Finally getting around to tweeting about our paper "zk-promises" at Usenix Security. Two motivations: How do you build reputation for anonymous users who can't be tied to their actions? How do you get a private account model for smart contracts? Our answer: anonymous callbacks.

Imagine a stateful anonymous credential—crypto folks: think of it like a smart contract—that stores your reputation. You use it to do things online anonymously, like editing Wikipedia or posting on a forum. But how does that reputation get updated if you do something bad?

Your anonymous account isn't tied to the post, so you have no incentive to honor a downvote or ban. zk-promises solves this by creating anonymous callbacks. When you take an action, you also generate a callback that can be safely hand out without linking back to your credential.

When a moderator invokes an anonymous callback, they post it to a public bulletin board with some function arguments. To use your credential again, you must first prove you checked that bulletin board and applied all of your pending callbacks.

We can build this for credentials on the web with a simple server, or use it for private smart contracts on a blockchain. In the latter case, we get a private account model where clients sequence their own updates but can't selectively drop requests.

From the academic side: zk-promises is a new tool for reputation and anonymous credentials. From the crypto side: it finally makes the account model private. Before this, Zexe-derived projects like Aleo and Aztec (plus Zcash if we go back to payments) were stuck with UTXOs.