Summary
Inspired by ETHDam 2023, we wanted to celebrate privacy with an anonymous lottery that pays tribute to Tornado Cash’s revolutionary code. Lottery winners receive the printed artwork “Privacy Is Normal”.
To enter the Sybil-resistant lottery, users were required to prove that they have used Tornado Cash and that they own a Gitcoin Passport with a Sybil-resistant score higher than 15. After 30 days, 10 winners could input their shipping address to receive the artwork.
Thanks to Sismo Connect and ZK proofs, neither the wallet proving Tornado Cash usage nor the wallet holding the Gitcoin Passport is revealed. Instead, winners are identified using Vault Identifiers, the anonymous user identifiers natively provided to Sismo Connect Apps.
Two Sismo Connect apps were created to conduct the lottery.
Purpose: Enter the lottery
Gated to: Tornado Cash users & Gitcoin Passport holders
Output: Group of anonymized winners
Purpose: Claim the artwork if you’re a winner
Gated to: Group of anonymized winners
Output: Winners can share their physical address to receive the artwork
How was it built?
This case study explains how we leveraged Sismo Connect's unique features to solve two main challenges.
- Privacy-preserving gating & aggregation. How to make sure users have used Tornado Cash and Gitcoin Passport without revealing their wallets?
- Anonymous user identification. How to anonymously identify users so they can only register once and so we can select the winners?
Privacy-preserving gating and aggregation using Sismo Connect
The Lottery Registration App is a Sismo Connect App that requests and verifies ZK proofs in its backend proving the following:
- The user owns a wallet that is part of the Tornado Cash Users Data Group
- The user owns a wallet that is part of the Gitcoin Passport Data Group with a value higher than 15
- The user is the owner of a unique
vaultIdfor this app (see next section)
Users are redirected to their Data Vault to generate the ZK proof that is verified by the Registration App.
The app does not have access to any data from the wallet or the Vault. It only receives a ZK proof from users and learns nothing more than what was requested.
Anonymous user identification: Sismo Connect’s Vault Identifiers
The Registration App needs access to a unique user identifier for each participant. It is used to keep track of who has already registered and then to identify winners. It cannot use a wallet address since they are not revealed. Instead, the application leverages the vaultId provided by Sismo Connect to authenticate users.
vaultId = hash(vaultSecret, hash(appId, derivationKey)), where
vaultSecret is a secret only known by the Data Vault’s owner (similar to a seed/ private key of a user);
appId is a unique identifier for an associated Sismo Connect app;
derivationKey is a an optional parameter that can be used to generate multiple user identifiers for a single Data Vault owner. derivationKey = 0 by default.
The vaultId is computed by the user when they generate a ZK Proof of Data Group membership, thus enabling to associate a ZK Proof owner by its vaultId. Since the vaultId is deterministically generated from the vaultSecret and that one Data Source can only be added to one vault, the application is sure that Data Sources cannot be reused to register multiple times to the lottery! Learn more about Vault Identifier in the Docs
The App requests the vaultId of the user, along with the proof of the Data Group membership. Once the ZK proof is verified in the App’s backend, the App stores it to identify registered users.
Data Groups from vaultIds used in the Claiming App
After 30 days, 10 winners were randomly selected, and we created a group of winners, identified by their vaultIds.
{
"sismo-connect-app(appid=0x9dd13bc62ae6809fe9de95475111fc2a):0x0108f80d94b4af8cb464f09ef184b11c539127b5a1172765a76effbab52fd03c": "1",
"sismo-connect-app(appid=0x9dd13bc62ae6809fe9de95475111fc2a):0x01c8911decfea1f287b1996b739cad142a9e93f3369a0fe1daf74dd65b8ad716": "1",
"sismo-connect-app(appid=0x9dd13bc62ae6809fe9de95475111fc2a):0x024dcb9271eb5ed2b53af76edfee9b2e55c45f5006174f2a808013706f48de4f": "1",
"sismo-connect-app(appid=0x9dd13bc62ae6809fe9de95475111fc2a):0x03b714f33fc108b23852864b25a1ed3399c4b9aa28cc0bca8790e0e099405e09": "1",
"sismo-connect-app(appid=0x9dd13bc62ae6809fe9de95475111fc2a):0x048fdbb2419d06984d7e3ed161e8f94f9e2b1988509c4f32a7f6c59078795861": "1",
...
}Vault Identifiers can be used as native Data Sources (alongside EVM wallets, Twitter, GitHub or Telegram accounts) in the Sismo ecosystem. This allows for creating Group of Vault Identifiers which can be used on additional Sismo Connect applications.
The Artwork Claiming App, another Sismo Connect App, requests and verifies that the user is part of the “Privacy Is Normal Lottery” Winners Data Group)
Once this has been verified, users can access a form and fill in their physical address details to get the Artwork delivered.
Key Takeaways
- Neither the Registration App nor the Claiming App had access to wallets or could identify personal data from users.
- Users were able to leverage their private reputation (Tornado Cash usage on a private wallet) alongside their public reputation (Gitcoin Passport on a public wallet) without creating links between them.
- The Registration App was able to identify users with vaultIds:
- Avoids multiple registrations per eligible account;
- Enables winner selection in a privacy-preserving way.
- The Claiming App was able to reuse the group of winners via vaultIds:
- It is possible to create Data Groups from vaultIds for other applications.