trigger warning // ✨ math ✨
At
@zeroknowledgefm
's ZK11, we used FHE to build a private set intersection (PSI) feature, letting attendees find shared activities without revealing extra info. Here's a step-by-step 🧵:
This past weekend, Cursive gave every attendee at
@paradigm
Frontiers an NFC badge and built a suite of MPC-powered social cryptography experiences on top. Check out the highlights ⬇️
At
@zeroknowledgefm
's ZK Summit 11 in Athens, we provided NFC cards for attendees to gather digital signatures when meeting others or attending talks. On top of these signatures, we built features based on advanced cryptography including ZKPs, 2PC+FHE, and folding schemes.
At ETHDenver, our team built out a cryptographic social + questing app in partnership with
@iyk_app
@zksync
@getclave
. Over 3 days, we gave out 12,000 tappable NFC badges to attendees who made 50,000 taps and generated 3,000 ZK proofs! 💫
We'd like to share some technical & design reflections from our NFC + advanced cryptography activation at
@zeroknowledgefm
's ZK Summit 11 in Athens.
Check it out at
For those of you attending
@zeroknowledgefm
ZK Summit 11 today, you’ll get a Cursive NFC card alongside your badge! Tap other attendee badges to share contact information or check into talks.
We've been so lucky to be early users of Gauss's phantom-zone, a toolkit to more easily build apps with MP-FHE. Follow their work below and start hacking here!
Today we're opening portal to the Phantom zone. It's a zone parallel to reality where you teleport yourself, take arbitrary actions, but only remember predefined memories when you're back.
We build it using multi party fully homomorphic encryption and it's an experiment. But...
Our first guest post on the blog!
@jp4g_
from Mach34 shares his experience implementing folding schemes for our activation at ZK Summit 11 in Athens ⬇️
Introducing the Cursive blog! We'll be posting technical deep dives, learnings from our activations, and various musings about cryptography at . We have two posts to begin with:
Private hiring is a new feature where candidates and recruiters could set up profiles for jobs and be privately matched using MPC based on qualifications, interests, and salary expectations.
Look for a future blog post to explain the technical details behind private hiring!
Last but not least, we built ZK11 Folded, a Spotify Wrapped-like experience where you could generate one Nova folding proof summarizing your entire event experience after it was over.
We want to give a huge shoutout to
@Janmajaya_mall
and the rest of the Gauss team for building the MPC/FHE libraries used in this activation.
Notably, the private hiring feature was built using Phantom Zone, a new library for multi-party FHE:
10,000+ people have experienced the products we've built, and we're always open to new ideas and collaborations. Please join our community at , shoot us a DM, or email hello
@cursive
.team!
Attendees tapped each other's NFC badges to share contact information and collect a digital signature representing the fact that they met. As a Frontiers special, attendees could see which popular Rust repositories the other person had contributed to. cc
@gakonst
Our team initially came together from serendipitous invites to Zuzalu! And we've demoed new apps and research at many subsequent pop-up city events.
Check out this blog post on Edge City invite stories & apply to Edge City Lanna to hang with our team!
Have you ever thought about the power of a simple invite?
Big ideas often start with someone saying, "Hey, want to join?”
• 1971, Bill Fernandez, invites Steve Jobs to meet Steve Wozniak at Fernandez's garage
• 1959, Warren Buffett was invited to a dinner party by Dr. Edwin
Private Set Intersection (PSI) built using multi-party FHE served as a cryptographic icebreaker, allowing two attendees who had just met to see the contacts they had in common. No information was shared between users except for the people they had both met.
In the past, we've launched experiences at Zuzalu, Devconnect, and ETHDenver where participants received signatures from NFC cards to digitize in-person interactions. Read more here:
Upon meeting another attendee, you two could use 2-party computation and fully homomorphic encryption to privately compute the people and talks you had in common. You learned nothing about the other person unless both of you had met the same person or gone to the same talk!
We focus on building tangible, accessible, and well-designed applications. We care deeply about educating users on the affordances of cryptography in intuitive ways.
And of course, we owe a huge thanks to
@gakonst
,
@caitlinxyz
, and the rest of the Frontiers team for helping to make this activation happen. It was an exceptional event! check out
Progress in advanced cryptography, especially zero knowledge proofs and fully homomorphic encryption, will supercharge signatures and unlock new opportunities for practical use.
As in past activations, we enabled participants to make ZK proofs about their tap signatures to share on Twitter. Participants that proved they met 50+ people received a Cursive NFC ring 💍
First off, collecting multiple signatures allowed you to generate zero knowledge proofs about your event attendance. For example, you could prove that you met 10 people at ZK Summit without revealing exactly who those people were.
