Anonymous credentials deal with a core tension of privacy-enhancing technology (PET), namely the desire to participate in society versus the desire to remain anonymous. But despite decades of research, anonymous credential schemes have not received nearly as much general uptake as other PETs such as end-to-end encryption. This is due, in part, to its high barriers of design and deployment.

Many existing anonymous credential schemes are constructed by first fixing notions of identity and what should selectively be revealed, and then designing towards that goal. This yields just-so schemes built on primitives like Pedersen commitments and blind signatures. But while these schemes are often efficient, they often require an expert redesign when the notion of identity changes, or the statement to selectively reveal changes (e.g., adding a range proof to a system that previously only permitted equality proofs). It is possible to flip the order of operations, i.e., to design a proof system and then let users program their own notions of identity and what they want to show. Concretely, using modern, general-purpose zero-knowledge proof schemes and their deep tooling, it is possible to design extensible solutions to the problems of identity, moderation and reputation.

In this document, I present published research which builds novel, extensible, and practical privacy-enhancing technologies from succinct noninteractive zero-knowledge proofs (SNARKs). Specifically, I present (1) SNARKBlock—a scalable anonymous blocklisting scheme, (2) zk-creds—a construction of anonymous credentials which are bootstrappable from existing government-issued documents, (3) Hekaton—a highly parallelizable SNARK-proving protocol for sufficiently uniform computations, and (4) zk-promises—a framework for asynchronous anonymous blocklisting and reputation which supports arbitrary notions of reputation.