Sybil-resistant, anonymous Lottery gated to Tornado Cash users

Sybil-resistant, anonymous Lottery gated to Tornado Cash users

Privacy-preserving gating & aggregation. How to gate an application to Tornado Cash users and Gitcoin Passport users without revealing their wallets? Anonymous user identification. How to anonymously identify users in a Sismo Connect app leveraging vaultIds?
Use Case
Anon user identificationData AggregationPrivacy


Inspired by ETHDam 2023, we wanted to celebrate privacy with an anonymous lottery that pays tribute to Tornado Cash’s revolutionary code. Lottery winners receive the printed artwork “Privacy Is Normal”.

To enter the Sybil-resistant lottery, users were required to prove that they have used Tornado Cash and that they own a Gitcoin Passport with a Sybil-resistant score higher than 15. After 30 days, 10 winners could input their shipping address to receive the artwork.

Thanks to Sismo Connect and ZK proofs, neither the wallet proving Tornado Cash usage nor the wallet holding the Gitcoin Passport is revealed. Instead, winners are identified using Vault Identifiers, the anonymous user identifiers natively provided to Sismo Connect Apps.

Two Sismo Connect apps were created to conduct the lottery.

You can try those apps in our demo environment:

Purpose: Enter the lottery

Output: Group of anonymized winners

Purpose: Claim the artwork if you’re a winner

Output: Winners can share their physical address to receive the artwork

How was it built?

This case study explains how we leveraged Sismo Connect's unique features to solve two main challenges.

  • Privacy-preserving gating & aggregation. How to make sure users have used Tornado Cash and Gitcoin Passport without revealing their wallets?
  • Anonymous user identification. How to anonymously identify users so they can only register once and so we can select the winners?

Privacy-preserving gating and aggregation using Sismo Connect

Sismo 101
In Sismo, users own a sovereign Data Vault in which they import Data Sources (e.g wallets). Users can anonymously disclose membership of their Data Sources in specific Data Groups. They generate ZK Proofs using the Data Sources from their vaults: e.g - ZK Proof of membership in the group of Tornado Cash Users - ZK Proof of membership in the group of the Gitcoin Passport Holders.

The Lottery Registration App is a Sismo Connect App that requests and verifies ZK proofs in its backend proving the following:

Users are redirected to their Data Vault to generate the ZK proof that is verified by the Registration App.


The app does not have access to any data from the wallet or the Vault. It only receives a ZK proof from users and learns nothing more than what was requested.

Build you own Sismo Connect App: Tutorials | Boilerplates

Anonymous user identification: Sismo Connect’s Vault Identifiers

The Registration App needs access to a unique user identifier for each participant. It is used to keep track of who has already registered and then to identify winners. It cannot use a wallet address since they are not revealed. Instead, the application leverages the vaultId provided by Sismo Connect to authenticate users.

A Vault Identifier is calculated using the following formula:

vaultId = hash(vaultSecret, hash(appId, derivationKey)), where

vaultSecret is a secret only known by the Data Vault’s owner (similar to a seed/ private key of a user);

appId is a unique identifier for an associated Sismo Connect app;

derivationKey is a an optional parameter that can be used to generate multiple user identifiers for a single Data Vault owner. derivationKey = 0 by default.

The vaultId is computed by the user when they generate a ZK Proof of Data Group membership, thus enabling to associate a ZK Proof owner by its vaultId. Since the vaultId is deterministically generated from the vaultSecret and that one Data Source can only be added to one vault, the application is sure that Data Sources cannot be reused to register multiple times to the lottery! Learn more about Vault Identifier in the Docs

The App requests the vaultId of the user, along with the proof of the Data Group membership. Once the ZK proof is verified in the App’s backend, the App stores it to identify registered users.

Data Groups from vaultIds used in the Claiming App

After 30 days, 10 winners were randomly selected, and we created a group of winners, identified by their vaultIds.

  "sismo-connect-app(appid=0x9dd13bc62ae6809fe9de95475111fc2a):0x0108f80d94b4af8cb464f09ef184b11c539127b5a1172765a76effbab52fd03c": "1",
  "sismo-connect-app(appid=0x9dd13bc62ae6809fe9de95475111fc2a):0x01c8911decfea1f287b1996b739cad142a9e93f3369a0fe1daf74dd65b8ad716": "1",
  "sismo-connect-app(appid=0x9dd13bc62ae6809fe9de95475111fc2a):0x024dcb9271eb5ed2b53af76edfee9b2e55c45f5006174f2a808013706f48de4f": "1",
  "sismo-connect-app(appid=0x9dd13bc62ae6809fe9de95475111fc2a):0x03b714f33fc108b23852864b25a1ed3399c4b9aa28cc0bca8790e0e099405e09": "1",
  "sismo-connect-app(appid=0x9dd13bc62ae6809fe9de95475111fc2a):0x048fdbb2419d06984d7e3ed161e8f94f9e2b1988509c4f32a7f6c59078795861": "1",
Group of Privacy Is Normal Lottery Winners

Vault Identifiers can be used as native Data Sources (alongside EVM wallets, Twitter, GitHub or Telegram accounts) in the Sismo ecosystem. This allows for creating Group of Vault Identifiers which can be used on additional Sismo Connect applications.

Learn more about Data Groups and how to create them

The Artwork Claiming App, another Sismo Connect App, requests and verifies that the user is part of the “Privacy Is Normal Lottery” Winners Data Group)

Once this has been verified, users can access a form and fill in their physical address details to get the Artwork delivered.

Key Takeaways

  • Neither the Registration App nor the Claiming App had access to wallets or could identify personal data from users.
  • Users were able to leverage their private reputation (Tornado Cash usage on a private wallet) alongside their public reputation (Gitcoin Passport on a public wallet) without creating links between them.
  • The Registration App was able to identify users with vaultIds:
    • Avoids multiple registrations per eligible account;
    • Enables winner selection in a privacy-preserving way.
  • The Claiming App was able to reuse the group of winners via vaultIds:
    • It is possible to create Data Groups from vaultIds for other applications.