We propose a solution that allows Internet users to privately prove control over real web accounts (like Uber or GitHub) using MPC-TLS without revealing any personal data. By converting these credentials into unlinkable zero-knowledge group proofs, we can unlock Sybil-resistant airdrops, governance, and access control without compromising user privacy.
Protocol Overview:
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ User Browser │ │ TLS Notary │ │ Web Service │
│ Extension │ │ │ │ (e.g. Uber) │
└─────────────────┘ └─────────────────┘ └─────────────────┘
│ │ │
│←──── MPC Protocol ───→│ │
│ │ │
│←──────── MPC-TLS Session─────────────────────→│
│ (joint client) │
│ │ │
│──── Encrypted TLS ───→│ │
│ transcript │ │
│ │ │
│←─── Attestation ─────┤ │
│ (garbled circuit) │ │
│ │ │
▼
┌─────────────────┐
│ Semaphore │
│ Group │
│ Commitment │
└─────────────────┘
The protocol works as follows (simplified for clarity):
Phase 1: Private Credential Verification
- User’s browser extension and TLS Notary cooperatively establish MPC-TLS session with web service
- Notary validates ciphertext integrity using garbled circuits, signs attestation over committed fields
- Notary sees only encrypted data—never plaintext account information
- User receives cryptographic proof of credential without exposing account details
Phase 2: Unlinkable Commitment Generation
commitment = Hash(master_key || credential_group_id || account_id_hash)
- User generates unlinkable identity commitment using private Master Key
- Commitment is published to corresponding Semaphore group (GitHub credentials → GitHub group, etc.)
- Each credential type maps to separate group, enabling granular proof targeting
Phase 3: Providing Zero-Knowledge Group Proofs
- For verification, user generates ZK proofs of Semaphore group membership
- Proofs confirm credential possession without revealing specific accounts
- Verifying parties can combine multiple group proofs for composable trust scores
Privacy Guarantees:
- Unlinkable: Cannot connect different web accounts to same user
- Group-anonymous: Individual verifications don’t reveal which specific member of a credential group is generating the proof
- Untraceable: Cannot track users across different applications
- Composable: Can prove membership in multiple groups simultaneously
Implementation
We’re building BringID to validate these cryptographic techniques in practice. The implementation leverages existing infrastructure (TLSN for MPC-TLS, Semaphore for ZK group proofs) to minimize novel cryptographic assumptions.
The current design assumes a trusted TLS Notary for attestation verification. We’re exploring various decentralization approaches to minimize this trust requirement in the future, including TEE-backed infrastructure and distributed validator networks.
Economic Security Model
Our approach doesn’t cryptographically prevent Sybils—it makes them economically infeasible. The security assumption is:
Reward value per verified account < Cost of producing a Sybil identity
Web accounts require real-world activity (Uber rides, GitHub commits, Airbnb stays), time investment (account aging, reputation building), and often monetary cost (service usage fees). Applications can combine multiple credential groups and apply time-bounded verification to further increase forgery costs.
Technical Specification: Draft whitepaper
Related Work: TLSN | Semaphore
I love the idea of using MPC-TLS and Semaphore together for private credential proofs. Curious, have you thought about how to handle revocation if a user’s web account gets compromised?