Team DreamTeam present deLinZK.
BUIDLing a VinCredible Network
Built with β€οΈ, delivered on β, verified by Polygon π β at ETHForAll Online VIII.
The problem with the current networking platforms are that there is no surety in the work experience which users claim to have. The users can also fake their way through, having forged certificates or even having certificates from pseudo-companies, which do not even exist. This is why recruiters resort to using different B2B credential verifiers, which not only charge an absurd amount of money, but also extract a lot of PII (Personal Identifiable Information) from the applicants who apply to these organizations.
So, there was a need to find a platform which could have credential-verification in-built, and take as less PII from the applicants.
deLinZK is a Zero-Knowledge solution to the above problem, providing a platform both for organizations and employees or users of the platform, to accurately issue Verifiable Credentials which serve as Proof-of-Employments, and for employees it also serves as a proof of work experience after they finish tenure in their current company. deLinZK also provides a comprehensive job board which allows organizations to post jobs, and the employees to apply to them. The organizations do not need to spend additional time verifying the work experience of the applicants, since all of them are already verified by deLinZK through a ZKP way.
- An Employee is an individual who is working, or has worked for an organization.
- An Organization is an entity that is either looking for an Employee or has some employed.
- An Admin is an envoy of deLinZK. They have the duty to verify the PII of the organizations, and on verification of their business details, grant them access to the organizer portal.
- The only authentication the web application uses is Zero Knowledge Proofs, which are a type of cryptographic proofs generated based on the claims the application users hold. No personal data is shared while proving any claim, and e-mails are used merely for communication.
- There are two types of claims issued by deLinZK:
- deLinZK Verified Organization: This claim holder can verify that they are an admin of an organization verified by deLinZK. This claim can only be issued by the deLinZK admin team, on verification of business documents.
- deLinZK Proof-of-Employment: This claim is issued by an organization to it's employees, either retiring or existing employees. The claim data contains a 48-bit SHAKE128 hash of the tenure of the Employee and the organization ID which issued the claim.
- One of the main challenges we faced was the novelty of the implementation, and the experimental phase of the technologies it uses:
- While developing, PolygonID and Iden3 were under active development, hence often introduced major breaking changes. Although we could fix some, we ended up version locking certain dependencies to make the web application work within the deadline of the hackathon. The team will continue to adapt the codebase change from the dependent technologies, so that deLinZK continues to provide its users the safety and security of disclosing their employments.
- Some of the specification changes do break the initial users of the applications. For example, the current users are being issued Polygon ID proprietary schemas, but after the update they will be provided with W3C Verifiable Credentials, which won't be compatible with the current claims. The Iden3 circuits have also changed their specifications, which also changes the query structure which the newer versions of the PolygonID mobile app have, but the older ones cannot.
- Handling real-time data and callbacks was another challenge we faced while making the application. Due to the nature of verification, we had to incorporate complicated Websocket and REST API logic in the same server. In order to maintain the request state between the different callback requests, Redis caching was implemented.
- Encryption was also at the top-most priority while building the application. Since, no PII is shared in the application, but we needed to authenticate different users of the application, we resorted to scrap traditional JWTs for much more advanced JWEs having JWSs inside their payload.
- One of the most interesting challenges we faced was while building the Proof-of-Employment schema:
- We wanted to pass the data in the format to the claim schema:
Format suggested: <STARTDATE><ENDDATE><ORGID> Example format: YYYYMMDDYYYYMMYYYYORGID Example value: 2000123120230526125 - Start Date: 31-12-2000 - End Date: 26-05-2023 - Organization ID: 125
- The issue was the number generated with this method, was exceeding the limit imposed by the PolygonID platform. The maximum it could parse was a 15-digit integer.
- The initial search started with finding hash algorithms which returned decimals as outputs, which we quickly realized was not possible directly. So the 'bit calculation' game started. Idea was to get some Hexadecimal string, and then converting it to decimal, but we needed something less than 50-bits.
- Hence, we came across SHAKE-128, which could give us a 48-bit Hexadecimal string.
- So we hashed the PoE value, converted the Hash into Hexadecimal, and then change the radix of the bits to 10, hence getting a decimal number less than 15-digits.
- Ingenious, isn't it? π€―
 |
 |
|---|
Left: Claim schema for Proof-of-Employment, Right: Claim schema for Verified Organization
- PolygonID
- Supabase
- ExpressJS
- iden3
- JWT (JWZ and JWE)
- ReactJS
- NextJS
- NodeJS
- TypeScript
- Redis
deLinZK is a platform that specializes in providing advanced verification services to organizations and their employees. The platform uses Zero Knowledge Proofs using PolygonID and its Self-Sovereign Identity policies to allow:
- Organizations to verify their legitimacy.
- Employees to verify their tenure in an organization.
It has an extensive system architecture to support such actions, as well as a comprehensive user flow through the web application. The following diagrams explain the flow:
-
Clone the project, and open it in your editor of choice.
-
Setup Redis, Supabase.
-
Create schemas for Proof-of-Employment and Verified Organization on the Polygon ID platform.
-
Create an AWS account.
-
Create Alchemy RPC URL.
-
Rename and fill all the relevant values in the
.envfile. -
Rename and fill the frontend
.envfile as well. -
To start the server and the client:
# Install dependencies yarn # For production server yarn build:server yarn production:server # For development server yarn dev:server # For production client yarn build:client yarn production:client # For development client yarn dev:client
- One of the major aim of deLinZK is to make the website more mobile-friendly, using deeplinks and more responsive design.
- We need to also figure out a more secure way of storing metadata of the organizations and users.
- Code cleanup and documentation never leaves the chat.
- Shifting from communicating with e-mail to some Web3 native solution.
- Integrating token gating services with deLinZK, to allow organizations to maintain gated communities, maybe even DAOs of their employees.
- If you, the reader have any suggestions, feel free to create an Issue π!
deLinZK is available under the MIT license. See the LICENSE file for more info.
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
Many people have contacted us asking if they can use this code for their own websites. The answer to that question is usually "yes", with attribution. There are some cases, such as using this code for a business or something that is greater than a personal project, that we may be less comfortable saying yes to. If in doubt, please don't hesitate to ask us.
We value keeping this site open source, but as you all know, plagiarism is bad. We spent a non-negligible amount of effort developing, designing, and trying to perfect this iteration of our website, and we are proud of it! All we ask is to not claim this effort as your own.
Refer to this handy Quora post if you're not sure what to do. Thanks!