zkWhistleBlower

Whistleblowers usually face asymmetric power dynamics, namely retaliation from employers, lengthy and expensive litigation, and unsubstantiated allegations etc. Victims usually don't know or cannot connect with each other to reveal the criminal wrongdoing or band together as a group to raise awareness over misdeeds. Comment Suggest edit Edit from here

zkWhistleblower enables good actors to verifiably publicize evidence of wrongdoing and corruption using TLS Notary and receive donations for consequential legal fees while protecting their anonymity and transacting on permissionless global networks.

Fundamentally, zkWhistleBlower is a globally accessible platform that allows whistleblowers to create a proof of the notarized TLS handshake data, the selected portions of the HTTPS response, the extracted message details, and the notary's signed hash and public key. Verify that its the owner's Twitter account and receipt of private message from someone via TLSNotary browser extension.

We used the TLSnotary hosted proxy to make TCP connection as well as the test server from the TLSNotary team. Verifying the proof involves reconstructing the TLS session using the notarized handshake data, decrypting the HTTPS response using the reconstructed session keys, extracting the relevant message details from the decrypted response, hashing the extracted data and compare it with the notary signed hash, and verifying the notary signature using the public key.

Consequently, the twitter account details of the message sender, the exact contents of the direct message, and the timestamp of when the message was accessed and notarized is proven. The whistleblower then exports the proof as a file and uploads the proof to the zkWhistleBlower platfrom for independent verification by peers.

Additionally, others can choose to donate USDC to the whistleblower on our platform. The cross-border, P2P instant payment feature allows permissionless financial support for the whistleblower.

Tell us about how you built this project; the nitty-gritty details. What technologies did you use? How are they pieced together? If you used any partner technologies, how did it benefit your project? Did you do anything particuarly hacky that's notable and worth mentioning? Comment Suggest edit Edit from here

I. WorldID for Privacy-Preserving Proof of Personhood

Utilizing WorldID for user sign in (for all participants) is crucial in maintaining the integrity and credibility of the zkWhistleBlower platform. Verifying proof of personhood of whistleblowers who upload proof of wrongdoing and donors giving money to support whistleblowers using WorldID allows all parties to maintain anonymity while guaranteeing unique personhood.

WorldID is Sybil resistant, globally accessible, and built to be secure in perpetuity while preserving privacy of identity and all onchain interactions of all platform participants.

II. Dynamic Dyanmic SDK enables users to log in to zkWhistleBlower platform without requiring a pre-existing wallet, which represents a significant advancement in user accessibility and onboarding. It streamlines the UX by allowing seamless access through familiar authentication methods such as social logins or email verification, bypassing the need for users to set up a crypto wallet beforehand.

III. TLS Notary for Data Verification

Fundamentally, zkWhistleBlower is a globally accessible platform that allows whistleblowers to create a proof of the notarized TLS handshake data, the selected portions of the HTTPS response, the extracted message details, and the notary's signed hash and public key. Verify that its the owner's Twitter account and receipt of private message from someone via TLSNotary browser extension. We used the TLSnotary hosted proxy to make TCP connection as well as the test server from the TLSNotary team. Verifying the proof involves reconstructing the TLS session using the notarized handshake data, decrypting the HTTPS response using the reconstructed session keys, extracting the relevant message details from the decrypted response, hashing the extracted data and compare it with the notary signed hash, and verifying the notary signature using the public key. Consequently, the twitter account details of the message sender, the exact contents of the direct message, and the timestamp of when the message was accessed and notarized is proven. The whistleblower then exports the proof as a file and uploads the proof to the zkWhistleBlower platfrom for independent verification by peers.

IV. Circle - USDC

USDC's capability for cross-border transactions ensures that whistleblowers from around the globe can receive financial support swiftly, bypassing the delays and fees associated with traditional banking systems. The P2P instant transfer feature allows for immediate, direct payments, reducing the risk of interception or tampering.

Additionally, the transparency and immutability of blockchain technology underpinning USDC provide an auditable trail of transactions, reinforcing trust and accountability within the platform. By leveraging USDC, the whistleblowing platform can offer anonymous, secure, and efficient financial interactions, thereby encouraging more individuals to come forward with critical information without the fear of financial or transactional barriers.

V. Donate Permissionlessly OnChain

Whistleblowers usually face asymmetric power dynamics, namely retaliation from employers, lengthy and expensive litigation, and unsubstantiated allegations etc. Victims usually don't know or cannot connect with each other to reveal the criminal wrongdoing or band together as a group to raise awareness over misdeeds. Because of the importance of global access, zkWhistleBlower is accessible on both the Scroll and Zero networks. Scroll ensures geographical distribution (given most users are based in Asia) and Zero network is ideal for donations to whistleblowers due to its gasless transactions.