Beyond the Code - Building Trust in Zero Knowledge Systems

December 21, 2024

Thanks to my family and friends who inspired me to write this. Special thanks to Abhi for sparking this idea. As always, anyone is free to leave comments on the hackmd: Beyond the Code

Introduction

Zero-Knowledge is one of the most revolutionary technologies to emerge from the cryptography space in recent years, offering promises of privacy and verifiability powered by mathematics. The idea of proving something without revealing personal information is incredibly promising, but in practice, how can non-technical users ensure that the code is actually doing what developers claim it does?

The Problem Contextualized

When I talk to non-technical people who are unfamiliar with the crypto space, one question comes up every single time: "How do I know the developers aren't just taking my data? Who ensures the code does what they say it does?" In the past, my response has often been, "It's open source, transparent, immutable, and mathematically verifiable." but that explanation falls flat. Most people can't read or understand code, so it doesn't provide the reassurance they're looking for.

If ZK's true selling point lies in privacy, we need better ways to communicate and verify that protocols are indeed private and secure. This verification must be presented in a user-friendly, accessible manner that empowers even non-technical users to trust the technology without needing to dive into the code. Building this bridge is crucial for wider adoption and trust in Zero-Knowledge systems.

A Developer-Driven Solution: Attestations for ZK Protocols

One potential solution to this trust gap is building a developer-driven attestation system for ZK protocols. Here's how it could work:

1. Gatekeeping with Proven Credentials

To ensure only qualified developers participate, tools like zkEmail and zkTLS can be used to verify their credentials. These tools allow developers to prove their contributions (e.g., GitHub activity, professional history) without exposing sensitive information, creating a trusted pool of experts. We built a protocol Cr3dentials which allows devs to prove their contributions and this can serve as gatekeeper in the platform.

2. Anonymous Groups using Semaphore

In addition to credential verification, Semaphore can be leveraged to create anonymous groups of developers. These groups can collectively make attestations about projects while preserving individual anonymity. By combining anonymity with cryptographic verification, Semaphore ensures unbiased evaluations while maintaining the privacy of participating developers. This dual-layered approach—credential verification with Cr3dentials and anonymous group attestations with Semaphore—builds a robust framework for trust and transparency within the ecosystem.

3. Welcoming Projects to the Platform

ZK projects can register on the platform to gain visibility and access to these verified developers. By doing so, they open themselves up for developer audits, building transparency and collaboration while building trust with users.

4. Developer Attestations for Projects using EAS

Verified developers evaluate projects based on criteria like:

  • Code quality
  • Security and absence of vulnerabilities
  • Adherence to ZK principles like privacy and verifiability
  • Integrity and non-fraudulent behavior

These evaluations (or attestations) are then recorded onchain using Ethereum Attestation Service(EAS), creating a transparent reputation system for ZK protocols.

5. Incentivizing Developer Participation

To encourage developers to contribute, they can be incentivized through:

  • Monetary rewards (e.g., native protocol tokens)
  • Reputation scores that showcase their expertise and increase their visibility
  • Access to exclusive opportunities within the crypto ecosystem
6. User-Friendly Verification

For non-technical users, the platform can provide simplified dashboards:

  • Developer Profiles: Highlighting their credentials, past attestations, and reputation scores.
  • Project Dashboards: Summarizing attestations with clear, non-technical language (e.g., "Audited by 15 developers: 93% positive reviews").

Conclusion

To bridge the gap in trust with this technology, we need to provide clear, verifiable proof that it works as intended. In many areas of life, we already rely on trusted groups to make attestations—whether it's scientists validating a discovery or researchers from a renowned institution like Harvard endorsing a study. However, these attestations often lack the transparency and immutability that blockchain technology offers. With ZK protocols, we have to go further by creating verifiable and transparent attestations directly on-chain. By leveraging the expertise of those who understand this technology best—ZK engineers—we can build a system of trust that is both accessible and irrefutable.