ZK-Proof Technology Proposed by Ethereum Developers to Protect AI User Privacy
A new privacy-preserving approach for AI API interactions has been unveiled by Vitalik Buterin, Ethereum's co-founder, alongside the Foundation's AI head, offering protection against misuse while maintaining user anonymity.
A novel approach utilizing zero-knowledge proofs alongside additional cryptographic methods has been put forward by Davide Crapis, the AI lead at Ethereum Foundation, and Vitalik Buterin, co-founder of Ethereum. Their proposal aims to guarantee privacy for users engaging with large language models while simultaneously implementing safeguards against malicious activities and spam.
Each time users send messages to software applications like AI chatbots, API calls take place. In their Wednesday blog post, Buterin and Crapis highlighted that finding the right balance between privacy, security, and efficiency represents a fundamental challenge facing both service providers and users.
"We need a system where a user can deposit funds once and make thousands of API calls anonymously, securely, and efficiently," they said.
"The provider must be guaranteed payment and protection against spam, while the user must be guaranteed that their requests cannot be linked to their identity or to each other," they added.
As AI chatbot adoption continues to accelerate, the issue of data breaches from LLMs has emerged as an increasingly critical concern. These chatbots frequently process extremely sensitive information, and when usage patterns can be connected to specific identities, it generates substantial privacy vulnerabilities, legal complications, and security threats. In some instances, usage logs have even been presented as evidence in legal proceedings.
Crapis and Buterin's solution for users and providers
According to Crapis and Buterin, service providers today face a choice between two "suboptimal paths," either implementing identity-based access that compels users to surrender sensitive personal data such as email addresses or credit card numbers, thereby generating privacy vulnerabilities, or adopting per-request on-chain payment systems, which prove to be inefficient, expensive, and easily trackable.
Their proposed solution involves a framework where users make initial deposits into a smart contract, subsequently enabling them to execute API calls while concealing their identity and preventing request correlation. This system utilizes zero-knowledge proofs combined with rate-limit nullifiers to facilitate payments and enforce anti-spam measures.
"A user deposits 100 USDC into a smart contract and makes 500 queries to a hosted LLM. The provider receives 500 valid, paid requests but cannot link them to the same depositor, or to each other, while the user's prompts remain unlinkable to the user identity," Crapis and Buterin said.
"The model enforces solvency by requiring the user to prove that their cumulative spending—represented by their current ticket index—remains strictly within the bounds of their initial deposit and their verified refund history."
Cheating the system could slash your deposit
For the purpose of discouraging fraudsters, prohibited content creation, jailbreaking efforts, and additional terms-of-service infractions, a dual-staking mechanism has been proposed by Crapis and Buterin.
Should a user be discovered attempting to execute a double-spend attack, their deposited funds become claimable by any party, including the service provider. Meanwhile, users who breach the terms of service will see their deposits transferred to a burn address, with the slashing action being permanently recorded on the blockchain.
"For example, a user might submit a prompt asking the model to generate instructions for building a weapon or to help them bypass security controls – requests that would violate many providers' usage policies," Crapis and Buterin said.
"While the user's identity remains hidden, the community can audit the rate at which the Server burns stakes and the posted evidence for these burns."