are appended with a salt and pepper, not for flavor, but to protect against dictionary attacks that attempt to map all possible encryptions to common finite sets of strings such as names, states, or dates. The pepper is a random string that’s appended to the credential and only known to the user, whereas the salt is a random string that is newly generated each time the user creates a new account. In practice, this means that a user can prove that they are a real person using a verified credential hidden within the privacy pool via a pepper but may act through different accounts using a different salt for each new anonymous account.

For the first time, online communities can establish basic safeguards against impersonation, fraud, and bot attacks without requiring their users to give up privacy, allowing them to remain anonymous.

The security offered by the privacy pool scales logarithmically with each new member, or leaf, added to the global Merkel tree. For example, there is a 50% chance of correctly guessing the identity with two members in the set, 33% for three, and so on. These security mechanisms combined with private proofs on identity allow for users to store and retrieve secrets, such as a password or seed phrase, making account recovery as simple as presenting proof of a set of valid credentials that uniquely identify the user. This means that a user can recover a lost asymmetric key set, such a crypto wallet, without relying on a centralized service or revealing who they are to any service, agent, or entity.

The probability of successfully guessing one identity out of a mixer of size N decreases super-exponentially. This graphic shows that privacy pools rapidly scale in security.

Interoperability and Scalability as a Perk

Holonym employs a modular architecture for computing ZKPs that is both highly interoperable with any web service and easily scalable. Once a user presents a valid credential, the issuer encrypts and appends it to a fixed-length array. The first two fields of this array contain 1) the address of the credential issuer and 2) the nullifier for the user. These fields are mandatory. The final four fields can be completely custom and are defined by the format favored by the issuer. Holonym was built to allow any identity authority to run their own issuer and produce custom proofs that fit their specific use-case requirements.

For example, the DMV might deploy their own issuer to verify detailed information about your driving history, address, eyesight, and age. While a DAO may sign attestations about a user’s on-chain activity, membership in specific societies, or attendance at local events. Another key property of ZKPs is their ability to compress computations into manageable, succinct expressions that serve as proof that a specific series of steps were taken to achieve a specific result. Custom fields may include entries that correspond to a ZKP of a complex execution environment leading to the computation of a specific result. This way we can prove a specific result was obtained by following a known algorithm without storing the entire algorithm along with the result. This degree of customizability allows for the protocol to accommodate a wide variety of use-cases and promotes scalable decentralization of identity issuers.

Holonym was built to allow any identity authority to run their own issuer and produce custom proofs that fit their specific use-case requirements.

User Experience as a Perk

Decentralized applications are still relatively nascent and rely on complex technology that are difficult to interact with and place high cognitive burden on new users. The user experience of these protocols resemble the webpages of the early 90s, clunky, poor design, and full of impenetrable jargon. Holonym employs an architecture that abstracts much of the complexity of interacting with decentralized web technology into the background. Although credentials are stored on blockchains, users do not have to purchase crypto tokens in order to pay the fees for interacting with blockchain protocols. Until recently, zero knowledge circuits have been notoriously difficult to compile, with long loading times that make client-side computation impractical. Holonym has taken multiple steps to minimize these proof times, such as utilizing the Poseidon hash function and a light weight standard for data structures used to store credentials. A new user can mint a Holo that contains a zero knowledge proof of identity and unique personhood in less than a minute using familiar UX patterns such as phone number verification and ID scanning with their phone. The proof takes only 3 seconds to generate on an average laptop. The ZK proofs allow for even more seamless decentralized UX than would be possible otherwise — the user can submit cross-chain transactions without having signing anything, because the proof is used in place of a signature.

Decentralized permissionless protocols can comply with government regulations by verifying valid credentials, proving residency, or satisfying age limits … Internet users can remain anonymous but take their reputation with them across communities …

Previously Impossible Use-Cases, Now Possible

The ZKP architecture powering Holonym opens a universe of novel use cases that are baked in with privacy as a default setting. For the first time, online communities can establish safeguards against impersonation, fraud, and bot attacks without requiring their users to give up privacy, allowing them to remain anonymous. In the same vein, decentralized permissionless protocols can comply with government regulations by verifying valid credentials, proving residency, or satisfying age limits. The modularity of the stack also allows users to maintain an audit trail that is private and only visible to relevant authorities. Internet users can remain anonymous but take their reputation with them across communities and web applications allowing for previously impossible use-cases such as anonymous credit scores that are verifiable, or identification of protections against money laundering. All of these use-cases have previously relied on a centralized authority to verify identities and claims, for the very first time we can achieve the previously impossible balance of preserving privacy on the internet while maintaining accountability.

Future Forward Looking

ZKPs are amazing and beyond the popular use cases, they have use cases that many would not imagine. The learning curve is steep, but well worth it. They allow for our protocol to have better privacy, security, interoperability, and UX. Instead of privacy, who would’ve thought their primary use case in the early 2020s would be blockchain scalability? One can only imagine what zero knowledge proofs will be used for in 100 years or even 20 years.

Jump into the Privacy Pool!

Does the fight for privacy on the internet resonate with you? Would you like to be an early adopter of cutting edge zero knowledge technology in web3? Consider signing up for our private beta, joining our discord, or perusing our white paper.

More information can be found on our documentation at https://docs.holonym.id