zk-whistle

Whistleblowing plays a critical role in ensuring transparency, accountability and ethical conduct across government, corporations, and organisations. However, traditional whistleblowing face a major challenge: How can one prove the authenticity of a leak while preserving the anonymity of the whistleblower and moreover how to prove the authenticity of the document without revealing the entire data and just exposing what is necessary.

We present a zero-knowledge whistleblowing platform that enables secure, verifiable and anonymous partial disclosure of sensitive documents without revealing the entire document.

Problem Statement: Traditional whistleblowing tools rely heavily on trust in the intermediaries but do not provide cryptographic guarantees that the whistleblower actually belongs to the organization or the leaked documents are genuine without revealing the entire data. In particular, the traditional whistleblower faces 3 major issues:

1. Anonymity Risk
2. Authenticity of the document
3. Censorship and storage of document

Solution: zkWhsitle solves this problem by leveraging 3 tech into system:

1. ZKEmail: To prove ownership of an organizational domain
2. zkPDF: To prove the authenticity of the PDF document and only exposing partial data which is necessary
3. Lighthouse: To encrypt and store data on the permenant decentralised IPFS storage

The ZKEmail can be used by the whistleblower to prove that he/she belongs to an organization by proving the ownership of the organisation's domain. Then using zkPDF, the whistleblower can prove the authenticity of the PDF document and allows partial leak of the document without exposing the entire data. The file is then encrypted and stored permanently on the decentralised storage to ensure that the files is not deleted and can be shared later to the respective authority.

This system ensures that the whistleblower's identity is protected but their affiliation is provable. Further, allows provable selective disclosure of the confidential document without revealing entire data with censorship resistant and global access and verification.

Real world application:

1. Corporate fraud exposure
2. Government accountability
3. Healthcare transparency
4. Crypto and Dao

We focused primarily the privacy of the whistleblower so we spent most of our time researching about exposing minimal information about the whistleblower and the sensitive PDF file. In order to prove the affiliation of the whistleblower to an organization without revealing the identity we used ZKEmail. Further primarily we used zk-PDF to prove the authenticity and validity of the the PDF document and allow partial disclosure of the PDF data which is necessary. Then, in order to have access to of the confidential PDF, we encrypt and stored the PDF to the permanent decentralized IPFS storage using Lighthouse to have a global access so that it can be later shared with the respective authorities. We then spent some significant time putting everything together to make it into a single flow.