Zero Knowledge Access Passes (ZKAPs)

The use of ZKAPs attempts to solve the issue of privacy-preserving payments. This anonymous, token-based authorization protocol based on Privacy Pass by PrivateStorage helps facilitate an online exchange of value while disconnecting the payment and service data that is gathered on customers.


The Path to ZKAPs

Although we created ZKAPs to better address the access-control issue in Tahoe-LAFS for the development of PrivateStorage, we see many possibilities for the use of ZKAPs to help protect user privacy in other services that need to accept online payments.

The use of ZKAPs can help facilitate an online exchange of value while disconnecting the payment and service data that is gathered on customers. This is very helpful in use cases where mixing these data points is not in the best interest of the company offering the service, such as ours. While collecting personal data can be incredibly valuable to some services (“data is the new oil”) it can just as often be a liability to others (“data is toxic waste”).

In addition, disconnecting payment from service data can provide value to customers. The company offering a service can still know through payment data who its customers are. But, customers may not want that company to know how they use the service—specifically, for the company to tie behavior that they observe (service data) to an individual name. This can be relevant for file storage services, but also for any other kind of use that may be privacy-sensitive, such as medical advice or even newspaper consumption.

For ZKAPs, we designed a variation of Privacy Pass—a zero knowledge cryptographic protocol with proof-of-payment, instead of proof-of-humanness .

While in Privacy Pass the use of CAPTCHAs is checked, in this system payment is verified on the Payment Server to provide service, which is when ZKAPs are created and distributed to the user. After creation, ZKAPs are requested and checked in the ZKAPs Authorizer. This privacy-preserving infrastructure maintains separation and simplicity.

For generating ZKAPs we created and used Python [and Haskell] bindings to Brave’s Privacy Pass library. Brave’s implementation of Privacy Pass uses the Ristretto group, which uses a Rust implementation for group operations on Ristretto. It was through the use of thoughtful open source resources that we were able to modify Privacy Pass to develop ZKAPs.


How It Works


Watch the Talks

Hello Decentralization, February 22, 2021

Liz Steininger (Least Authority CEO & Managing Director) spoke about Zero Knowledge Access Passes [ZKAPs] at Hello Decentralization, a free community event where members meet and discuss decentralized technologies from a technical perspective.  View the slides here.

zkSummit 5, March 31, 2020

Anna Kaplan (Least Authority / Technical University of Munich) explains how to use Privacy Pass was adapted to ZKAPs for payment-based access to your application. Free registration with zkSummit in order to view this talk. View the slides here.

ZEAL Community Call, March 31, 2020

Jean-Paul Calderone and Chris Wood share their research on Zero Knowledge Access Passes, ZKAPs which attempt to solve the issue of privacy-preserving payments. They’ll dive deeper into the functionality of Privacy Pass and ZKAPs, understand what changes were made, and how these can be used for other use cases. View the slides here.

Get in Touch

We’re continually exploring possible use cases for ZKAPs. Email us at if there is a product or project you’re working on that may be a good fit.