We're sharing a second post about our ETHDenver NFC activation, this one covering data custody preference learnings from an A/B test with 2000 participants.
If you want to learn more about how these features were built, you can check out the repo on Github: . To learn more about Cursive, visit or join our Telegram: .
You can find it at . The development of this app was primarily done in collaboration with
@iyk_app
,
@getclave
, and
@zkemail
, a huge shoutout to all of them!
Each signature you collected was visualized as a stamp, using a generative art algorithm from
@stefan_contiero
! These stamps were compiled into a single art piece representing your ETHDenver experience, which will be mintable as an NFT on
@ArtBlocksEngine
.
Tapping
@iyk_app
discs placed around the venue allowed you to collect "location sigs" as a proof of visiting that location.
Your entire collection of sigs could then be used to complete quests to claim $BUIDL on
@getclave
@zksync
and unlock items at IYK's chipped goods store!
Each quest required meeting specific users or going to certain locations. Users completed quests by making a ZK proof of satisfying the requirements, maintaining full ownership over their collection of signatures.
You can avoid this by ZK proving you've encrypted a bitvector from valid signatures you have, using a tool like
@backaes
@PrivacyScaling
's . This will be included in a later iteration!
This was an order of magnitude larger than our ZuStamps activation at Zuzalu and at
@EFDevconnect
-- we will continue to bring data ownership and authenticity to more people and events, DM us if you're interested in using this tech!
In Round 1, each user creates a shared encryption public key using both of the shares, as well as sending each other a new relinearization key share for later in the computation. This is a mini 2-party computation (2PC).
You also may have realized that either A or B could've withheld their decryption share, leading to only one person learning the overlap. This can be resolved with something like
@xyz_pierre
's
This PSI cryptography was built by
@Janmajaya_mall
@backaes
using Multi-Party BFV. The above notes from
@vivboop
reference variables used in a fork of their code at
For context, ZK11 attendees were able to collect signatures from NFC cards that represented activities like meeting someone else (alongside contact info) or attending a talk (alongside a description/slides).
And we could have used simpler cryptography to perform PSI, but we wanted to experiment with Multi-Party FHE as a more programmable toolkit for private, multiplayer operations. More coming 🔜
PSI was built as an icebreaker, allowing you to connect with other attendees over shared contacts and talks. Crucially, none of your activities were revealed to the other person unless both of you had done it.
Each user generates a final relinearization key from the shares, which is used to relinearize the multiplication ciphertext. There's more explanation of why this is necessary here:
Upon registering for the app, each user generates a public key share and relinearization key share. When PSI starts between A and B, they each download each other's shares.
The careful observer may have noticed that A or B could lie about their activities, and make a bitvector of all 1s that would reveal the other person's full bitvector upon PSI.
Each activity was given a specific index before the event. A and B create bitvectors, placing a 1 in the index of every activity they have a signature for.
First up is a retrospective on ZuStamps, an experience we built at Zuzalu allowing residents to prove participation in events and unlock unique experiences by tapping NFC badges:
We want to highlight the non-interactive protocol, which reduces the rounds of interaction between parties to a single decryption step.
This protocol was in part motivated by attempts to make our PSI features more async!
They each FH encrypt their activity bitvector to the shared encryption key, producing a ciphertext they send each other. As they're encrypted with the same key, we can do FH operations across both!
At the end of the event, you’ll be able to participate in ZK 11 Folded, where you can generate a Nova folding proof summarizing your entire event experience, just like Spotify Wrapped!
Collect signatures to generate zero knowledge proofs about your event experience. You can even privately compute the connections and talks you have in common with a friend using 2PC + FHE!
In Round 3, A and B decrypt their relinearized ciphertext using the shares in another mini 2PC. The resulting bitvector is the overlap of their two activities! From the example above, that would be {0, 0, 1, 0, 0}, which means they both did activity 3.
Blog:
@creeefs
of
@iyk_app
suggested giving users the choice between self-custody and server-custody of data to better understand preferences! We set up some experiments and analyzed the results.
The results of this experience indicate a slight preference for data privacy and ownership, but they do not tell us how deeply people care about or desire data privacy or which types of data they care the most about owning or verifiably proving.
Say there were 5 activities. If A had signatures for activities 1, 3 and 5, A would create {1, 0, 1, 0, 1}. If B had signatures for activities 3 and 4, B would create {0, 0, 1, 1, 0}.
At ZK11, we gave every attendee an NFC card which let them generate zero knowledge proofs, run private set intersection using 2PC/FHE, and make folding proofs with Nova!
We're planning on doing many more experiments exploring these questions, please reach out if you are interested in helping or have done similar analysis!