This topic is to discuss the proposal submitted by @SNiP .Please see below for the details of the proposal and discussion.
18th November, 2024 Current status : Rejected Note : We agreed with the proposer to pause the funding of this effort for the time being. There are some un-resolved issues related to geo location & mobile app usage.
10th November , 2024 Current status: Funded Funding Note: This proposal is approved for funding. PoA attendance is still a very niche use case of zk proofs and we hope this proposal explores some of the use cases. The risk and impact are classified as low.
30th October, 2024 Current status: Under Consideration. Opened for community discussion on : 30th October.
zkAttend is a generalized Proof-of-Attendance system that masks a user’s location while using zkProofs to verify they are within a particular geofence to distribute rewards. zkAttend would use Protokit, making it an easily integrated module within any project that wishes to implement a Proof-of-Attendance logic within their website. zkAttend had its inception at ETHOnline 2024.
Proposal Overview
Problem:
Various events and applications across the world make use of a user’s location to distribute rewards, verify their presence, and more. They utilize technologies ranging from Web2 to Web3, such as QR codes, GPS tracking, and POAP (https://poap.xyz/) to provide the aforementioned results. In the case of Web2, solutions like GPS tracking are not catered to individuals and events that respect a user’s privacy, as the live location is shared. Meanwhile, solutions in Web3 like POAP utilize a user’s wallet address, which can be tracked and is focused on a limited set of solutions. These solutions are not often privacy-preserving and generalized; they rather focus on specific use cases.
Solution:
zkAttend attempts to create a generalized Proof-of-Attendance system for Web3 that enhances user privacy with zero-knowledge proofs, all while leveraging their physical location to distribute rewards, verify presence, and more. Since zkAttend is written with Protokit, it offers individuals and companies easy integration with TypeScript for their private POA applications. By focusing on real-world data like GPS location while masking the wallet address and location, zkAttend can be adapted for various use cases not limited to POAP-based applications. Some applications that can be built with zkAttend include location-based staking, location-based NFT distribution, and common POA apps.
Impact:
While it aligns itself with privacy-respecting companies and individuals, it enables easy user adoption due to the nature of Protokit and Mina being written in TypeScript. Hence, zkAttend can be integrated using a simple npm install. Due to the generalized nature of zkAttend, there are a variety of use cases as mentioned below. For developers, this would reduce the various problems associated with integrating a traditional POA system such as costs for SDKs, server costs, double attendance, and more. It reduces overall development time while providing the advantages of respecting a user’s privacy. This would inevitably lead to increased adoption of Mina as it is a library rather than an individual application.
Audience:
The audience of zkAttend includes developers, individual users, MMORPG companies, event management companies, and more. Some possible applications are:
*Pokemon Go-Type Games*: Various games exist in the market that are similar to Pokémon Go and distribute location-based rewards. There are challenges associated with creating such a game due to the complex nature of handling user GPS locations, maintaining privacy, handling error cases, and more. zkAttend can be used to reduce developer time and costs while directly integrating with blockchain-based services leveraging NFTs, staking, and more.
*MMORPG Games*: Games like GTA, World of Warcraft, Albion Online, Minecraft, and more use in-game locations for trading, meeting allies, missions, and more. The developers of such games need to maintain complex tracking logic that increases development time and costs. zkAttend could be used here for providing proofs of a user's in-game location to leverage blockchain-based rewards, respecting users' privacy, and reducing overall development time.
*Comic-Con Type Events*: Various real-world events, such as Comic-Con and ETHGlobal, often contain rewards for attendance. Many such events rely on traditional Web2 approaches that require a user's personal details. They can leverage services like zkAttend to utilize NFT-based rewards and more while boasting of respecting a user's privacy via easy integration in TypeScript on their websites.
*Last-Mile Delivery*: Logistics services such as last-mile delivery for food and goods require a third-party company to handle all user locations to generate OTPs, verify if an order is reaching on time, and more. zkAttend could enable a new generation of apps that are built for P2P exchanges of food and goods by reducing development time dealing with locations.
*Geocaching*: While a niche industry, geocaching is a fun activity with millions around the world searching for real-world treasures. zkAttend could add another layer of fun by providing NFTs for users who find treasures at a certain location without revealing the location where they found the reward.
Architecture & Design
Detailed Design/Architecture:
zkAttend’s prototype here was made for ETHOnline. The goal is to enhance this project and create a v1 directed at a specific use case to help users adopt the service as soon as possible.
Current Architecture:
Users define a geofence by providing latitude, longitude, radius, and event details. Latitude and longitude are converted to whole numbers (multiplied by 10^4) with sign encoding for positive/negative. An oracle calculates the distance using the Haversine formula and signs an attendance proof. Upon RSVPing to a location, a unique signature is created to prevent duplicate RSVPs for the same event using user and event creator public keys.
Modifications:
Currently, zkAttend does not focus on location spoofing. This will be addressed by using an IP-based verification and VPN detection program. Research into preventing spoofing on the browser is also approached. An audited oracle that does not store any user information will be utilized to enable such services. The Haversine formula used for determining if a user is within a geofence will be made on-chain, thus removing the oracle that processes and stores a user’s location as is currently implemented in the prototype. Specific use cases will also be explored to improve user adoption and distribute rewards ASAP.
Vision:
The long-term vision and stable version for this project is to integrate it with mobile, completely removing the need for an oracle and significantly enhancing privacy by relying only on on-chain data.
Existing Work:
(zkAttend Prototype)
Production Timeline:
The timeline is 3 months, during which I aim to implement a Proof of Concept app with a fully functioning prototype catering to a specific use case, such as location-based NFT rewards on the mainnet that utilizes a combination of IP and VPN detection to prevent location spoofing and a Haversine formula for geofencing written in Protokit-compatible code on-chain.
Budget & Milestones
Deliverables:
Research and development of an oracle that prevents location spoofing using IP address and VPN detection.
Implementation of Haversine logic in pure o1js compatible with Protokit.
Implementation of a new UI for specific use cases and deployment on mainnet.
Timeline:
3 Months.
Budget Requested:
15,000 MINA at $0.48 per MINA.
Budget Breakdown:
**UI design and development** - 40% of budget
**Oracle and Haversine** - 45% of budget
**Deployment** - 15% of budget
Wallet Address:
xxxxxxxx
Team Info
Proposer GitHub:
Proposer Experience:
I’ve built ideas with Cosmos SDK, written research papers about decentralized logistics (Research Papers), and more.
Achievements:
Won the Chiliz Hackathon and am developing an app for them currently.
Risks & Mitigations
The biggest risk of the project is location spoofing. This could allow users to spoof their geolocation on the web and claim rewards while sitting at home. While I am currently using a combination of VPN detection and IP address to prevent this, a non-layman can use enhanced services to overcome these and claim rewards. The true solution to this is via hardware-based solutions that prevent GPS spoofing, mainly found on mobile and iOS. This is difficult to implement at the moment and is not considered.
This proposal is approved for funding. PoA attendance is still a very niche use case of zk proofs and we hope this proposal explores some of the use cases. The risk and impact are classified as low.
We agreed with the proposer to pause the funding of this effort for the time being. There are some un-resolved issues related to geo location & mobile app usage.