zk-nyms are here — a major milestone towards a market-ready mixnet

We recently announced zk-nyms to the world. zk-nyms are a cryptographic system that allows people to pay and use for services without…

Author: Nym

March 22, 20236 mins read

We recently announced zk-nyms to the world. Zk-nyms are a cryptographic system that allows people to pay and use for services without leaking unnecessary personal information. This is an important milestone for the Nym mixnet and the following VPN example illustrates perfectly why.

Translations: Türkçe // Español // Português // Русский

VPNs are one of the most known and used privacy tools around, and if you are using one, you will probably be using a credit card to pay for it. That means the VPN provider has your card details, name and address. Furthermore, VPNs act as a trusted proxy, so even if they shield your IP and browsing history, they themselves know all the websites you are accessing.

To put it bluntly, your VPN provider now has your identity and full browsing history. And to make matters worse, some “free” VPNs even embed third-party trackers to gather your data and sell it on to others (read more).

So let’s get into what zk-nyms can do to solve this.

Introducing zk-nyms

The very first use-case of zk-nyms is now out in the world: bandwidth credentials for the mixnet. By using zk-nyms, people can prove they have the right to use the mixnet for privacy, without revealing their wallet address, payment amount, balance or any other information.

We don’t want your payment details, your name, transaction number or any other information about you. All we need to know is whether you (or the app you are running) have the right credentials to use the mixnet. In fact, that should be the norm for any digital service that you use.

We have just launched a sandbox where people can test spending bandwidth credentials with a gateway (using CLI). We invite devs and gateway operators to come and try it out!

Pay, but not with your privacy!

The Nym mixnet protects you online — not just the IP address and content, but even the metadata and patterns of communication. The mixnet is decentralised and trustless, meaning there is no part of the infrastructure that holds any data about you or your traffic. And that has to be the case for payments too.

The mixnet is currently free of charge, but there will eventually be a small fee to ensure operators are compensated fairly. Today’s digital services are incentivised towards surveillance. From Facebook and social media more generally to free email and VPN services, they provide a service at a low cost to attract users and then make up the rest by selling people’s data.

The Nym mixnet includes token economics to ensure that the infrastructure operators are incentivised to provide privacy, not surveillance. And now with zk-nyms, we are one step closer to a paid mixnet service that is fully secure and does not leak any additional information.

What next for zk-nyms?

Bandwidth credentials are just the first practical use-case for what we see as blazing a new innovation pathway for our online lives. In the physical world, most of us are not under constant observation. Most of us are not subject to continuous micro analysis by unknown organisations, determining who you are, where you belong and what you are likely to do next. In the physical world, you get to choose what you share about yourself, when and with whom. Unfortunately that is not currently the case online.

Zk-nyms intend to make this possible in the digital world too. You will be able to selectively reveal your information to build trusted and secure relationships without leaking unnecessary personal information to third parties. Specific use-cases include privacy preserving KYC, private payments, access control, and age verification, as well as a generic privacy preserving single-sign on.

You are not a number in a database. Your identity should not be imposed by companies and agencies using a tightening net of proliferating profiling algorithms. Digital systems should primarily serve people, not the other way around and the ability to selectively determine what you reveal and to whom.

Features of zk-nyms

You may be seeing the words ‘zero knowledge’ and ‘private credentials’ bouncing around a lot these days and be wondering: what makes zk-nyms different from other credentials and zk-magic? The main advantage of zk-nyms is that they are decentralised, and have threshold-issuance, meaning that zk-nyms avoid a centralised point of trust to issue credentials. To wrap up here is a quick overview of zk-nyms features:

Cryptographic

As the name hints at, zk-nyms make use of several cryptographic primitives, including zero-knowledge proofs, blind signatures and commitment schemes, and are an extension of the Coconut credential scheme. Zero knowledge has become quite hyped lately, so there are plenty of guides out there for those who want to deep-dive, but suffice to say that this bit of cryptographic magic allows people to cryptographically prove something without having to reveal the evidence. (A more in-depth post comparing zk-nyms with zk-snarks, starks and other zero-knowledge hype is coming soon.)

Decentralised

A unique feature of zk-nyms is decentralisation. This means that there is no single authority that holds your credentials. Instead they are issued by a decentralised validator set. For some of you readers, this might raise alarm bells regarding potentially malicious validators, but we have good news for you…

Threshold issuance

…because zk-nyms make use of threshold issuance, meaning validators only hold a share of the key that signs the credential. Having a threshold issuance has a similar byzantine-fault tolerance as other validator base schemes, i.e., zk-nyms not only distribute trust but also avoid a crush of the system in case some validators go offline or are malicious.

Unlinkable

Unlinkability means that the issuance of your credential and your subsequent showing of it is unlikable. This means that even if validators collude with the service to which you show your credential, they cannot learn any additional information. Furthermore, a property of blind issuance means that even if all the validators colluded, they would not be able to piece together the private attribute of your credential.