zkCert

The scientific community can be very sensitive to whistleblowers and honest scientific mistake reports. For this reason, most scientists prefer to make comments on scientific articles anonymously, avoiding the backlash it comes with. zkCert takes this feature one step further and allows scientists to verify their email accreditation using their institutional mail without exposing their identity, allowing scientists to accredit their intitutional affiliation while still making anonymous comments. We created a brand new app called zkCert for scientific article anonymous commenting. In the app, users can search scientific articles using DOI and make anonymous comments on them. We integrated web3 wallet login and delved into zkEMAIL sowftware for email verification. When the user wants to verify an institutional email, the app will generate a random word that the user needs to autoemail themselves using the institutional email, the user then uploads the email signature with the random word included in it. In this way, the app verifies the email ownership and timestamps the verification using the random word. Using zk technology, the app will verify the @institution domain of the user's email without exposing the full email. Once the institutional email is verified, the anonymous user can still comment anonymously with a badge that credits their affiliation.

The website and backend is built using NextJs14, typescript, tailwind and deployed live using Vercel. We used a modern tailwindcss library, NextUI for a smoother and more visually appealing UX. For storing papers adding comments to papers etc we used a postgres sql database connected via vercel to store any data we needed like papers and comments. We then connected to the database from our front end via api calls in typescript to the database. For logging users in so we could differentiate users while still trying to keep them anonymous and not collect any data that could identity them we decided to use sign in with ethereum. For this we used Dynamic.xyz library along with ethers.js which allowed us to implement users to sign up with their eth wallet address. Once a user signed up we stored their wallet address in our db, allowing us to have a anonymous login and remember users, enabling us to see which accounts were verifed via zk email and which we not. When a user signs up they would automatically be classed as unverified and once they verfied their email using zkEmail, we would make an api call to the database to update the users status as verified. In conclusion, the integration of Next.js 14, TypeScript, Vercel, and PostgreSQL culminated in a seamless front-end experience. This robust stack facilitated effortless API interactions, streamlined Ethereum-based authentication, and enabled straightforward live deployments, all while minimizing complications thanks to TypeScript's static typing and Vercel's efficient hosting solutions.

The ZKP architecture is based on ZK Email and their packages and other repos for generating Circom templates, email verifier circuits, regex templates and helpers to match and extract strings from a signed email, set up zk-SNARKs and witnesses, generate Groth16 proving and verifying keys, and optionally generate a Solidity contract to verify proofs on chain in order to trigger other Solidity code to update contract state from the posted comment. A custom Circom circuit is created to match a specially formatted string in an email. We use two types but they can be matched by a single regular expression: /ZKCERT (AUTH|POST) 0x([0-9a-f]{32})/ We need snarkjs to: Perform Powers of Tau, find our circuit by CIRCUIT_NAME, setup groth16 keys, export a verification key for our circuit, as well as solidity code for a verifier contract for our circuit.